Results 181-200 of 247.
Bookmark and Share    
Full Text
Peer Reviewed
See detailEffective Fault Localization via Mutation Analysis: A Selective Mutation Approach
Papadakis, Mike UL; Le Traon, Yves UL

in ACM Symposium On Applied Computing (SAC'14) (2014)

Detailed reference viewed: 93 (5 UL)
Full Text
Peer Reviewed
See detailA Flexible MDE approach to Enforce Fine- grained Security Policies
Elrakaiby, Yehia UL; Amrani, Moussa UL; Le Traon, Yves UL

in Proceedings of the International Symposium on Engineering Secure Software and Systems (2014)

In this paper, we present a policy-based approach for au- tomating the integration of security mechanisms into Java-based business applications. In particular, we introduce an expressive Domain Specific ... [more ▼]

In this paper, we present a policy-based approach for au- tomating the integration of security mechanisms into Java-based business applications. In particular, we introduce an expressive Domain Specific modeling Language (Dsl), called Security@Runtime, for the specification of security configurations of targeted systems. The Security@Runtime Dsl supports the expression of authorization, obligation and reaction policies, covering many of the security requirements of modern applica- tions. Security requirements specified in security configurations are en- forced using an application-independent Policy Enforcement Point (Pep)- Policy Decision Point (Pdp) architecture, which enables the runtime up- date of security requirements. Our work is evaluated using two systems and its advantages and limitations are discussed [less ▲]

Detailed reference viewed: 101 (9 UL)
Full Text
Peer Reviewed
See detailA state machine for database non-functional testing
Meira, Jorge Augusto UL; Almeida, Eduardo; Le Traon, Yves UL

Poster (2014)

Over the last decade, large amounts of concurrent transactions have been generated from different sources, such as, Internet-based systems, mobile applications, smart- homes and cars. High-throughput ... [more ▼]

Over the last decade, large amounts of concurrent transactions have been generated from different sources, such as, Internet-based systems, mobile applications, smart- homes and cars. High-throughput transaction processing is becoming commonplace, however there is no testing technique for validating non functional aspects of DBMS under transaction flooding workloads. In this paper we propose a database state machine to represent the states of DBMS when processing concurrent trans- actions. The state transitions are forced by increasing concurrency of the testing workload. Preliminary results show the effectiveness of our approach to drive the system among different performance states and to find related defects. [less ▲]

Detailed reference viewed: 160 (2 UL)
Full Text
Peer Reviewed
See detailTools for Conviviality in Multi-Context Systems
bikakis, Antonis; Caire, Patrice UL; Le Traon, Yves UL

in IfCoLog Journal of Logics and Their Applications (2014), 1(1),

A common feature of many distributed systems, including web social networks, peer-to-peer systems and Ambient Intelligence systems, is cooperation in terms of information exchange among heterogeneous ... [more ▼]

A common feature of many distributed systems, including web social networks, peer-to-peer systems and Ambient Intelligence systems, is cooperation in terms of information exchange among heterogeneous entities. In order to facilitate the exchange of information, we first need ways to evaluate it. The concept of conviviality was recently proposed for modeling and measuring cooperation among agents in multiagent systems. In this paper, we introduce conviviality as a property of Multi-Context Systems (MCS). We first present how to use conviviality to model and evaluate interactions among different contexts, which represent heterogeneous entities in a distributed system. Then, as one cause of logical conflicts in MCS is due to the exchange of information between mutually inconsistent contexts, we show how inconsistency can be resolved using the conviviality property. We illustrate our work with an example from web social networks. [less ▲]

Detailed reference viewed: 113 (3 UL)
Full Text
Peer Reviewed
See detailIntra-query Adaptivity for MapReduce Query Processing Systems
Lucas Filho, Edson Ramiro UL; Cunha De Almeida, Eduardo UL; Le Traon, Yves UL

in IDEAS 2014 : 18th International Database Engineering Applications Symposium (2014)

Detailed reference viewed: 276 (8 UL)
Full Text
Peer Reviewed
See detailSampling Program Inputs with Mutation Analysis: Going Beyond Combinatorial Interaction Testing
Papadakis, Mike UL; Henard, Christopher UL; Le Traon, Yves UL

in 7th International Conference on Software Testing, Verification and Validation (ICST 2014) (2014)

Detailed reference viewed: 142 (10 UL)
Full Text
Peer Reviewed
See detailMutation-based Generation of Software Product Line Test Configurations
Henard, Christopher UL; Papadakis, Mike UL; Le Traon, Yves UL

in Symposium on Search-Based Software Engineering (SSBSE 2014) (2014)

Detailed reference viewed: 143 (4 UL)
Full Text
Peer Reviewed
See detailMutaLog: a Tool for Mutating Logic Formulas
Henard, Christopher UL; Papadakis, Mike UL; Le Traon, Yves UL

in Testing Tools Track, 7th International Conference on Software Testing, Verification and Validation (ICST 2014) (2014)

Detailed reference viewed: 139 (8 UL)
Full Text
Peer Reviewed
See detailSecurity@Runtime: A flexible MDE approach to enforce fine-grained security policies
Elrakaiby, Yehia UL; Amrani, Moussa UL; Le Traon, Yves UL

in Lecture Notes in Computer Science (2014), 8364 LNCS

In this paper, we present a policy-based approach for automating the integration of security mechanisms into Java-based business applications. In particular, we introduce an expressive Domain Specific ... [more ▼]

In this paper, we present a policy-based approach for automating the integration of security mechanisms into Java-based business applications. In particular, we introduce an expressive Domain Specific modeling Language (Dsl), called Security@Runtime, for the specification of security configurations of targeted systems. The Security@Runtime Dsl supports the expression of authorization, obligation and reaction policies, covering many of the security requirements of modern applications. Security requirements specified in security configurations are enforced using an application-independent Policy Enforcement Point Pep)-Policy Decision Point (Pdp) architecture, which enables the runtime update of security requirements. Our work is evaluated using two systems and its advantages and limitations are discussed. © 2014 Springer International Publishing Switzerland. [less ▲]

Detailed reference viewed: 187 (5 UL)
Full Text
Peer Reviewed
See detailModularity and Dynamic Adaptation of Flexibly Secure Systems: Model-Driven Adaptive Delegation in Access Control Management
Nguyen, Phu Hong UL; Nain, Grégory UL; Klein, Jacques UL et al

in Transactions on Aspect-Oriented Software Development (2014), 11

Model-Driven Security (Mds) is a specialized Model-Driven Engineering (Mde) approach for supporting the development of secure systems. Model-Driven Security aims at improving the productivity of the ... [more ▼]

Model-Driven Security (Mds) is a specialized Model-Driven Engineering (Mde) approach for supporting the development of secure systems. Model-Driven Security aims at improving the productivity of the development process and quality of the resulting secure systems, with models as the main artifact. Among the variety of models that have been studied in a Model-Driven Security perspective, one canmention access control models that specify the access rights. So far, these models mainly focus on static definitions of access control policies, without taking into account the more complex, but essential, delegation of rights mechanism. Delegation is a meta-level mechanism for administrating access rights, which allows a user without any specific administrative privileges to delegate his/her access rights to another user. This paper gives a formalization of access control and delegation mechanisms, and analyses the main hard-points for introducing various advanced delegation semantics in Model-Driven Security. Then, we propose a modular model-driven framework for 1) specifying access control, delegation and the business logic as separate concerns; 2) dynamically enforcing/weaving access control policies with various delegation features into security-critical systems; and 3) providing a flexibly dynamic adaptation strategy.We demonstrate the feasibility and effectiveness of our proposed solution through the proof-of-concept implementations of different component-based systems running on different adaptive execution platforms, i.e. OSGi and Kevoree. [less ▲]

Detailed reference viewed: 234 (6 UL)
Peer Reviewed
See detailBUT4Reuse Feature identifier: Identifying reusable features on software variants
Martinez, Jabier UL; Ziadi, Tewfik; Klein, Jacques UL et al

Poster (2014)

Detailed reference viewed: 175 (27 UL)
Full Text
Peer Reviewed
See detailIdentifying and Visualising Commonality and Variability in Model Variants
Martinez, Jabier UL; Ziadi, Tewfik; Klein, Jacques UL et al

in ECMFA 2014 European Conference on Modelling Foundations and Applications (2014)

Detailed reference viewed: 263 (10 UL)
Full Text
See detailTowards a Full Support of Obligations In XACML
El Kateb, Donia UL; Elrakaiby, Yehia UL; Mouelhi, Tejeddine UL et al

Scientific Conference (2014)

Detailed reference viewed: 179 (3 UL)
Full Text
Peer Reviewed
See detailFeature Relations Graphs: A Visualisation Paradigm for Feature Constraints in Software Product Lines
Martinez, Jabier UL; Ziadi, Tewfik; Mazo, Raul et al

in 2nd IEEE Working Conference on Software Visualization (2014)

Detailed reference viewed: 207 (3 UL)
Full Text
Peer Reviewed
See detailModel-Based Testing of Obligations
Rubab, Iram; Ali, Shaukat; Briand, Lionel UL et al

in 14th Annual International Conference on Quality Software (QSIC) (2014)

Obligations are mandatory actions that users must perform, addressing access control requirements. To ensure that such obligations are implemented correctly, an automated and systematic testing approach ... [more ▼]

Obligations are mandatory actions that users must perform, addressing access control requirements. To ensure that such obligations are implemented correctly, an automated and systematic testing approach is often recommended. One such approach is Model-Based Testing (MBT) that allows defining cost-effective testing strategies to support rigorous testing via automation. In this paper, we present MBT for obligations by extending the Unified Modeling Language (UML) via a profile called the Obligations Profile. Based on the profile, we define a modeling methodology utilizing the concepts of Obligations Class Diagrams (OCDs) and Obligations State Machines (OSMs), which are standard UML Class Diagrams and UML State Machines with stereotypes from the Obligations Profile. Our methodology, using OCDs and OSMs, is automatically enforced by the validation of constraints defined in the profile. To assess the completeness and applicability of the profile and methodology, we modeled 47 obligations from four different systems. The results of our case study show that we successfully modeled all the obligations and used 75% of the stereotypes that we defined in the profile. In addition, using OCDs and OSMs, we automatically generate executable test cases using a standard state machine structural coverage criterion and common test data generation strategies. The effectiveness of generated test cases is assessed using mutation analysis on two systems, using mutation operators specifically designed for obligation faults. Test case execution killed 75% of the mutants and a careful analysis further suggests that more sophisticated testing strategies must be defined to further improve testing effectiveness. [less ▲]

Detailed reference viewed: 180 (1 UL)
Full Text
Peer Reviewed
See detailEmpirical Investigation of the Web Browser Attack Surface under Cross-Site Scripting: an Urgent Need for Systematic Security Regression Testing
Abgrall, Erwan UL; Le Traon, Yves UL; Gombault, Sylvain et al

in 7th IEEE International Conference on Software Testing, Verification and Validation (ICST)- Workshop SECTEST (2014)

One of the major threats against web applications is Cross-Site Scripting (XSS). The final target of XSS attacks is the client running a particular web browser. During this last decade, several competing ... [more ▼]

One of the major threats against web applications is Cross-Site Scripting (XSS). The final target of XSS attacks is the client running a particular web browser. During this last decade, several competing web browsers (IE, Netscape, Chrome, Firefox) have evolved to support new features. In this paper, we explore whether the evolution of web browsers is done using systematic security regression testing. Beginning with an analysis of their current exposure degree to XSS, we extend the empirical study to a decade of most popular web browser versions. We use XSS attack vectors as unit test cases and we propose a new method supported by a tool to address this XSS vector testing issue. The analysis on a decade releases of most popular web browsers including mobile ones shows an urgent need of XSS regression testing. We advocate the use of a shared security testing benchmark as a good practice and propose a first set of publicly available XSS vectors as a basis to ensure that security is not sacrificed when a new version is delivered. [less ▲]

Detailed reference viewed: 144 (3 UL)
Full Text
Peer Reviewed
See detailTowards a Language-Independent Approach for Reverse-Engineering of Software Product Lines
Ziadi, Tewfik; Henard, Christopher UL; Papadakis, Mike UL et al

in 29th Symposium on Applied Computing (SAC 2014) (2014)

Detailed reference viewed: 140 (8 UL)
Full Text
Peer Reviewed
See detailA Native Versioning Concept to Support Historized Models at Runtime
Hartmann, Thomas UL; Fouquet, François UL; Nain, Grégory UL et al

in Dingel, Juergen; Schulte, Wolfram; Ramos, Isidro (Eds.) et al Model-Driven Engineering Languages and Systems - 17th International Conference, MODELS 2014, Valencia, Spain, September 28 - October 3, 2014. Proceedings (2014)

Models@run.time provides semantically rich reflection layers enabling intelligent systems to reason about themselves and their surrounding context. Most reasoning processes require not only to explore the ... [more ▼]

Models@run.time provides semantically rich reflection layers enabling intelligent systems to reason about themselves and their surrounding context. Most reasoning processes require not only to explore the current state, but also the past history to take sustainable decisions e.g. to avoid oscillating between states. Models@run.time and model-driven engineering in general lack native mechanisms to efficiently support the notion of history, and current approaches usually generate redundant data when versioning models, which reasoners need to navigate. Because of this limitation, models fail in providing suitable and sustainable abstractions to deal with domains relying on history-aware reasoning. This paper tackles this issue by considering history as a native concept for modeling foundations. Integrated, in conjunction with lazy load/storage techniques, into the Kevoree Modeling Framework, we demonstrate onto a smart grid case study, that this mechanisms enable a sustainable reasoning about massive historized models. [less ▲]

Detailed reference viewed: 254 (28 UL)
Full Text
Peer Reviewed
See detailAdvances in Model-Driven Security
Lucio, Levi; Zhang, Qin UL; Nguyen, Phu Hong UL et al

in Memon, Atif (Ed.) Advances in Computers (2014)

Sound methodologies for constructing security-critical systems are extremely important in order to confront the increasingly varied security threats. As a response to this need, Model-Driven Security has ... [more ▼]

Sound methodologies for constructing security-critical systems are extremely important in order to confront the increasingly varied security threats. As a response to this need, Model-Driven Security has emerged in the early 2000s as a specialized Model-Driven Engineering approach for supporting the development of security-critical systems. In this chapter we summarize the most important developments of Model-Driven Security during the past decade. In order to do so we start by building a taxonomy of the most important concepts of this domain. We then use our taxonomy to describe and evaluate a set of representative and influential Model-Driven Security approaches in the literature. In our development of this topic we concentrate on the concepts shared by Model-Driven Engineering and Model-Driven Security. This allows us to identify and debate the advantages, disadvantages and open issues when applying Model-Driven Engineering to the Information Security domain. This chapter provides a broad view of Model-Driven Security and is intended as an introduction to Model-Driven Security for students, researchers and practitioners. [less ▲]

Detailed reference viewed: 394 (24 UL)