10 research outputs found
Monotone Precision and Recall Measures for Comparing Executions and Specifications of Dynamic Systems
The behavioural comparison of systems is an important concern of software
engineering research. For example, the areas of specification discovery and
specification mining are concerned with measuring the consistency between a
collection of execution traces and a program specification. This problem is
also tackled in process mining with the help of measures that describe the
quality of a process specification automatically discovered from execution
logs. Though various measures have been proposed, it was recently demonstrated
that they neither fulfil essential properties, such as monotonicity, nor can
they handle infinite behaviour. In this paper, we address this research problem
by introducing a new framework for the definition of behavioural quotients. We
proof that corresponding quotients guarantee desired properties that existing
measures have failed to support. We demonstrate the application of the
quotients for capturing precision and recall measures between a collection of
recorded executions and a system specification. We use a prototypical
implementation of these measures to contrast their monotonic assessment with
measures that have been defined in prior research
Mining Branching-Time Scenarios
Specification mining extracts candidate specification from existing systems, to be used for downstream tasks such as testing and verification. Specifically, we are interested in the extraction of behavior models from execution traces
Combining SOA and BPM Technologies for Cross-System Process Automation
This paper summarizes the results of an industry case study that introduced a cross-system business process automation solution based on a combination of SOA and BPM standard technologies (i.e., BPMN, BPEL, WSDL). Besides discussing major weaknesses of the existing, custom-built, solution and comparing them against experiences with the developed prototype, the paper presents a course of action for transforming the current solution into the proposed solution. This includes a general approach, consisting of four distinct steps, as well as specific action items that are to be performed for every step. The discussion also covers language and tool support and challenges arising from the transformation
Security-Pattern Recognition and Validation
The increasing and diverse number of technologies that are connected to the Internet, such as distributed enterprise systems or small electronic devices like smartphones, brings the topic IT security to the foreground. We interact daily with these technologies and spend much trust on a well-established software development process. However, security vulnerabilities appear in software on all kinds of PC(-like) platforms, and more and more vulnerabilities are published, which compromise systems and their users. Thus, software has also to be modified due to changing requirements, bugs, and security flaws and software engineers must more and more face security issues during the software design; especially maintenance programmers must deal with such use cases after a software has been released. In the domain of software development, design patterns have been proposed as the best-known solutions for recurring problems in software design. Analogously, security patterns are best practices aiming at ensuring security. This thesis develops a deeper understanding of the nature of security patterns. It focuses on their validation and detection regarding the support of reviews and maintenance activities. The landscape of security patterns is diverse. Thus, published security patterns are collected and organized to identify software-related security patterns. The description of the selected software-security patterns is assessed, and they are compared against the common design patterns described by Gamma et al. to identify differences and issues that may influence the detection of security patterns. Based on these insights and a manual detection approach, we illustrate an automatic detection method for security patterns. The approach is implemented in a tool and evaluated in a case study with 25 real-world Android applications from Google Play
Specification mining: Methodologies, theories and applications
Ph.DDOCTOR OF PHILOSOPH