References of "Le Traon, Yves 50002182"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailModel-Based Testing of Obligations
Rubab, Iram; Ali, Shaukat; Briand, Lionel UL et al

in 14th Annual International Conference on Quality Software (QSIC) (2014)

Obligations are mandatory actions that users must perform, addressing access control requirements. To ensure that such obligations are implemented correctly, an automated and systematic testing approach ... [more ▼]

Obligations are mandatory actions that users must perform, addressing access control requirements. To ensure that such obligations are implemented correctly, an automated and systematic testing approach is often recommended. One such approach is Model-Based Testing (MBT) that allows defining cost-effective testing strategies to support rigorous testing via automation. In this paper, we present MBT for obligations by extending the Unified Modeling Language (UML) via a profile called the Obligations Profile. Based on the profile, we define a modeling methodology utilizing the concepts of Obligations Class Diagrams (OCDs) and Obligations State Machines (OSMs), which are standard UML Class Diagrams and UML State Machines with stereotypes from the Obligations Profile. Our methodology, using OCDs and OSMs, is automatically enforced by the validation of constraints defined in the profile. To assess the completeness and applicability of the profile and methodology, we modeled 47 obligations from four different systems. The results of our case study show that we successfully modeled all the obligations and used 75% of the stereotypes that we defined in the profile. In addition, using OCDs and OSMs, we automatically generate executable test cases using a standard state machine structural coverage criterion and common test data generation strategies. The effectiveness of generated test cases is assessed using mutation analysis on two systems, using mutation operators specifically designed for obligation faults. Test case execution killed 75% of the mutants and a careful analysis further suggests that more sophisticated testing strategies must be defined to further improve testing effectiveness. [less ▲]

Detailed reference viewed: 169 (1 UL)
Full Text
Peer Reviewed
See detailEmpirical Investigation of the Web Browser Attack Surface under Cross-Site Scripting: an Urgent Need for Systematic Security Regression Testing
Abgrall, Erwan UL; Le Traon, Yves UL; Gombault, Sylvain et al

in 7th IEEE International Conference on Software Testing, Verification and Validation (ICST)- Workshop SECTEST (2014)

One of the major threats against web applications is Cross-Site Scripting (XSS). The final target of XSS attacks is the client running a particular web browser. During this last decade, several competing ... [more ▼]

One of the major threats against web applications is Cross-Site Scripting (XSS). The final target of XSS attacks is the client running a particular web browser. During this last decade, several competing web browsers (IE, Netscape, Chrome, Firefox) have evolved to support new features. In this paper, we explore whether the evolution of web browsers is done using systematic security regression testing. Beginning with an analysis of their current exposure degree to XSS, we extend the empirical study to a decade of most popular web browser versions. We use XSS attack vectors as unit test cases and we propose a new method supported by a tool to address this XSS vector testing issue. The analysis on a decade releases of most popular web browsers including mobile ones shows an urgent need of XSS regression testing. We advocate the use of a shared security testing benchmark as a good practice and propose a first set of publicly available XSS vectors as a basis to ensure that security is not sacrificed when a new version is delivered. [less ▲]

Detailed reference viewed: 135 (3 UL)
Full Text
Peer Reviewed
See detailCoverage-based Test Cases Selection for XACML Policies
Bertolino, Antonia; Le Traon, Yves UL; Lonetti, Francesca et al

in IEEE International Conference on Software Testing Verification and Validation Workshops (2014)

XACML is the de facto standard for implementing access control policies. Testing the correctness of policies is a critical task. The test of XACML policies involves running requests and checking manually ... [more ▼]

XACML is the de facto standard for implementing access control policies. Testing the correctness of policies is a critical task. The test of XACML policies involves running requests and checking manually the correct response. It is therefore important to reduce the manual test effort by automatically selecting the most important requests to be tested. This paper introduces the XACML smart coverage selection approach, based on a proposed XACML policy coverage criterion. The approach is evaluated using mutation analysis and is compared on the one side with a not-reduced test suite, on the other with random and greedy optimal test selection approaches. We performed the evaluation on a set of six real world policies. The results show that our selection approach can reach good mutation scores, while significantly reducing the number of tests to be run. [less ▲]

Detailed reference viewed: 116 (1 UL)
Full Text
Peer Reviewed
See detailModel-based testing of global properties on large-scale distributed systems
Sunyé, G.; De Almeida, E. C.; Le Traon, Yves UL et al

in Information and Software Technology (2014), 56(7), 749-762

Context Large-scale distributed systems are becoming commonplace with the large popularity of peer-to-peer and cloud computing. The increasing importance of these systems contrasts with the lack of ... [more ▼]

Context Large-scale distributed systems are becoming commonplace with the large popularity of peer-to-peer and cloud computing. The increasing importance of these systems contrasts with the lack of integrated solutions to build trustworthy software. A key concern of any large-scale distributed system is the validation of global properties, which cannot be evaluated on a single node. Thus, it is necessary to gather data from distributed nodes and to aggregate these data into a global view. This turns out to be very challenging because of the system's dynamism that imposes very frequent changes in local values that affect global properties. This implies that the global view has to be frequently updated to ensure an accurate validation of global properties. Objective In this paper, we present a model-based approach to define a dynamic oracle for checking global properties. Our objective is to abstract relevant aspects of such systems into models. These models are updated at runtime, by monitoring the corresponding distributed system. Method We conduce real-scale experimental validation to evaluate the ability of our approach to check global properties. In this validation, we apply our approach to test two open-source implementations of distributed hash tables. The experiments are deployed on two clusters of 32 nodes. Results The experiments reveal an important defect on one implementation and show clear performance differences between the two implementations. The defect would not be detected without a global view of the system. Conclusion Testing global properties on distributed software consists of gathering data from different nodes and building a global view of the system, where properties are validated. This process requires a distributed test architecture and tools for representing and validating global properties. Model-based techniques are an expressive mean for building oracles that validate global properties on distributed systems. © 2014 Elsevier B.V. All rights reserved. [less ▲]

Detailed reference viewed: 131 (1 UL)
Full Text
Peer Reviewed
See detailThe NOAH Project: Giving a Chance to Threatened Species in Africa with UAVs
Olivares Mendez, Miguel Angel UL; Bissyandé, Tegawendé; Somasundar, Kannan et al

in Bissyandé, Tegawendé F.; van Stam, Gertjan (Eds.) e-Infrastructure and e-Services for Developing Countries (2014)

Organized crime now targets one of the most precious wealth in Africa, the wild life. The most affected by the poaching are the Big 5, whose survival requires attention and efforts from everyone, in ... [more ▼]

Organized crime now targets one of the most precious wealth in Africa, the wild life. The most affected by the poaching are the Big 5, whose survival requires attention and efforts from everyone, in accordance to his own expertise. Just as Noah (A patriarchal character in Abrahamic religions) was tasked to save every species from the Genesis flood, we envision the NOAH Project to (re)make natural parks as a safe haven. This endeavor requires efficient and effective surveillance which is now facilitated by the use of UAVs. We take this approach further by proposing the use of ICT algorithms to automate surveillance. The proposed intelligent system could inspect a bigger area, recognize potential threats and be manage by non-expert users, reducing the expensive resources that are needed by developing countries to address the problem. [less ▲]

Detailed reference viewed: 244 (12 UL)
Full Text
Peer Reviewed
See detailIntra-query Adaptivity for MapReduce Query Processing Systems
Lucas Filho, Edson Ramiro UL; Cunha De Almeida, Eduardo UL; Le Traon, Yves UL

in IDEAS 2014 : 18th International Database Engineering Applications Symposium (2014)

Detailed reference viewed: 260 (8 UL)
Full Text
Peer Reviewed
See detailFeature Relations Graphs: A Visualisation Paradigm for Feature Constraints in Software Product Lines
Martinez, Jabier UL; Ziadi, Tewfik; Mazo, Raul et al

in 2nd IEEE Working Conference on Software Visualization (2014)

Detailed reference viewed: 201 (3 UL)
Full Text
Peer Reviewed
See detailIdentifying and Visualising Commonality and Variability in Model Variants
Martinez, Jabier UL; Ziadi, Tewfik; Klein, Jacques UL et al

in ECMFA 2014 European Conference on Modelling Foundations and Applications (2014)

Detailed reference viewed: 256 (10 UL)
Full Text
Peer Reviewed
See detailEffective Fault Localization via Mutation Analysis: A Selective Mutation Approach
Papadakis, Mike UL; Le Traon, Yves UL

in ACM Symposium On Applied Computing (SAC'14) (2014)

Detailed reference viewed: 88 (5 UL)
Full Text
Peer Reviewed
See detailSampling Program Inputs with Mutation Analysis: Going Beyond Combinatorial Interaction Testing
Papadakis, Mike UL; Henard, Christopher UL; Le Traon, Yves UL

in 7th International Conference on Software Testing, Verification and Validation (ICST 2014) (2014)

Detailed reference viewed: 131 (9 UL)
Full Text
Peer Reviewed
See detailMutation-based Generation of Software Product Line Test Configurations
Henard, Christopher UL; Papadakis, Mike UL; Le Traon, Yves UL

in Symposium on Search-Based Software Engineering (SSBSE 2014) (2014)

Detailed reference viewed: 128 (4 UL)
Full Text
Peer Reviewed
See detailTowards a Language-Independent Approach for Reverse-Engineering of Software Product Lines
Ziadi, Tewfik; Henard, Christopher UL; Papadakis, Mike UL et al

in 29th Symposium on Applied Computing (SAC 2014) (2014)

Detailed reference viewed: 131 (8 UL)
Full Text
Peer Reviewed
See detailTools for Conviviality in Multi-Context Systems
bikakis, Antonis; Caire, Patrice UL; Le Traon, Yves UL

in IfCoLog Journal of Logics and Their Applications (2014), 1(1),

A common feature of many distributed systems, including web social networks, peer-to-peer systems and Ambient Intelligence systems, is cooperation in terms of information exchange among heterogeneous ... [more ▼]

A common feature of many distributed systems, including web social networks, peer-to-peer systems and Ambient Intelligence systems, is cooperation in terms of information exchange among heterogeneous entities. In order to facilitate the exchange of information, we first need ways to evaluate it. The concept of conviviality was recently proposed for modeling and measuring cooperation among agents in multiagent systems. In this paper, we introduce conviviality as a property of Multi-Context Systems (MCS). We first present how to use conviviality to model and evaluate interactions among different contexts, which represent heterogeneous entities in a distributed system. Then, as one cause of logical conflicts in MCS is due to the exchange of information between mutually inconsistent contexts, we show how inconsistency can be resolved using the conviviality property. We illustrate our work with an example from web social networks. [less ▲]

Detailed reference viewed: 103 (3 UL)
Full Text
Peer Reviewed
See detailSecurity@Runtime: A flexible MDE approach to enforce fine-grained security policies
Elrakaiby, Yehia UL; Amrani, Moussa UL; Le Traon, Yves UL

in Lecture Notes in Computer Science (2014), 8364 LNCS

In this paper, we present a policy-based approach for automating the integration of security mechanisms into Java-based business applications. In particular, we introduce an expressive Domain Specific ... [more ▼]

In this paper, we present a policy-based approach for automating the integration of security mechanisms into Java-based business applications. In particular, we introduce an expressive Domain Specific modeling Language (Dsl), called Security@Runtime, for the specification of security configurations of targeted systems. The Security@Runtime Dsl supports the expression of authorization, obligation and reaction policies, covering many of the security requirements of modern applications. Security requirements specified in security configurations are enforced using an application-independent Policy Enforcement Point Pep)-Policy Decision Point (Pdp) architecture, which enables the runtime update of security requirements. Our work is evaluated using two systems and its advantages and limitations are discussed. © 2014 Springer International Publishing Switzerland. [less ▲]

Detailed reference viewed: 180 (5 UL)
Full Text
Peer Reviewed
See detailInformation Dependencies in MCS: Conviviality-Based Model and Metrics
Caire, Patrice UL; Bikakis, Antonis; Le Traon, Yves UL

in 16th INTERNATIONAL CONFERENCE ON PRINCIPLES AND PRACTICE OF MULTI-AGENT SYSTEMS (PRIMA 2013) (2013, December 01)

Detailed reference viewed: 157 (8 UL)
Full Text
Peer Reviewed
See detailA Systematic Review of Model-Driven Security
Nguyen, Phu Hong UL; Klein, Jacques UL; Kramer, Max et al

in The 20th Asia-Pacific Software Engineering Conference Proceedings (2013, December)

To face continuously growing security threats and requirements, sound methodologies for constructing secure systems are required. In this context, Model-Driven Security (MDS) has emerged since more than a ... [more ▼]

To face continuously growing security threats and requirements, sound methodologies for constructing secure systems are required. In this context, Model-Driven Security (MDS) has emerged since more than a decade ago as a specialized Model-Driven Engineering approach for supporting the development of secure systems. MDS aims at improving the productivity of the development process and quality of the resulting secure systems, with models as the main artifact. This paper presents how we systematically examined existing published work in MDS and its results. The systematic review process, which is based on a formally designed review protocol, allowed us to identify, classify, and evaluate different MDS approaches. To be more specific, from thousands of relevant papers found, a final set of the most relevant MDS publications has been identified, strictly selected, and reviewed. We present a taxonomy for MDS, which is used to synthesize data in order to classify and evaluate the selected MDS approaches. The results draw a wide picture of existing MDS research showing the current status of the key aspects in MDS as well as the identified most relevant MDS approaches.We discuss the main limitations of the existing MDS approaches and suggest some potential research directions based on these insights. [less ▲]

Detailed reference viewed: 273 (13 UL)
Full Text
Peer Reviewed
See detailGot Issues? Who Cares About It? A Large Scale Investigation of Issue Trackers from GitHub
Bissyande, Tegawendé François D Assise UL; Lo, David; Jiang, Lingxiao et al

in Proceedings of the 24th International Symposium on Software Reliability Engineering (ISSRE 2013) (2013, November)

Detailed reference viewed: 172 (7 UL)
Full Text
Peer Reviewed
See detailA Rule-based Contextual Reasoning Platform for Ambient Intelligence environments
Moawad, Assaad UL; Bikakis, Antonis; Caire, Patrice UL et al

in Theory, Practice, and Applications of Rules on the Web (2013, July 01)

The special characteristics and requirements of intelligent environments impose several challenges to the reasoning processes of Ambient Intelligence systems. Such systems must enable heterogeneous ... [more ▼]

The special characteristics and requirements of intelligent environments impose several challenges to the reasoning processes of Ambient Intelligence systems. Such systems must enable heterogeneous entities operating in open and dynamic environments to collectively rea- son with imperfect context information. Previously we introduced Con- textual Defeasible Logic (CDL) as a contextual reasoning model that addresses most of these challenges using the concepts of context, map- pings and contextual preferences. In this paper, we present a platform integrating CDL with Kevoree, a component-based software framework for Dynamically Adaptive Systems. We explain how the capabilities of Kevoree are exploited to overcome several technical issues, such as com- munication, information exchange and detection, and explain how the reasoning methods may be further extended. We illustrate our approach with a running example from Ambient Assisted Living. [less ▲]

Detailed reference viewed: 155 (13 UL)
Full Text
Peer Reviewed
See detailR-CoRe: A Rule-based Contextual Reasoning Platform for AmI
Moawad, Assaad UL; Bikakis, Antonis; Caire, Patrice UL et al

in Joint Proceedings of the 7th International Rule Challenge, the Special Track on Human Language Technology and the 3rd RuleML Doctoral Consortium hosted at the 8th International Symposium on Rules (RuleML2013) (2013, July)

In this paper we present R-CoRe; a rule-based contextual reasoning platform for Ambient Intelligence environments. R-CoRe integrates Contextual Defeasible Logic (CDL) and Kevoree, a component-based ... [more ▼]

In this paper we present R-CoRe; a rule-based contextual reasoning platform for Ambient Intelligence environments. R-CoRe integrates Contextual Defeasible Logic (CDL) and Kevoree, a component-based software platform for Dynamically Adaptive Systems. Previously, we explained how this integration enables to overcome several reasoning and technical issues that arise from the imperfect nature of context knowledge, the open and dynamic nature of Ambient Intelligence environments, and the restrictions of wireless communications. Here, we focus more on technical aspects related to the architecture of R-Core, and demonstrate its use in Ambient Assisted Living. [less ▲]

Detailed reference viewed: 138 (7 UL)