References of "Briand, Lionel 50001049"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailApplying UML/MARTE on industrial projects: challenges, experiences, and guidelines
Iqbal, Zohaib; Ali, Shaukat; Yue, Tao et al

in Software and Systems Modeling (2014)

Detailed reference viewed: 368 (17 UL)
Full Text
Peer Reviewed
See detailTraceability and SysML Design Slices to Support Safety Inspections: A Controlled Experiment
Briand, Lionel UL; Falessi, Davide; Nejati, Shiva UL et al

in ACM Transactions on Software Engineering and Methodology (2014), 23(1),

Detailed reference viewed: 282 (51 UL)
Full Text
See detailOCLR: a More Expressive, Pattern-based Temporal Extension of OCL
Dou, Wei UL; Bianculli, Domenico UL; Briand, Lionel UL

Report (2014)

Modern enterprise information systems often require to specify their functional and non-functional (e.g., Quality of Service) requirements using expressions that contain temporal constraints ... [more ▼]

Modern enterprise information systems often require to specify their functional and non-functional (e.g., Quality of Service) requirements using expressions that contain temporal constraints. Specification approaches based on temporal logics demand a certain knowledge of mathematical logic, which is difficult to find among practitioners; moreover, tool support for temporal logics is limited. On the other hand, a standard language such as the Object Constraint Language (OCL), which benefits from the availability of several industrial-strength tools, does not support temporal expressions. In this paper we propose OCLR, an extension of OCL with support for temporal constraints based on well-known property specification patterns. With respect to previous extensions, we add support for referring to a specific occurrence of an event as well as for indicating a time distance between events and/or scope boundaries. The proposed extension defines a new syntax, very close to natural language, paving the way for a rapid adoption by practitioners. We show the application of the language in a case study in the domain of eGovernment, developed in collaboration with a public service partner. [less ▲]

Detailed reference viewed: 413 (88 UL)
Full Text
See detailBlack-box SQL Injection Testing
Appelt, Dennis UL; Alshahwan, Nadia UL; Nguyen, Duy Cu UL et al

Report (2014)

Web services are increasingly adopted in various domains, from finance and e-government to social media. As they are built on top of the web technologies, they suffer also an unprecedented amount of ... [more ▼]

Web services are increasingly adopted in various domains, from finance and e-government to social media. As they are built on top of the web technologies, they suffer also an unprecedented amount of attacks and exploitations like the Web. Among the attacks, those that target SQL injection vulnerabilities have consistently been top-ranked for the last years. Testing to detect such vulnerabilities before making web services public is crucial. We present in this report an automated testing approach, namely μ4SQLi, and its underpinning set of mutation operators. μ4SQLi can produce effective inputs that lead to executable and harmful SQL statements. Executability is key as otherwise no injection vulnerability can be exploited. Our evaluation demonstrated that the approach outperforms contemporary known attacks in terms of vulnerability detection and the ability to get through an application firewall, which is a popular configuration in real world. [less ▲]

Detailed reference viewed: 756 (59 UL)
Full Text
Peer Reviewed
See detailUsing UML for Modeling Procedural Legal Rules: Approach and a Study of Luxembourg’s Tax Law
Soltana, Ghanem UL; Fourneret, Elizabeta; Adedjouma, Morayo UL et al

in 17th ACM/IEEE International Conference on Model Driven Engineering Languages and Systems (MODELS'14) (2014)

Many laws, e.g., those concerning taxes and social benefits, need to be operationalized and implemented into public administration procedures and eGovernment applications. Where such operationalization is ... [more ▼]

Many laws, e.g., those concerning taxes and social benefits, need to be operationalized and implemented into public administration procedures and eGovernment applications. Where such operationalization is warranted, the legal frameworks that interpret the underlying laws are typically prescriptive, providing procedural rules for ensuring legal compliance. We propose a UML-based approach for modeling pro- cedural legal rules. With help from legal experts, we investigate actual legal texts, identifying both the information needs and sources of com- plexity in the formalization of procedural legal rules. Building on this study, we develop a UML profile that enables more precise modeling of such legal rules. To be able to use logic-based tools for compliance analysis, we automatically transform models of procedural legal rules into the Object Constraint Language (OCL). We report on an application of our approach to Luxembourg’s Income Tax Law providing initial evidence for the feasibility and usefulness of our approach. [less ▲]

Detailed reference viewed: 368 (74 UL)
Full Text
Peer Reviewed
See detailModel-Based Testing of Obligations
Rubab, Iram; Ali, Shaukat; Briand, Lionel UL et al

in 14th Annual International Conference on Quality Software (QSIC) (2014)

Obligations are mandatory actions that users must perform, addressing access control requirements. To ensure that such obligations are implemented correctly, an automated and systematic testing approach ... [more ▼]

Obligations are mandatory actions that users must perform, addressing access control requirements. To ensure that such obligations are implemented correctly, an automated and systematic testing approach is often recommended. One such approach is Model-Based Testing (MBT) that allows defining cost-effective testing strategies to support rigorous testing via automation. In this paper, we present MBT for obligations by extending the Unified Modeling Language (UML) via a profile called the Obligations Profile. Based on the profile, we define a modeling methodology utilizing the concepts of Obligations Class Diagrams (OCDs) and Obligations State Machines (OSMs), which are standard UML Class Diagrams and UML State Machines with stereotypes from the Obligations Profile. Our methodology, using OCDs and OSMs, is automatically enforced by the validation of constraints defined in the profile. To assess the completeness and applicability of the profile and methodology, we modeled 47 obligations from four different systems. The results of our case study show that we successfully modeled all the obligations and used 75% of the stereotypes that we defined in the profile. In addition, using OCDs and OSMs, we automatically generate executable test cases using a standard state machine structural coverage criterion and common test data generation strategies. The effectiveness of generated test cases is assessed using mutation analysis on two systems, using mutation operators specifically designed for obligation faults. Test case execution killed 75% of the mutants and a careful analysis further suggests that more sophisticated testing strategies must be defined to further improve testing effectiveness. [less ▲]

Detailed reference viewed: 239 (1 UL)
Full Text
Peer Reviewed
See detailModel Based Test Validation and Oracles for Data Acquisition Systems
Di Nardo, Daniel UL; Alshahwan, Nadia UL; Briand, Lionel UL et al

in IEEE/ACM International Conference on Automated Software Engineering (2013, November)

Detailed reference viewed: 377 (59 UL)
Full Text
Peer Reviewed
See detailAutomatic Checking of Conformance to Requirement Boilerplates via Text Chunking: An Industrial Case Study
Arora, Chetan UL; Sabetzadeh, Mehrdad UL; Briand, Lionel UL et al

in 7th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM 2013) (2013, October)

Detailed reference viewed: 305 (38 UL)
Full Text
Peer Reviewed
See detailAutomated Model-in-the-Loop Testing of Continuous Controllers using Search
Matinnejad, Reza UL; Nejati, Shiva UL; Briand, Lionel UL et al

in 5th Symposium on Search-Based Software Engineering (SSBSE 2013), Springer Lecture Notes in Computer Science (2013, August)

The number and the complexity of software components embedded in today’s vehicles is rapidly increasing. A large group of these components monitor and control the operating conditions of physical devices ... [more ▼]

The number and the complexity of software components embedded in today’s vehicles is rapidly increasing. A large group of these components monitor and control the operating conditions of physical devices (e.g., components controlling engines, brakes, and airbags). These controllers are known as continuous controllers. In this paper, we study testing of continuous controllers at the Model-in-Loop (MiL) level where both the controller and the environment are represented by models and connected in a closed feedback loop system.We identify a set of common requirements characterizing the desired behavior of continuous controllers, and develop a search-based technique to automatically generate test cases for these requirements. We evaluated our approach by applying it to a real automotive air compressor module. Our experience shows that our approach automatically generates several test cases for which the MiL level simulations indicate potential violations of the system requirements. Further, not only do our approach generates better test cases faster than random test case generation, but we also achieve better results than test scenarios devised by domain experts. [less ▲]

Detailed reference viewed: 473 (85 UL)
Full Text
Peer Reviewed
See detailRUBRIC: A Flexible Tool for Automated Checking of Conformance to Requirement Boilerplates
Arora, Chetan UL; Sabetzadeh, Mehrdad UL; Briand, Lionel UL et al

in 9th joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2013) (2013, August)

Detailed reference viewed: 287 (35 UL)
Full Text
Peer Reviewed
See detailEnvironment Modeling and Simulation for Automated Testing of Soft Real-Time Embedded Software
Iqbal, Muhammad Zohaib; Arcuri, Andrea UL; Briand, Lionel UL

in Software and Systems Modeling (2013)

Detailed reference viewed: 444 (23 UL)
Full Text
Peer Reviewed
See detailCoverage-Based Test Case Prioritisation: An Industrial Case Study
Di Nardo, Daniel UL; Alshahwan, Nadia UL; Briand, Lionel UL et al

in IEEE International Conference on Software Testing, Verification and Validation (ICST) (2013, March)

Detailed reference viewed: 356 (25 UL)
Full Text
Peer Reviewed
See detailVPML: an approach to detect design patterns of MOF-based modeling languages
Elaasar, Maged; Briand, Lionel UL; Labiche, Yvan

in Software and Systems Modeling (2013)

Detailed reference viewed: 376 (20 UL)
Full Text
Peer Reviewed
See detailA Multi-Objective Genetic Algorithm to Rank State-Based Test Cases
Briand, Lionel UL; Labiche, Yvan; Chen, Kathy

in 5th Symposium on Search-Based Software Engineering (SSBSE 2013), Springer Lecture Notes in Computer Science (2013)

Detailed reference viewed: 262 (13 UL)
Full Text
Peer Reviewed
See detailClassification, structuring, and assessment of evidence for safety: A systematic literature review
Nair, Sunil; de la Vara, Jose; Sabetzadeh, Mehrdad UL et al

in International Conference on Software Testing, Verification, and Validation, Luxembourg 2013 (2013)

Detailed reference viewed: 250 (14 UL)
Full Text
Peer Reviewed
See detailGenerating Test Data from OCL Constraints with Search Techniques
Ali, Shaukat; Iqbal, Zohaib; Arcuri, Andrea UL et al

in IEEE Transactions on Software Engineering (2013), 39(10),

Detailed reference viewed: 651 (24 UL)
Full Text
Peer Reviewed
See detailStress Testing of Task Deadlines: A Constraint Programming Approach
Di Alesio, Stefano; Nejati, Shiva UL; Briand, Lionel UL et al

in The 24th IEEE International Symposium on Software Reliability Engineering (ISSRE 2013), Pasadena, CA, November 2013 (2013)

Safety-critical Real Time Embedded Systems (RTESs) are usually subject to strict timing and performance requirements that must be satisfied for the system to be deemed safe. In this paper, we use ... [more ▼]

Safety-critical Real Time Embedded Systems (RTESs) are usually subject to strict timing and performance requirements that must be satisfied for the system to be deemed safe. In this paper, we use effective search strategies that aim at finding worst case scenarios with respect to deadline misses. Such scenarios can in turn be used to test the target RTES and ensure that, even under worst case conditions, it satisfies its timing requirements. Specifically, we develop a solution based on Constraint Programming (CP) to automate the generation of test cases that reveal, or are likely to, task deadline misses. We evaluate it through a comparison with a recent, state-of-the-art approach based on Genetic Algorithms (GA). In particular, we compare CP and GA in five industry-inspired case studies for efficiency, effectiveness, and scalability. Our experimental results show that, on the largest and more complex case studies, CP performs significantly better than GA. Since CP has interesting properties, such as guaranteeing complete search when there is sufficient time, and enables the definition of effective heuristics to converge faster towards optimal solutions, we conclude that our results are encouraging and suggest this is an advantageous solution for the stress testing of RTESs with respect to timing constraints. [less ▲]

Detailed reference viewed: 258 (11 UL)
Full Text
Peer Reviewed
See detailMinimizing CPU Time Shortage Risks in Integrated Embedded Software
Nejati, Shiva UL; Adedjouma, Morayo UL; Briand, Lionel UL et al

in 28th IEEE/ACM International Conference on Automated Software Engineering (2013)

Detailed reference viewed: 340 (31 UL)
Full Text
Peer Reviewed
See detailAssessing the Impact of Firewalls and Database Proxies on SQL Injection Testing
Appelt, Dennis UL; Alshahwan, Nadia UL; Briand, Lionel UL

in Springer LNCS series (2013)

This paper examines the effects and potential benefits of utilising Web Application Firewalls (WAFs) and database proxies in SQL injection testing of web applications and services. We propose testing the ... [more ▼]

This paper examines the effects and potential benefits of utilising Web Application Firewalls (WAFs) and database proxies in SQL injection testing of web applications and services. We propose testing the WAF itself to refine and evaluate its security rules and prioritise fixing vulnerabilities that are not protected by the WAF. We also propose using database proxies as oracles for black-box security testing instead of relying only on the output of the application under test. The paper also presents a case study of our proposed approaches on two sets of web services. The results indicate that testing through WAFs can be used to prioritise vulnerabilities and that an oracle that uses a database proxy finds more vulnerabilities with fewer tries than an oracle that relies only on the output of the application. [less ▲]

Detailed reference viewed: 391 (38 UL)
Full Text
Peer Reviewed
See detailA Goal-Based Approach for Qualification of New Technologies: Foundations, Tool Support, and Industrial Validation
Sabetzadeh, Mehrdad UL; Falessi, Davide; Briand, Lionel UL et al

in Reliability Engineering and System Safety (2013), 119

Detailed reference viewed: 241 (20 UL)