Lesson Archives

ABSTRACT Dynamic Graph Watermarking (DGW) is vulnerable to attack. We propose the use of a multiple secret sharing scheme to improve the robustness of DGW. We propose using Mignotte Sequences as the way to create the watermark shares needed by the method. The new scheme is suitable for inclusion in the SandMark test program. All necessary algorithms are identified.

ABSTRACT As software applications become more complex they require more security, allowing them to reach an appropriate level of quality to manage information, and therefore achieving business objectives. Web applications represent one segment of software industry where security risk assessment is essential. Web engineering must address new challenges to provide new techniques and tools that guarantee high quality application development. This work focuses asset identification, the initial step in security risk assessment for web applications. Risk assessment helps organizations determine security risks in information management systems. The formal approach to identifying information assets for risk assessment is investigated using the MAGERIT methodology and EBIOS method. This work is carried out at Simón Bolivar University (Venezuela) for its Student Opinion Survey Coordination web-based application. Under this research, a methodological tool for asset identification was developed to help the University achieve security risk assessment. Assets are identified according to their priorities in the organizational environment. This work contributes to Web Engineering in general, and to Information Security Management with emphasis on security risk assessment.

ABSTRACT Model driven approaches raise the level of abstraction during software development, where the focus of the development process is no longer on programming, but instead on the creation of different models. The OMG is addressing this new methodology with their Model Driven Architecture (MDA). The Query/ Views/Transformation (QVT) specification is part of the OMG’s MDA framework for combining declarative and imperative transformation languages between models. QVT-R uses a declarative (relational) approach to describe mappings between models, whereas QVT-O uses an imperative (operational) approach. Tools in this domain are still in their infancy and there exist no empirical study to compare QVT-O and QVT-R for complex application domains. In this paper we present a use case to show how both QVT-R and QVT-O can be used to map byte code instructions for Microsoft’s .NET virtual machine to Sun Microsystem’s Java Virtual Machine. We provide an extensive comparison between QVT-O and QVT-R and offer some best practices for using either transformation language.

ABSTRACT  Design decisions and constraints of a software system can be specified precisely using a formal notation such as the Object Constraint Language (OCL). However, they are not executable, and assuring the conformance of an implementation to its design is hard. The inability of expressing design constraints in an implementation and checking them at runtime invites, among others, the problem of design drift and corrosion. We propose runtime checks as a solution to mitigate this problem. The key idea of our approach is to translate design constraints written in a formal notation such as OCL into aspects that, when applied to a particular implementation, check the constraints at run-time. Our approach enables runtime verification of design-implementation conformance and detects design corrosion. The approach is modular and plug-and-playable; the constraint checking logic is completely separated from the implementation modules which are oblivious of the former. We believe that a significant portion of constraints translation can be automated.

ABSTRACT Over the past 30 years, many software reliability growth models (SRGM) have been proposed. Object-oriented software development practices are being rapidly adopted within increasingly complex systems, including real-time and concurrent system applications. To address reliability issues in designing object oriented software for this concurrent, time-critical system, this paper reviews an approach using the communication variables. Often, it is assumed that detected faults are immediately corrected when mathematical models are developed. This assumption may not be realistic in practice because the time to remove a detected fault depends on the complexity of the fault, the skill and experience of personnel, the size of debugging team, and the technique being used, and so on. During software testing, practical experiences show that mutually independent faults can be directly detected and removed, but mutually dependent faults can be removed iff the leading faults have been removed. That is, dependent faults may not be immediately removed, and the fault removal process lags behind the fault detection process. In this paper, we will first give a review of fault detection & correction processes in software reliability modeling. We will then illustrate the fact that detected faults cannot be immediately corrected with several examples. We also discuss the software fault dependency in detail, and study how to incorporate both fault dependency and debugging time lag into software reliability modeling. The proposed models are fairly general models that cover a variety of known SRGM under different conditions. Numerical examples are presented, and the results show that the proposed framework to incorporate both fault dependency and debugging time lag for SRGM has a better prediction capability. In addition, an optimal software release policy for the proposed models, based on cost-reliability criterion, is proposed.

ABSTRACT A Geographical Information System (GIS) is a computer system capable of creating, capturing and storing, analyzing, managing, and displaying geographically referenced information. A GIS tool offers interactive user interfaces to submit queries, analyze and edit data. The usability criterion of a GIS tool is an important factor for analyzing geographical information. This paper presents a methodology for evaluating the usability of a GIS tool and proposes some guidelines to find out the severity ratings of problems in a GIS tool. The paper also demonstrates how to scrutinize the usability to discover potential problems using a prototype user interface. Based on the study, experience, and observation, this paper also proposes a number of general usability evaluation guidelines for GIS tools.

ABSTRACT Software rearchitecting is the process of obtaining a documented architecture for an existing system. There are many software rearchitecting frameworks which are based upon different concepts and context-related issues for a specific application or programming language, such as Rigi, Ciao, SPOOL, and Symphony, and Software Rearchitecting Action Framework (SRAF). Most of the frameworks focus on the reverse engineering process of source code. They neglect the role of stakeholders in enhancing and developing their systems. This paper presents a systematic analysis and comparative study for rearchitecting frameworks using generic architecture characteristics or elements. Based on the major requirements that should be available in the rearchitecting frameworks, the comparative study proceeds. An efficient model is proposed based on the trends that resulted from the comparative analysis. It considers the evaluation criteria of the compared frameworks. Conclusions and remarks are highlighted.

ABSTRACT In this paper we present a new, non-pheromone-based test suite optimization approach inspired by the behavior of biological bees. Our proposed approach is based on ABC (Artificial Bee Colony Optimization) which is motivated by the intelligent behavior of honey bees. In our proposed system, the sites are the nodes in the Software under Test (SUT), the artificial bees modify the test cases with time and the bee’s aim is to discover the places of nodes with higher coverage and finally the one with the highest usage by the given test case. Since ABC system combines local search methods carried out by employed bees with global search methods managed by onlookers and scouts, we attain near global optima. We investigate whether this new approach outperforms existing test optimization approach based on Genetic Algorithms (GA) in the task of software test optimization. Taking into account the results of our experiments, we conclude that (i) the proposed approach uses fewer iterations to complete the task; (ii) is more scalable, i.e., it requires less computation time to complete the task, and finally (iii) our approach is best in achieving near global optimal solution.

ABSTRACT This paper will present a discrete event simulation model of a spiral development lifecycle that can be used to analyze cost and schedule effects of using such a process in comparison to a waterfall process. There is a need for simulation models of software development processes other than the waterfall due to new processes becoming more widely used in order to overcome the limitations of the traditional waterfall lifecycle. The use of a spiral process can make the inherently difficult job of cost and schedule estimation even more challenging due to its evolutionary nature, but this allows for a more flexible process that can better meet customers’ needs. Cost figures for the spiral process may initially appear higher but can ultimately prove to be much more realistic or even lower than the final cost for a waterfall process since the data on which they are based is continuously updated. The goal of this work is to present a preliminary model that provides insight into the impacts of selecting a spiral development approach and that demonstrates the usefulness of such a model in order to encourage the development of more detailed spiral development models.

ABSTRACT Frameworks provide large scale reuse by providing skeleton structure of similar applications. But, the generality, that a framework may have, makes it fairly complex, hard to understand and thus to reuse. This paper defines and analyzes two types of frameworks: tight and loose. It then proposes a strategy for framework development methodology that leads to loose frameworks. We try to find out the answer of a question: “which one (tight or loose) has what benefits over the other” by getting some experiences of developing loose and tight frameworks for the application sets of Environment for Unit testing (EUT) domain.