Ontología para Transferir Conocimiento en la Etapa de Pruebas de Software

The processes and activities in quality management of software engineering generate a large volume of knowledge, which is considered a critical factor for the quality of the software product. Therefore, a significant improvement of the effectiveness and fulfillment of the tasks that encompass this process, is required. It is there where the use of knowledge management methods and principles becomes the basis for managing the process. Following this argument, it was studied how ontologies can be used in knowledge management in the testing phase of software engineering. An ontology-based model was developed for this domain that covers the identification, formalization, distribution, and retention of knowledge, defining the indicators for each of these dimensions.Los procesos y actividades en la gestión de calidad de la ingeniería de software generan un gran volumen de conocimiento, considerado como un factor crítico para la calidad de producto software. En consecuencia, es necesario una mejora significativa de la efectividad y cumplimiento de las tareas que componen este proceso. Es ahí donde el uso de métodos y principios de gestión de conocimiento se convierten en la base para gestionar este proceso. Siguiendo este argumento, se estudió cómo las ontologías pueden utilizarse en la gestión de conocimiento en la fase de pruebas de la ingeniería del software. Se desarrolló un modelo basado en ontologías para ese dominio que abarca la identificación, formalización, distribución, y retención de conocimiento definiendo los indicadores para cada una de estas dimensiones

Towards Ontology-based SQA Recommender for Agile Software Development

Agility is heavily dependent on tacit knowledge, skilled and motivated employees, and frequent communications. Although, the Agile Manifesto claims fast and light software development process while maintaining high quality, it is however not very clear how current agile practices and methods attain quality under time pressure and unstable requirements. In this paper, we present an ontological approach for process-driven Quality Assurance support for agile software development. Challenges related to the role of Quality Assurance in agile projects are addressed by developing a process-driven recommender that provides tailored resources to user’s queries. The proposed ontological model embeds both conceptual and operational SQA knowledge about software processes and their requirements, including quality attributes, SQA measurements, SQA metrics and related SQA techniques and procedures

A Framework of Test Case Generation with Software Requirements Ontology

วิทยาศาสตรมหาบัณฑิต (เทคโนโลยีสารสนเทศ), 2565Recently modern society technology is involved in the daily life of all humans. This allows developers to create new concepts and technology designs in order to respond to users’ requirements. Therefore, this causes the system development to become more complex. Consequently, it leads to a high possibility of system errors. Therefore, software testing is an important aspect to guarantee users that the developed system is error-free. In user acceptance and system testing, test cases are normally generated from the software requirements specification (SRS). As the SRS is written in a natural language which has an uncertain structure, it can possibly be ambiguous. As a result, this may cause the wrong interpretation of the requirements and finally it can allow the occurrence of incorrect test case generation. This research proposes a framework of test case generation with software requirements ontology to enhance the reliability of existing verification and validation (V&V) techniques. This framework uses ontology and Control Natural Languages (CNL) to represent the semantics of functional requirements in SRS documents in order to increase the structure of natural language. Furthermore, the effective black-box testing technique, Combination of Equivalence and Classification Tree Method (CCTM), is included in this framework. This testing technique enables test case coverage and reduction compared with other testing techniques. This results in the generated test cases to be more accurate and efficientในยุคปัจจุบันเป็นยุคที่เทคโนโลยีได้เข้ามามีบทบาทในชีวิตประจำวันของมนุษย์โดยสิ้นเชิง ทำให้นักพัฒนาเกิดแนวคิดและออกแบบเทคโนโลยีใหม่ ๆ ขึ้นมามากมายเพื่อตอบสนองความต้องการของผู้ใช้งาน แต่มีหลายครั้งที่ระบบที่ถูกพัฒนาขึ้นมาใหม่นั้นเกิดข้อผิดพลาดจากกระบวนการที่ไม่มีประสิทธิภาพในการพัฒนาซอฟต์แวร์ ทำให้นักพัฒนาต้องกลับมาทวนสอบระบบใหม่อีกครั้งเพื่อหาข้อผิดพลาด ดังนั้นขั้นตอนในการทดสอบซอฟต์แวร์จึงมีความสำคัญในการทำให้ผู้ใช้มั่นใจได้ว่าระบบที่พัฒนาขึ้นมานั้นมีคุณภาพและไม่เกิดความผิดพลาดในระหว่างการใช้งาน ในการทดสอบการยอมรับจากผู้ใช้และการทดสอบระบบ นักทดสอบจะใช้เอกสารข้อกำหนดคุณลักษณะความต้องการซอฟต์แวร์ในการสร้างกรณีทดสอบ ซึ่งเอกสารจะถูกเขียนขึ้นด้วยภาษาธรรมชาติทำให้ข้อกำหนดความต้องการที่ระบุในเอกสารมีโครงสร้างที่ไม่ชัดเจน ส่งผลให้การสร้างกรณีทดสอบไม่ได้มาตรฐานและเกิดข้อผิดพลาดในระหว่างการทดสอบซอฟต์แวร์ ดังนั้นในงานวิจัยนี้ผู้วิจัยจึงได้นำเสนอกรอบแนวคิดสำหรับการสร้างกรณีทดสอบด้วยออนโทโลยีความต้องการซอฟต์แวร์ที่ถูกใช้แทนความหมายของข้อกำหนดความต้องการและการประยุกต์ใช้เครื่องมือภาษาธรรมชาติควบคุม เพื่อให้ความต้องการมีโครงสร้างที่ชัดเจนก่อนนำไปสร้างกรณีทดสอบ รวมถึงผู้วิจัยได้พิจารณาเทคนิคการทดสอบแบบกล่องดำที่มีประสิทธิภาพ คือ เทคนิคการรวมกันของชั้นสมมูลและต้นไม้การจำแนกมาใช้ เพื่อให้การสร้างกรณีทดสอบมีความครอบคลุมและลดความซ้ำซ้อน ส่งผลให้กรณีทดสอบที่ได้มีความถูกต้องแม่นยำ และทำให้การทดสอบมีประสิทธิภาพตรงตามความต้องการของผู้ใช้งานมากยิ่งขึ้

HCAPP-SEC : selection and analysis of security assessment items based on heuristics and criteria

Orientador: Mario JinoTese (doutorado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de ComputaçãoResumo: Nos dias atuais, o software tem papel importante na maioria das indústrias e áreas de atividade. Os aspectos relacionados à segurança da informação são críticos, com forte impacto na qualidade dos sistemas. Como saber se uma determinada avaliação de segurança foi boa ou suficiente? Por meio de critérios e heurísticas é possível determinar a suficiência da avaliação de segurança e, consequentemente, analisar sua qualidade. Fontes de conhecimento (normas, padrões, conjuntos de casos de teste) e seus itens de avaliação são instrumentos essenciais para avaliar a segurança dos sistemas. Para criar projetos de avaliação de segurança mais efetivos é necessário saber as propriedades de segurança e as dimensões de avaliação abordadas em cada item de uma fonte de conhecimento de segurança. Nesta tese, uma abordagem para selecionar e analisar itens de avaliação de segurança (HCApp-Sec) é proposta; suas bases provêm de critérios e heurísticas de avaliação e visam a aumentar a cobertura das dimensões de avaliação e propriedades de segurança dos projetos de avaliação. A abordagem centra-se em selecionar itens de avaliação de forma sistemática. Sistematiza-se o processo de avaliação de segurança por meio da formalização conceitual da área de avaliação de segurança; uma ontologia (SecAOnto) é usada para explicitar os conceitos principais. HCApp-Sec pode ser aplicada a qualquer fonte de conhecimento de segurança para selecionar ou analisar itens de avaliação em relação a 11 propriedades de segurança e 6 dimensões de avaliação. A abordagem é flexível e permite que outras dimensões e propriedades sejam incorporadas. Nossa proposta visa a apoiar: (i) a geração de projetos de avaliação de segurança de alta cobertura que incluam itens mais abrangentes e com cobertura assegurada das principais características de segurança e (ii) a avaliação de fontes de conhecimento de segurança em relação à cobertura de aspectos de segurança. Em um estudo de caso, um mapeamento de fontes de conhecimento de segurança é apresentado. Então, aplica-se a proposta a uma fonte de conhecimento de segurança bem conhecida (ISO/IEC 27001); seus itens são analisadosAbstract: Nowadays, software plays an important role in most industries and application domains. The aspects related to information security are critical, with a strong impact on systems quality. How to know whether a particular security assessment was good or sufficient? By means of criteria and heuristics it is possible to determine the sufficiency of the security assessment and consequently to analyze its quality. Knowledge sources (standards, patterns, sets of test cases) and their assessment items are essential instruments for evaluation of systems security. To create security assessment designs with suitable assessment items we need to know which security properties and assessment dimensions are covered by each knowledge source. We propose an approach for selecting and analyzing security assessment items (HCApp-Sec); its foundations come from assessment criteria and heuristics and it aims to increase the coverage of assessment dimensions and security properties in assessment designs. Our proposal focuses on the selection of better assessment items in a systematic manner. We systematize the security assessment process by means of a conceptual formalization of the security assessment area; an ontology of security assessment makes explicit the main concepts. HCApp-Sec can be applied to any security knowledge source to select or analyze assessment items with respect to 11 security properties and 6 assessment dimensions. The approach is flexible and allows other dimensions and properties to be incorporated. Our proposal is meant to support: (i) the generation of high-coverage assessment designs which includes security assessment items with assured coverage of the main security characteristics and (ii) evaluation of security standards with respect to coverage of security aspects. We have applied our proposal to a well known security knowledge source (ISO/IEC 27001); their assessment items were analyzedDoutoradoEngenharia de ComputaçãoDoutor em Engenharia Elétric