13 research outputs found

    Component assessment using testing

    Get PDF
    In the last years software researchers have been looking for ways of assembling systems in a style of software construction similar to “LEGO blocks”. Software components are reusable building blocks for constructing software systems. Component-based development may greatly increase the productivity of software engineers and improve the quality of software. There are many issues related with components that are of wide interest both to academics and people from industry. One of them is the retrieval of components that will be assembled into a new system. It is difficult to decide whether an implementation fits on a predefined design. In this work, we consider the problem of assessing that the implementation of a concrete component is consistent with the specification of the desired functionality. We assume that the component source code is not available and we have a formal specification of the system of interest. We propose to perform a dynamic assessment using tests derived from the specification (semantic criteria) but executed using the implementation of the candidate component.Eje: Ingeniería de softwareRed de Universidades con Carreras en Informática (RedUNCI

    Mobile agent security and reliability issues in electronic commerce.

    Get PDF
    Chan, Hing-wing.Thesis (M.Phil.)--Chinese University of Hong Kong, 2000.Includes bibliographical references (leaves 76-79).Abstracts in English and Chinese.Abstract --- p.iAbstract (Chinese) --- p.iiAcknowledgements --- p.iiiContents --- p.ivList of Figures --- p.viiList of Tables --- p.viiiChapter Chapter 1. --- Introduction --- p.1Chapter 1.1. --- Mobile Agents and the Problems --- p.1Chapter 1.2. --- Approach --- p.3Chapter 1.3. --- Contributions --- p.3Chapter 1.4. --- Organization of This Thesis --- p.4Chapter Chapter 2. --- The Mobile Code Paradigm --- p.6Chapter 2.1. --- Mobile Code: an Alternative to Client/Servers --- p.6Chapter 2.1.1. --- Classification of Mobile Codes --- p.8Chapter 2.1.2. --- Applications of Mobile Code Paradigms --- p.10Chapter 2.1.3. --- Supporting Implementation Technologies --- p.11Chapter 2.2. --- The Problems of Mobile Code --- p.13Chapter 2.2.1. --- Security Issues in Distributed Systems --- p.13Chapter 2.2.2. --- Security Concerns of Mobile Code Paradigms --- p.15Chapter 2.2.2.1. --- Security Attacks --- p.15Chapter 2.2.2.2. --- Security Mechanisms --- p.17Chapter 2.2.2.3. --- A Security Comparison between Paradigms --- p.20Chapter 2.2.3. --- Security Features of Implementation Technologies --- p.20Chapter 2.2.3.1. --- Security Services of Message-based Technology --- p.21Chapter 2.2.3.2. --- Security Services of Object-based Technology --- p.21Chapter 2.2.3.3. --- Security Services of Mobile Technology --- p.22Chapter 2.2.3.4. --- A Comparison of Technologies on Security Services --- p.22Chapter 2.3. --- Chapter Summary --- p.23Chapter Chapter 3. --- "Mobile Agents, Its Security and Reliability Issues" --- p.24Chapter 3.1. --- Advantages and Applications of Mobile Agents --- p.24Chapter 3.2. --- Security Concerns of Mobile Agents --- p.26Chapter 3.2.1. --- Host Security --- p.27Chapter 3.2.2. --- Agent Security --- p.27Chapter 3.3. --- Techniques to Protect Mobile Agents --- p.29Chapter 3.3.1. --- Protected Agent States --- p.29Chapter 3.3.2. --- Mobile Cryptography --- p.30Chapter 3.4. --- Reliability Concerns of Mobile Agents --- p.31Chapter Chapter 4. --- Security and Reliability Modeling for Mobile Agents --- p.32Chapter 4.1. --- Attack Model and Scenarios --- p.33Chapter 4.2. --- General Security Models --- p.34Chapter 4.2.1. --- Security and Reliability --- p.34Chapter 4.2.2. --- Deriving Security Models --- p.36Chapter 4.2.3. --- The Time-to-Effort Function --- p.38Chapter 4.3. --- A Security Model for Mobile Agents --- p.40Chapter 4.4. --- Discussion of the Proposed Model --- p.43Chapter 4.5. --- A Reliability Model for Mobile Agents --- p.43Chapter Chapter 5. --- The Concordia Mobile Agent Platform --- p.46Chapter 5.1. --- Overview --- p.46Chapter 5.2. --- Special Features --- p.47Chapter Chapter 6. --- SIAS: A Shopping Information Agent System --- p.49Chapter 6.1. --- What the System Does --- p.49Chapter 6.2. --- System Design --- p.50Chapter 6.2.1. --- Object Description --- p.50Chapter 6.2.2. --- Flow Description --- p.52Chapter 6.3. --- Implementation --- p.53Chapter 6.3.1. --- Choice of Programming Language --- p.53Chapter 6.3.2. --- Choice of Mobile Agent Platform --- p.53Chapter 6.3.3. --- Other Implementation Details --- p.54Chapter 6.4. --- Snapshots --- p.54Chapter 6.5. --- Security Design of SIAS --- p.57Chapter 6.5.1. --- Security Problems of SIAS --- p.58Chapter 6.5.2. --- Our Solutions to the Problems --- p.60Chapter 6.5.3. --- Evaluation of the Secure SIAS --- p.64Chapter 6.5.3.1. --- Security Analysis --- p.64Chapter 6.5.3.2. --- Performance Vs Query Size --- p.65Chapter 6.5.3.3. --- Performance Vs Number of Hosts --- p.67Chapter 6.6. --- Reliability Design of SIAS --- p.69Chapter 6.6.1. --- Reliability Problems of SIAS --- p.69Chapter 6.6.2. --- Our Solutions to the Problems --- p.70Chapter 6.6.3. --- Evaluation of the Reliable SIAS --- p.71Chapter Chapter 7. --- Conclusions and Future Work --- p.73Bibliography --- p.7

    Resilience-Building Technologies: State of Knowledge -- ReSIST NoE Deliverable D12

    Get PDF
    This document is the first product of work package WP2, "Resilience-building and -scaling technologies", in the programme of jointly executed research (JER) of the ReSIST Network of Excellenc

    Aus Fehlern in der Softwareentwicklung lernen. Wie durch Fehleranalysen die Prozesse der Anforderungsanalyse und der Qualitätssicherung verbessert werden können

    Get PDF
    Softwarefehler existieren, seit Menschen Software entwickeln. Fehler können mitunter zu erheblichen wirtschaftlichen Verlusten und im schlimmsten Fall zum Verlust von Leben führen. Viele Fehler können auf Mängel im Prozess der Anforderungsanalyse zurückgeführt werden. Je später ein Anforderungsfehler entdeckt und behoben wird, desto aufwändiger wird die Korrektur. Die vorliegende Arbeit beschreibt, wie aus Fehlern in der Softwareentwicklung gelernt werden kann. Sie beschreibt ein Verfahren zu Fehleranalyse, auf dessen Basis insbesondere Prozesse der Anforderungsanalyse und der Qualitätssicherung verbessert werden können. Ziel der Verbesserungen ist es, Anforderungsfehler und mögliche Folgefehler im Entwurf und der Implementierung zu vermeiden oder zumindest früher zu finden. In dieser Arbeit wird zunächst ein Modell hergeleitet, das erklärt, warum Anforderungsfehler entstehen. Für bestimmte Typen von Anforderungsfehlern werden auf der Grundlage empirische Befunde konkrete Ursachen im Prozess der Anforderungsanalyse aufgezeigt. Dieses Erklärungsmodell ist Bestandteil eines Verfahrens zur Fehleranalyse, das den Anspruch erhebt, über die Auswertung von Fehlern Rückschlüsse über mögliche Ursachen im Prozess zu ziehen. Das Verfahren ist eine Weiterentwicklung der Orthogonal Defect Classification, kurz ODC. ODC wird in der Arbeit ausführlich dargestellt und auf der Grundlage empirischer Befunde kritisch gewürdigt. Das weiterentwickelte Verfahren zur Fehleranalyse wurde im Rahmen einer einjährigen Fallstudie bei dem IT-Dienstleister einer großen deutschen Versicherung erfolgreich angewandt. Hierbei wurden nachträglich reale Fehler von zwei Softwareentwicklungsprojekten einer geschäftskritischen Anwendungssoftware klassifiziert und analysiert, um Verbesserungspotenziale zu identifizieren. Das in der Arbeit entwickelte Verfahren zur Fehleranalyse leistet einen unmittelbaren Beitrag zur Lösung des aufgezeigten Praxisproblems: sie ist ein Instrument, um Prozessmängel der Anforderungsanalyse zu identifizieren, die systematisch Anforderungsfehler und Folgefehler verursachen

    Open source software GitHub ecosystem: a SEM approach

    Get PDF
    Open source software (OSS) is a collaborative effort. Getting affordable high-quality software with less probability of errors or fails is not far away. Thousands of open-source projects (termed repos) are alternatives to proprietary software development. More than two-thirds of companies are contributing to open source. Open source technologies like OpenStack, Docker and KVM are being used to build the next generation of digital infrastructure. An iconic example of OSS is 'GitHub' - a successful social site. GitHub is a hosting platform that host repositories (repos) based on the Git version control system. GitHub is a knowledge-based workspace. It has several features that facilitate user communication and work integration. Through this thesis I employ data extracted from GitHub, and seek to better understand the OSS ecosystem, and to what extent each of its deployed elements affects the successful development of the OSS ecosystem. In addition, I investigate a repo's growth over different time periods to test the changing behavior of the repo. From our observations developers do not follow one development methodology when developing, and growing their project, and such developers tend to cherry-pick from differing available software methodologies. GitHub API remains the main OSS location engaged to extract the metadata for this thesis's research. This extraction process is time-consuming - due to restrictive access limitations (even with authentication). I apply Structure Equation Modelling (termed SEM) to investigate the relative path relationships between the GitHub- deployed OSS elements, and I determine the path strength contributions of each element to determine the OSS repo's activity level. SEM is a multivariate statistical analysis technique used to analyze structural relationships. This technique is the combination of factor analysis and multiple regression analysis. It is used to analyze the structural relationship between measured variables and/or latent constructs. This thesis bridges the research gap around longitude OSS studies. It engages large sample-size OSS repo metadata sets, data-quality control, and multiple programming language comparisons. Querying GitHub is not direct (nor simple) yet querying for all valid repos remains important - as sometimes illegal, or unrepresentative outlier repos (which may even be quite popular) do arise, and these then need to be removed from each initial OSS's language-specific metadata set. Eight top GitHub programming languages, (selected as the most forked repos) are separately engaged in this thesis's research. This thesis observes these eight metadata sets of GitHub repos. Over time, it measures the different repo contributions of the deployed elements of each metadata set. The number of stars-provided to the repo delivers a weaker contribution to its software development processes. Sometimes forks work against the repo's progress by generating very minor negative total effects into its commit (activity) level, and by sometimes diluting the focus of the repo's software development strategies. Here, a fork may generate new ideas, create a new repo, and then draw some original repo developers off into this new software development direction, thus retarding the original repo's commit (activity) level progression. Multiple intermittent and minor version releases exert lesser GitHub JavaScript repo commit (or activity) changes because they often involve only slight OSS improvements, and because they only require minimal commit/commits contributions. More commit(s) also bring more changes to documentation, and again the GitHub OSS repo's commit (activity) level rises. There are both direct and indirect drivers of the repo's OSS activity. Pulls and commits are the strongest drivers. This suggests creating higher levels of pull requests is likely a preferred prime target consideration for the repo creator's core team of developers. This study offers a big data direction for future work. It allows for the deployment of more sophisticated statistical comparison techniques. It offers further indications around the internal and broad relationships that likely exist between GitHub's OSS big data. Its data extraction ideas suggest a link through to business/consumer consumption, and possibly how these may be connected using improved repo search algorithms that release individual business value components

    Trustworthiness in Mobile Cyber Physical Systems

    Get PDF
    Computing and communication capabilities are increasingly embedded in diverse objects and structures in the physical environment. They will link the ‘cyberworld’ of computing and communications with the physical world. These applications are called cyber physical systems (CPS). Obviously, the increased involvement of real-world entities leads to a greater demand for trustworthy systems. Hence, we use "system trustworthiness" here, which can guarantee continuous service in the presence of internal errors or external attacks. Mobile CPS (MCPS) is a prominent subcategory of CPS in which the physical component has no permanent location. Mobile Internet devices already provide ubiquitous platforms for building novel MCPS applications. The objective of this Special Issue is to contribute to research in modern/future trustworthy MCPS, including design, modeling, simulation, dependability, and so on. It is imperative to address the issues which are critical to their mobility, report significant advances in the underlying science, and discuss the challenges of development and implementation in various applications of MCPS

    Fundamental Approaches to Software Engineering

    Get PDF
    This open access book constitutes the proceedings of the 24th International Conference on Fundamental Approaches to Software Engineering, FASE 2021, which took place during March 27–April 1, 2021, and was held as part of the Joint Conferences on Theory and Practice of Software, ETAPS 2021. The conference was planned to take place in Luxembourg but changed to an online format due to the COVID-19 pandemic. The 16 full papers presented in this volume were carefully reviewed and selected from 52 submissions. The book also contains 4 Test-Comp contributions

    Service-based Fault Tolerance for Cyber-Physical Systems: A Systems Engineering Approach

    Get PDF
    Cyber-physical systems (CPSs) comprise networked computing units that monitor and control physical processes in feedback loops. CPSs have potential to change the ways people and computers interact with the physical world by enabling new ways to control and optimize systems through improved connectivity and computing capabilities. Compared to classical control theory, these systems involve greater unpredictability which may affect the stability and dynamics of the physical subsystems. Further uncertainty is introduced by the dynamic and open computing environments with rapidly changing connections and system configurations. However, due to interactions with the physical world, the dependable operation and tolerance of failures in both cyber and physical components are essential requirements for these systems.The problem of achieving dependable operations for open and networked control systems is approached using a systems engineering process to gain an understanding of the problem domain, since fault tolerance cannot be solved only as a software problem due to the nature of CPSs, which includes close coordination among hardware, software and physical objects. The research methodology consists of developing a concept design, implementing prototypes, and empirically testing the prototypes. Even though modularity has been acknowledged as a key element of fault tolerance, the fault tolerance of highly modular service-oriented architectures (SOAs) has been sparsely researched, especially in distributed real-time systems. This thesis proposes and implements an approach based on using loosely coupled real-time SOA to implement fault tolerance for a teleoperation system.Based on empirical experiments, modularity on a service level can be used to support fault tolerance (i.e., the isolation and recovery of faults). Fault recovery can be achieved for certain categories of faults (i.e., non-deterministic and aging-related) based on loose coupling and diverse operation modes. The proposed architecture also supports the straightforward integration of fault tolerance patterns, such as FAIL-SAFE, HEARTBEAT, ESCALATION and SERVICE MANAGER, which are used in the prototype systems to support dependability requirements. For service failures, systems rely on fail-safe behaviours, diverse modes of operation and fault escalation to backup services. Instead of using time-bounded reconfiguration, services operate in best-effort capabilities, providing resilience for the system. This enables, for example, on-the-fly service changes, smooth recoveries from service failures and adaptations to new computing environments, which are essential requirements for CPSs.The results are combined into a systems engineering approach to dependability, which includes an analysis of the role of safety-critical requirements for control system software architecture design, architectural design, a dependability-case development approach for CPSs and domain-specific fault taxonomies, which support dependability case development and system reliability analyses. Other contributions of this work include three new patterns for fault tolerance in CPSs: DATA-CENTRIC ARCHITECTURE, LET IT CRASH and SERVICE MANAGER. These are presented together with a pattern language that shows how they relate to other patterns available for the domain
    corecore