References of "Briand, Lionel 50001049"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailJoanAudit: A Tool for Auditing Common Injection Vulnerabilities
Thome, Julian UL; Shar, Lwin Khin UL; Bianculli, Domenico UL et al

in 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (2017, September)

JoanAudit is a static analysis tool to assist security auditors in auditing Web applications and Web services for common injection vulnerabilities during software development. It automatically identifies ... [more ▼]

JoanAudit is a static analysis tool to assist security auditors in auditing Web applications and Web services for common injection vulnerabilities during software development. It automatically identifies parts of the program code that are relevant for security and generates an HTML report to guide security auditors audit the source code in a scalable way. JoanAudit is configured with various security-sensitive input sources and sinks relevant to injection vulnerabilities and standard sanitization procedures that prevent these vulnerabilities. It can also automatically fix some cases of vulnerabilities in source code — cases where inputs are directly used in sinks without any form of sanitization — by using standard sanitization procedures. Our evaluation shows that by using JoanAudit, security auditors are required to inspect only 1% of the total code for auditing common injection vulnerabilities. The screen-cast demo is available at https://github.com/julianthome/joanaudit. [less ▲]

Detailed reference viewed: 438 (43 UL)
Full Text
Peer Reviewed
See detailLegal Markup Generation in the Large: An Experience Report
Sannier, Nicolas UL; Adedjouma, Morayo UL; Sabetzadeh, Mehrdad UL et al

in the 25th International Requirements Engineering Conference (RE'17), Lisbon, 4-8 September 2017 (2017, September)

Detailed reference viewed: 190 (30 UL)
Full Text
Peer Reviewed
See detailThe Case for Context-Driven Software Engineering Research
Briand, Lionel UL; Bianculli, Domenico UL; Nejati, Shiva UL et al

in IEEE Software (2017), 34(5), 72-75

Detailed reference viewed: 326 (31 UL)
Full Text
Peer Reviewed
See detailFrom RELAW Research to Practice: Reflections on an Ongoing Technology Transfer Project
Sannier, Nicolas UL; Sabetzadeh, Mehrdad UL; Briand, Lionel UL

in the IEEE 25th International Requirements Engineering Conference, Lisbon, Portugal, 4-8 September 2017 (2017, September)

Detailed reference viewed: 77 (11 UL)
Full Text
See detailModeling Security and Privacy Requirements for Mobile Applications: a Use Case-driven Approach
Mai, Xuan Phu UL; Göknil, Arda UL; Shar, Lwin Khin UL et al

Report (2017)

Defining and addressing security and privacy requirements in mobile apps is a significant challenge due to the high level of transparency regarding users' (private) information. In this paper, we propose ... [more ▼]

Defining and addressing security and privacy requirements in mobile apps is a significant challenge due to the high level of transparency regarding users' (private) information. In this paper, we propose, apply, and assess a modeling method that supports the specification of security and privacy requirements of mobile apps in a structured and analyzable form. Our motivation is that, in many contexts including mobile app development, use cases are common practice for the elicitation and analysis of functional requirements and should also be adapted for describing security requirements. We integrate and adapt an existing approach for modeling security and privacy requirements in terms of security threats, their mitigations, and their relations to use cases in a misuse case diagram. We introduce new security-related templates, i.e., a mitigation template and a misuse case template for specifying mitigation schemes and misuse case specifications in a structured and analyzable manner. Natural language processing can then be used to automatically detect and report inconsistencies among artifacts and between the templates and specifications. Since our approach supports stakeholders in precisely specifying and checking security threats, threat scenarios and their mitigations, it is expected to help with decision making and compliance with standards for improving security. We successfully applied our approach to industrial mobile apps and report lessons learned and results from structured interviews with engineers. [less ▲]

Detailed reference viewed: 346 (29 UL)
Full Text
Peer Reviewed
See detailAugmenting Field Data for Testing Systems Subject to Incremental Requirements Changes
Di Nardo, Daniel; Pastore, Fabrizio; Briand, Lionel UL

in ACM Transactions on Software Engineering & Methodology (2017), 26(1), 1-40

Detailed reference viewed: 239 (56 UL)
Full Text
Peer Reviewed
See detailSearch-driven String Constraint Solving for Vulnerability Detection
Thome, Julian UL; Shar, Lwin Khin UL; Bianculli, Domenico UL et al

in Proceedings of the 39th International Conference on Software Engineering (ICSE 2017) (2017, May)

Constraint solving is an essential technique for detecting vulnerabilities in programs, since it can reason about input sanitization and validation operations performed on user inputs. However, real-world ... [more ▼]

Constraint solving is an essential technique for detecting vulnerabilities in programs, since it can reason about input sanitization and validation operations performed on user inputs. However, real-world programs typically contain complex string operations that challenge vulnerability detection. State-of-the-art string constraint solvers support only a limited set of string operations and fail when they encounter an unsupported one; this leads to limited effectiveness in finding vulnerabilities. In this paper we propose a search-driven constraint solving technique that complements the support for complex string operations provided by any existing string constraint solver. Our technique uses a hybrid constraint solving procedure based on the Ant Colony Optimization meta-heuristic. The idea is to execute it as a fallback mechanism, only when a solver encounters a constraint containing an operation that it does not support. We have implemented the proposed search-driven constraint solving technique in the ACO-Solver tool, which we have evaluated in the context of injection and XSS vulnerability detection for Java Web applications. We have assessed the benefits and costs of combining the proposed technique with two state-of-the-art constraint solvers (Z3-str2 and CVC4). The experimental results, based on a benchmark with 104 constraints derived from nine realistic Web applications, show that our approach, when combined in a state-of-the-art solver, significantly improves the number of detected vulnerabilities (from 4.7% to 71.9% for Z3-str2, from 85.9% to 100.0% for CVC4), and solves several cases on which the solver fails when used stand-alone (46 more solved cases for Z3-str2, and 11 more for CVC4), while still keeping the execution time affordable in practice. [less ▲]

Detailed reference viewed: 867 (77 UL)
Full Text
Peer Reviewed
See detailSystem Testing of Timing Requirements based on Use Cases and Timed Automata
Wang, Chunhui UL; Pastore, Fabrizio UL; Briand, Lionel UL

in 10th IEEE International Conference on Software Testing, Verification and Validation (ICST 2017), Tokyo 13-18 March 2017 (2017, March 13)

In the context of use-case centric development and requirements-driven testing, this paper addresses the problem of automatically deriving system test cases to verify timing requirements. Inspired by ... [more ▼]

In the context of use-case centric development and requirements-driven testing, this paper addresses the problem of automatically deriving system test cases to verify timing requirements. Inspired by engineering practice in an automotive software development context, we rely on an analyzable form of use case specifications and augment such functional descriptions with timed automata, capturing timing requirements, following a methodology aiming at minimizing modeling overhead. We automate the generation of executable test cases using a test strategy based on maximizing test suite diversity and building over the UPPAAL model checker. Initial empirical results based on an industrial case study provide evidence of the effectiveness of the approach. [less ▲]

Detailed reference viewed: 407 (51 UL)
Full Text
Peer Reviewed
See detailA Change Management Approach in Product Lines for Use Case-Driven Development and Testing
Hajri, Ines UL; Göknil, Arda UL; Briand, Lionel UL

in 23rd International Working Conference on Requirements Engineering: Foundation for software Quality (REFSQ 2017) (2017, March)

In this paper, driven by industrial needs, we present a change management approach for product lines within the context of use case-driven development and testing. As part of the approach, we first ... [more ▼]

In this paper, driven by industrial needs, we present a change management approach for product lines within the context of use case-driven development and testing. As part of the approach, we first provide a modeling method to support variability modeling in Product Line (PL) use case diagrams, specifications, and domain models, intentionally avoiding any reliance on feature models and thus avoiding unnecessary modeling and traceability overhead. Then, we introduce a use case-driven configuration approach based on the proposed modelling method to automatically generate Product Specific (PS) use case and domain models from the PL models and configuration decisions. Building on this, we provide a change impact analysis approach for evolving configuration decisions in PL use case models. In addition, we plan to develop a change impact analysis approach for evolving PL use case models and an automated regression test selection technique for evolving configuration decisions and PL models. [less ▲]

Detailed reference viewed: 372 (109 UL)
Full Text
Peer Reviewed
See detailIncremental Reconfiguration of Product Specific Use Case Models for Evolving Configuration Decisions
Hajri, Ines UL; Göknil, Arda UL; Briand, Lionel UL et al

in 23rd International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2017) (2017, March)

[Context and motivation] Product Line Engineering (PLE) is increasingly common practice in industry to develop complex systems for multiple customers with varying needs. In many business contexts, use ... [more ▼]

[Context and motivation] Product Line Engineering (PLE) is increasingly common practice in industry to develop complex systems for multiple customers with varying needs. In many business contexts, use cases are central development artifacts for requirements engineering and system testing. In such contexts, use case configurators can play a significant role to capture variable and common requirements in Product Line (PL) use case models and to generate Product Specific (PS) use case models for each new customer in a product family. [Question/Problem] Although considerable research has been devoted to use case configurators, little attention has been paid to supporting the incremental reconfiguration of use case models with evolving configuration decisions. [Principal ideas/results] We propose, apply, and assess an incremental reconfiguration approach to support evolving configuration decisions in PL use case models. PS use case models are incrementally reconfigured by focusing only on the changed decisions and their side effects. In our prior work, we proposed and applied Product line Use case modeling Method (PUM) to support variability modeling in PL use case diagrams and specifications. We also developed a use case configurator, PUMConf, which interactively collects configuration decisions from analysts to generate PS use case models from PL models. Our approach is built on top of PUM and PUMConf. [Contributions] We provide fully automated tool support for incremental configuration as an extension of PUMConf. Our approach has been evaluated in an industrial case study in the automotive domain, which provided evidence it is practical and beneficial. [less ▲]

Detailed reference viewed: 293 (98 UL)
Full Text
Peer Reviewed
See detailA Search-based Testing Approach for XML Injection Vulnerabilities in Web Applications
Jan, Sadeeq UL; Nguyen, Duy Cu UL; Andrea, Arcuri UL et al

in 10th IEEE International Conference on Software Testing, Verification and validation (ICST 2017), Tokyo 13-18 March 2017 (2017)

In most cases, web applications communicate with web services (SOAP and RESTful). The former act as a front-end to the latter, which contain the business logic. A hacker might not have direct access to ... [more ▼]

In most cases, web applications communicate with web services (SOAP and RESTful). The former act as a front-end to the latter, which contain the business logic. A hacker might not have direct access to those web services (e.g., they are not on public networks), but can still provide malicious inputs to the web application, thus potentially compromising related services. Typical examples are XML injection attacks that target SOAP communications. In this paper, we present a novel, search-based approach used to generate test data for a web application in an attempt to deliver malicious XML messages to web services. <br />Our goal is thus to detect XML injection vulnerabilities in web applications. The proposed approach is evaluated on two studies, including an industrial web application with millions of users. Results show that we are able to effectively generate test data (e.g., input values in an HTML form) that detect such vulnerabilities. [less ▲]

Detailed reference viewed: 334 (37 UL)
Full Text
Peer Reviewed
See detailSynthetic Data Generation for Statistical Testing
Soltana, Ghanem UL; Sabetzadeh, Mehrdad UL; Briand, Lionel UL

in 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE'17) (2017)

Usage-based statistical testing employs knowledge about the actual or anticipated usage profile of the system under test for estimating system reliability. For many systems, usage-based statistical ... [more ▼]

Usage-based statistical testing employs knowledge about the actual or anticipated usage profile of the system under test for estimating system reliability. For many systems, usage-based statistical testing involves generating synthetic test data. Such data must possess the same statistical characteristics as the actual data that the system will process during operation. Synthetic test data must further satisfy any logical validity constraints that the actual data is subject to. Targeting data-intensive systems, we propose an approach for generating synthetic test data that is both statistically representative and logically valid. The approach works by first generating a data sample that meets the desired statistical characteristics, without taking into account the logical constraints. Subsequently, the approach tweaks the generated sample to fix any logical constraint violations. The tweaking process is iterative and continuously guided toward achieving the desired statistical characteristics. We report on a realistic evaluation of the approach, where we generate a synthetic population of citizens' records for testing a public administration IT system. Results suggest that our approach is scalable and capable o [less ▲]

Detailed reference viewed: 257 (21 UL)
Full Text
Peer Reviewed
See detailAn Automated Framework for Detection and Resolution of Cross References in Legal Texts
Sannier, Nicolas UL; Adedjouma, Morayo; Sabetzadeh, Mehrdad UL et al

in Requirements Engineering (2017), 22(2), 215-237

When identifying and elaborating compliance requirements, analysts need to follow the cross references in legal texts and consider the additional information in the cited provisions. Enabling easier ... [more ▼]

When identifying and elaborating compliance requirements, analysts need to follow the cross references in legal texts and consider the additional information in the cited provisions. Enabling easier navigation and handling of cross references requires automated support for the detection of the natural language expressions used in cross references, the interpretation of cross references in their context, and the linkage of cross references to the targeted provisions. In this article, we propose an approach and tool sup- port for automated detection and resolution of cross references. The approach leverages the structure of legal texts, formalized into a schema, and a set of natural language patterns for legal cross reference expressions. These patterns were developed based on an investigation of Luxembourg’s legislation, written in French. To build confidence about their applicability beyond the context where they were observed, these patterns were validated against the Personal Health Information Protection Act (PHIPA) by the Government of Ontario, Canada, written in both French and English. We report on an empirical evaluation where we assess the accuracy and scalability of our framework over several Luxembourgish legislative texts as well as PHIPA. [less ▲]

Detailed reference viewed: 340 (66 UL)
Full Text
Peer Reviewed
See detailImproving Fault Localization for Simulink Models using Search-Based Testing and Prediction Models
Liu, Bing UL; Lucia, Lucia; Nejati, Shiva UL et al

in 24th IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2017) (2017)

One promising way to improve the accuracy of fault localization based on statistical debugging is to increase diversity among test cases in the underlying test suite. In many practical situations, adding ... [more ▼]

One promising way to improve the accuracy of fault localization based on statistical debugging is to increase diversity among test cases in the underlying test suite. In many practical situations, adding test cases is not a cost-free option because test oracles are developed manually or running test cases is expensive. Hence, we require to have test suites that are both diverse and small to improve debugging. In this paper, we focus on improving fault localization of Simulink models by generating test cases. We identify three test objectives that aim to increase test suite diversity. We use these objectives in a search-based algorithm to generate diversified but small test suites. To further minimize test suite sizes, we develop a prediction model to stop test generation when adding test cases is unlikely to improve fault localization. We evaluate our approach using three industrial subjects. Our results show (1) the three selected test objectives are able to significantly improve the accuracy of fault localization for small test suite sizes, and (2) our prediction model is able to maintain almost the same fault localization accuracy while reducing the average number of newly generated test cases by more than half. [less ▲]

Detailed reference viewed: 342 (47 UL)
Full Text
Peer Reviewed
See detailAutomated Testing of Hybrid Simulink/Stateflow Controllers: Industrial Case Studies
Matinnejad, Reza UL; Nejati, Shiva UL; Briand, Lionel UL

in Proceedings of 11TH JOINT MEETING OF THE EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND THE ACM SIGSOFT SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE 2017) (2017)

We present the results of applying our approach for testing Simulink controllers to one public and one proprietary model, both industrial. Our approach combines explorative and exploitative search ... [more ▼]

We present the results of applying our approach for testing Simulink controllers to one public and one proprietary model, both industrial. Our approach combines explorative and exploitative search algorithms to visualize the controller behavior over its input space and to identify test scenarios in the controller input space that violate or are likely to violate the controller requirements. The engineers' feedback shows that our approach is easy to use in practice and gives them confidence about the behavior of their models. [less ▲]

Detailed reference viewed: 285 (27 UL)
Full Text
Peer Reviewed
See detailPUMConf: A Tool to Configure Product Specific Use Case and Domain Models in a Product Line
Hajri, Ines UL; Göknil, Arda UL; Briand, Lionel UL et al

in 24th ACM SIGSOFT International Symposium on the Foundations of Software Engineering (2016, November)

We present PUMConf, a tool for supporting configuration that currently focuses on requirements and enables effective product line management in the context of use case-driven development. By design, it ... [more ▼]

We present PUMConf, a tool for supporting configuration that currently focuses on requirements and enables effective product line management in the context of use case-driven development. By design, it relies exclusively on variability modeling for artifacts that are commonly used in such contexts (i.e., use case diagram, specifications and domain model). For given Product Line (PL) use case and domain models, PUMConf checks the consistency of the models, interactively receives configuration decisions from analysts, automatically checks decision consistency, and generates Product Specific (PS) use case and domain models from the PL models and decisions. It has been evaluated on an industrial case study in the automotive domain. [less ▲]

Detailed reference viewed: 246 (96 UL)
Full Text
Peer Reviewed
See detailExtracting Domain Models from Natural-Language Requirements: Approach and Industrial Evaluation
Arora, Chetan UL; Sabetzadeh, Mehrdad UL; Briand, Lionel UL et al

in 19th International Conference on Model Driven Engineering Languages and Systems, Saint-Malo 2-7 October 2016 (2016, October)

Domain modeling is an important step in the transition from natural-language requirements to precise specifications. For large systems, building a domain model manually is laborious. Several approaches ... [more ▼]

Domain modeling is an important step in the transition from natural-language requirements to precise specifications. For large systems, building a domain model manually is laborious. Several approaches exist to assist engineers with this task, where Natural Language Processing is employed for automated extraction of domain model elements. Despite the existing approaches, important facets remain under-explored. Notably, there is limited empirical evidence about the usefulness of existing extraction rules in industry. Furthermore, important opportunities for enhancing the extraction rules are yet to be exploited. We develop a domain model extractor by bringing together existing extraction rules and proposing important enhancements. We apply our model extractor to four industrial requirements documents, reporting on the frequency of different extraction rules being applied. We conduct an expert study over one of these documents, investigating the accuracy and overall effectiveness of our domain model extractor. [less ▲]

Detailed reference viewed: 403 (55 UL)
Full Text
Peer Reviewed
See detailSimulink Fault Localisation: an Iterative Statistical Debugging Approach
Liu, Bing UL; Lucia, Lucia UL; Nejati, Shiva UL et al

in Software Testing, Verification & Reliability (2016), 26(6), 431-459

Debugging Simulink models presents a significant challenge in the embedded industry. In this work, we propose SimFL, a fault localization approach for Simulink models by combining statistical debugging ... [more ▼]

Debugging Simulink models presents a significant challenge in the embedded industry. In this work, we propose SimFL, a fault localization approach for Simulink models by combining statistical debugging and dynamic model slicing. Simulink models, being visual and hierarchical, have multiple outputs at different hierarchy levels. Given a set of outputs to observe for localizing faults, we generate test execution slices, for each test case and output, of the Simulink model. In order to further improve fault localization accuracy, we propose iSimFL, an iterative fault localization algorithm. At each iteration, iSimFL increases the set of observable outputs by including outputs at lower hierarchy levels, thus increasing the test oracle cost but offsetting it with significantly more precise fault localization. We utilize a heuristic stopping criterion to avoid unnecessary test oracle extension. We evaluate our work on three industrial Simulink models from Delphi Automotive. Our results show that, on average, SimFL ranks faulty blocks in the top 8.9% in the list of suspicious blocks. Further, we show that iSimFL significantly improves this percentage down to 4.4% by requiring engineers to observe only an average of five additional outputs at lower hierarchy levels on top of high-level model outputs. [less ▲]

Detailed reference viewed: 279 (57 UL)
Full Text
Peer Reviewed
See detailAutomated and Effective Testing of Web Services for XML Injection Attacks
Jan, Sadeeq UL; Nguyen, Duy Cu UL; Briand, Lionel UL

in ISSTA'16-The International Symposium on Software Testing and Analysis, Saarbrücken 18-20 July 2016 (2016, July 18)

XML is extensively used in web services for integration and data exchange. Its popularity and wide adoption make it an attractive target for attackers and a number of XML-based attack types have been ... [more ▼]

XML is extensively used in web services for integration and data exchange. Its popularity and wide adoption make it an attractive target for attackers and a number of XML-based attack types have been reported recently. This raises the need for cost-effective, automated testing of web services to detect XML-related vulnerabilities, which is the focus of this paper. We discuss a taxonomy of the types of XML injection attacks and use it to derive four different ways to mutate XML messages, turning them into attacks (tests) automatically. Further, we consider domain constraints and attack grammars, and use a constraint solver to generate XML messages that are both malicious and valid, thus making it more difficult for any protection mechanism to recognise them. As a result, such messages have a better chance to detect vulnerabilities. Our evaluation on an industrial case study has shown that a large proportion (78.86%) of the attacks generated using our approach could circumvent the first layer of security protection, an XML gateway (firewall), a result that is much better than what a state-of-the-art tool based on fuzz testing could achieve. [less ▲]

Detailed reference viewed: 389 (28 UL)
Full Text
See detailReACP: A Semi-Automated Framework for Reverse-engineering and Testing of Access Control Policies of Web Applications
Le, Ha Thanh UL; Nguyen, Duy Cu UL; Briand, Lionel UL

Report (2016)

This technical report details our a semi-automated framework for the reverse-engineering and testing of access control (AC) policies for web-based applications. In practice, AC specifications are often ... [more ▼]

This technical report details our a semi-automated framework for the reverse-engineering and testing of access control (AC) policies for web-based applications. In practice, AC specifications are often missing or poorly documented, leading to AC vulnerabilities. Our goal is to learn and recover AC policies from implementation, and assess them to find AC issues. Built on top of a suite of security tools, our framework automatically explores a system under test, mines domain input specifications from access request logs, and then, generates and executes more access requests using combinatorial test generation. We apply machine learning on the obtained data to characterise relevant attributes that influence access control to learn policies. Finally, the inferred policies are used for detecting AC issues, being vulnerabilities or implementation errors. We have evaluated our framework on three open-source applications with respect to correctness and completeness. The results are very promising in terms of the quality of inferred policies, more than 94% of them are correct with respect to implemented AC mechanisms. The remaining incorrect policies are mainly due to our unrefined permission classification. Moreover, a careful analysis of these policies has revealed 92 vulnerabilities, many of them are new. [less ▲]

Detailed reference viewed: 257 (23 UL)