Results 201-220 of 260.
Bookmark and Share    
Full Text
Peer Reviewed
See detailMutaLog: a Tool for Mutating Logic Formulas
Henard, Christopher UL; Papadakis, Mike UL; Le Traon, Yves UL

in Testing Tools Track, 7th International Conference on Software Testing, Verification and Validation (ICST 2014) (2014)

Detailed reference viewed: 179 (8 UL)
Full Text
Peer Reviewed
See detailSecurity@Runtime: A flexible MDE approach to enforce fine-grained security policies
Elrakaiby, Yehia UL; Amrani, Moussa UL; Le Traon, Yves UL

in Lecture Notes in Computer Science (2014), 8364 LNCS

In this paper, we present a policy-based approach for automating the integration of security mechanisms into Java-based business applications. In particular, we introduce an expressive Domain Specific ... [more ▼]

In this paper, we present a policy-based approach for automating the integration of security mechanisms into Java-based business applications. In particular, we introduce an expressive Domain Specific modeling Language (Dsl), called Security@Runtime, for the specification of security configurations of targeted systems. The Security@Runtime Dsl supports the expression of authorization, obligation and reaction policies, covering many of the security requirements of modern applications. Security requirements specified in security configurations are enforced using an application-independent Policy Enforcement Point Pep)-Policy Decision Point (Pdp) architecture, which enables the runtime update of security requirements. Our work is evaluated using two systems and its advantages and limitations are discussed. © 2014 Springer International Publishing Switzerland. [less ▲]

Detailed reference viewed: 202 (5 UL)
Full Text
Peer Reviewed
See detailModularity and Dynamic Adaptation of Flexibly Secure Systems: Model-Driven Adaptive Delegation in Access Control Management
Nguyen, Phu Hong UL; Nain, Grégory UL; Klein, Jacques UL et al

in Transactions on Aspect-Oriented Software Development (2014), 11

Model-Driven Security (Mds) is a specialized Model-Driven Engineering (Mde) approach for supporting the development of secure systems. Model-Driven Security aims at improving the productivity of the ... [more ▼]

Model-Driven Security (Mds) is a specialized Model-Driven Engineering (Mde) approach for supporting the development of secure systems. Model-Driven Security aims at improving the productivity of the development process and quality of the resulting secure systems, with models as the main artifact. Among the variety of models that have been studied in a Model-Driven Security perspective, one canmention access control models that specify the access rights. So far, these models mainly focus on static definitions of access control policies, without taking into account the more complex, but essential, delegation of rights mechanism. Delegation is a meta-level mechanism for administrating access rights, which allows a user without any specific administrative privileges to delegate his/her access rights to another user. This paper gives a formalization of access control and delegation mechanisms, and analyses the main hard-points for introducing various advanced delegation semantics in Model-Driven Security. Then, we propose a modular model-driven framework for 1) specifying access control, delegation and the business logic as separate concerns; 2) dynamically enforcing/weaving access control policies with various delegation features into security-critical systems; and 3) providing a flexibly dynamic adaptation strategy.We demonstrate the feasibility and effectiveness of our proposed solution through the proof-of-concept implementations of different component-based systems running on different adaptive execution platforms, i.e. OSGi and Kevoree. [less ▲]

Detailed reference viewed: 271 (6 UL)
Peer Reviewed
See detailBUT4Reuse Feature identifier: Identifying reusable features on software variants
Martinez, Jabier UL; Ziadi, Tewfik; Klein, Jacques UL et al

Poster (2014)

Detailed reference viewed: 205 (27 UL)
Full Text
Peer Reviewed
See detailIdentifying and Visualising Commonality and Variability in Model Variants
Martinez, Jabier UL; Ziadi, Tewfik; Klein, Jacques UL et al

in ECMFA 2014 European Conference on Modelling Foundations and Applications (2014)

Detailed reference viewed: 280 (10 UL)
Full Text
See detailTowards a Full Support of Obligations In XACML
El Kateb, Donia UL; Elrakaiby, Yehia UL; Mouelhi, Tejeddine UL et al

Scientific Conference (2014)

Detailed reference viewed: 212 (3 UL)
Full Text
Peer Reviewed
See detailFeature Relations Graphs: A Visualisation Paradigm for Feature Constraints in Software Product Lines
Martinez, Jabier UL; Ziadi, Tewfik; Mazo, Raul et al

in 2nd IEEE Working Conference on Software Visualization (2014)

Detailed reference viewed: 238 (3 UL)
Full Text
Peer Reviewed
See detailModel-Based Testing of Obligations
Rubab, Iram; Ali, Shaukat; Briand, Lionel UL et al

in 14th Annual International Conference on Quality Software (QSIC) (2014)

Obligations are mandatory actions that users must perform, addressing access control requirements. To ensure that such obligations are implemented correctly, an automated and systematic testing approach ... [more ▼]

Obligations are mandatory actions that users must perform, addressing access control requirements. To ensure that such obligations are implemented correctly, an automated and systematic testing approach is often recommended. One such approach is Model-Based Testing (MBT) that allows defining cost-effective testing strategies to support rigorous testing via automation. In this paper, we present MBT for obligations by extending the Unified Modeling Language (UML) via a profile called the Obligations Profile. Based on the profile, we define a modeling methodology utilizing the concepts of Obligations Class Diagrams (OCDs) and Obligations State Machines (OSMs), which are standard UML Class Diagrams and UML State Machines with stereotypes from the Obligations Profile. Our methodology, using OCDs and OSMs, is automatically enforced by the validation of constraints defined in the profile. To assess the completeness and applicability of the profile and methodology, we modeled 47 obligations from four different systems. The results of our case study show that we successfully modeled all the obligations and used 75% of the stereotypes that we defined in the profile. In addition, using OCDs and OSMs, we automatically generate executable test cases using a standard state machine structural coverage criterion and common test data generation strategies. The effectiveness of generated test cases is assessed using mutation analysis on two systems, using mutation operators specifically designed for obligation faults. Test case execution killed 75% of the mutants and a careful analysis further suggests that more sophisticated testing strategies must be defined to further improve testing effectiveness. [less ▲]

Detailed reference viewed: 236 (1 UL)
Full Text
Peer Reviewed
See detailEmpirical Investigation of the Web Browser Attack Surface under Cross-Site Scripting: an Urgent Need for Systematic Security Regression Testing
Abgrall, Erwan UL; Le Traon, Yves UL; Gombault, Sylvain et al

in 7th IEEE International Conference on Software Testing, Verification and Validation (ICST)- Workshop SECTEST (2014)

One of the major threats against web applications is Cross-Site Scripting (XSS). The final target of XSS attacks is the client running a particular web browser. During this last decade, several competing ... [more ▼]

One of the major threats against web applications is Cross-Site Scripting (XSS). The final target of XSS attacks is the client running a particular web browser. During this last decade, several competing web browsers (IE, Netscape, Chrome, Firefox) have evolved to support new features. In this paper, we explore whether the evolution of web browsers is done using systematic security regression testing. Beginning with an analysis of their current exposure degree to XSS, we extend the empirical study to a decade of most popular web browser versions. We use XSS attack vectors as unit test cases and we propose a new method supported by a tool to address this XSS vector testing issue. The analysis on a decade releases of most popular web browsers including mobile ones shows an urgent need of XSS regression testing. We advocate the use of a shared security testing benchmark as a good practice and propose a first set of publicly available XSS vectors as a basis to ensure that security is not sacrificed when a new version is delivered. [less ▲]

Detailed reference viewed: 181 (3 UL)
Full Text
Peer Reviewed
See detailTowards a Language-Independent Approach for Reverse-Engineering of Software Product Lines
Ziadi, Tewfik; Henard, Christopher UL; Papadakis, Mike UL et al

in 29th Symposium on Applied Computing (SAC 2014) (2014)

Detailed reference viewed: 175 (8 UL)
Full Text
Peer Reviewed
See detailA Native Versioning Concept to Support Historized Models at Runtime
Hartmann, Thomas UL; Fouquet, François UL; Nain, Grégory UL et al

in Dingel, Juergen; Schulte, Wolfram; Ramos, Isidro (Eds.) et al Model-Driven Engineering Languages and Systems - 17th International Conference, MODELS 2014, Valencia, Spain, September 28 - October 3, 2014. Proceedings (2014)

Models@run.time provides semantically rich reflection layers enabling intelligent systems to reason about themselves and their surrounding context. Most reasoning processes require not only to explore the ... [more ▼]

Models@run.time provides semantically rich reflection layers enabling intelligent systems to reason about themselves and their surrounding context. Most reasoning processes require not only to explore the current state, but also the past history to take sustainable decisions e.g. to avoid oscillating between states. Models@run.time and model-driven engineering in general lack native mechanisms to efficiently support the notion of history, and current approaches usually generate redundant data when versioning models, which reasoners need to navigate. Because of this limitation, models fail in providing suitable and sustainable abstractions to deal with domains relying on history-aware reasoning. This paper tackles this issue by considering history as a native concept for modeling foundations. Integrated, in conjunction with lazy load/storage techniques, into the Kevoree Modeling Framework, we demonstrate onto a smart grid case study, that this mechanisms enable a sustainable reasoning about massive historized models. [less ▲]

Detailed reference viewed: 294 (28 UL)
Full Text
Peer Reviewed
See detailAdvances in Model-Driven Security
Lucio, Levi; Zhang, Qin UL; Nguyen, Phu Hong UL et al

in Memon, Atif (Ed.) Advances in Computers (2014)

Sound methodologies for constructing security-critical systems are extremely important in order to confront the increasingly varied security threats. As a response to this need, Model-Driven Security has ... [more ▼]

Sound methodologies for constructing security-critical systems are extremely important in order to confront the increasingly varied security threats. As a response to this need, Model-Driven Security has emerged in the early 2000s as a specialized Model-Driven Engineering approach for supporting the development of security-critical systems. In this chapter we summarize the most important developments of Model-Driven Security during the past decade. In order to do so we start by building a taxonomy of the most important concepts of this domain. We then use our taxonomy to describe and evaluate a set of representative and influential Model-Driven Security approaches in the literature. In our development of this topic we concentrate on the concepts shared by Model-Driven Engineering and Model-Driven Security. This allows us to identify and debate the advantages, disadvantages and open issues when applying Model-Driven Engineering to the Information Security domain. This chapter provides a broad view of Model-Driven Security and is intended as an introduction to Model-Driven Security for students, researchers and practitioners. [less ▲]

Detailed reference viewed: 422 (25 UL)
Full Text
Peer Reviewed
See detailConviviality-Driven Access Control Policy
El Kateb, Donia UL; Zannone, Nicola; Moawad, Assaad UL et al

in Requirements Engineering (2014)

Detailed reference viewed: 267 (56 UL)
Full Text
Peer Reviewed
See detailThe NOAH Project: Giving a Chance to Threatened Species in Africa with UAVs
Olivares Mendez, Miguel Angel UL; Bissyandé, Tegawendé; Somasundar, Kannan et al

in Bissyandé, Tegawendé F.; van Stam, Gertjan (Eds.) e-Infrastructure and e-Services for Developing Countries (2014)

Organized crime now targets one of the most precious wealth in Africa, the wild life. The most affected by the poaching are the Big 5, whose survival requires attention and efforts from everyone, in ... [more ▼]

Organized crime now targets one of the most precious wealth in Africa, the wild life. The most affected by the poaching are the Big 5, whose survival requires attention and efforts from everyone, in accordance to his own expertise. Just as Noah (A patriarchal character in Abrahamic religions) was tasked to save every species from the Genesis flood, we envision the NOAH Project to (re)make natural parks as a safe haven. This endeavor requires efficient and effective surveillance which is now facilitated by the use of UAVs. We take this approach further by proposing the use of ICT algorithms to automate surveillance. The proposed intelligent system could inspect a bigger area, recognize potential threats and be manage by non-expert users, reducing the expensive resources that are needed by developing countries to address the problem. [less ▲]

Detailed reference viewed: 286 (12 UL)
Full Text
Peer Reviewed
See detailCoverage-based Test Cases Selection for XACML Policies
Bertolino, Antonia; Le Traon, Yves UL; Lonetti, Francesca et al

in IEEE International Conference on Software Testing Verification and Validation Workshops (2014)

XACML is the de facto standard for implementing access control policies. Testing the correctness of policies is a critical task. The test of XACML policies involves running requests and checking manually ... [more ▼]

XACML is the de facto standard for implementing access control policies. Testing the correctness of policies is a critical task. The test of XACML policies involves running requests and checking manually the correct response. It is therefore important to reduce the manual test effort by automatically selecting the most important requests to be tested. This paper introduces the XACML smart coverage selection approach, based on a proposed XACML policy coverage criterion. The approach is evaluated using mutation analysis and is compared on the one side with a not-reduced test suite, on the other with random and greedy optimal test selection approaches. We performed the evaluation on a set of six real world policies. The results show that our selection approach can reach good mutation scores, while significantly reducing the number of tests to be run. [less ▲]

Detailed reference viewed: 169 (2 UL)
Full Text
Peer Reviewed
See detailA Survey of Formal Verification Techniques for Model Transformations: A Tridimensional Classification
Amrani, Moussa UL; Lúcio, Lévi; Selim, Gehan et al

in Journal of Technology (2014)

Detailed reference viewed: 285 (8 UL)
Full Text
Peer Reviewed
See detailModel-based testing of global properties on large-scale distributed systems
Sunyé, G.; De Almeida, E. C.; Le Traon, Yves UL et al

in Information and Software Technology (2014), 56(7), 749-762

Context Large-scale distributed systems are becoming commonplace with the large popularity of peer-to-peer and cloud computing. The increasing importance of these systems contrasts with the lack of ... [more ▼]

Context Large-scale distributed systems are becoming commonplace with the large popularity of peer-to-peer and cloud computing. The increasing importance of these systems contrasts with the lack of integrated solutions to build trustworthy software. A key concern of any large-scale distributed system is the validation of global properties, which cannot be evaluated on a single node. Thus, it is necessary to gather data from distributed nodes and to aggregate these data into a global view. This turns out to be very challenging because of the system's dynamism that imposes very frequent changes in local values that affect global properties. This implies that the global view has to be frequently updated to ensure an accurate validation of global properties. Objective In this paper, we present a model-based approach to define a dynamic oracle for checking global properties. Our objective is to abstract relevant aspects of such systems into models. These models are updated at runtime, by monitoring the corresponding distributed system. Method We conduce real-scale experimental validation to evaluate the ability of our approach to check global properties. In this validation, we apply our approach to test two open-source implementations of distributed hash tables. The experiments are deployed on two clusters of 32 nodes. Results The experiments reveal an important defect on one implementation and show clear performance differences between the two implementations. The defect would not be detected without a global view of the system. Conclusion Testing global properties on distributed software consists of gathering data from different nodes and building a global view of the system, where properties are validated. This process requires a distributed test architecture and tools for representing and validating global properties. Model-based techniques are an expressive mean for building oracles that validate global properties on distributed systems. © 2014 Elsevier B.V. All rights reserved. [less ▲]

Detailed reference viewed: 174 (1 UL)
Full Text
Peer Reviewed
See detailInformation Dependencies in MCS: Conviviality-Based Model and Metrics
Caire, Patrice UL; Bikakis, Antonis; Le Traon, Yves UL

in 16th INTERNATIONAL CONFERENCE ON PRINCIPLES AND PRACTICE OF MULTI-AGENT SYSTEMS (PRIMA 2013) (2013, December 01)

Detailed reference viewed: 192 (8 UL)
Full Text
Peer Reviewed
See detailA Systematic Review of Model-Driven Security
Nguyen, Phu Hong UL; Klein, Jacques UL; Kramer, Max et al

in The 20th Asia-Pacific Software Engineering Conference Proceedings (2013, December)

To face continuously growing security threats and requirements, sound methodologies for constructing secure systems are required. In this context, Model-Driven Security (MDS) has emerged since more than a ... [more ▼]

To face continuously growing security threats and requirements, sound methodologies for constructing secure systems are required. In this context, Model-Driven Security (MDS) has emerged since more than a decade ago as a specialized Model-Driven Engineering approach for supporting the development of secure systems. MDS aims at improving the productivity of the development process and quality of the resulting secure systems, with models as the main artifact. This paper presents how we systematically examined existing published work in MDS and its results. The systematic review process, which is based on a formally designed review protocol, allowed us to identify, classify, and evaluate different MDS approaches. To be more specific, from thousands of relevant papers found, a final set of the most relevant MDS publications has been identified, strictly selected, and reviewed. We present a taxonomy for MDS, which is used to synthesize data in order to classify and evaluate the selected MDS approaches. The results draw a wide picture of existing MDS research showing the current status of the key aspects in MDS as well as the identified most relevant MDS approaches.We discuss the main limitations of the existing MDS approaches and suggest some potential research directions based on these insights. [less ▲]

Detailed reference viewed: 330 (13 UL)