Security vulnerabilities posed by third-party software components in component based development (CBD) is a serious impediment to its adoption in areas that offer great economic potential, particularly in areas such as embedded software and large-scale enterprise software. They raise questions about reliability and integrity of components, as well as the risks posed by any malicious code. This paper is a discussion of factors that affect component security and ways of assuring component security. Using a simplified model of sendmail, it also outlines a formal framework that fits in with communicating sequential processes (CSP) for modelling and analysis of component security.
{"title":"Component security - issues and an approach","authors":"N. Nissanke","doi":"10.1109/COMPSAC.2005.58","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.58","url":null,"abstract":"Security vulnerabilities posed by third-party software components in component based development (CBD) is a serious impediment to its adoption in areas that offer great economic potential, particularly in areas such as embedded software and large-scale enterprise software. They raise questions about reliability and integrity of components, as well as the risks posed by any malicious code. This paper is a discussion of factors that affect component security and ways of assuring component security. Using a simplified model of sendmail, it also outlines a formal framework that fits in with communicating sequential processes (CSP) for modelling and analysis of component security.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116041939","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
An enhanced version of metamorphic testing, namely n-iterative metamorphic testing, is proposed to systematically exploit more information out of metamorphic tests by applying metamorphic relations in a chain style. A contrastive case study, conducted within an integrated testing environment MTest, shows that n-iterative metamorphic testing exceeds metamorphic testing and special case testing in terms of their fault detection capabilities. Another advantage of n-iterative metamorphic testing is its high efficiency in test case generation.
{"title":"Iterative Metamorphic Testing","authors":"Peng Wu","doi":"10.1109/COMPSAC.2005.93","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.93","url":null,"abstract":"An enhanced version of metamorphic testing, namely n-iterative metamorphic testing, is proposed to systematically exploit more information out of metamorphic tests by applying metamorphic relations in a chain style. A contrastive case study, conducted within an integrated testing environment MTest, shows that n-iterative metamorphic testing exceeds metamorphic testing and special case testing in terms of their fault detection capabilities. Another advantage of n-iterative metamorphic testing is its high efficiency in test case generation.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122794289","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-07-26DOI: 10.1109/COMPSAC.2005.142
Jing Zhao, Hongwei Liu, G. Cui, Xiaozong Yang
The testing and operation environments may be essentially different, thus the fault detection rate (FDR) of testing phase is different from that of the operation phase. In this paper, based on the representative model, G-O model, of nonhomogeneous Poisson process (NHPP), a transformation is performed between the FDR of the testing phase to that of the operation considering the profile differences of the two phases, and then a software reliability growth model (SRGM) called TO-SRGM describing the differences of the FDR between the testing phase and the operation phase is proposed. Finally, the parameters of the model are estimated using the least squares estimate (LSE) based on normalized failure data. Experiment results show that the goodness-of-fit of the TO-SRGM is better than that of the G-0 model and the PZ-SRGM on the normalized failure data set.
{"title":"Software reliability growth model considering testing profile and operation profile","authors":"Jing Zhao, Hongwei Liu, G. Cui, Xiaozong Yang","doi":"10.1109/COMPSAC.2005.142","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.142","url":null,"abstract":"The testing and operation environments may be essentially different, thus the fault detection rate (FDR) of testing phase is different from that of the operation phase. In this paper, based on the representative model, G-O model, of nonhomogeneous Poisson process (NHPP), a transformation is performed between the FDR of the testing phase to that of the operation considering the profile differences of the two phases, and then a software reliability growth model (SRGM) called TO-SRGM describing the differences of the FDR between the testing phase and the operation phase is proposed. Finally, the parameters of the model are estimated using the least squares estimate (LSE) based on normalized failure data. Experiment results show that the goodness-of-fit of the TO-SRGM is better than that of the G-0 model and the PZ-SRGM on the normalized failure data set.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"91 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127135863","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we will focus on providing a solution to using the message exchange pattern, single-request/multiple-response (SRMR) in the context of Web services and secured enterprise environments. SRMR messaging is important because it can be used to model real world problems elegantly. However, SRMR messaging is not directly supported by Web services, and is hampered by current in-practice security schemes, such as firewalls and proxy servers. We have proposed a client-side framework to utilize SRMR Web services with the realities of network security in mind. The central component of our framework is a Web service clearinghouse, which serves as both a communication proxy and a message manager that realizes the correlation between clients' calls and the services' responses. Using our framework and the code generation utilities, we have implemented a number of nontrivial systems that use SRMR Web services.
{"title":"Adapting single-request/multiple-response messaging to Web services","authors":"Michael Ruth, Feng Lin, S. Tu","doi":"10.1109/COMPSAC.2005.39","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.39","url":null,"abstract":"In this paper, we will focus on providing a solution to using the message exchange pattern, single-request/multiple-response (SRMR) in the context of Web services and secured enterprise environments. SRMR messaging is important because it can be used to model real world problems elegantly. However, SRMR messaging is not directly supported by Web services, and is hampered by current in-practice security schemes, such as firewalls and proxy servers. We have proposed a client-side framework to utilize SRMR Web services with the realities of network security in mind. The central component of our framework is a Web service clearinghouse, which serves as both a communication proxy and a message manager that realizes the correlation between clients' calls and the services' responses. Using our framework and the code generation utilities, we have implemented a number of nontrivial systems that use SRMR Web services.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125841180","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
SLABS is a formal specification language designed for modular and composable specification of multi-agent systems. This paper reports our attempts to support SLABS at the level of programming languages. A programming language, SLABSp, is presented to support two distinguished mechanisms, namely caste and scenario, in caste-centric methodology of agent-oriented software development. Based on Java platform, the SLABSp has been implemented by compiling the programs into Java with the multi-agent runtime environment.
{"title":"Agent oriented programming based on SLABS","authors":"Ji Wang, R. Shen, Hong Zhu","doi":"10.1109/COMPSAC.2005.41","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.41","url":null,"abstract":"SLABS is a formal specification language designed for modular and composable specification of multi-agent systems. This paper reports our attempts to support SLABS at the level of programming languages. A programming language, SLABSp, is presented to support two distinguished mechanisms, namely caste and scenario, in caste-centric methodology of agent-oriented software development. Based on Java platform, the SLABSp has been implemented by compiling the programs into Java with the multi-agent runtime environment.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115819780","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Effective tool support is crucial for successfully applying software review techniques in practice. In this paper, we describe the design and implementation of a software tool to support an approach to reviewing programs on the basis of their formal specifications. The approach was initially proposed in our previous publication to improve the rigor, repeatability, and effectiveness of existing code review methods. We also present a case study in which we reviewed an ATM system to assess the performance of the review approach when used with the software tool. The results of the case study show that the approach is effective in detecting errors in programs and the tool is helpful in enhancing the efficiency of the review process.
{"title":"A tool and case study for specification-based program review","authors":"Fumiko Nagoya, Shaoying Liu, Yuting Chen","doi":"10.1109/COMPSAC.2005.36","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.36","url":null,"abstract":"Effective tool support is crucial for successfully applying software review techniques in practice. In this paper, we describe the design and implementation of a software tool to support an approach to reviewing programs on the basis of their formal specifications. The approach was initially proposed in our previous publication to improve the rigor, repeatability, and effectiveness of existing code review methods. We also present a case study in which we reviewed an ATM system to assess the performance of the review approach when used with the software tool. The results of the case study show that the approach is effective in detecting errors in programs and the tool is helpful in enhancing the efficiency of the review process.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"69 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132797090","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-07-26DOI: 10.1109/COMPSAC.2005.126
E. Kirda, Christopher Krügel
Phishing is a form of online identity theft that aims to steal sensitive information such as online banking passwords and credit card information from users. Phishing scams have been receiving extensive press coverage because such attacks have been escalating in number and sophistication. According to a study by Gartner, 51 million US Internet users have identified the receipt of e-mail linked to phishing scams and about 2 million of them are estimated to have been tricked into giving away sensitive information. This paper presents a novel browser extension, AntiPhish, that aims to protect users against spoofed Web site-based phishing attacks. To this end, AntiPhish tracks the sensitive information of a user and generates warnings whenever the user attempts to give away this information to a Web site that is considered un-trusted.
{"title":"Protecting users against phishing attacks with AntiPhish","authors":"E. Kirda, Christopher Krügel","doi":"10.1109/COMPSAC.2005.126","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.126","url":null,"abstract":"Phishing is a form of online identity theft that aims to steal sensitive information such as online banking passwords and credit card information from users. Phishing scams have been receiving extensive press coverage because such attacks have been escalating in number and sophistication. According to a study by Gartner, 51 million US Internet users have identified the receipt of e-mail linked to phishing scams and about 2 million of them are estimated to have been tricked into giving away sensitive information. This paper presents a novel browser extension, AntiPhish, that aims to protect users against spoofed Web site-based phishing attacks. To this end, AntiPhish tracks the sensitive information of a user and generates warnings whenever the user attempts to give away this information to a Web site that is considered un-trusted.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133208156","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Component based frameworks become more and more state-of-the art but without verifying the components and their interaction it is nearly impossible to build correct and robust systems. Testing of such systems requires a combination of unit- and integration tests, and must deal with verifying the contracts that enables the interaction of components. In this article we present CrashIt - a test framework for component-based testing. A main concept of CrashIt is the introduction of expandable contract-checkers that verify the communication between a client and a supplier component. These checkers are able to communicate with each other and with other modules of CrashIt. Thus, CrashIt is able to check the state of each component at every time.
{"title":"A framework for efficient contract-based testing of software components","authors":"E. Valentini, Gerhard Fliess, Edmund Haselwanter","doi":"10.1109/COMPSAC.2005.24","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.24","url":null,"abstract":"Component based frameworks become more and more state-of-the art but without verifying the components and their interaction it is nearly impossible to build correct and robust systems. Testing of such systems requires a combination of unit- and integration tests, and must deal with verifying the contracts that enables the interaction of components. In this article we present CrashIt - a test framework for component-based testing. A main concept of CrashIt is the introduction of expandable contract-checkers that verify the communication between a client and a supplier component. These checkers are able to communicate with each other and with other modules of CrashIt. Thus, CrashIt is able to check the state of each component at every time.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133576366","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Agile processes can provide early defect information on all the stages of the development process. The use of a feedback control model to regulate the process based on this information is proposed here. The model was originally designed to regulate the testing process and has proven to be effective. Additionally, an ODC filter is proposed to properly interconnect the models associated with each development phase. The approach appears to be a reasonable solution for the control and prediction of agile processes.
{"title":"A control approach for agile processes","authors":"João W. Cangussu, R. Karcich","doi":"10.1109/COMPSAC.2005.18","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.18","url":null,"abstract":"Agile processes can provide early defect information on all the stages of the development process. The use of a feedback control model to regulate the process based on this information is proposed here. The model was originally designed to regulate the testing process and has proven to be effective. Additionally, an ODC filter is proposed to properly interconnect the models associated with each development phase. The approach appears to be a reasonable solution for the control and prediction of agile processes.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131447361","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2005-07-26DOI: 10.1109/COMPSAC.2005.157
T. Murnane, R. Hall, K. Reed
Ideally, all black-box testing methods should be interpreted in the same way by different testers. In reality however, inconsistencies and ambiguities in original method descriptions may lead to differing interpretations and varying test set quality. In this paper, we decompose these methods into atomic rules for selecting test data and constructing test cases. We validate the rules via a worked example and discuss a pilot experiment to determine whether atomic rules are simpler to learn and use. Our approach also enables method tailoring and may simplify method comparison.
{"title":"Towards describing black-box testing methods as atomic rules","authors":"T. Murnane, R. Hall, K. Reed","doi":"10.1109/COMPSAC.2005.157","DOIUrl":"https://doi.org/10.1109/COMPSAC.2005.157","url":null,"abstract":"Ideally, all black-box testing methods should be interpreted in the same way by different testers. In reality however, inconsistencies and ambiguities in original method descriptions may lead to differing interpretations and varying test set quality. In this paper, we decompose these methods into atomic rules for selecting test data and constructing test cases. We validate the rules via a worked example and discuss a pilot experiment to determine whether atomic rules are simpler to learn and use. Our approach also enables method tailoring and may simplify method comparison.","PeriodicalId":419267,"journal":{"name":"29th Annual International Computer Software and Applications Conference (COMPSAC'05)","volume":"116 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-07-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130095775","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: