References of "Information & Software Technology"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailAn Extensive Systematic Review on the Model-Driven Development of Secure Systems
Nguyen, Phu UL; Kramer, Max; Klein, Jacques UL et al

in Information & Software Technology (2015), 68(December 2015), 62-81

Context: Model-Driven Security (MDS) is as a specialised Model-Driven Engineering research area for supporting the development of secure systems. Over a decade of research on MDS has resulted in a large ... [more ▼]

Context: Model-Driven Security (MDS) is as a specialised Model-Driven Engineering research area for supporting the development of secure systems. Over a decade of research on MDS has resulted in a large number of publications. Objective: To provide a detailed analysis of the state of the art in MDS, a systematic literature review (SLR) is essential. Method: We conducted an extensive SLR on MDS. Derived from our research questions, we designed a rigorous, extensive search and selection process to identify a set of primary MDS studies that is as complete as possible. Our three-pronged search process consists of automatic searching, manual searching, and snowballing. After discovering and considering more than thousand relevant papers, we identified, strictly selected, and reviewed 108 MDS publications. Results: The results of our SLR show the overall status of the key artefacts of MDS, and the identified primary MDS studies. E.g. regarding security modelling artefact, we found that developing domain-specific languages plays a key role in many MDS approaches. The current limitations in each MDS artefact are pointed out and corresponding potential research directions are suggested. Moreover, we categorise the identified primary MDS studies into 5 significant MDS studies, and other emerging or less common MDS studies. Finally, some trend analyses of MDS research are given. Conclusion: Our results suggest the need for addressing multiple security concerns more systematically and simultaneously, for tool chains supporting the MDS development cycle, and for more empirical studies on the application of MDS methodologies. To the best of our knowledge, this SLR is the first in the field of Software Engineering that combines a snowballing strategy with database searching. This combination has delivered an extensive literature study on MDS. [less ▲]

Detailed reference viewed: 90 (7 UL)
Full Text
Peer Reviewed
See detailEvidence management for compliance of critical systems with safety standards: A survey on the state of practice
Nair, Sunil; de la Vara, Jose Luis; Sabetzadeh, Mehrdad UL et al

in Information & Software Technology (2015), 60

Context Demonstrating compliance of critical systems with safety standards involves providing convincing evidence that the requirements of a standard are adequately met. For large systems, practitioners ... [more ▼]

Context Demonstrating compliance of critical systems with safety standards involves providing convincing evidence that the requirements of a standard are adequately met. For large systems, practitioners need to be able to effectively collect, structure, and assess substantial quantities of evidence. Objective This paper aims to provide insights into how practitioners deal with safety evidence management for critical computer-based systems. The information currently available about how this activity is performed in the industry is very limited. Method We conducted a survey to determine practitioners’ perspectives and practices on safety evidence management. A total of 52 practitioners from 15 countries and 11 application domains responded to the survey. The respondents indicated the types of information used as safety evidence, how evidence is structured and assessed, how evidence evolution is addressed, and what challenges are faced in relation to provision of safety evidence. Results Our results indicate that (1) V&V artefacts, requirements specifications, and design specifications are the most frequently used safety evidence types, (2) evidence completeness checking and impact analysis are mostly performed manually at the moment, (3) text-based techniques are used more frequently than graphical notations for evidence structuring, (4) checklists and expert judgement are frequently used for evidence assessment, and (5) significant research effort has been spent on techniques that have seen little adoption in the industry. The main contributions of the survey are to provide an overall and up-to-date understanding of how the industry addresses safety evidence management, and to identify gaps in the state of the art. Conclusion We conclude that (1) V&V plays a major role in safety assurance, (2) the industry will clearly benefit from more tool support for collecting and manipulating safety evidence, and (3) future research on safety evidence management needs to place more emphasis on industrial applications. [less ▲]

Detailed reference viewed: 114 (6 UL)
Full Text
Peer Reviewed
See detailChange Impact Analysis for Requirements: a Metamodeling Approach
Göknil, Arda UL; Kurtev, Ivan; van den Berg, Klaas et al

in Information & Software Technology (2014), 56(8), 950-972

Detailed reference viewed: 75 (6 UL)
Full Text
Peer Reviewed
See detailEmpirical Evaluations on the Cost-Effectiveness of State-Based Testing: An Industrial Case Study
Holt, Nina; Briand, Lionel UL; Torkar, Richard

in Information & Software Technology (2014), 56(8), 890910

Detailed reference viewed: 122 (13 UL)
Full Text
Peer Reviewed
See detailAn Extended Systematic Literature Review on Provision of Evidence for Safety Certification
Nair, Sunil; de la Vara, Jose Luis; Sabetzadeh, Mehrdad UL et al

in Information & Software Technology (2014), 56(7), 689717

Detailed reference viewed: 186 (14 UL)
Full Text
Peer Reviewed
See detailSimPL: A Product-Line Modeling Methodology for Families of Integrated Control Systems
Behjati, Razieh; Yue, Tao; Briand, Lionel UL et al

in Information & Software Technology (2013), 55(3),

Detailed reference viewed: 120 (10 UL)
Full Text
Peer Reviewed
See detailSupporting the Verification of Compliance to Safety Standards via Model-Driven Engineering: Approach, Tool-Support and Empirical Validation
Panesar-Walawege, Rajwinder; Sabetzadeh, Mehrdad UL; Briand, Lionel UL

in Information & Software Technology (2013), 55(1), 836-864

Detailed reference viewed: 146 (28 UL)
Full Text
Peer Reviewed
See detailMutation Based Test Case Generation via a Path Selection Strategy
Papadakis, Mike UL; Malevris, Nicos

in Information & Software Technology (2012), 54(9), 915-932

Context: Generally, mutation analysis has been identified as a powerful testing method. Researchers have shown that its use as a testing criterion exercises quite thoroughly the system under test while it ... [more ▼]

Context: Generally, mutation analysis has been identified as a powerful testing method. Researchers have shown that its use as a testing criterion exercises quite thoroughly the system under test while it achieves to reveal more faults than standard structural testing criteria. Despite its potential, mutation fails to be adopted in a widespread practical use and its popularity falls significantly short when compared with other structural methods. This can be attributed to the lack of thorough studies dealing with the practical problems introduced by mutation and the assessment of the effort needed when applying it. Such an incident, masks the real cost involved preventing the development of easy and effective to use strategies to circumvent this problem. Objective: In this paper, a path selection strategy for selecting test cases able to effectively kill mutants when performing weak mutation testing is presented and analysed. Method: The testing effort is highly correlated with the number of attempts the tester makes in order to generate adequate test cases. Therefore, a significant influence on the efficiency associated with a test case generation strategy greatly depends on the number of candidate paths selected in order to achieve a predefined coverage goal. The effort can thus be related to the number of infeasible paths encountered during the test case generation process. Results: An experiment, investigating well over 55 million of program paths is conducted based on a strategy that alleviates the effects of infeasible paths. Strategy details, along with a prototype implementation are reported and analysed through the experimental results obtained by its employment to a set of program units. Conclusion: The results obtained suggest that the strategy used can play an important role in making the mutation testing method more appealing and practical. [less ▲]

Detailed reference viewed: 59 (1 UL)