2,451 research outputs found
Combining Monitoring with Run-Time Assertion Checking
According to a study in 2002 commissioned by a US Department, software bugs annually costs the US economy an estimated 312 billion globally.
There exists various ways to prevent, isolate and fix software bugs, ranging from lightweight methods that are (semi)-automatic, to heavyweight methods that require significant user interaction. Our own method described in this tutorial is based on automated run-time checking of a combination of protocol- and data-oriented properties of object-oriented programs
Run-Time Assertion Checking of Data- and Protocol-Oriented Properties of Java Programs: An Industrial Case Study
Run-time assertion checking is one of the useful techniques for detecting faults, and can be applied during any program execution context, including debugging, testing, and production. In general, however, it is limited to checking state-based properties. We introduce SAGA, a general framework that provides a smooth integration of the specification and the run-time checking of both data- and protocol-oriented properties of Java classes and interfaces. We evaluate SAGA, which combines several state-of-the art tools, by conducting an industrial case study from an eCommerce software company Fredhopper
Validating a Web Service Security Abstraction by Typing
An XML web service is, to a first approximation, an RPC service in which
requests and responses are encoded in XML as SOAP envelopes, and transported
over HTTP. We consider the problem of authenticating requests and responses at
the SOAP-level, rather than relying on transport-level security. We propose a
security abstraction, inspired by earlier work on secure RPC, in which the
methods exported by a web service are annotated with one of three security
levels: none, authenticated, or both authenticated and encrypted. We model our
abstraction as an object calculus with primitives for defining and calling web
services. We describe the semantics of our object calculus by translating to a
lower-level language with primitives for message passing and cryptography. To
validate our semantics, we embed correspondence assertions that specify the
correct authentication of requests and responses. By appeal to the type theory
for cryptographic protocols of Gordon and Jeffrey's Cryptyc, we verify the
correspondence assertions simply by typing. Finally, we describe an
implementation of our semantics via custom SOAP headers.Comment: 44 pages. A preliminary version appears in the Proceedings of the
Workshop on XML Security 2002, pp. 18-29, November 200
A Web-Based Tool for Analysing Normative Documents in English
Our goal is to use formal methods to analyse normative documents written in
English, such as privacy policies and service-level agreements. This requires
the combination of a number of different elements, including information
extraction from natural language, formal languages for model representation,
and an interface for property specification and verification. We have worked on
a collection of components for this task: a natural language extraction tool, a
suitable formalism for representing such documents, an interface for building
models in this formalism, and methods for answering queries asked of a given
model. In this work, each of these concerns is brought together in a web-based
tool, providing a single interface for analysing normative texts in English.
Through the use of a running example, we describe each component and
demonstrate the workflow established by our tool
Testing abstract behavioral specifications
We present a range of testing techniques for the Abstract Behavioral Specification (ABS) language and apply them to an industrial case study. ABS is a formal modeling language for highly variable, concurrent, component-based systems. The nature of these systems makes them susceptible to the introduction of subtle bugs that are hard to detect in the presence of steady adaptation. While static analysis techniques are available for an abstract language such as ABS, testing is still indispensable and complements analytic methods. We focus on fully automated testing techniques including black-box and glass-box test generation as well as runtime assertion checking, which are shown to be effective in an industrial setting
An Evaluation of Inter-Organizational Workflow Modelling Formalisms
This paper evaluates the dynamic aspects of the UML in the context of inter-organizational workflows. Two evaluation methodologies are used. The first one is ontological and is based on the BWW (Bunge-Wand-Weber) models. The second validation is based on prototyping and consists in the development of a workflow management system in the aerospace industry. Both convergent and divergent results are found from the two validations. Possible enhancements to the UML formalism are suggested from the convergent results. On the other hand, the divergent results suggest the need for a contextual specification in the BWW models. Ce travail consiste en une évaluation des aspects dynamiques du language UML dans un contexte de workflow inter-organisationnel. Le choix du language par rapport à d'autres est motivé par sa richesse grammaticale lui offrant une très bonne adaptation à ce contexte. L'évaluation se fait par une validation ontologique basée sur les modèles BWW (Bunge-Wand-Weber) et par la réalisation d'un prototype de système de gestion de workflows inter-organisationnels. À partir des résultats convergents obtenus des deux différentes analyses, des améliorations au formalisme UML sont suggérées. D'un autre coté, les analyses divergentes suggèrent une possibilité de spécifier les modèles BWW à des contextes plus particuliers tels que ceux des workflows et permettent également de suggérer d'autres améliorations possibles au langage.Ontology, Conceptual study, Prototype Validation, UML, IS development methods and tools., Ontologie, étude conceptuelle, validation du prototype, UML, méthodes et outils de développement IS
- …