Pub Date : 2005-07-26DOI: 10.1109/COMPSAC.2005.139
Sami Beydeda
An often-proposed approach to decrease costs of software development projects is to reuse existing software units. Reusing software units has indeed the potential to decrease costs, but this decrease of costs has to be put in relation to the risks inherent in third-party software. In particular, third-party software units can have a high inherent complexity complicating testing, even worse, source code and other information required for testing might not be available at all. In such cases, self-testability, if the software unit has been augmented appropriately, can be a method for ensuring that the software unit reused fits into the system to be developed with respect to its quality.
{"title":"Self-testability in unit testing","authors":"Sami Beydeda","doi":"10.1109/COMPSAC.2005.139","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.139","url":null,"abstract":"An often-proposed approach to decrease costs of software development projects is to reuse existing software units. Reusing software units has indeed the potential to decrease costs, but this decrease of costs has to be put in relation to the risks inherent in third-party software. In particular, third-party software units can have a high inherent complexity complicating testing, even worse, source code and other information required for testing might not be available at all. In such cases, self-testability, if the software unit has been augmented appropriately, can be a method for ensuring that the software unit reused fits into the system to be developed with respect to its quality.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128690466","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Information timeliness is crucial for media-based Websites. AI though a couple of timeliness design strategies have been developed, timeliness measurement is still in its infancy. Based on our previous research, this paper presents three timeliness measures and reports the empirical validation of them in a case study conducted during the recent Olympic Games.
{"title":"Empirical validation of Website timeliness measures","authors":"Yanlong Zhang, Hong Zhu, S. Greenwood","doi":"10.1109/COMPSAC.2005.72","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.72","url":null,"abstract":"Information timeliness is crucial for media-based Websites. AI though a couple of timeliness design strategies have been developed, timeliness measurement is still in its infancy. Based on our previous research, this paper presents three timeliness measures and reports the empirical validation of them in a case study conducted during the recent Olympic Games.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124648912","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-07-26DOI: 10.1109/COMPSAC.2005.151
J. Li, James Miller
The XML schema language is becoming the preferred means of defining and validating highly structured XML instance documents. We have extended the conventional mutation method to be applicable for W3C XML schemas. In this paper a technique for using mutation analysis to test the semantic correctness of W3C XML schemas is presented. We introduce a mutation analysis model and a set of W3C XML schema (XSD) mutation operators that can be used to detect faults involving name-spaces, user-defined types, and inheritance. Preliminary evaluation of our technique shows that it is effectiveness to test the semantics of W3C XML schema documents.
{"title":"Testing the semantics of W3C XML schema","authors":"J. Li, James Miller","doi":"10.1109/COMPSAC.2005.151","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.151","url":null,"abstract":"The XML schema language is becoming the preferred means of defining and validating highly structured XML instance documents. We have extended the conventional mutation method to be applicable for W3C XML schemas. In this paper a technique for using mutation analysis to test the semantic correctness of W3C XML schemas is presented. We introduce a mutation analysis model and a set of W3C XML schema (XSD) mutation operators that can be used to detect faults involving name-spaces, user-defined types, and inheritance. Preliminary evaluation of our technique shows that it is effectiveness to test the semantics of W3C XML schema documents.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"132 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127090182","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper describes an approach to representing normal activities in a smart house based on the concept of anxiety. Anxiety is computed as a function of time and is kept low by interactions of an occupant with the various devices in a house. Abnormality is indicated by a lack of activity or the wrong activity which will cause anxiety to rise ultimately raising an alarm, querying the occupant and/or alerting a carer in real-time. Anxiety is formulated using probabilistic models that describe how people interact with devices in combinations. These models can be learnt interactively as the smart house acts pessimistically enquiring of the occupant if what they are doing is normal. Results are presented for a number of kitchen scenarios and for different formulations of anxiety.
{"title":"A probabilistic approach to the anxious home for activity monitoring","authors":"G. West, S. Greenhill, S. Venkatesh","doi":"10.1109/COMPSAC.2005.29","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.29","url":null,"abstract":"This paper describes an approach to representing normal activities in a smart house based on the concept of anxiety. Anxiety is computed as a function of time and is kept low by interactions of an occupant with the various devices in a house. Abnormality is indicated by a lack of activity or the wrong activity which will cause anxiety to rise ultimately raising an alarm, querying the occupant and/or alerting a carer in real-time. Anxiety is formulated using probabilistic models that describe how people interact with devices in combinations. These models can be learnt interactively as the smart house acts pessimistically enquiring of the occupant if what they are doing is normal. Results are presented for a number of kitchen scenarios and for different formulations of anxiety.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130502793","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Distributed processing environments such as that of a traffic management network system (TMS) can be implemented easier, faster, and secure and perform better through use of autonomous semantic agents (ASAs). For an ASA can then be realized as a semantic Web service, a whole TMS is easily implemented through a collection of semantic Web services agents arranged according to the topology of the traffic network. It would suffice to develop a generic ASA Web service class, instantiate individual ASAs from it in numbers as required one per junction, and supply specific intersection data in semantically-enriched representation to each. Should advanced information support and control services be required, one of the ASAs may be configured slightly differently in that it acts as the operational overseer and repository for aggregated data and ASA class code. Once created, this facilitator ASA knows the topology of the whole traffic network, identifies each intersection (and its associated ASA), can interrogate and instruct individual ASAs, aspects of ASA design, operation, and application development using ASAs are taken into consideration. Simulations show high performance and the benefits of load distribution using ASAs.
{"title":"Considerations on a new software architecture for distributed environments using autonomous semantic agents","authors":"Atilla Elçi, Behnam Rahnama","doi":"10.1109/COMPSAC.2005.63","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.63","url":null,"abstract":"Distributed processing environments such as that of a traffic management network system (TMS) can be implemented easier, faster, and secure and perform better through use of autonomous semantic agents (ASAs). For an ASA can then be realized as a semantic Web service, a whole TMS is easily implemented through a collection of semantic Web services agents arranged according to the topology of the traffic network. It would suffice to develop a generic ASA Web service class, instantiate individual ASAs from it in numbers as required one per junction, and supply specific intersection data in semantically-enriched representation to each. Should advanced information support and control services be required, one of the ASAs may be configured slightly differently in that it acts as the operational overseer and repository for aggregated data and ASA class code. Once created, this facilitator ASA knows the topology of the whole traffic network, identifies each intersection (and its associated ASA), can interrogate and instruct individual ASAs, aspects of ASA design, operation, and application development using ASAs are taken into consideration. Simulations show high performance and the benefits of load distribution using ASAs.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115202573","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The extensible markup language (XML) has emerged as the dominant standard in describing and exchanging data among heterogeneous data sources. The increasing presence of large volumes of data appearing in enterprise settings creates the need to investigate XML document warehouses (XDW) as a means of handling and analysing XML data for business intelligence. In our previous work, we proposed a conceptual modelling approach for the design and development of XDWs, with emphasis on capturing data warehouse requirements early in the design stage. To address this issue, in this paper, we explore a requirement engineering (RE) approach, namely the goal-oriented approach. We adopt and extend the notion of this approach and introduce the XDW requirement model. This focuses on deriving dimensions, as opposed to associating organizational objectives to the system functions, which is carried out by the traditional requirement engineering process.
{"title":"A requirement engineering approach for designing XML-view driven, XML document warehouses","authors":"Vicky Nassis, R. Rajugan, T. Dillon, J. Rahayu","doi":"10.1109/COMPSAC.2005.32","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.32","url":null,"abstract":"The extensible markup language (XML) has emerged as the dominant standard in describing and exchanging data among heterogeneous data sources. The increasing presence of large volumes of data appearing in enterprise settings creates the need to investigate XML document warehouses (XDW) as a means of handling and analysing XML data for business intelligence. In our previous work, we proposed a conceptual modelling approach for the design and development of XDWs, with emphasis on capturing data warehouse requirements early in the design stage. To address this issue, in this paper, we explore a requirement engineering (RE) approach, namely the goal-oriented approach. We adopt and extend the notion of this approach and introduce the XDW requirement model. This focuses on deriving dimensions, as opposed to associating organizational objectives to the system functions, which is carried out by the traditional requirement engineering process.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130986033","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
To protect software against malicious activities, organizations are required to monitor security breaches. Intrusion detection systems (IDS) are those kinds of monitoring tools that have gained a considerable amount of popularity, A number of specification-based IDSs have been proposed, where security requirements or attack scenarios are specified using some languages. Currently, attack specification languages are being deployed for describing security requirements. Use of two different languages for software specification and security specification invites a number of unwanted but complicated issues, such as duplication of requirements specification effort as well as the existence of redundant and conflicting requirements. In this paper, we present an intrusion detection technique that uses a formal software specification language called abstract state machine language (AsmL) for the specification of security requirements. We present a framework, and develop the algorithm for the IDS that interprets the AsmL attack scenario specifications in order to detect intrusions. Moreover, we discuss case studies where the presented intrusion detection system is used to detect attacks.
{"title":"Detecting intrusions specified in a software specification language","authors":"M. Raihan, Mohammad Zulkernine","doi":"10.1109/COMPSAC.2005.69","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.69","url":null,"abstract":"To protect software against malicious activities, organizations are required to monitor security breaches. Intrusion detection systems (IDS) are those kinds of monitoring tools that have gained a considerable amount of popularity, A number of specification-based IDSs have been proposed, where security requirements or attack scenarios are specified using some languages. Currently, attack specification languages are being deployed for describing security requirements. Use of two different languages for software specification and security specification invites a number of unwanted but complicated issues, such as duplication of requirements specification effort as well as the existence of redundant and conflicting requirements. In this paper, we present an intrusion detection technique that uses a formal software specification language called abstract state machine language (AsmL) for the specification of security requirements. We present a framework, and develop the algorithm for the IDS that interprets the AsmL attack scenario specifications in order to detect intrusions. Moreover, we discuss case studies where the presented intrusion detection system is used to detect attacks.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131750783","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper presents a brief overview of current work at the University of Louisville toward the use of systems engineering methodologies for control of the software engineering process. While this work is still in its initial stages, the methodologies for failure modes, effects and criticality analysis seem to be particularly appropriate. Two medium size software applications of these methodologies are currently under investigation in our laboratory.
{"title":"FMECA control for software development","authors":"J. Graham","doi":"10.1109/COMPSAC.2005.79","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.79","url":null,"abstract":"This paper presents a brief overview of current work at the University of Louisville toward the use of systems engineering methodologies for control of the software engineering process. While this work is still in its initial stages, the methodologies for failure modes, effects and criticality analysis seem to be particularly appropriate. Two medium size software applications of these methodologies are currently under investigation in our laboratory.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"66 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124252417","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-07-26DOI: 10.1109/COMPSAC.2005.158
F. Belli, Christof J. Budnik
It is widely accepted that conventional test methods are not necessarily adequate for testing of component-based software (CBS). As a consequence, also conventional test tools cause similar problems for the test automation of CBS based on their graphical user interfaces (GUI), because for any level of user-focused testing domain knowledge and knowledge about the implementation of the CBS are essential to run the tests. The component manufacturer, on the other side, is usually not willing to deliver the code to protect his, or her, commercial interest. For solving this conflict, this paper introduces a framework for the automation of user-oriented component testing that significantly reduces the test costs. The concept is based on black-box testing techniques and utilizes the common features of commercial capture/replay test tools.
{"title":"Towards self-testing of component-based software","authors":"F. Belli, Christof J. Budnik","doi":"10.1109/COMPSAC.2005.158","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.158","url":null,"abstract":"It is widely accepted that conventional test methods are not necessarily adequate for testing of component-based software (CBS). As a consequence, also conventional test tools cause similar problems for the test automation of CBS based on their graphical user interfaces (GUI), because for any level of user-focused testing domain knowledge and knowledge about the implementation of the CBS are essential to run the tests. The component manufacturer, on the other side, is usually not willing to deliver the code to protect his, or her, commercial interest. For solving this conflict, this paper introduces a framework for the automation of user-oriented component testing that significantly reduces the test costs. The concept is based on black-box testing techniques and utilizes the common features of commercial capture/replay test tools.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"68 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124157201","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-07-26DOI: 10.1109/COMPSAC.2005.145
C. Griffin, B. Madan, Kishor S. Trivedi
In this paper, we describe three different state space models for analyzing the security of a software system. In the first part of this paper, we utilize a semi-Markov process (SMP) to model the transitions between the security states of an abstract software system. The SMP model can be solved to obtain the probability of reaching security failed states along with the meantime to security failure (MTTSF). In the second part of the paper, we use a discrete event dynamic system model of security dynamics. We show how to derive events and transitions from existing security taxonomies. We then apply theory of discrete event control to define safety properties of the computer system in terms of the basic concepts of controllability used in discrete event control for two special sublanguages K/sub s/ and K/sub v/. These languages correspond to maximally robust controllable sub-languages. In the third approach, we show that by associating cost with the state transitions, the security quantification problem can be casted as Markov decision problem (MDP). This MOP can be solved to obtain an optimal controllable language K/sub s//spl sube/K/sub v/ the gives the minimal cost safe security policy.
{"title":"State space approach to security quantification","authors":"C. Griffin, B. Madan, Kishor S. Trivedi","doi":"10.1109/COMPSAC.2005.145","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.145","url":null,"abstract":"In this paper, we describe three different state space models for analyzing the security of a software system. In the first part of this paper, we utilize a semi-Markov process (SMP) to model the transitions between the security states of an abstract software system. The SMP model can be solved to obtain the probability of reaching security failed states along with the meantime to security failure (MTTSF). In the second part of the paper, we use a discrete event dynamic system model of security dynamics. We show how to derive events and transitions from existing security taxonomies. We then apply theory of discrete event control to define safety properties of the computer system in terms of the basic concepts of controllability used in discrete event control for two special sublanguages K/sub s/ and K/sub v/. These languages correspond to maximally robust controllable sub-languages. In the third approach, we show that by associating cost with the state transitions, the security quantification problem can be casted as Markov decision problem (MDP). This MOP can be solved to obtain an optimal controllable language K/sub s//spl sube/K/sub v/ the gives the minimal cost safe security policy.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"167 1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123389909","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: