Comparative Evaluation of the State-of-art Requirements-based Test Case Generation Approaches

The overall aim of software testing is to deliver the error-free and high-quality software products to the end users. The testing process ensures that a software is aligned with the user specification and requirements.  In software testing process, there are many challenging tasks however test case generation process is considered as the most challenging one. The quality of the generated test cases has a significant impact on efficiency and effectiveness of the testing process.  In order to improve the quality of a developed software, the test cases should be able to achieve maximum adequacy in the testing and requirements' coverage. This paper presents a comparative evaluation of the prominent requirement-based test case generation approaches. Five evaluation criteria namely, inputs for test case generation, transformation techniques, coverage criteria, time and tool's support are defined to systematically compare the approaches. The results of the evaluation are used to identify the gap in the current approaches and research opportunities in requirement-based test case's generation.

Software security requirements management as an emerging cloud computing service

© 2016 Elsevier Ltd. All rights reserved.Emerging cloud applications are growing rapidly and the need for identifying and managing service requirements is also highly important and critical at present. Software Engineering and Information Systems has established techniques, methods and technology over two decades to help achieve cloud service requirements, design, development, and testing. However, due to the lack of understanding of software security vulnerabilities that should have been identified and managed during the requirements engineering phase, we have not been so successful in applying software engineering, information management, and requirements management principles that have been established for the past at least 25 years, when developing secure software systems. Therefore, software security cannot just be added after a system has been built and delivered to customers as seen in today's software applications. This paper provides concise methods, techniques, and best practice requirements engineering and management as an emerging cloud service (SSREMaaES) and also provides guidelines on software security as a service. This paper also discusses an Integrated-Secure SDLC model (IS-SDLC), which will benefit practitioners, researchers, learners, and educators. This paper illustrates our approach for a large cloud system Amazon EC2 service

Mutation Analysis for the Evaluation of AD Models

UML has became the industry standard for analysis and design modeling. Model is a key artifact in Model Driven Architect (MDA) and considered as an only concrete artifact available at earlier development stages. Error detection at earlier development stages can save enormous amount of cost and time. The article presents a novel mutation analysis technique for UML 2.0 Activity Diagram (AD). Based on the AD oriented fault types, a number of mutation operators are defined. The technique focuses on the key features of AD and enhances the confidence in design correctness by showing the absence of control-flow and concurrency related faults. It will enable the automated analysis technique of AD models and can potentially be used for service oriented applications, workflows and concurrent applications

A cross-layer approach to enhance QoS for multimedia applications over satellite

The need for on-demand QoS support for communications over satellite is of primary importance for distributed multimedia applications. This is particularly true for the return link which is often a bottleneck due to the large set of end-users accessing a very limited uplink resource. Facing this need, Demand Assignment Multiple Access (DAMA) is a classical technique that allows satellite operators to offer various types of services, while managing the resources of the satellite system efficiently. Tackling the quality degradation and delay accumulation issues that can result from the use of these techniques, this paper proposes an instantiation of the Application Layer Framing (ALF) approach, using a cross-layer interpreter(xQoS-Interpreter). The information provided by this interpreter is used to manage the resource provided to a terminal by the satellite system in order to improve the quality of multimedia presentations from the end users point of view. Several experiments are carried out for different loads on the return link. Their impact on QoS is measured through different application as well as network level metrics

Software security requirements engineering: State of the art

Software Engineering has established techniques, methods and technology over two decades. However, due to the lack of understanding of software security vulnerabilities, we have not been so successful in applying software engineering principles that have been established for the past at least 25 years, when developing secure software systems. Therefore, software security can not be just added after a system has been built and delivered to customers as seen in today’s software applications. This keynote paper provides concise methods, techniques, and best practice requirements guidelines on software security and also discusses an Integrated-Secure SDLC model (IS-SDLC), which will benefit practitioners, researchers, learners, and educators

A Threat Table Based Approach to Telemedicine Security

Information security within healthcare is paramount and telemedicine applications present unique security challenges. Technology is giving rise to new and advanced telemedicine applications and understanding the security threats to these applications is needed to ensure, among other things, the privacy of patient information. This paper presents a high level analysis of a telemedicine application in order to better understand the security threats to this unique and vulnerable environment. This risk analysis is performed using the concept of threat tables. This case study focuses on the capture and representation of salient security threats in telemedicine. To analyze the security threats to an application, we present a threat modeling framework utilizing a table driven approach. Our analysis reveals that even in a highly controlled environment with static locations, the security risks posed by telemedicine applications are significant, and that using a threat table approach provides an easy-to-use and effective method for managing these threats

An UML+Z Framework For Validating And Verifying the Static Aspect of Safety Critical System

AbstractThe aim of this paper is to propose an augmented framework for verifying and validating the static aspect of safety critical systems by analysing the UML class diagrams and the relationship between them. Since UML is a semi formal language which is provn to ambiguities due to its various graphical notations, hence Formal analysis of UML class diagram is required. Moreover, class diagram play an important role in system designing phase especially in safety critical systems. Any ambiguity or inconsistency in design can result in potential failure. Formal methods are the mathematical tools and methodology which are sandwiched at various stages of software development process to ensure the correctness, consistency and completeness of software artifacts such as requirement specifications, design etc. In this article, Z notation is used for the purpose of analysis formally and later on verified by the Z/EVES tool

A comparative analisys of i*-based agent-oriented modeling languages

Agent-oriented models are frequently used in disciplines such as requirements engineering and organizational process modelling. i* is currently one of the most widespread notations used for this purpose. Due to its strategic nature, instead of a single definition, there exist several versions and variants, often not totally defined and even contradictory. In this paper we present a comparative study of the three most widespread i* variants: Eric Yu’s seminal proposal, the Goal-oriented Requirement Language (GRL) and the language used in the TROPOS method. Next, we propose a generic conceptual model to be used as reference framework of these three variants and we show its use for generating specific models for the three mentioned variants, as well as for other existing proposals.Peer ReviewedPostprint (author’s final draft