HeteroGenius: A Framework for Hybrid Analysis of Heterogeneous Software Specifications

Nowadays, software artifacts are ubiquitous in our lives being an essential part of home appliances, cars, cell phones, and even in more critical activities like aeronautics and health sciences. In this context software failures may produce enormous losses, either economical or, in the worst case, in human lives. Software analysis is an area in software engineering concerned with the application of diverse techniques in order to prove the absence of errors in software pieces. In many cases different analysis techniques are applied by following specific methodological combinations that ensure better results. These interactions between tools are usually carried out at the user level and it is not supported by the tools. In this work we present HeteroGenius, a framework conceived to develop tools that allow users to perform hybrid analysis of heterogeneous software specifications. HeteroGenius was designed prioritising the possibility of adding new specification languages and analysis tools and enabling a synergic relation of the techniques under a graphical interface satisfying several well-known usability enhancement criteria. As a case-study we implemented the functionality of Dynamite on top of HeteroGenius.Comment: In Proceedings LAFM 2013, arXiv:1401.056

Formal specification of human-computer interfaces

A high-level formal specification of a human computer interface is described. Previous work is reviewed and the ASLAN specification language is described. Top-level specifications written in ASLAN for a library and a multiwindow interface are discussed

Case study: managing open access with EPrints software

Recent additional open access (OA) requirements for publications by authors at UK higher education institutions require amendments to support mechanisms. These additional requirements arose primarily from the Research Councils UK Open Access Policy applicable from April 2013, and the new OA policy for Research Excellence Framework eligibility published in March 2014 and applicable from April 2016. Further provision also had to be made for compliance with the UK Charities Open Access Fund, the European Union, other funder policies, and internal reporting requirements. In response, the University of Glasgow has enhanced its OA processes and systems. This case study charts our journey towards managing OA via our EPrints repository. The aim was to consolidate and manage OA information in one central place to increase efficiency of recording, tracking and reporting. We are delighted that considerable time savings and reduction in errors have been achieved by dispensing with spreadsheets to record decisions about OA

A Static Verification Framework for Secure Peer-to-Peer Applications

In this paper we present a static verification framework to support the design and verification of secure peer-to-peer applications. The framework supports the specification, modeling, and analysis of security aspects together with the general characteristics of the system, during early stages of the development life-cycle. The approach avoids security issues to be taken into consideration as a separate layer that is added to the system as an afterthought by the use of security protocols. The main functionality supported by the framework are concerned with the modeling of the system together with its security aspects by using an extension of UML, modeling of abuse cases to represent scenarios of attackers and assist with the identification of properties to be verified, specification of properties to be verified in a graphical template language, verification of the models against the properties, and visualization of the results of the verification process

A UML-based static verification framework for security

Secure software engineering is a new research area that has been proposed to address security issues during the development of software systems. This new area of research advocates that security characteristics should be considered from the early stages of the software development life cycle and should not be added as another layer in the system on an ad-hoc basis after the system is built. In this paper, we describe a UML-based Static Verification Framework (USVF) to support the design and verification of secure software systems in early stages of the software development life-cycle taking into consideration security and general requirements of the software system. USVF performs static verification on UML models consisting of UML class and state machine diagrams extended by an action language. We present an operational semantics of UML models, define a property specification language designed to reason about temporal and general properties of UML state machines using the semantic domains of the former, and implement the model checking process by translating models and properties into Promela, the input language of the SPIN model checker. We show that the methodology can be applied to the verification of security properties by representing the main aspects of security, namely availability, integrity and confidentiality, in the USVF property specification language

Managing design variety, process variety and engineering change: a case study of two capital good firms

Many capital good firms deliver products that are not strictly one-off, but instead share a certain degree of similarity with other deliveries. In the delivery of the product, they aim to balance stability and variety in their product design and processes. The issue of engineering change plays an important in how they manage to do so. Our aim is to gain more understanding into how capital good firms manage engineering change, design variety and process variety, and into the role of the product delivery strategies they thereby use. Product delivery strategies are defined as the type of engineering work that is done independent of an order and the specification freedom the customer has in the remaining part of the design. Based on the within-case and cross-case analysis of two capital good firms several mechanisms for managing engineering change, design variety and process variety are distilled. It was found that there exist different ways of (1) managing generic design information, (2) isolating large engineering changes, (3) managing process variety, (4) designing and executing engineering change processes. Together with different product delivery strategies these mechanisms can be placed within an archetypes framework of engineering change management. On one side of the spectrum capital good firms operate according to open product delivery strategies, have some practices in place to investigate design reuse potential, isolate discontinuous engineering changes into the first deliveries of the product, employ ‘probe and learn’ process management principles in order to allow evolving insights to be accurately executed and have informal engineering change processes. On the other side of the spectrum capital good firms operate according to a closed product delivery strategy, focus on prevention of engineering changes based on design standards, need no isolation mechanisms for discontinuous engineering changes, have formal process management practices in place and make use of closed and formal engineering change procedures. The framework should help managers to (1) analyze existing configurations of product delivery strategies, product and process designs and engineering change management and (2) reconfigure any of these elements according to a ‘misfit’ derived from the framework. Since this is one of the few in-depth empirical studies into engineering change management in the capital good sector, our work adds to the understanding on the various ways in which engineering change can be dealt with

Using Event Calculus to Formalise Policy Specification and Analysis

As the interest in using policy-based approaches for systems management grows, it is becoming increasingly important to develop methods for performing analysis and refinement of policy specifications. Although this is an area that researchers have devoted some attention to, none of the proposed solutions address the issues of analysing specifications that combine authorisation and management policies; analysing policy specifications that contain constraints on the applicability of the policies; and performing a priori analysis of the specification that will both detect the presence of inconsistencies and explain the situations in which the conflict will occur. We present a method for transforming both policy and system behaviour specifications into a formal notation that is based on event calculus. Additionally it describes how this formalism can be used in conjunction with abductive reasoning techniques to perform a priori analysis of policy specifications for the various conflict types identified in the literature. Finally, it presents some initial thoughts on how this notation and analysis technique could be used to perform policy refinement