Software systems become increasingly distributed, involving many independent and collaborating components working towards achieving system goals. At the same time, security attacks on these systems have also grown being more sophisticated and are quite difficult to identify and mitigate, in particular including distributed attacks. In this paper, we argue that one way to detect and resist against such attacks is through the collaboration of a system's constituent components. To achieve collaborative defense in a distributed component-based system, a common basis (vocabulary) is needed for the components to communicate and work with each other in detecting attacks and devising countermeasures. We adopt an ontological approach to establishing such a common base and introduce ontologies concerning security attacks and defenses. The ontologies specify the security concepts and their relationships in a way understandable to both humans and software agents. We use a case study involving Mitnick attacks to demonstrate how system components use the ontologies to detect and counter attacks.
{"title":"An Ontology Framework for Managing Security Attacks and Defences in Component Based Software Systems","authors":"A. Vorobiev, Jun Han, N. Bekmamedova","doi":"10.1109/ASWEC.2008.25","DOIUrl":"https://doi.org/10.1109/ASWEC.2008.25","url":null,"abstract":"Software systems become increasingly distributed, involving many independent and collaborating components working towards achieving system goals. At the same time, security attacks on these systems have also grown being more sophisticated and are quite difficult to identify and mitigate, in particular including distributed attacks. In this paper, we argue that one way to detect and resist against such attacks is through the collaboration of a system's constituent components. To achieve collaborative defense in a distributed component-based system, a common basis (vocabulary) is needed for the components to communicate and work with each other in detecting attacks and devising countermeasures. We adopt an ontological approach to establishing such a common base and introduce ontologies concerning security attacks and defenses. The ontologies specify the security concepts and their relationships in a way understandable to both humans and software agents. We use a case study involving Mitnick attacks to demonstrate how system components use the ontologies to detect and counter attacks.","PeriodicalId":231903,"journal":{"name":"19th Australian Conference on Software Engineering (aswec 2008)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114858685","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
It seems that service oriented architecture (SOA) is to be this year's hot buzzword, rather than a well defined, meaningful and valuable part of the Enterprise Architecture landscape. Before the term fades away completely, perhaps we should agree what's valuable about the move to SOA and how to make the leap, and make the leap valuable. The SOA consortium is making great strides in defining SOA to be a valuable business strategy for business agility, in the context of Enterprise Architecture, Business Process Management and other concepts; and the Object Management Group (OMG) is making headway on modeling standards for services (as opposed to yet another set of standards for moving bits around wires). Dr. Soley will introduce the SOA Consortium and give some context for OMG's work in service modeling, with a focus on early successes in implementing the SOA business strategy leveraging modeling technologies like UML, BPMN and MOF.
{"title":"Service Oriented Architecture: Making the Leap, Leveraging Model Driven Architecture and Achieving Software Agility with BPM, SOA and MDA®","authors":"R. Soley, A. Watson","doi":"10.1109/ASWEC.2008.82","DOIUrl":"https://doi.org/10.1109/ASWEC.2008.82","url":null,"abstract":"It seems that service oriented architecture (SOA) is to be this year's hot buzzword, rather than a well defined, meaningful and valuable part of the Enterprise Architecture landscape. Before the term fades away completely, perhaps we should agree what's valuable about the move to SOA and how to make the leap, and make the leap valuable. The SOA consortium is making great strides in defining SOA to be a valuable business strategy for business agility, in the context of Enterprise Architecture, Business Process Management and other concepts; and the Object Management Group (OMG) is making headway on modeling standards for services (as opposed to yet another set of standards for moving bits around wires). Dr. Soley will introduce the SOA Consortium and give some context for OMG's work in service modeling, with a focus on early successes in implementing the SOA business strategy leveraging modeling technologies like UML, BPMN and MOF.","PeriodicalId":231903,"journal":{"name":"19th Australian Conference on Software Engineering (aswec 2008)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122461797","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The past ten years have seen a radical shift in business application software development. Rather than developing software from scratch using a conventional programming language, the majority of commercial software is now developed through reuse - the adaptation and configuration of existing software systems to meet specific organizational requirements. The most widespread form of reuse is through the use of generic systems, such as ERP and COTS systems, that are configured to meet specific organizational requirements. In this paper, I discuss the implications of software construction by configuration (CbC) for software engineering. Based on our experience with systems for medical records and university administration, I highlight some of the issues and problems that can arise in 'construction by configuration'. I discuss problems that arise in CbC projects and identify a number of challenges for research and practice to improve this approach to software engineering.
{"title":"Construction by Configuration: Challenges for Software Engineering Research and Practice","authors":"I. Sommerville","doi":"10.1109/ASWEC.2008.75","DOIUrl":"https://doi.org/10.1109/ASWEC.2008.75","url":null,"abstract":"The past ten years have seen a radical shift in business application software development. Rather than developing software from scratch using a conventional programming language, the majority of commercial software is now developed through reuse - the adaptation and configuration of existing software systems to meet specific organizational requirements. The most widespread form of reuse is through the use of generic systems, such as ERP and COTS systems, that are configured to meet specific organizational requirements. In this paper, I discuss the implications of software construction by configuration (CbC) for software engineering. Based on our experience with systems for medical records and university administration, I highlight some of the issues and problems that can arise in 'construction by configuration'. I discuss problems that arise in CbC projects and identify a number of challenges for research and practice to improve this approach to software engineering.","PeriodicalId":231903,"journal":{"name":"19th Australian Conference on Software Engineering (aswec 2008)","volume":"12 5 Suppl 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132892042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
When software safety requirements are imposed on legacy safety-critical systems, retrospective safety cases need to be formulated as part of recertifying the systems for further use and risks must be documented and managed to give confidence for reusing the systems. The SEI software development risk taxonomy focuses on general software development issues. It does not, however, cover all the safety risks. The software safety risk taxonomy was developed which provides a construct for eliciting and categorizing software safety risks in a straightforward manner. In this paper, we present extended work on the taxonomy for safety that incorporates the additional issues inherent in the development and maintenance of safety-critical systems with software. An instrument called a software safety risk taxonomy based questionnaire (TBQ) is generated containing questions addressing each safety attribute in the software safety risk taxonomy. Software safety risks are surfaced using the new TBQ and then analyzed. In this paper we give the definitions for the specialized product engineering class within the software safety risk taxonomy. At the end of the paper, we present the tool known as the 'legacy systems risk database tool' that is used to collect and analyze the data required to show traceability to a particular safety standard.
{"title":"The Product Engineering Class in the Software Safety Risk Taxonomy for Building Safety-Critical Systems","authors":"Janice Hill, D. Victor","doi":"10.1109/ASWEC.2008.72","DOIUrl":"https://doi.org/10.1109/ASWEC.2008.72","url":null,"abstract":"When software safety requirements are imposed on legacy safety-critical systems, retrospective safety cases need to be formulated as part of recertifying the systems for further use and risks must be documented and managed to give confidence for reusing the systems. The SEI software development risk taxonomy focuses on general software development issues. It does not, however, cover all the safety risks. The software safety risk taxonomy was developed which provides a construct for eliciting and categorizing software safety risks in a straightforward manner. In this paper, we present extended work on the taxonomy for safety that incorporates the additional issues inherent in the development and maintenance of safety-critical systems with software. An instrument called a software safety risk taxonomy based questionnaire (TBQ) is generated containing questions addressing each safety attribute in the software safety risk taxonomy. Software safety risks are surfaced using the new TBQ and then analyzed. In this paper we give the definitions for the specialized product engineering class within the software safety risk taxonomy. At the end of the paper, we present the tool known as the 'legacy systems risk database tool' that is used to collect and analyze the data required to show traceability to a particular safety standard.","PeriodicalId":231903,"journal":{"name":"19th Australian Conference on Software Engineering (aswec 2008)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133852851","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we present an overview of HUI Analyzer, a tool intended for automating usability testing. The tool allows a user interface's expected and actual use to be captured unobtrusively, with any mismatches indicating potential usability problems being highlighted. HUI Analyzer also supports specification and checking of assertions governing a user interface's layout and actual user interaction. Assertions offer a low cost means of detecting usability defects and are intended to be checked iteratively during a user interface's development. Hotspot analysis is a feature that highlights the relative use of GUI components in a form. This is useful in informing form layout, for example to collocate heavily used components thereby reducing unnecessary scrolling or movement. Based on evaluation, we have found HUI Analyzer's performance in detecting usability defects to be comparable to conventional formal user testing. However the time taken by HUI Analyzer to automatically process and analyze user interactions is much less than that for formal user testing.
{"title":"Automated Usability Testing Using HUI Analyzer","authors":"Simon Baker, Fiora Au, G. Dobbie, I. Warren","doi":"10.1109/ASWEC.2008.40","DOIUrl":"https://doi.org/10.1109/ASWEC.2008.40","url":null,"abstract":"In this paper, we present an overview of HUI Analyzer, a tool intended for automating usability testing. The tool allows a user interface's expected and actual use to be captured unobtrusively, with any mismatches indicating potential usability problems being highlighted. HUI Analyzer also supports specification and checking of assertions governing a user interface's layout and actual user interaction. Assertions offer a low cost means of detecting usability defects and are intended to be checked iteratively during a user interface's development. Hotspot analysis is a feature that highlights the relative use of GUI components in a form. This is useful in informing form layout, for example to collocate heavily used components thereby reducing unnecessary scrolling or movement. Based on evaluation, we have found HUI Analyzer's performance in detecting usability defects to be comparable to conventional formal user testing. However the time taken by HUI Analyzer to automatically process and analyze user interactions is much less than that for formal user testing.","PeriodicalId":231903,"journal":{"name":"19th Australian Conference on Software Engineering (aswec 2008)","volume":"180 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133579984","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper proposes an integrated threat management framework to improve outcomes of software projects. Current best practice prescribes risk management and issue management to control threats. However, these processes cover only part of the spectrum of uncertainty. A broader framework of threat management is proposed that integrates issue management, risk management and crisis management. Case examples and steps to transition beyond risk management are also provided. Implications for research and practice are discussed. The framework provides a basis to extend efforts in research and practice to improve the capability of organizations to manage uncertainty and improve project results.
{"title":"Toward An Integrated Framework of Software Project Threats","authors":"Paul L. Bannerman","doi":"10.1109/ASWEC.2008.24","DOIUrl":"https://doi.org/10.1109/ASWEC.2008.24","url":null,"abstract":"This paper proposes an integrated threat management framework to improve outcomes of software projects. Current best practice prescribes risk management and issue management to control threats. However, these processes cover only part of the spectrum of uncertainty. A broader framework of threat management is proposed that integrates issue management, risk management and crisis management. Case examples and steps to transition beyond risk management are also provided. Implications for research and practice are discussed. The framework provides a basis to extend efforts in research and practice to improve the capability of organizations to manage uncertainty and improve project results.","PeriodicalId":231903,"journal":{"name":"19th Australian Conference on Software Engineering (aswec 2008)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116244330","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Aspect-oriented programming (AOP) is an emerging technique that provides a means to cleanly encapsulate and implement aspects that crosscut other modules. However, despite an interesting body of work for measuring cohesion in aspect-oriented (AO) systems, there is poor understanding of cohesion in the context of AOP. Most of the proposed cohesion assessment framework and metrics for AOP are for AspectJ programming language. In this paper we have defined a generic cohesion framework that takes into account two, the most well known families of available AOP languages, AspectJ and CaesarJ. This unified framework contributes in better understanding of cohesion in AOP, witch can contribute in (i) comparing measures and their potential use, (ii) integrating different existing measures which examine the same concept in different ways, and (iii) defining new cohesion metrics, which in turn permits the analysis and comparison of Java, AspectJ and CaesarJ implementations.
{"title":"Notice of Violation of IEEE Publication PrinciplesTowards a Unified Framework for Cohesion Measurement in Aspect-Oriented Systems","authors":"Avadhesh Kumar, Rajesh Kumar, P. Grover","doi":"10.1109/ASWEC.2008.16","DOIUrl":"https://doi.org/10.1109/ASWEC.2008.16","url":null,"abstract":"Aspect-oriented programming (AOP) is an emerging technique that provides a means to cleanly encapsulate and implement aspects that crosscut other modules. However, despite an interesting body of work for measuring cohesion in aspect-oriented (AO) systems, there is poor understanding of cohesion in the context of AOP. Most of the proposed cohesion assessment framework and metrics for AOP are for AspectJ programming language. In this paper we have defined a generic cohesion framework that takes into account two, the most well known families of available AOP languages, AspectJ and CaesarJ. This unified framework contributes in better understanding of cohesion in AOP, witch can contribute in (i) comparing measures and their potential use, (ii) integrating different existing measures which examine the same concept in different ways, and (iii) defining new cohesion metrics, which in turn permits the analysis and comparison of Java, AspectJ and CaesarJ implementations.","PeriodicalId":231903,"journal":{"name":"19th Australian Conference on Software Engineering (aswec 2008)","volume":"59 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127949534","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The decreasing line widths employed in semiconductor technologies means that soft errors are an increasing problem in modern system on a chip designs. Approaches adopted so far have focused on recovery after detection. In real-time systems, though, that can easily lead to missed deadlines. This paper proposes a preventative approach. Specifically a design methodology that uses metrics in design space exploration that highlight where in the structure of the systems model and at what point in its behaviour, protection is needed against soft errors. The approach does not eliminate the impact of soft errors completely, but aims to significantly reduce their impact.
{"title":"A Design Approach for Soft Error Protection in Real-Time Embedded Systems","authors":"M. S. Sadi, D. Myers, C. Ortega-Sanchez","doi":"10.1109/ASWEC.2008.68","DOIUrl":"https://doi.org/10.1109/ASWEC.2008.68","url":null,"abstract":"The decreasing line widths employed in semiconductor technologies means that soft errors are an increasing problem in modern system on a chip designs. Approaches adopted so far have focused on recovery after detection. In real-time systems, though, that can easily lead to missed deadlines. This paper proposes a preventative approach. Specifically a design methodology that uses metrics in design space exploration that highlight where in the structure of the systems model and at what point in its behaviour, protection is needed against soft errors. The approach does not eliminate the impact of soft errors completely, but aims to significantly reduce their impact.","PeriodicalId":231903,"journal":{"name":"19th Australian Conference on Software Engineering (aswec 2008)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126410419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Developing complex software systems which involve a lot of different non-orthogonal concerns requires considerable effort. This situation can be further exacerbated by tangled and scattered concerns found across the system. In order to reduce this sort of complexity, we need to employ a software development framework that facilitates the separation of different concerns. The framework should be able to direct the process of identification, modularization and specification of concerns into autonomous parts and eventually (re)compose them to yield a complete system. In this paper, we propose a software development framework which integrates the concept of a concern-oriented approach with model-driven development. This framework promotes separation of concerns both horizontal (separating concerns based on subject matters) and vertical (separating concerns based on level of abstraction).
{"title":"Concern-Oriented Model-Driven Development Framework","authors":"A. Fatwanto, C. Boughton","doi":"10.1109/ASWEC.2008.55","DOIUrl":"https://doi.org/10.1109/ASWEC.2008.55","url":null,"abstract":"Developing complex software systems which involve a lot of different non-orthogonal concerns requires considerable effort. This situation can be further exacerbated by tangled and scattered concerns found across the system. In order to reduce this sort of complexity, we need to employ a software development framework that facilitates the separation of different concerns. The framework should be able to direct the process of identification, modularization and specification of concerns into autonomous parts and eventually (re)compose them to yield a complete system. In this paper, we propose a software development framework which integrates the concept of a concern-oriented approach with model-driven development. This framework promotes separation of concerns both horizontal (separating concerns based on subject matters) and vertical (separating concerns based on level of abstraction).","PeriodicalId":231903,"journal":{"name":"19th Australian Conference on Software Engineering (aswec 2008)","volume":"76 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126580001","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Testing SCADA (supervisory control and data acquisition) near real-time systems is challenging, as it involves complex interactions and the simulation of the supervised and controlled environment. Model-driven testing techniques can help to achieve clarity about the inner workings of the system and facilitate test construction, but these models are currently disconnected from those of the environmental simulation, leading to a paradigm break. This paper presents a strategy to remedy this situation. To this end, it leverages Modelica and the Eclipse Modeling Framework. Modelica is an object-oriented mathematical modeling language for component-oriented modeling of complex physical systems. It is an open standard and implementation, and provides a rendering of its input language in Ecore, the meta-language of the Eclipse Modeling Framework (EMF). It also offers convenient visual editors, whose notation via the Modelica ML profile is consistent with the SysML standard, a restricted version of UML The strategy presented here leverages EMF as a common basis for model-driven development, reusing Modelica's powerful simulation features in integration with a custom-designed testing process. With this tooling, a test engineer can model all aspects of a SCADA test within one workbench and enjoy full traceability between the proprietary test model, and its surrounding environment simulation.
{"title":"Towards Integrated Model-Driven Testing of SCADA Systems Using the Eclipse Modeling Framework and Modelica","authors":"Jörn Guy Süß, A. Pop, P. Fritzson, Luke Wildman","doi":"10.1109/ASWEC.2008.38","DOIUrl":"https://doi.org/10.1109/ASWEC.2008.38","url":null,"abstract":"Testing SCADA (supervisory control and data acquisition) near real-time systems is challenging, as it involves complex interactions and the simulation of the supervised and controlled environment. Model-driven testing techniques can help to achieve clarity about the inner workings of the system and facilitate test construction, but these models are currently disconnected from those of the environmental simulation, leading to a paradigm break. This paper presents a strategy to remedy this situation. To this end, it leverages Modelica and the Eclipse Modeling Framework. Modelica is an object-oriented mathematical modeling language for component-oriented modeling of complex physical systems. It is an open standard and implementation, and provides a rendering of its input language in Ecore, the meta-language of the Eclipse Modeling Framework (EMF). It also offers convenient visual editors, whose notation via the Modelica ML profile is consistent with the SysML standard, a restricted version of UML The strategy presented here leverages EMF as a common basis for model-driven development, reusing Modelica's powerful simulation features in integration with a custom-designed testing process. With this tooling, a test engineer can model all aspects of a SCADA test within one workbench and enjoy full traceability between the proprietary test model, and its surrounding environment simulation.","PeriodicalId":231903,"journal":{"name":"19th Australian Conference on Software Engineering (aswec 2008)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2008-03-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125756286","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: