|
NEW!!! TOOOO Many results in general search?!! Try this customized search engine for searching online books
|
|
PrePrint: Design-Level Refactoring Discovery and Analysis
Refactoring is an important activity in the evolutionary development of object-oriented software systems. Several IDEs today support the automated application of some refactorings; at the same time, there is substantial on-going research aimed at developing support for deciding when and how software should be refactored and for estimating the effect of the refactoring on the quality requirements of the software. On the other hand, understanding the refac-torings in the evolutionary history of a software system is essential in understanding its design rationale, which might be very helpful in assisting future maintenance and evolution tasks. The JDEvAn tool supports a comprehen-sive refactoring-analysis process, including the extraction of logical-design elements and relations from the system's code, the recovery of design-level changes from one version to the next, the identification of refactorings as compo-sitions of such changes, and the interactive visualization and analysis of the recovered changes. In this paper, we discuss JDEvAn' method and argue for its effectiveness with two case studies on realistic open-source object-oriented software, in the context of which we show how the recovered refactoring knowledge may be used to guide future development.
|
PrePrint: Analyzing Regulatory Rules for Privacy and Security Requirements
Information practices that use personal, financial and health-related information are governed by U.S. laws and regulations to prevent unauthorized use and disclosure. To ensure compliance under the law, the security and privacy requirements of relevant software systems must be properly aligned with these regulations. However, these regulations describe stakeholder rules, called rights and obligations, in complex and sometimes ambiguous legal language. These "rules" are often precursors to software requirements that must undergo considerable refinement and analysis before they are implementable. To support the software engineering effort to derive security requirements from regulations, we present a methodology to extract access rights and obligations directly from regulation texts. The methodology provides statement-level coverage for an entire regulatory document to consistently identify and infer six types of data access constraints, handle complex cross-references, resolve ambiguities, and assign required priorities between access rights and obligations to avoid unlawful information disclosures. We present results from applying this methodology to the entire regulation text of the U.S. Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.
|
|
|
PrePrint: On The Detection of Test Smells: A Metrics-based Approach for General Fixture and Eager Test
As a testing method, white box testing has been demonstrated to be very efficient in early defect detection. However, white box testing introduces test co-evolution as an additional burden to software development. To mitigate the effects of co-evolution, tests should be written in a manner that makes them easy to change. Fortunately, we are able to concretely express what a good test is by exploiting the specific principles underlying white box testing. Analogous to the concept of code smells, violations of these principles are termed test smells. In this paper, we present a formal description of test smells, and propose metrics to support their detection. We validate the feasibility of detecting two test smells, General Fixture and Eager Test, by comparison with human evaluation. We demonstrate the effectiveness of the detection in the case the assessment is agreed upon by evaluators. For the General Fixture, a qualitative investigation showed that an ambiguous test smell definition prohibits the detection by metrics and suggests disentangling its definition. On the bright side, test evolvability can be more concretely expressed than general evolvability due to the exploitation of the specific principles underlying white box testing. In particular, adherence to a rigid setup-stimulate-verify-teardown cycle has been reported an essential characteristic of evolvable tests. In this article, we propose to incorporate structural characteristics of tests in the definition of test smells, thereby providing an objective means to detect test evolution obstacles. We validate the feasibility of detecting test evolution obstacles using such test smells, thereby contributing the first step to the mitigation of the cost of test co-evolution.
|
PrePrint: Privately Finding Specifications
We present an algorithm by which mutually-distrusting parties can work together to learn program specifications while preserving their privacy. These specifications describe security policies and correct API usage rules. By sharing data, parties are able to discover more specifications, and thus find more software bugs, than if they never share data. However, because sharing data breaches privacy, we present a way for parties to perturb and publish data and yet still discover more specifications and bugs than if they had never shared data. In aggregate these perturbed traces can be analyzed to learn correct specifications of program behavior. The perturbed traces cannot, however, be analyzed to determine that one party contributed buggier traces than another party. The learned specifications are of benefit to all parties. Despite the noise introduced to safeguard privacy, our algorithm typically learns specifications that find 85% of the bugs that a no-privacy approach would find. A lack of traces is a critical obstacle to practical specification mining; we present an approach for privately sharing traces to gain a large public and private benefit.
|
PrePrint: MNav: A Markov Model Based Website Navigability Measure
Website success is significantly associated with navigability, an important attribute of usability that denotes the ease with which users find desired information as they move through a website. Navigable websites allow users to form a mental model of the type and location of information in the website and an expectation of where and to what a particular hyperlink will lead. Existing navigability measures are based mainly on the static hyperlink structure of a website. Such measures, however, have two main drawbacks: 1) the effect on navigability of link structure cannot be well characterized; and 2) the effect on navigability of the navigation aids (such as the "°Back"± button provided by a browser) is ignored. In this paper, we abstract dynamic web surfing behavior as a Markov model and use this as the basis of a novel navigability measure, MNav. An empirical validation shows that MNav provides an effective and useful measurement of website navigability.
|
PrePrint: Provable Protection against Web Application Vulnerabilities Related to Session Data Dependencies
Web applications are widely adopted and their correct functioning is mission-critical for many businesses. At the same time, web applications tend to be error-prone and implementation vulnerabilities are readily and commonly exploited by attackers. The design of countermeasures that detect or prevent such vulnerabilities, or protect against their exploitation is an important research challenge for the fields of software engineering and security engineering. In this paper, we focus on one specific type of implementation vulnerability, namely broken dependencies on session data. This vulnerability can lead to a variety of erroneous behaviour at run time and can easily be triggered by a malicious user by applying attack techniques such as forceful browsing. This paper shows how to guarantee the absence of run-time errors due to broken dependencies on session data in web applications. The proposed solution combines development-time program annotation, static verification and run-time checking to provably protect against broken data dependencies. We have developed a prototype implementation of our approach building on the JML annotation language and the existing static verification tool ESC/Java2, and we successfully applied our approach to a representative J2EE based e-commerce application. We show that the annotation overhead is very small, that the performance of the fully automatic static verification is acceptable, and that the performance overhead of the run-time checking is limited.
|
PrePrint: Using Elicitation Patterns to Gather Usability Functionalities
Like any other quality attribute, usability imposes specific constraints on software components. Features that raise the software system's usability level have to be considered from the earliest development stages. However, discovering and documenting usability features is likely to be beyond the usability knowledge of most requirements engineers, developers and users. We propose an approach based on elicitation patterns that capitalise upon key elements recurrently intervening in the usability features elicitation and specification process. Pattern use furnishes requirements analysts with a knowledge repository that helps them to ask the right questions and capture precise usability requirements information.
|
|
|
PrePrint: Semantics-based design for Secure Web Services
We outline a methodology for designing and composing services in a secure manner. In particular, we are concerned with safety properties of service behaviour. Services can enforce security policies locally and can invoke other services respecting given security contracts. This call-by-contract mechanism offers a significant set of opportunities, each driving secure ways to compose services. We discuss how to correctly plan services compositions in several relevant classes of services and security properties. To this aim, we propose a graphical modelling framework, based on a foundational calculus called lambda-req. Our formalism features dynamic and static semantics, so allowing for formal reasoning about systems. Static analysis and model checking techniques provide the designer with useful information to assess and fix possible vulnerabilities.
|
PrePrint: Uncertainty Analysis in Software Reliability Modeling by Bayesian Analysis with Maximum-Entropy Principle
In software reliability modeling, the parameters of the model are typically estimated from the test data of the corresponding component. However, the widely used point estimators are subject to random variations in the data, resulting in uncertainties in these estimated parameters. For large complex systems made up of many components, the uncertainty of each individual parameter amplifies the uncertainty of the total system reliability. Ignoring the parameter uncertainty can result in grossly underestimating the uncertainty in the total system reliability. This paper attempts to study and quantify the uncertainties in the software reliability modeling of a single component with correlated parameters and in a large system with numerous components. Previous works on quantifying uncertainties have assumed a sufficient amount of available data. However, a characteristic challenge in software testing and reliability is the lack of available failure data from a single test which often makes modeling difficult. This lack of data poses a bigger challenge in the uncertainty analysis of the software reliability modeling. To overcome this challenge, this paper proposes to utilize experts' opinions and historical data from previous projects to complement the small number of observations to quantify the uncertainties. This is done by combining the Maximum-Entropy Principle (MEP) into the Bayesian approach. This paper further considers the uncertainty analysis at the system level which contains multiple components, each with its respective model/parameter/uncertainty using a Monte Carlo approach. Some examples with different modeling approaches (NHPP, Markov, Graph theory) are illustrated to show the generality and effectiveness of the proposed approach. Furthermore, we illustrate how the proposed approach for considering the uncertainties in various components improves a large-scale system reliability model proposed in Dai & Levitin (2006) by relaxing a critical assumption.
|
PrePrint: Tranquility: a low disruptive alternative to quiescence for ensuring safe dynamic updates
This paper revisits a problem that was identified by Kramer and Magee: placing a system in a consistent state before and after runtime changes. We show that their notion of quiescence as a necessary and sufficient condition for safe runtime changes is too strict and results in a significant disruption in the application being updated. In this paper, we introduce a weaker condition: tranquility. We show that tranquility is easier to obtain and less disruptive for the running application but still a sufficient condition to ensure application consistency. We present an implementation of our approach on a component middleware platform and experimentally verify the validity and practical applicability of our approach using data retrieved from a case study. |
PrePrint: Hierarchical Clustering for Software Architecture Recovery
Abstract-Gaining an architectural level understanding of a software system is important for many reasons. When the description of a system's architecture does not exist, attempts must be made to recover it. In recent years, researchers have explored the use of clustering for recovering a software system's architecture, given only its source code. The main contributions of this paper are as follows. First, we review hierarchical clustering research in the context of software architecture recovery and modularization. Second, to employ clustering meaningfully, it is necessary to understand the peculiarities of the software domain, and the behavior of clustering measures and algorithms in this domain. To this end, we provide a detailed analysis of the behavior of various similarity and distance measures that may be employed for software clustering. Thirdly, we analyze the clustering process of various well-known clustering algorithms using multiple criteria, and show how arbitrary decisions taken by these algorithms during clustering affect the quality of their results. Finally, we present an analysis of two recently proposed clustering algorithms, revealing close similarities in their apparently different clustering approaches. Experiments on four legacy software systems provide insight into the behavior of well-known clustering algorithms, and their characteristics in the software domain. |
PrePrint: Change Distilling--Tree Differencing for Fine-Grained Source Code Change Extraction
A key issue in software evolution analysis is the identification of particular changes that occur across several versions of a program. We present change distilling, a tree differencing algorithm for fine-grained source code change extraction. For that, we have improved the existing algorithm of Chawathe et al. for extracting changes in hierarchically structured data. Our algorithm detects changes by finding a match between nodes of the compared two abstract syntax trees and a minimum edit script. We can identify change types between program versions according to our taxonomy of source code changes. We evaluated our change distilling algorithm with a benchmark we developed that consists of 1,064 manually classified changes in 219 revisions from three different open source projects. We achieved significant improvements in extracting types of source code changes: our algorithm approximates the minimum edit script by 45% better than the original change extraction approach by Chawathe et al. We are able to find all occurring changes and almost reach the minimum conforming edit script, i.e., we reach a mean absolute percentage error of 34%, compared to 79% reached by the original algorithm. The paper describes both the change distilling and the results of our evaluation. |
|
|
PrePrint: Improving the Usability of E-Commerce Applications using Business Processes
E-commerce applications automate many daily business activities. Users interact with e-commerce applications throughmenu-driven User Interface (UI) components, such as toolbars, dialogs and windows. However, the tremendous number offunctionality may overwhelm the users. Users struggle to locate the appropriate UI components to accomplish the tasks required bybusiness processes. In this paper, we enhance e-commerce applications by improving their usability using the knowledgeembedded in business process definitions. Our improved application provides contextual information to fulfill each business task.The improved application guides users through the various tasks in a step-by-step fashion. Through a controlled experiment, wedemonstrate that our improved application offers a better usability experience for novice users by giving them more guidance andreducing the time needed to locate the next UI component in a complex UI. |
|
|
|
ONLINE FORUM
|
|
|
