References of "Journal of Systems and Software"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailChange Impact Analysis for Evolving Configuration Decisions in Product Line Use Case Models
Hajri, Ines UL; Göknil, Arda UL; Briand, Lionel UL et al

in Journal of Systems and Software (2018), 139

Product Line Engineering is becoming a key practice in many software development environments where complex systems are developed for multiple customers with varying needs. In many business contexts, use ... [more ▼]

Product Line Engineering is becoming a key practice in many software development environments where complex systems are developed for multiple customers with varying needs. In many business contexts, use cases are the main artifacts for communicating requirements among stakeholders. In such contexts, Product Line (PL) use cases capture variable and common requirements while use case-driven configuration generates Product Specific (PS) use cases for each new customer in a product family. In this paper, we propose, apply, and assess a change impact analysis approach for evolving configuration decisions in PL use case models. Our approach includes: (1) automated support to identify the impact of decision changes on prior and subsequent decisions in PL use case diagrams and (2) automated incremental regeneration of PS use case models from PL use case models and evolving configuration decisions. Our tool support is integrated with IBM Doors. Our approach has been evaluated in an industrial case study, which provides evidence that it is practical and beneficial to analyze the impact of decision changes and to incrementally regenerate PS use case models in industrial settings. [less ▲]

Detailed reference viewed: 233 (109 UL)
Full Text
Peer Reviewed
See detailModel-based mutant equivalence detection using automata language equivalence and simulations
Devroey, Xavier; Perrouin, Gilles; Papadakis, Mike UL et al

in Journal of Systems and Software (2018)

Detailed reference viewed: 45 (0 UL)
Full Text
Peer Reviewed
See detailSecurity Slicing for Auditing Common Injection Vulnerabilities
Thome, Julian UL; Shar, Lwin Khin UL; Bianculli, Domenico UL et al

in Journal of Systems and Software (2018), 137(March, 2018), 766-783

Cross-site scripting and injection vulnerabilities are among the most common and serious security issues for Web applications. Although existing static analysis approaches can detect potential ... [more ▼]

Cross-site scripting and injection vulnerabilities are among the most common and serious security issues for Web applications. Although existing static analysis approaches can detect potential vulnerabilities in source code, they generate many false warnings and source-sink traces with irrelevant information, making their adoption impractical for security auditing. One suitable approach to support security auditing is to compute a program slice for each sink, which contains all the information required for security auditing. However, such slices are likely to contain a large amount of information that is irrelevant to security, thus raising scalability issues for security audits. In this paper, we propose an approach to assist security auditors by defining and experimenting with pruning techniques to reduce original program slices to what we refer to as security slices, which contain sound and precise information. To evaluate the proposed approach, we compared our security slices to the slices generated by a state-of-the-art program slicing tool, based on a number of open-source benchmarks. On average, our security slices are 76% smaller than the original slices. More importantly, with security slicing, one needs to audit approximately 1% of the total code to fix all the vulnerabilities, thus suggesting significant reduction in auditing costs. [less ▲]

Detailed reference viewed: 440 (95 UL)
Full Text
Peer Reviewed
See detailAutomated extraction of product comparison matrices from informal product descriptions
Ben Nasr, Sana; Bécan, Guillaume; Acher, Mathieu et al

in Journal of Systems and Software (2017), 124

Domain analysts, product managers, or customers aim to capture the important features and differences among a set of related products. A case-by-case reviewing of each product description is a laborious ... [more ▼]

Domain analysts, product managers, or customers aim to capture the important features and differences among a set of related products. A case-by-case reviewing of each product description is a laborious and time-consuming task that fails to deliver a condense view of a family of product. In this article, we investigate the use of automated techniques for synthesizing a product comparison matrix (PCM) from a set of product descriptions written in natural language. We describe a tool-supported process, based on term recognition, information extraction, clustering, and similarities, capable of identifying and organizing features and values in a PCM – despite the informality and absence of structure in the textual descriptions of products. We evaluate our proposal against numerous categories of products mined from BestBuy. Our empirical results show that the synthesized PCMs exhibit numerous quantitative, comparable information that can potentially complement or even refine technical descriptions of products. The user study shows that our automatic approach is capable of extracting a significant portion of correct features and correct values. This approach has been implemented in MatrixMiner a web environment with an interactive support for automatically synthesizing PCMs from informal product descriptions. MatrixMiner also maintains traceability with the original descriptions and the technical specifications for further refinement or maintenance by users. [less ▲]

Detailed reference viewed: 189 (14 UL)
Full Text
Peer Reviewed
See detailThe RIGHT model for Continuous Experimentation
Fagerholm, Fabian; Sanchez Guinea, Alejandro UL; Mäenpää, Hanna et al

in Journal of Systems and Software (2017), 123

Context: Development of software-intensive products and services increasingly occurs by continuously deploying product or service increments, such as new features and enhancements, to customers. Product ... [more ▼]

Context: Development of software-intensive products and services increasingly occurs by continuously deploying product or service increments, such as new features and enhancements, to customers. Product and service developers must continuously find out what customers want by direct customer feedback and usage behaviour observation. Objective: This paper examines the preconditions for setting up an experimentation system for continuous customer experiments. It describes the RIGHT model for Continuous Experimentation (Rapid Iterative value creation Gained through High-frequency Testing), illustrating the building blocks required for such a system. Method: An initial model for continuous experimentation is analytically derived from prior work. The model is matched against empirical case study findings from two startup companies and further developed. Results: Building blocks for a continuous experimentation system and infrastructure are presented. Conclusions: A suitable experimentation system requires at least the ability to release minimum viable products or features with suitable instrumentation, design and manage experiment plans, link experiment results with a product roadmap, and manage a flexible business strategy. The main challenges are proper, rapid design of experiments, advanced instrumentation of software to collect, analyse, and store relevant data, and the integration of experiment results in both the product development cycle and the software development process. [less ▲]

Detailed reference viewed: 76 (2 UL)
Full Text
Peer Reviewed
See detailA systematic review on the engineering of software for ubiquitous systems
Sanchez Guinea, Alejandro UL; Nain, Gregory; Le Traon, Yves UL

in Journal of Systems and Software (2016), 118

Context: Software engineering for ubiquitous systems has experienced an important and rapid growth, however the vast research corpus makes it difficult to obtain valuable information from it. Objective ... [more ▼]

Context: Software engineering for ubiquitous systems has experienced an important and rapid growth, however the vast research corpus makes it difficult to obtain valuable information from it. Objective: To identify, evaluate, and synthesize research about the most relevant approaches addressing the different phases of the software development life cycle for ubiquitous systems. Method: We conducted a systematic literature review of papers presenting and evaluating approaches for the different phases of the software development life cycle for ubiquitous systems. Approaches were classified according to the phase of the development cycle they addressed, identifying their main concerns and limitations. Results: We identified 128 papers reporting 132 approaches addressing issues related to different phases of the software development cycle for ubiquitous systems. Most approaches have been aimed at addressing the implementation, evolution/maintenance, and feedback phases, while others phases such as testing need more attention from researchers. Conclusion: We recommend to follow existing guidelines when conducting case studies to make the studies more reproducible and closer to real life cases. While some phases of the development cycle have been extensively explored, there is still room for research in other phases, toward a more agile and integrated cycle, from requirements to testing and feedback. [less ▲]

Detailed reference viewed: 86 (3 UL)
Full Text
Peer Reviewed
See detailScapeGoat: Spotting abnormal resource usage in component-based reconfigurable software systems
Gonzalez-Herrera, Inti; Bourcier, Johann; Daubert, Erwan et al

in Journal of Systems and Software (2016)

Detailed reference viewed: 70 (4 UL)
Full Text
Peer Reviewed
See detailCost-effective Strategies for the Regression Testing of Database Applications: Case study and Lessons Learned
Rogstad, Erik; Briand, Lionel UL

in Journal of Systems and Software (2016), 113

Detailed reference viewed: 149 (27 UL)
Full Text
Peer Reviewed
See detailA Comprehensive Modeling Framework for Role-based Access Control Policies
Ben Fadhel, Ameni UL; Bianculli, Domenico UL; Briand, Lionel UL

in Journal of Systems and Software (2015), 107(September,2015), 110-126

Prohibiting unauthorized access to critical resources and data has become a major requirement for enter- prises; access control (AC) mechanisms manage requests from users to access system resources. One ... [more ▼]

Prohibiting unauthorized access to critical resources and data has become a major requirement for enter- prises; access control (AC) mechanisms manage requests from users to access system resources. One of the most used AC paradigms is role-based access control (RBAC), in which access rights are determined based on the user’s role. Many different types of RBAC policies have been proposed in the literature, each one accompanied by the corresponding extension of the original RBAC model. However, there is no unified framework that can be used to define all these types of policies in a coherent way, using a common model. In this paper we propose a model-driven engineering approach, based on UML and the Object Constraint Language (OCL), to enable the precise specification and verification of such policies. More specifically, we first present a taxonomy of the various types of RBAC policies proposed in the literature. We also propose the GemRBAC model, a generalized model for RBAC that includes all the entities required to define the classified policies. This model is a conceptual model that can also serve as data model to operationalize data collection and verification. Lastly, we formalize the classified policies as OCL constraints on the GemRBAC model. [less ▲]

Detailed reference viewed: 338 (59 UL)
Full Text
Peer Reviewed
See detailGeneration and Validation of Traces between Requirements and Architecture based on Formal Trace Semantics
Göknil, Arda UL; Kurtev, I.; van den Berg, K.

in Journal of Systems and Software (2014), 88

Detailed reference viewed: 75 (6 UL)
Full Text
Peer Reviewed
See detailFrameworks for designing and implementing dependable systems using Coordinated Atomic Actions: A comparative study
Capozucca, Alfredo UL; Guelfi, Nicolas UL; Pelliccione, Patrizio et al

in Journal of Systems and Software (2009), 82(2), 207-228

This paper presents ways of implementing dependable distributed applications designed using the Coordinated Atomic Action (CAA) paradigm. CAAs provide a coherent set of concepts adapted to fault tolerant ... [more ▼]

This paper presents ways of implementing dependable distributed applications designed using the Coordinated Atomic Action (CAA) paradigm. CAAs provide a coherent set of concepts adapted to fault tolerant distributed system design that includes structured transactions, distribution, cooperation, competition, and forward and backward error recovery mechanisms triggered by exceptions. DRIP (Dependable Remote Interacting Processes) is an efficient Java implementation framework which provides support for implementing Dependable Multiparty Interactions (DMI). As DMIs have a softer exception handling semantics compared with the CAA semantics, a CAA design can be implemented using the DRIP framework. A new framework called CAA-DRIP allows programmers to exclusively implement the semantics of CAAs using the same terminology and concepts at the design and implementation levels. The new framework not only simplifies the implementation phase, but also reduces the final system size as it requires less number of instances for creating a CAA at runtime. The paper analyses both implementation frameworks in great detail, drawing a systematic comparison of the two. The CAAs behaviour is described in terms of Statecharts to better understand the differences between the two frameworks. Based on the results of the comparison, we use one of the frameworks to implement a case study belonging to the e-health domain. [less ▲]

Detailed reference viewed: 76 (3 UL)