References of "Briand, Lionel 50001049"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailChange Impact Analysis for Natural Language Requirements: An NLP Approach
Arora, Chetan UL; Sabetzadeh, Mehrdad UL; Göknil, Arda UL et al

in 23rd IEEE International Requirements Engineering Conference, Ottawa 24-28 August 2015 (2015, August)

Requirements are subject to frequent changes as a way to ensure that they reflect the current best understanding of a system, and to respond to factors such as new and evolving needs. Changing one ... [more ▼]

Requirements are subject to frequent changes as a way to ensure that they reflect the current best understanding of a system, and to respond to factors such as new and evolving needs. Changing one requirement in a requirements specification may warrant further changes to the specification, so that the overall correctness and consistency of the specification can be maintained. A manual analysis of how a change to one requirement impacts other requirements is time-consuming and presents a challenge for large requirements specifications. We propose an automated approach based on Natural Language Processing (NLP) for analyzing the impact of change in Natural Language (NL) requirements. Our focus on NL requirements is motivated by the prevalent use of these requirements, particularly in industry. Our approach automatically detects and takes into account the phrasal structure of requirements statements. We argue about the importance of capturing the conditions under which change should propagate to enable more accurate change impact analysis. We propose a quantitative measure for calculating how likely a requirements statement is to be impacted by a change under given conditions. We conduct an evaluation of our approach by applying it to 14 change scenarios from two industrial case studies. [less ▲]

Detailed reference viewed: 265 (54 UL)
Full Text
Peer Reviewed
See detailAutomatic Generation of System Test Cases from Use Case Specifications
Wang, Chunhui UL; Pastore, Fabrizio UL; Göknil, Arda UL et al

in Proceedings of the International Symposium on Software Testing and Analysis (ISSTA' 15), July 2015, USA (2015, July)

In safety critical domains, system test cases are often derived from functional requirements in natural language (NL) and traceability between requirements and their corresponding test cases is usually ... [more ▼]

In safety critical domains, system test cases are often derived from functional requirements in natural language (NL) and traceability between requirements and their corresponding test cases is usually mandatory. The definition of test cases is therefore time-consuming and error prone, especially so given the quickly rising complexity of embedded systems in many critical domains. Though considerable research has been devoted to automatic generation of system test cases from NL requirements, most of the proposed approaches re- quire significant manual intervention or additional, complex behavioral modelling. This significantly hinders their appli- cability in practice. In this paper, we propose Use Case Modelling for System Tests Generation (UMTG), an approach that automatically generates executable system test cases from use case spec- ifications and a domain model, the latter including a class diagram and constraints. Our rationale and motivation are that, in many environments, including that of our industry partner in the reported case study, both use case specifica- tions and domain modelling are common and accepted prac- tice, whereas behavioural modelling is considered a difficult and expensive exercise if it is to be complete and precise. In order to extract behavioral information from use cases and enable test automation, UMTG employs Natural Language Processing (NLP), a restricted form of use case specifica- tions, and constraint solving. [less ▲]

Detailed reference viewed: 615 (95 UL)
Full Text
Peer Reviewed
See detailAutomated Inference of Access Control Policies for Web Applications
LE, Ha-Thanh UL; Nguyen, Duy Cu UL; Briand, Lionel UL et al

in 20th ACM Symposium on Access Control Models and Technologies (SACMAT), 1-3 June 2015 (2015, June)

Detailed reference viewed: 215 (25 UL)
Full Text
Peer Reviewed
See detailCoverage-based regression test case selection, minimization and prioritization: a case study on an industrial system
Di Nardo, Daniel UL; Alshahwan, Nadia; Briand, Lionel UL et al

in Software Testing, Verification & Reliability (2015), 25(4), 371-396

Detailed reference viewed: 326 (49 UL)
Full Text
Peer Reviewed
See detailA Comprehensive Modeling Framework for Role-based Access Control Policies
Ben Fadhel, Ameni UL; Bianculli, Domenico UL; Briand, Lionel UL

in Journal of Systems and Software (2015), 107(September,2015), 110-126

Prohibiting unauthorized access to critical resources and data has become a major requirement for enter- prises; access control (AC) mechanisms manage requests from users to access system resources. One ... [more ▼]

Prohibiting unauthorized access to critical resources and data has become a major requirement for enter- prises; access control (AC) mechanisms manage requests from users to access system resources. One of the most used AC paradigms is role-based access control (RBAC), in which access rights are determined based on the user’s role. Many different types of RBAC policies have been proposed in the literature, each one accompanied by the corresponding extension of the original RBAC model. However, there is no unified framework that can be used to define all these types of policies in a coherent way, using a common model. In this paper we propose a model-driven engineering approach, based on UML and the Object Constraint Language (OCL), to enable the precise specification and verification of such policies. More specifically, we first present a taxonomy of the various types of RBAC policies proposed in the literature. We also propose the GemRBAC model, a generalized model for RBAC that includes all the entities required to define the classified policies. This model is a conceptual model that can also serve as data model to operationalize data collection and verification. Lastly, we formalize the classified policies as OCL constraints on the GemRBAC model. [less ▲]

Detailed reference viewed: 316 (58 UL)
Full Text
Peer Reviewed
See detailaToucan: An Automated Framework to Derive UML Analysis Models from Use Case Models
Yue, Tao; Briand, Lionel UL; Labiche, Yvan

in ACM Transactions on Software Engineering & Methodology (2015), 24(3),

Detailed reference viewed: 273 (28 UL)
Full Text
Peer Reviewed
See detailAutomated Checking of Conformance to Requirements Templates using Natural Language Processing
Arora, Chetan UL; Sabetzadeh, Mehrdad UL; Briand, Lionel UL et al

in IEEE Transactions on Software Engineering (2015), 41(10), 944-968

Templates are effective tools for increasing the precision of natural language requirements and for avoiding ambiguities that may arise from the use of unrestricted natural language. When templates are ... [more ▼]

Templates are effective tools for increasing the precision of natural language requirements and for avoiding ambiguities that may arise from the use of unrestricted natural language. When templates are applied, it is important to verify that the requirements are indeed written according to the templates. If done manually, checking conformance to templates is laborious, presenting a particular challenge when the task has to be repeated multiple times in response to changes in the requirements. In this article, using techniques from Natural Language Processing (NLP), we develop an automated approach for checking conformance to templates. Specifically, we present a generalizable method for casting templates into NLP pattern matchers and reflect on our practical experience implementing automated checkers for two well-known templates in the Requirements Engineering community. We report on the application of our approach to four case studies. Our results indicate that: (1) our approach provides a robust and accurate basis for checking conformance to templates; and (2) the effectiveness of our approach is not compromised even when the requirements glossary terms are unknown. This makes our work particularly relevant to practice, as many industrial requirements documents have incomplete glossaries. [less ▲]

Detailed reference viewed: 314 (54 UL)
Full Text
Peer Reviewed
See detailGenerating Complex and Faulty Test Data Through Model-Based Mutation Analysis
Di Nardo, Daniel UL; Pastore, Fabrizio UL; Briand, Lionel UL

in Software Testing, Verification and Validation (ICST), 2015 IEEE Eighth International Conference on (2015, April)

Testing the correct behaviour of data processing systems in the presence of faulty data is extremely expensive. The data structures processed by these systems are often complex, with many data fields and ... [more ▼]

Testing the correct behaviour of data processing systems in the presence of faulty data is extremely expensive. The data structures processed by these systems are often complex, with many data fields and multiple constraints among them. Software engineers, in charge of testing these systems, have to handcraft complex data files or databases, while ensuring compliance with the multiple constraints to prevent the generation of trivially invalid inputs. In addition, assessing test results often means analysing complex output and log data. Though many techniques have been proposed to automatically test systems based on models, little exists in the literature to support the testing of systems where the complexity is in the data consumed in input or produced in output, with complex constraints between them. In particular, such systems often need to be tested with the presence of faults in the input data, in order to assess the robustness and behaviour of the system in response to such faults. This paper presents an automated test technique that relies upon six generic mutation operators to automatically generate faulty data. The technique receives two inputs: field data and a data model, i.e. a UML class diagram annotated with stereotypes and OCL constraints. The annotated class diagram is used to tailor the behaviour of the generic mutation operators to the fault model that is assumed for the system under test and the environment in which it is deployed. Empirical results obtained with a large data acquisition system in the satellite domain show that our approach can successfully automate the generation of test suites that achieve slightly better instruction coverage than manual testing based on domain expertise. [less ▲]

Detailed reference viewed: 302 (84 UL)
Full Text
Peer Reviewed
See detailSearch-Based Automated Testing of Continuous Controllers: Framework, Tool Support, and Case Studies
Matinnejad, Reza UL; Nejati, Shiva UL; Briand, Lionel UL et al

in Information and Software Technology (2015), 57

Context. Testing and verification of automotive embedded software is a major chal- lenge. Software production in automotive domain comprises three stages: Developing automotive functions as Simulink ... [more ▼]

Context. Testing and verification of automotive embedded software is a major chal- lenge. Software production in automotive domain comprises three stages: Developing automotive functions as Simulink models, generating code from the models, and de- ploying the resulting code on hardware devices. Automotive software artifacts are sub- ject to three rounds of testing corresponding to the three production stages: Model-in- the-Loop (MiL), Software-in-the-Loop (SiL) and Hardware-in-the-Loop (HiL) testing. Objective. We study testing of continuous controllers at the Model-in-Loop (MiL) level where both the controller and the environment are represented by models and connected in a closed loop system. These controllers make up a large part of automotive functions, and monitor and control the operating conditions of physical devices. Method. We identify a set of requirements characterizing the behavior of continu- ous controllers, and develop a search-based technique based on random search, adap- tive random search, hill climbing and simulated annealing algorithms to automatically identify worst-case test scenarios which are utilized to generate test cases for these requirements. Results. We evaluated our approach by applying it to an industrial automotive con- troller (with 443 Simulink blocks) and to a publicly available controller (with 21 Simulink blocks). Our experience shows that automatically generated test cases lead to MiL level simulations indicating potential violations of the system requirements. Further, not only does our approach generate significantly better test cases faster than random test case generation, but it also achieves better results than test scenarios devised by domain experts. Finally, our generated test cases uncover discrepancies between envi- ronment models and the real world when they are applied at the Hardware-in-the-Loop(HiL) level. Conclusion. We propose an automated approach to MiL testing of continuous con- trollers using search. The approach is implemented in a tool and has been successfully applied to a real case study from the automotive domain. [less ▲]

Detailed reference viewed: 320 (64 UL)
Full Text
Peer Reviewed
See detailA Model-Based Framework for Probabilistic Simulation of Legal Policies
Soltana, Ghanem UL; Sannier, Nicolas UL; Sabetzadeh, Mehrdad UL et al

in 18th ACM/IEEE International Conference on Model Driven Engineering Languages and Systems (MODELS'15) (2015)

Legal policy simulation is an important decision-support tool in domains such as taxation. The primary goal of legal policy simulation is predicting how changes in the law affect measures of interest, e.g ... [more ▼]

Legal policy simulation is an important decision-support tool in domains such as taxation. The primary goal of legal policy simulation is predicting how changes in the law affect measures of interest, e.g., revenue. Currently, legal policies are simulated via a combination of spreadsheets and software code. This poses a validation challenge both due to complexity reasons and due to legal experts lacking the expertise to understand software code. A further challenge is that representative data for simulation may be unavailable, thus necessitating a data generator. We develop a framework for legal policy simulation that is aimed at addressing these challenges. The framework uses models for specifying both legal policies and the probabilistic characteristics of the underlying population. We devise an automated algorithm for simulation data generation. We evaluate our framework through a case study on Luxembourg's Tax Law. [less ▲]

Detailed reference viewed: 194 (42 UL)
Full Text
Peer Reviewed
See detailWeb Application Vulnerability Prediction using Hybrid Program Analysis and Machine Learning
Shar, Lwin Khin UL; Briand, Lionel UL; Tan, Hee Beng Kuan

in IEEE Transactions on Dependable and Secure Computing (2015), 12(6), 688-707

Due to limited time and resources, web software engineers need support in identifying vulnerable code. A practical approach to predicting vulnerable code would enable them to prioritize security auditing ... [more ▼]

Due to limited time and resources, web software engineers need support in identifying vulnerable code. A practical approach to predicting vulnerable code would enable them to prioritize security auditing efforts. In this paper, we propose using a set of hybrid (static+dynamic) code attributes that characterize input validation and input sanitization code patterns and are expected to be significant indicators of web application vulnerabilities. Because static and dynamic program analyses complement each other, both techniques are used to extract the proposed attributes in an accurate and scalable way. Current vulnerability prediction techniques rely on the availability of data labeled with vulnerability information for training. For many real world applications, past vulnerability data is often not available or at least not complete. Hence, to address both situations where labeled past data is fully available or not, we apply both supervised and semi-supervised learning when building vulnerability predictors based on hybrid code attributes. Given that semi-supervised learning is entirely unexplored in this domain, we describe how to use this learning scheme effectively for vulnerability prediction. We performed empirical case studies on seven open source projects where we built and evaluated supervised and semi-supervised models. When cross validated with fully available labeled data, the supervised models achieve an average of 77% recall and 5% probability of false alarm for predicting SQL injection, cross site scripting, remote code execution and file inclusion vulnerabilities. With a low amount of labeled data, when compared to the supervised model, the semi- supervised model showed an average improvement of 24% higher recall and 3% lower probability of false alarm, thus suggesting semi-supervised learning may be a preferable solution for many real world applications where vulnerability data is missing. [less ▲]

Detailed reference viewed: 429 (29 UL)
Full Text
Peer Reviewed
See detailEffective Test Suites for Mixed Discrete-Continuous Stateflow Controllers
Matinnejad, Reza UL; Nejati, Shiva UL; Briand, Lionel UL et al

in Proceedings of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (2015)

Modeling mixed discrete-continuous controllers using Stateflow is common practice and has a long tradition in the embedded software system industry. Testing Stateflow models is complicated by expensive ... [more ▼]

Modeling mixed discrete-continuous controllers using Stateflow is common practice and has a long tradition in the embedded software system industry. Testing Stateflow models is complicated by expensive and manual test oracles that are not amenable to full automation due to the complex continuous behaviors of such models. In this paper, we reduce the cost of manual test oracles by providing test case selection algorithms that help engineers develop small test suites with high fault revealing power for Stateflow models. We present six test selection algorithms for discrete-continuous Stateflows: An adaptive random test selection algorithm that diversifies test inputs, two white-box coverage-based algorithms, a black-box algorithm that diversifies test outputs, and two search-based black-box algorithms that aim to maximize the likelihood of presence of continuous output failure patterns. We evaluate and compare our test selection algorithms, and find that our three output-based algorithms consistently outperform the coverage- and input-based algorithms in revealing faults in discrete-continuous Stateflow models. Further, we show that our output-based algorithms are complementary as the two search-based algorithms perform best in revealing specific failures with small test suites, while the output diversity algorithm is able to identify different failure types better than other algorithms when test suites are above a certain size. [less ▲]

Detailed reference viewed: 258 (39 UL)
Full Text
See detailSimulink Fault Localization: an Iterative Statistical Debugging Approach
Liu, Bing UL; Lucia, Lucia UL; Nejati, Shiva UL et al

Report (2015)

Debugging Simulink models presents a significant challenge in the embedded industry. In this work, we propose SimFL, a fault localization approach for Simulink models by combining statistical debugging ... [more ▼]

Debugging Simulink models presents a significant challenge in the embedded industry. In this work, we propose SimFL, a fault localization approach for Simulink models by combining statistical debugging and dynamic model slicing. Simulink models, being visual and hierarchical, have multiple outputs at different hierarchy levels. Given a set of outputs to observe for localizing faults, we generate test execution slices, for each test case and output, of the Simulink model. In order to further improve fault localization accuracy, we propose iSimFL, an iterative fault localization algorithm. At each iteration, iSimFL increases the set of observable outputs by including outputs at lower hierarchy levels, thus increasing the test oracle cost but offsetting it with significantly more precise fault localization. We utilize a heuristic stopping criterion to avoid unnecessary test oracle extension. We evaluate our work on three industrial Simulink models from Delphi Automotive. Our results show that, on average, SimFL ranks faulty blocks in the top 8.9% in the list of suspicious blocks. Further, we show that iSimFL significantly improves this percentage down to 4.4% by requiring engineers to observe only an average of five additional outputs at lower hierarchy levels on top of high-level model outputs. [less ▲]

Detailed reference viewed: 259 (28 UL)
Full Text
See detailAutomated Test Suite Generation for Time-Continuous Simulink Models
Matinnejad, Reza UL; Nejati, Shiva UL; Briand, Lionel UL

Report (2015)

All engineering disciplines are founded and rely on models, al- though they may differ on purposes and usages of modeling. Inter- disciplinary domains such as Cyber Physical Systems (CPSs) seek approaches ... [more ▼]

All engineering disciplines are founded and rely on models, al- though they may differ on purposes and usages of modeling. Inter- disciplinary domains such as Cyber Physical Systems (CPSs) seek approaches that incorporate different modeling needs and usages. Specifically, the Simulink modeling platform greatly appeals to CPS engineers due to its seamless support for simulation and code generation. In this paper, we propose a test generation approach that is applicable to Simulink models built for both purposes of simulation and code generation. We define test inputs and outputs as signals that capture evolution of values over time. Our test gener- ation approach is implemented as a meta-heuristic search algorithm and is guided to produce test outputs with diverse shapes according to our proposed notion of diversity. Our evaluation, performed on industrial and public domain models, demonstrates that: (1) In con- trast to the existing tools for testing Simulink models that are only applicable to a subset of code generation models, our approach is applicable to both code generation and simulation Simulink mod- els. (2) Our new notion of diversity for output signals outperforms random baseline testing and an existing notion of signal diversity in revealing faults in Simulink models. (3) The fault revealing ability of our test generation approach outperforms that of the Simulink Design Verifier, the only testing toolbox for Simulink. [less ▲]

Detailed reference viewed: 219 (28 UL)
Full Text
Peer Reviewed
See detailBehind an Application Firewall, Are We Safe from SQL Injection Attacks?
Appelt, Dennis UL; Nguyen, Duy Cu UL; Briand, Lionel UL

in 2015 IEEE 8th International Conference on Software Testing, Verification, and Validation (ICST) (2015)

Web application firewalls are an indispensable layer to protect online systems from attacks. However, the fast pace at which new kinds of attacks appear and their sophistication require that firewalls be ... [more ▼]

Web application firewalls are an indispensable layer to protect online systems from attacks. However, the fast pace at which new kinds of attacks appear and their sophistication require that firewalls be updated and tested regularly as otherwise they will be circumvented. In this paper, we focus our research on web application firewalls and SQL injection attacks. We present a machine learning-based testing approach to detect holes in firewalls that let SQL injection attacks bypass. At the beginning, the approach can automatically generate diverse attack payloads, which can be seeded into inputs of web-based applications, and then submit them to a system that is protected by a firewall. Incrementally learning from the tests that are blocked or passed by the firewall, our approach can then select tests that exhibit characteristics associated with bypassing the firewall and mutate them to efficiently generate new bypassing attacks. In the race against cyber attacks, time is vital. Being able to learn and anticipate more attacks that can circumvent a firewall in a timely manner is very important in order to quickly fix or fine-tune the firewall. We developed a tool that implements the approach and evaluated it on ModSecurity, a widely used application firewall. The results we obtained suggest a good performance and efficiency in detecting holes in the firewall that could let SQLi attacks go undetected. [less ▲]

Detailed reference viewed: 503 (57 UL)
Full Text
Peer Reviewed
See detailSecurity Slicing for Auditing XML, XPath, and SQL Injection Vulnerabilities
Thome, Julian UL; Shar, Lwin Khin UL; Briand, Lionel UL

in 26th IEEE International Symposium on Software Reliability Engineering (2015)

XML, XPath, and SQL injection vulnerabilities are among the most common and serious security issues for Web applications and Web services. Thus, it is important for security auditors to ensure that the ... [more ▼]

XML, XPath, and SQL injection vulnerabilities are among the most common and serious security issues for Web applications and Web services. Thus, it is important for security auditors to ensure that the implemented code is, to the extent pos- sible, free from these vulnerabilities before deployment. Although existing taint analysis approaches could automatically detect potential vulnerabilities in source code, they tend to generate many false warnings. Furthermore, the produced traces, i.e. data- flow paths from input sources to security-sensitive operations, tend to be incomplete or to contain a great deal of irrelevant infor- mation. Therefore, it is difficult to identify real vulnerabilities and determine their causes. One suitable approach to support security auditing is to compute a program slice for each security-sensitive operation, since it would contain all the information required for performing security audits (Soundness). A limitation, however, is that such slices may also contain information that is irrelevant to security (Precision), thus raising scalability issues for security audits. In this paper, we propose an approach to assist security auditors by defining and experimenting with pruning techniques to reduce original program slices to what we refer to as security slices, which contain sound and precise information. To evaluate the proposed pruning mechanism by using a number of open source benchmarks, we compared our security slices with the slices generated by a state-of-the-art program slicing tool. On average, our security slices are 80% smaller than the original slices, thus suggesting significant reduction in auditing costs. [less ▲]

Detailed reference viewed: 402 (100 UL)
Full Text
See detailA Comprehensive Modeling Framework for Role-based Access Control Policies
Ben Fadhel, Ameni UL; Bianculli, Domenico UL; Briand, Lionel UL

Report (2014)

Prohibiting unauthorized access to critical resources and data has become a major requirement for enterprises. Access control (AC) mechanisms manage requests from users to access system resources; the ... [more ▼]

Prohibiting unauthorized access to critical resources and data has become a major requirement for enterprises. Access control (AC) mechanisms manage requests from users to access system resources; the access is granted or denied based on authorization policies defined within the enterprise. One of the most used AC paradigms is role-based access control (RBAC). In RBAC, access rights are determined based on the user's role, e.g., her job or function in the enterprise. Many different types of RBAC authorization policies have been proposed in the literature, each one accompanied by the corresponding extension of the original RBAC model. However, there is no unified framework that can be used to define all these types of RBAC policies in a coherent way, using a common model. Moreover, these types of policies and their corresponding models are scattered across multiple sources and sometimes the concepts are expressed ambiguously. This situation makes it difficult for researchers to understand the state of the art in a coherent manner; furthermore, practitioners may experience severe difficulties when selecting the relevant types of policies to be implemented in their systems based on the available information. There is clearly a need for organizing the various types of RBAC policies systematically, based on a unified framework, and to formalize them to enable their operationalization. In this paper we propose a model-driven engineering (MDE) approach, based on UML and the Object Constraint Language (OCL), to enable the precise specification and verification of such policies. More specifically, we first present a taxonomy of the various types of RBAC authorization policies proposed in the literature. We also propose the GemRBAC model, a generalized model for RBAC that includes all the entities required to define the classified policies. This model is a conceptual model that can also serve as data model to operationalize data collection and verification. Lastly, we formalize the classified RBAC policies as OCL constraints on the GemRBAC model. To facilitate such operationalization, we make publicly available online the ECore version of the GemRBAC model and the OCL constraints corresponding to the classified RBAC policies. [less ▲]

Detailed reference viewed: 587 (176 UL)
Full Text
Peer Reviewed
See detailOn the Effectiveness of Contracts as Test Oracles in the Detection and Diagnosis of Functional Faults in Concurrent Object- Oriented Software
Araujo, Wladimir; Briand, Lionel UL; Labiche, Yvan

in IEEE Transactions on Software Engineering (2014), 40(10), 971-992

Detailed reference viewed: 161 (22 UL)
Full Text
Peer Reviewed
See detailRevisiting Model-driven Engineering for Run-time Verification of Business Processes
Dou, Wei UL; Bianculli, Domenico UL; Briand, Lionel UL

in Proceedings of the 8th System Analysis and Modeling Conference (SAM 2014) (2014, September)

Detailed reference viewed: 139 (24 UL)
Full Text
Peer Reviewed
See detailImproving Requirements Glossary Construction via Clustering: Approach and Industrial Case Studies
Arora, Chetan UL; Sabetzadeh, Mehrdad UL; Briand, Lionel UL et al

in 8th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM 2014) (2014, September)

Context. A glossary is an important part of any software requirements document. By making explicit the technical terms in a domain and providing definitions for them, a glossary serves as a helpful tool ... [more ▼]

Context. A glossary is an important part of any software requirements document. By making explicit the technical terms in a domain and providing definitions for them, a glossary serves as a helpful tool for mitigating ambiguities. Objective. A necessary step for building a glossary is to decide upon the glossary terms and to identify their related terms. Doing so manually is a laborious task. Our objective is to provide automated support for identifying candidate glossary terms and their related terms. Our work differs from existing work on term extraction mainly in that, instead of providing a flat list of candidate terms, our approach \emph{clusters} the terms by relevance. Method. We use case study research as the basis for our empirical investigation. Results. We present an automated approach for identifying and clustering candidate glossary terms. We evaluate the approach through two industrial case studies; one study concerns a satellite software component, and the other -- an evidence management tool for safety certification. Conclusion. Our results indicate that over requirements documents: (1) our approach is more accurate than other existing methods for identifying candidate glossary terms; this makes it less likely that our approach will miss important glossary terms. (2) Clustering provides an effective basis for grouping related terms; this makes clustering a useful support tool for selection of glossary terms and associating these terms with their related terms. [less ▲]

Detailed reference viewed: 226 (28 UL)