Measuring Defect Datasets Sensitivity to Attributes Variation

The study of the correlation between software project and product attributes and its modules quality status (faulty or not) is the subject of several research papers in the software testing and maintenance fields. In this paper, a tool is built to change the values of software data sets\u27 attributes and study the impact of this change on the modules\u27 defect status. The goal is to find those specific attributes that highly correlate with the module defect attribute. An algorithm is developed to automatically predict the module defect status based on the values of the module attributes and based on their change from reference or initial values. For each attribute of those software projects, results can show when such attribute can be, if any, a major player in deciding the defect status of the project or a specific module. Results showed consistent, and in some cases better, results in comparison with most surveyed defect prediction algorithms. Results showed also that this can be a very powerful method to understand each attribute individual impact, if any, to the module quality status and how it can be improved

Approaches for Testing and Evaluation of XACML Policies

Security services are provided through: The applications, operating systems, databases, and the network. There are many proposals to use policies to define, implement and evaluate security services. We discussed a full test automation framework to test XACML based policies. Using policies as input the developed tool can generate test cases based on the policy and the general XACML model. We evaluated a large dataset of policy implementations. The collection includes more than 200 test cases that represent instances of policies. Policies are executed and verified, using requests and responses generated for each instance of policies. WSO2 platform is used to perform different testing activities on evaluated policies

Activities and Trends in Testing Graphical User Interfaces Automatically

This study introduced some new approaches for software test automation in general and testing graphical user interfaces in particular. The study presented ideas in the different stages of the test automation framework. Test automation framework main activities include test case generation, execution and verification. Other umbrella activities include modeling, critical paths selection and some others. In modeling, a methodology is presented to transform the user interface of applications into XML (i.e., extensible Markup Language) files. The purpose of this intermediate transformation is to enable producing test automation components in a format that is easier to deal with (in terms of testing). Test cases are generated from this model, executed and verified on the actual implementation. The transformation of products\u27 Graphical User Interface (GUI) into XML files also enables the documentation and storage of the interface description. There are several cases where we need to have a stored documented format of the GUI. Having it in XML universal format, allows it to be retrieved and reused in other places. XML Files in their hierarchical structure make it possible and easy to preserve the hierarchical structure of the user interface. Several GUI structural metrics are also introduced to evaluate the user interface from testing perspectives. Those metrics can be collected automatically using the developed tool with no need for user intervention

Using Spec Explorer for Automatic Checking of Constraints in Software €Controlled Systems.

In software engineering, several formal models and tools are proposed for defining system requirements and constraints formally. Such formal definitions can help in the automatic checking and verification for them. It can also help in the automatic test case generation, execution and verification. In this paper, we will demonstrate and evaluate the usage of Spec Explorer from Microsoft for defining and checking examples of software controlled system such as cruise control. Such formal requirements can be eventually embedded in the developed system or can help in exposing important elements to test in the testing stage or through the usage of the applicationModel-Based Testing, Spec Explorer, FSM Models, Software Controlled Systems

Building an Islamic Financial Information System Based on Policy Managements

For many banks and customers in the Middle East and Islamic world, the availability and the ability to apply Islamic Shariah rules on financial activities is very important. In some cases, business and technical barriers can limit the ability to apply and offer financial services that are implemented according to Shariah rules. In this paper, we discuss enforcing Shariah rules from information technology viewpoint and show how such rules can be implemented and enforced in a financial establishment. Security authorization standard XACML is extended to consider Shariah rules. In this research XACML architecture, that is used and applied in many tools and system architectures, is used to enforce Shariah rules in the banking sector rather than its original goal of enforcing security rules where policy management systems such as XACML are usually used. We developed a model based on XACML policy management to show how an Islamic financial information system can be used to make decisions for day to day bank activities. Such a system is required by all Islamic banks around the world. Currently, most Islamic banks use advisory boards to provide opinions on general activities. The gap between those high level general rules and decision for each customer business process is to be filled by Islamic financial information systems. The flexible design of the architecture can also be effective where rules can be screened and revisited often without the need to restructure the authorization system implemented. Authorization rules described here are not necessarily the perfect reflection of Shariah opinions. They are only shown as a proof of concept and a demonstration of how such rules can be written and implemented

Misconfiguration in Firewalls and Network Access Controls: Literature Review

Firewalls and network access controls play important roles in security control and protection. Those firewalls may create an incorrect sense or state of protection if they are improperly configured. One of the major configuration problems in firewalls is related to misconfiguration in the access control roles added to the firewall that will control network traffic. In this paper, we evaluated recent research trends and open challenges related to firewalls and access controls in general and misconfiguration problems in particular. With the recent advances in next-generation (NG) firewalls, firewall roles can be auto-generated based on networks and threats. Nonetheless, and due to the large number of roles in any medium to large networks, roles’ misconfiguration may occur for several reasons and will impact the performance of the firewall and overall network and protection efficiency

Automatic Code Homework Grading Based on Concept Extraction

E-learning is taking more roles in the current methods of education. The automatic grading and assessment play a major role in both e-learning and traditional education as a method to reduce educational expenses and relief instructors from some of the lengthy tasks such as grading. In this paper, automatic grading for software code assignments or homework is described. A tool is developed to automatically grade students\u27 code assignments. Concepts or code from Students\u27 answers are first parsed. Key abstractions and keywords are extracted from students\u27 assignments and compared with typical or expected answers. Weights are given to code keywords by the instructor based on their value and importance in the overall answer. Relating this grading with code plagiarism, similarities are also measured between students\u27 assignments and an Euclidean distance method is developed and calculated between each assignment with all other assignments. Results showed that automatic grading for code assignments can be automated due to the nature of expected answers where grader can set and expect a fixed number of possible keywords in each answer. Such formality may not exist for several other types of essay questions

Using Test Case Mutation to Evaluate the Model of the User Interface

Mutation based testing is used to discover new possible errors in software applications. This is since in this testing approach, intentional incorrect lines of codes are injected to check the software ability to produce results that are different from the correct or original code. In this paper an automatic technique to generate valid and mutant test cases is proposed and developed. In most mutation techniques, one or more values or parameters in the specification, code, model, etc are intentionally modified and then test cases are generated to see if injected modifications can be detected. However, in this paper, test cases are mutated (i.e. mutants are generated from the test cases) after they are generated from the GUI model. Mutations are then applied to the GUI model to test its ability to kill those mutants by rejecting them. Typical to mutation testing, the goal of this approach is to discover possible errors or problems in the program that may not be discovered by other methods. A robust model is expected to differentiate between a valid and an invalid sequence of events. An automatic execution and verification technique is also developed to evaluate the test cases that were rejected by the model and calculate coverage based on the number of rejected test cases to the total number of test cases. Results showed that in user interfaces, and based on the nature of the mutation process implementation, mutation can find new areas or types of errors that may not be found using other approaches of testing

Evaluating Network Test Scenarios for Network Simulators Systems

Networks continue to grow as industries use both wired and wireless networks. Creating experiments to test those networks can be very expensive if conducted on production networks; therefore, the evaluation of networks and their performance is usually conducted using emulation. This growing reliance on simulation raises the risk of correctness and validation. Today, many network simulators have widely varying focuses and are employed in different fields of research. The trustworthiness of results produced from simulation models must be investigated. The goal of this work is first to compare and assess the performance of three prominent network simulators—NS-2, NS-3, and OMNet++—by considering the following qualitative characteristics: architectural design, correctness, performance, usability, features, and trends. Second, introduce the concept of mutation testing to design the appropriate network scenarios to be used for protocol evaluation. Many works still doubt if used scenarios can suit well to claim conclusions about protocol performance and effectiveness. A large-scale simulation model was implemented using ad hoc on-demand distance vector and destination-sequenced distance vector routing protocols to compare performance, correctness, and usability. This study addresses an interesting question about the validation process: “Are you building the right simulation model in the right environment?” In conclusion, network simulation alone cannot determine the correctness and usefulness of the implemented protocol. Software testing approaches should be considered to validate the quality of the network model and test scenarios being used