Combining Monitoring with Run-Time Assertion Checking

According to a study in 2002 commissioned by a US Department, software bugs annually costs the US economy an estimated $59 billion. A more recent study in 2013 by Cambridge University estimated that the global cost has risen to$312 billion globally. There exists various ways to prevent, isolate and fix software bugs, ranging from lightweight methods that are (semi)-automatic, to heavyweight methods that require significant user interaction. Our own method described in this tutorial is based on automated run-time checking of a combination of protocol- and data-oriented properties of object-oriented programs

Run-Time Assertion Checking of Data- and Protocol-Oriented Properties of Java Programs: An Industrial Case Study

Run-time assertion checking is one of the useful techniques for detecting faults, and can be applied during any program execution context, including debugging, testing, and production. In general, however, it is limited to checking state-based properties. We introduce SAGA, a general framework that provides a smooth integration of the specification and the run-time checking of both data- and protocol-oriented properties of Java classes and interfaces. We evaluate SAGA, which combines several state-of-the art tools, by conducting an industrial case study from an eCommerce software company Fredhopper

Validating a Web Service Security Abstraction by Typing

An XML web service is, to a first approximation, an RPC service in which requests and responses are encoded in XML as SOAP envelopes, and transported over HTTP. We consider the problem of authenticating requests and responses at the SOAP-level, rather than relying on transport-level security. We propose a security abstraction, inspired by earlier work on secure RPC, in which the methods exported by a web service are annotated with one of three security levels: none, authenticated, or both authenticated and encrypted. We model our abstraction as an object calculus with primitives for defining and calling web services. We describe the semantics of our object calculus by translating to a lower-level language with primitives for message passing and cryptography. To validate our semantics, we embed correspondence assertions that specify the correct authentication of requests and responses. By appeal to the type theory for cryptographic protocols of Gordon and Jeffrey's Cryptyc, we verify the correspondence assertions simply by typing. Finally, we describe an implementation of our semantics via custom SOAP headers.Comment: 44 pages. A preliminary version appears in the Proceedings of the Workshop on XML Security 2002, pp. 18-29, November 200

A Web-Based Tool for Analysing Normative Documents in English

Our goal is to use formal methods to analyse normative documents written in English, such as privacy policies and service-level agreements. This requires the combination of a number of different elements, including information extraction from natural language, formal languages for model representation, and an interface for property specification and verification. We have worked on a collection of components for this task: a natural language extraction tool, a suitable formalism for representing such documents, an interface for building models in this formalism, and methods for answering queries asked of a given model. In this work, each of these concerns is brought together in a web-based tool, providing a single interface for analysing normative texts in English. Through the use of a running example, we describe each component and demonstrate the workflow established by our tool

Testing abstract behavioral specifications

We present a range of testing techniques for the Abstract Behavioral Specification (ABS) language and apply them to an industrial case study. ABS is a formal modeling language for highly variable, concurrent, component-based systems. The nature of these systems makes them susceptible to the introduction of subtle bugs that are hard to detect in the presence of steady adaptation. While static analysis techniques are available for an abstract language such as ABS, testing is still indispensable and complements analytic methods. We focus on fully automated testing techniques including black-box and glass-box test generation as well as runtime assertion checking, which are shown to be effective in an industrial setting

An Evaluation of Inter-Organizational Workflow Modelling Formalisms

This paper evaluates the dynamic aspects of the UML in the context of inter-organizational workflows. Two evaluation methodologies are used. The first one is ontological and is based on the BWW (Bunge-Wand-Weber) models. The second validation is based on prototyping and consists in the development of a workflow management system in the aerospace industry. Both convergent and divergent results are found from the two validations. Possible enhancements to the UML formalism are suggested from the convergent results. On the other hand, the divergent results suggest the need for a contextual specification in the BWW models. Ce travail consiste en une évaluation des aspects dynamiques du language UML dans un contexte de workflow inter-organisationnel. Le choix du language par rapport à d'autres est motivé par sa richesse grammaticale lui offrant une très bonne adaptation à ce contexte. L'évaluation se fait par une validation ontologique basée sur les modèles BWW (Bunge-Wand-Weber) et par la réalisation d'un prototype de système de gestion de workflows inter-organisationnels. À partir des résultats convergents obtenus des deux différentes analyses, des améliorations au formalisme UML sont suggérées. D'un autre coté, les analyses divergentes suggèrent une possibilité de spécifier les modèles BWW à des contextes plus particuliers tels que ceux des workflows et permettent également de suggérer d'autres améliorations possibles au langage.Ontology, Conceptual study, Prototype Validation, UML, IS development methods and tools., Ontologie, étude conceptuelle, validation du prototype, UML, méthodes et outils de développement IS