Pub Date : 2020-10-01DOI: 10.1109/ISSREW51248.2020.00059
Qianying Liao
The need for rapid and efficient software development pushes the demand for automation in the phases of build, test, and release. Thereby, the methodology of Continuous Integration and Continuous Deployment (CI/CD) emerges, which then gives birth to a set of CI/CD enabling services, such as Travis CI and Jenkins. Those services facilitate the automatic compilation, connection tracking, and packaging of new features. They not only incorporate playgrounds for testing and functionality verification but also enable the final delivery.Poor understanding and execution in CI/CD operations can result in slowing and even halting the pace of a software project. Many bottlenecks of CI/CD pipeline might occur due to its incorrect configurations, i.e. the inadequate level of automation, the unsuitable load capacity and the suboptimal queueing strategy. However, understanding the actual CI/CD pipeline is hard since its performance varies significantly with different hosting machines, technologies and plugins. On the other hand, finding a way to analyse and improve the settings of CI/CD pipeline brings great managerial and economic benefits since an optimal configuration implies the eventual high efficiency. To that end, this study attempts to design a model that can not only capture the abstraction of the pipeline but also provides a testing environment for the impersonal influencers of CI/CD performance. The current study, therefore, aims to contribute (1) a pipeline model based on the logic of the queueing system and enabled by agent-based simulation, and (2) an experimental environment which allows the testing of different settings and operation scenarios.
{"title":"Modelling CI/CD Pipeline Through Agent-Based Simulation","authors":"Qianying Liao","doi":"10.1109/ISSREW51248.2020.00059","DOIUrl":"https://doi.org/10.1109/ISSREW51248.2020.00059","url":null,"abstract":"The need for rapid and efficient software development pushes the demand for automation in the phases of build, test, and release. Thereby, the methodology of Continuous Integration and Continuous Deployment (CI/CD) emerges, which then gives birth to a set of CI/CD enabling services, such as Travis CI and Jenkins. Those services facilitate the automatic compilation, connection tracking, and packaging of new features. They not only incorporate playgrounds for testing and functionality verification but also enable the final delivery.Poor understanding and execution in CI/CD operations can result in slowing and even halting the pace of a software project. Many bottlenecks of CI/CD pipeline might occur due to its incorrect configurations, i.e. the inadequate level of automation, the unsuitable load capacity and the suboptimal queueing strategy. However, understanding the actual CI/CD pipeline is hard since its performance varies significantly with different hosting machines, technologies and plugins. On the other hand, finding a way to analyse and improve the settings of CI/CD pipeline brings great managerial and economic benefits since an optimal configuration implies the eventual high efficiency. To that end, this study attempts to design a model that can not only capture the abstraction of the pipeline but also provides a testing environment for the impersonal influencers of CI/CD performance. The current study, therefore, aims to contribute (1) a pipeline model based on the logic of the queueing system and enabled by agent-based simulation, and (2) an experimental environment which allows the testing of different settings and operation scenarios.","PeriodicalId":202247,"journal":{"name":"2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128119751","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-10-01DOI: 10.1109/ISSREW51248.2020.00041
Jean Guyomarc'h, Jean-Baptiste Hervé
Multitasking enables multiple tasks to be executed on the same hardware, and spatial partitioning aims at enforcing a strong isolation between them: tasks must not access memory regions for which they were not granted permission. This behavior is enforced at run-time by memory protection schemes enabled by dedicated hardware components. Today, memory protection is widely implemented on a great diversity of systems, mostly with dynamic requirements (e.g. variable number of tasks). Safety-critical systems must comply with high level of certification to ensure minimal probability of failure and are subject to stringent requirements on the embedded executable, which makes memory protection mandatory, but requires important certification efforts. This paper presents a method for the generation of static and verifiable memory partitioning schemes towards safety-critical systems, aiming at reducing certification costs without compromising safety properties.
{"title":"Static and Verifiable Memory Partitioning for Safety-Critical Systems","authors":"Jean Guyomarc'h, Jean-Baptiste Hervé","doi":"10.1109/ISSREW51248.2020.00041","DOIUrl":"https://doi.org/10.1109/ISSREW51248.2020.00041","url":null,"abstract":"Multitasking enables multiple tasks to be executed on the same hardware, and spatial partitioning aims at enforcing a strong isolation between them: tasks must not access memory regions for which they were not granted permission. This behavior is enforced at run-time by memory protection schemes enabled by dedicated hardware components. Today, memory protection is widely implemented on a great diversity of systems, mostly with dynamic requirements (e.g. variable number of tasks). Safety-critical systems must comply with high level of certification to ensure minimal probability of failure and are subject to stringent requirements on the embedded executable, which makes memory protection mandatory, but requires important certification efforts. This paper presents a method for the generation of static and verifiable memory partitioning schemes towards safety-critical systems, aiming at reducing certification costs without compromising safety properties.","PeriodicalId":202247,"journal":{"name":"2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128884227","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-10-01DOI: 10.1109/ISSREW51248.2020.00062
N. Yakymets, Morayo Adedjouma
Fault tree analysis is a commonly used technique to assess the reliability of critical systems. The method requires modeling the propagation path of basic events that may cause a feared event, and define their probabilities. In this paper, we present a model-based approach to construct fault tree from SysML models and to perform quantitative analysis of the tree using FIDES reliability prediction standard. We exemplify the approach on a power interface unit system.
{"title":"Model-based Quantitative Fault Tree Analysis based on FIDES Reliability Prediction","authors":"N. Yakymets, Morayo Adedjouma","doi":"10.1109/ISSREW51248.2020.00062","DOIUrl":"https://doi.org/10.1109/ISSREW51248.2020.00062","url":null,"abstract":"Fault tree analysis is a commonly used technique to assess the reliability of critical systems. The method requires modeling the propagation path of basic events that may cause a feared event, and define their probabilities. In this paper, we present a model-based approach to construct fault tree from SysML models and to perform quantitative analysis of the tree using FIDES reliability prediction standard. We exemplify the approach on a power interface unit system.","PeriodicalId":202247,"journal":{"name":"2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"139 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126172139","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-10-01DOI: 10.1109/ISSREW51248.2020.00054
M. A. Hakamian
Modern distributed systems are supposed to be resilience and continue to operate according to agreed-on Quality of Service (QoS) despite the failure of few services or variations in workload. Real-world incidents show that systems still undergo unacceptable QoS degradations or significant service outages. The main reasons are updates of the system or infrastructural services, and subsequently, faulty recovery logic. Frequent updates and faulty recovery logic result in a correlated set of failure modes that impact the system’s QoS. Software architects need assurance that the system satisfies agreed-on QoS despite updates in the system or infrastructural services. In this research, we propose systematic identification of the risk of a correlated set of failure modes due to updates that cause unacceptable performance degradation or service outage. According to the Architecture Tradeoff Analysis Method (ATAM), we propose to formulate collected risks into a scenario structure for a precise resilience requirement characterization. Furthermore, we propose model-based prediction methods for scenario-based resilience evaluation of the system. Therefore, the software architect has a measurement-based evaluation of system resilience and can incorporate the evaluation result for further system resilience improvement or specifying a precise service level agreement.
{"title":"Engineering Resilience: Predicting The Change Impact on Performance and Availability of Reconfigurable Systems","authors":"M. A. Hakamian","doi":"10.1109/ISSREW51248.2020.00054","DOIUrl":"https://doi.org/10.1109/ISSREW51248.2020.00054","url":null,"abstract":"Modern distributed systems are supposed to be resilience and continue to operate according to agreed-on Quality of Service (QoS) despite the failure of few services or variations in workload. Real-world incidents show that systems still undergo unacceptable QoS degradations or significant service outages. The main reasons are updates of the system or infrastructural services, and subsequently, faulty recovery logic. Frequent updates and faulty recovery logic result in a correlated set of failure modes that impact the system’s QoS. Software architects need assurance that the system satisfies agreed-on QoS despite updates in the system or infrastructural services. In this research, we propose systematic identification of the risk of a correlated set of failure modes due to updates that cause unacceptable performance degradation or service outage. According to the Architecture Tradeoff Analysis Method (ATAM), we propose to formulate collected risks into a scenario structure for a precise resilience requirement characterization. Furthermore, we propose model-based prediction methods for scenario-based resilience evaluation of the system. Therefore, the software architect has a measurement-based evaluation of system resilience and can incorporate the evaluation result for further system resilience improvement or specifying a precise service level agreement.","PeriodicalId":202247,"journal":{"name":"2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127214769","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-10-01DOI: 10.1109/ISSREW51248.2020.00057
Juan Hernández-Serrato, Alejandro Velasco, Yury Nifio, M. Linares-Vásquez
With the advent of internet-scale systems, and the need to assure a high functional and non-functional quality of those systems, researchers and practitioners have been working on approaches and tools for monitoring, profiling, and testing of internet-scale systems. One of those approaches is Chaos Engineering, which imposes different challenges for the software reliability engineering community. In this paper, we propose future avenues for research and development with the target of improving chaos engineering capabilities by using machine learning.
{"title":"Applying Machine Learning with Chaos Engineering","authors":"Juan Hernández-Serrato, Alejandro Velasco, Yury Nifio, M. Linares-Vásquez","doi":"10.1109/ISSREW51248.2020.00057","DOIUrl":"https://doi.org/10.1109/ISSREW51248.2020.00057","url":null,"abstract":"With the advent of internet-scale systems, and the need to assure a high functional and non-functional quality of those systems, researchers and practitioners have been working on approaches and tools for monitoring, profiling, and testing of internet-scale systems. One of those approaches is Chaos Engineering, which imposes different challenges for the software reliability engineering community. In this paper, we propose future avenues for research and development with the target of improving chaos engineering capabilities by using machine learning.","PeriodicalId":202247,"journal":{"name":"2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122336690","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-10-01DOI: 10.1109/ISSREW51248.2020.00079
David Pereira, J. Ferreira, A. Mendes
In this paper we measure the accuracy of password strength meters (PSMs) using password guessing resistance against off-the-shelf guessing attacks. We consider 13 PSMs, 5 different attack tools, and a random selection of 60,000 passwords extracted from three different datasets of real-world password leaks. Our results show that a significant percentage of passwords classified as strong were cracked, thus suggesting that current password strength estimation methods can be improved.
{"title":"Evaluating the Accuracy of Password Strength Meters using Off-The-Shelf Guessing Attacks","authors":"David Pereira, J. Ferreira, A. Mendes","doi":"10.1109/ISSREW51248.2020.00079","DOIUrl":"https://doi.org/10.1109/ISSREW51248.2020.00079","url":null,"abstract":"In this paper we measure the accuracy of password strength meters (PSMs) using password guessing resistance against off-the-shelf guessing attacks. We consider 13 PSMs, 5 different attack tools, and a random selection of 60,000 passwords extracted from three different datasets of real-world password leaks. Our results show that a significant percentage of passwords classified as strong were cracked, thus suggesting that current password strength estimation methods can be improved.","PeriodicalId":202247,"journal":{"name":"2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"196 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121183900","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-10-01DOI: 10.1109/ISSREW51248.2020.00065
Nishanth Laxman, P. Liggesmeyer
Ipso facto “Uncertainty is certain” makes design and development of Cyber Physical Systems (CPS), specifically for safety critical scenarios, a challenging process. CPS are expected to function safely in unforeseen contexts, which are often characterized by the pervasive presence of uncertainty. There is a multitude of research and numerous approaches available for efficiently handling such uncertainties at runtime, but how many of them handle it from the viewpoint of safety assurance? Are the approaches which handle various possible uncertainties at runtime from safety assurance perspective need of the hour? This paper attempts to explore these issues and offers a rarely chosen but important perspective on handling uncertainties at runtime during the development of CPS. This paper is based on initial outcomes of an ongoing Systematic Literature Review (SLR) and consequent research on ”safe” handling of uncertainties at runtime.
{"title":"Should we “safely” handle the uncertainties at runtime? - A rather seldom asked question","authors":"Nishanth Laxman, P. Liggesmeyer","doi":"10.1109/ISSREW51248.2020.00065","DOIUrl":"https://doi.org/10.1109/ISSREW51248.2020.00065","url":null,"abstract":"Ipso facto “Uncertainty is certain” makes design and development of Cyber Physical Systems (CPS), specifically for safety critical scenarios, a challenging process. CPS are expected to function safely in unforeseen contexts, which are often characterized by the pervasive presence of uncertainty. There is a multitude of research and numerous approaches available for efficiently handling such uncertainties at runtime, but how many of them handle it from the viewpoint of safety assurance? Are the approaches which handle various possible uncertainties at runtime from safety assurance perspective need of the hour? This paper attempts to explore these issues and offers a rarely chosen but important perspective on handling uncertainties at runtime during the development of CPS. This paper is based on initial outcomes of an ongoing Systematic Literature Review (SLR) and consequent research on ”safe” handling of uncertainties at runtime.","PeriodicalId":202247,"journal":{"name":"2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"574 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128769681","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-10-01DOI: 10.1109/ISSREW51248.2020.00069
Rodger William Byrd, Taniza Sultana, Kristen R. Walcott
The prevalence of push notifications for communication between devices is increasing and is vital to Internet of Things (IoT) components. It has been observed that delays of notification receipt vary even for devices that are on the same network and using the same hardware. A closer analysis is needed to understand what is occurring in the hardware when a notification occurs from a cloud service or other application.In this paper, we describe and develop a framework, AHPCap, to better understand application behavior at the hardware level at the time of a notification. We explain the framework and its deployment and capabilities. We then show an example of a hardware profile that can be generated on mobile devices and analyze the time required to capture and record the profile data. Lastly, we discuss some of AHPCap’s potential applications.
{"title":"AHPCap: A Framework for Automated Hardware Profiling and Capture of Mobile Application States","authors":"Rodger William Byrd, Taniza Sultana, Kristen R. Walcott","doi":"10.1109/ISSREW51248.2020.00069","DOIUrl":"https://doi.org/10.1109/ISSREW51248.2020.00069","url":null,"abstract":"The prevalence of push notifications for communication between devices is increasing and is vital to Internet of Things (IoT) components. It has been observed that delays of notification receipt vary even for devices that are on the same network and using the same hardware. A closer analysis is needed to understand what is occurring in the hardware when a notification occurs from a cloud service or other application.In this paper, we describe and develop a framework, AHPCap, to better understand application behavior at the hardware level at the time of a notification. We explain the framework and its deployment and capabilities. We then show an example of a hardware profile that can be generated on mobile devices and analyze the time required to capture and record the profile data. Lastly, we discuss some of AHPCap’s potential applications.","PeriodicalId":202247,"journal":{"name":"2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115409486","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2020-10-01DOI: 10.1109/ISSREW51248.2020.00049
José D’Abruzzo Pereira
Software is frequently deployed with vulnerabilities that may allow hackers to gain access to the system or information, leading to money or reputation losses. Although there are many techniques to detect software vulnerabilities, their effectiveness is far from acceptable, especially in large software projects, as shown by several research works. This Ph.D. aims to study the combination of different techniques to improve the effectiveness of vulnerability detection (increasing the detection rate and decreasing the number of false-positives). Static Code Analysis (SCA) has a good detection rate and is the central technique of this work. However, as SCA reports many false-positives, we will study the combination of various SCA tools and the integration with other detection approaches (e.g., software metrics) to improve vulnerability detection capabilities. We will also study the use of such combination to prioritize the reported vulnerabilities and thus guide the development efforts and fixes in resource-constrained projects.
{"title":"Techniques and Tools for Advanced Software Vulnerability Detection","authors":"José D’Abruzzo Pereira","doi":"10.1109/ISSREW51248.2020.00049","DOIUrl":"https://doi.org/10.1109/ISSREW51248.2020.00049","url":null,"abstract":"Software is frequently deployed with vulnerabilities that may allow hackers to gain access to the system or information, leading to money or reputation losses. Although there are many techniques to detect software vulnerabilities, their effectiveness is far from acceptable, especially in large software projects, as shown by several research works. This Ph.D. aims to study the combination of different techniques to improve the effectiveness of vulnerability detection (increasing the detection rate and decreasing the number of false-positives). Static Code Analysis (SCA) has a good detection rate and is the central technique of this work. However, as SCA reports many false-positives, we will study the combination of various SCA tools and the integration with other detection approaches (e.g., software metrics) to improve vulnerability detection capabilities. We will also study the use of such combination to prioritize the reported vulnerabilities and thus guide the development efforts and fixes in resource-constrained projects.","PeriodicalId":202247,"journal":{"name":"2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114537463","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: