Results 221-240 of 249.
Bookmark and Share    
Full Text
Peer Reviewed
See detailPLEDGE: a product line editor and test generation tool
Henard, Christopher UL; Papadakis, Mike UL; Perrouin, Gilles UL et al

in 17th International Software Product Line Conference co-located workshops, SPLC 2013 workshops, Tokyo, Japan - August 26 (2013)

Detailed reference viewed: 163 (6 UL)
Full Text
Peer Reviewed
See detailUsage and testability of AOP: An empirical study of AspectJ
Munoz, F.; Baudry, B.; Delamare, R. et al

in Information and Software Technology (2013), 55(2), 252-266

Context: Back in 2001, the MIT announced aspect-oriented programming as a key technology in the next 10 years. Nowadays, 10 years later, AOP is still not widely adopted. Objective: The objective of this ... [more ▼]

Context: Back in 2001, the MIT announced aspect-oriented programming as a key technology in the next 10 years. Nowadays, 10 years later, AOP is still not widely adopted. Objective: The objective of this work is to understand the current status of AOP practice through the analysis of open-source project which use AspectJ. Method: First we analyze different dimensions of AOP usage in 38 AspectJ projects. We investigate the degree of coupling between aspects and base programs, and the usage of the pointcut description language. A second part of our study focuses on testability as an indicator of maintainability. We also compare testability metrics on Java and AspectJ implementations of the HealthWatcher aspect-oriented benchmark. Results: The first part of the analysis reveals that the number of aspects does not increase with the size of the base program, that most aspects are woven in every places in the base program and that only a small portion of the pointcut language is used. The second part about testability reveals that AspectJ reduces the size of modules, increases their cohesion but also increases global coupling, thus introducing a negative impact on testability. Conclusion: These observations and measures reveal a major trend: AOP is currently used in a very cautious way. This cautious usage could come from a partial failure of AspectJ to deliver all promises of AOP, in particular an increased software maintainability. © 2012 Elsevier B.V. All rights reserved. [less ▲]

Detailed reference viewed: 157 (2 UL)
Full Text
Peer Reviewed
See detailStress Testing of Transactional Database Systems
Meira, Jorge Augusto UL; Almeida, Eduardo Cunha de; Sunyé, Gerson et al

in Journal of Information and Data Management (2013)

Transactional database management systems (DBMS) have been successful at supporting traditional transaction processing workloads. However, web-based applications that tend to generate huge numbers of ... [more ▼]

Transactional database management systems (DBMS) have been successful at supporting traditional transaction processing workloads. However, web-based applications that tend to generate huge numbers of concurrent business operations are pushing DBMS performance over their limits, thus threatening overall system availability. Then, a crucial question is how to test DBMS performance under heavy workload conditions. Answering this question requires a testing methodology to set up non-biased conditions for pushing a particular DBMS over its normal performance limits (i.e., to stress it). In this article, we present a stress testing methodology for DBMS to search for defects in supporting very heavy workloads. Our methodology leverages distributed testing techniques and takes into account the various biases that may affect the test results. It progressively increases the workload along with several tuning steps up to a stress condition. We validate our methodology with empirical studies on two popular DBMS (one proprietary, one open-source) and detail the defects that have been found. [less ▲]

Detailed reference viewed: 145 (14 UL)
Full Text
Peer Reviewed
See detailSustainable ICT4D in Africa: Where Do We Go From Here?
Bissyande, Tegawendé François D Assise UL; Ahmat, Daouda; Ouoba, Jonathan et al

in EAI International Conference on e-Infrastructure and e-Services for Developing Countries (2013)

In recent years many researchers in Africa and beyond have devoted considerable resources investigating ways to harness the potential of ICT for improving users’ livelihood in developing areas. Topics and ... [more ▼]

In recent years many researchers in Africa and beyond have devoted considerable resources investigating ways to harness the potential of ICT for improving users’ livelihood in developing areas. Topics and domains of interest appear to be broad with recurring themes and solutions. Unfortunately there are no clear research roadmaps on what is urgent and of the state of the art solutions. In this position paper for the AFRICOMM series of conference, we propose to investigate some priorities for ICT4D in Africa. We believe that our work could motivate researchers and create a synergy around a few important challenges of ICT4D in Africa. [less ▲]

Detailed reference viewed: 166 (1 UL)
Full Text
Peer Reviewed
See detailAccess Control Enforcement Testing
El Kateb, Donia; ElRakaiby, Yehia; Mouelhi, Tejeddine et al

in Abstract book of 2013 8TH INTERNATIONAL WORKSHOP ON AUTOMATION OF SOFTWARE TEST (AST) (2013)

A policy-based access control architecture comprises Policy Enforcement Points (PEPs), which are modules that intercept subjects access requests and enforce the access decision reached by a Policy ... [more ▼]

A policy-based access control architecture comprises Policy Enforcement Points (PEPs), which are modules that intercept subjects access requests and enforce the access decision reached by a Policy Decision Point (PDP), the module implementing the access decision logic. In applications, PEPs are generally implemented manually, which can introduce errors in policy enforcement and lead to security vulnerabilities. In this paper, we propose an approach to systematically test and validate the correct enforcement of access control policies in a given target application. More specifically, we rely on a two folded approach where a static analysis of the target application is first made to identify the sensitive accesses that could be regulated by the policy. The dynamic analysis of the application is then conducted using mutation to verify for every sensitive access whether the policy is correctly enforced. The dynamic analysis of the application also gives the exact location of the PEP to enable fixing enforcement errors detected by the analysis. The approach has been validated using a case study implementing an access control policy. [less ▲]

Detailed reference viewed: 109 (1 UL)
Full Text
Peer Reviewed
See detailUnder Pressure Benchmark for DDBMS Availability
Fior, Alessandro Gustavo; Meira, Jorge Augusto UL; Almeida, Eduardo Cunha de et al

in Journal of Information and Data Management (2013)

The availability of Distributed Database Management Systems (DDBMS) is related to the probability of being up and running at a given point in time and to the management of failures. One well-known and ... [more ▼]

The availability of Distributed Database Management Systems (DDBMS) is related to the probability of being up and running at a given point in time and to the management of failures. One well-known and widely used mechanism to ensure availability is replication, which includes performance impact on maintaining data replicas across the DDBMS’s machine nodes. Benchmarking can be used to measure such impact. In this article, we present a benchmark that evaluates the performance of DDBMS, considering availability through replication, called Under Pressure Benchmark (UPB). The UPB measures performance with different degrees of replication upon a high-throughput distributed workload, combined with failures. The UPB methodology increases the evaluation complexity from a stable system scenario to a complex one with different load sizes and replicas. We validate our benchmark with three high-throughput in-memory DDBMS: VoltDB, NuoDB and Dbms-X. [less ▲]

Detailed reference viewed: 262 (5 UL)
Full Text
Peer Reviewed
See detailEffective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis
Octeau, Damien; McDaniel, Patrick; Jha, Somesh et al

in Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis (2013)

Many threats present in smartphones are the result of interactions between application components, not just artifacts of single components. However, current techniques for identifying inter-application ... [more ▼]

Many threats present in smartphones are the result of interactions between application components, not just artifacts of single components. However, current techniques for identifying inter-application communication are ad hoc and do not scale to large numbers of ap- plications. In this paper, we reduce the discovery of inter-component communication (ICC) in smartphones to an instance of the Interprocedural Distributive Environment (IDE) problem, and develop a sound static analysis technique targeted to the Android platform. We apply this analysis to 1,200 applications selected from the Play store and characterize the locations and substance of their ICC. Experiments show that full specifications for ICC can be identified for over 93% of ICC locations for the applications studied. Further the analysis scales well; analysis of each application took on average 113 seconds to complete. Epicc, the resulting tool, finds ICC vulnerabilities with far fewer false positives than the next best tool. In this way, we develop a scalable vehicle to extend current security analysis to entire collections of applications as well as the interfaces they export. [less ▲]

Detailed reference viewed: 539 (7 UL)
Full Text
Peer Reviewed
See detailSelection of Regression System Tests for Security Policy Evolution
Hwang, JeeHyun; Xie, Tao; El Kateb, Donia UL et al

Scientific Conference (2012, September)

Detailed reference viewed: 142 (2 UL)
Full Text
Peer Reviewed
See detailIntroducing Conviviality as a property of Multi-Context Systems
Bikakis, Antonis; Efthymiou, Vasileios UL; Caire, Patrice UL et al

in The 4th International Workshop on Acquisition, Representation and Reasoning with Contextualized Knowledge ARCOE-12 (2012, August 27)

Detailed reference viewed: 86 (0 UL)
Full Text
Peer Reviewed
See detailIntroducing Conviviality as a New Paradigm for Interactions among IT Objects
Moawad, Assaad UL; Efthymiou, Vasileios UL; Caire, Patrice UL et al

in Proceedings of the Workshop on AI Problems and Approaches for Intelligent Environments (2012, August), 907

The Internet of Things allows people and objects to seamlessly interact, crossing the bridge between real and virtual worlds. Newly created spaces are heterogeneous; social relations naturally extend to ... [more ▼]

The Internet of Things allows people and objects to seamlessly interact, crossing the bridge between real and virtual worlds. Newly created spaces are heterogeneous; social relations naturally extend to smart objects. Conviviality has recently been introduced as a social science concept for ambient intelligent systems to highlight soft qualitative requirements like user friendliness of systems. Roughly, more opportunities to work with other people increase the conviviality. In this paper, we first propose the conviviality concept as a new interaction paradigm for social exchanges between humans and Information Technology (IT) objects, and extend it to IT objects among themselves. Second, we introduce a hierarchy for IT objects social interactions, from low-level one-way interactions to high-level complex interactions. Then, we propose a mapping of our hierarchy levels into dependence networks-based conviviality classes. In particular, low levels without cooperation among objects are mapped to lower conviviality classes, and high levels with complex cooperative IT objects are mapped to higher conviviality classes. Finally, we introduce new conviviality measures for the Internet of Things, and an iterative process to facilitate cooperation among IT objects, thereby the conviviality of the system. We use a smart home as a running example. [less ▲]

Detailed reference viewed: 152 (12 UL)
Full Text
Peer Reviewed
See detailTowards Flexible Evolution of Dynamically Adaptive Systems
Perrouin, Gilles UL; Morin, Brice; Chauvel, Franck et al

in New Ideas & Emerging Results Track of the International Conference of Software Engineering (NIER@ICSE) (2012, June)

Modern software systems need to be continuously available under varying conditions. Their ability adapt to their execution context is thus increasingly seen as a key to their success. Recently, many ... [more ▼]

Modern software systems need to be continuously available under varying conditions. Their ability adapt to their execution context is thus increasingly seen as a key to their success. Recently, many approaches were proposed to design and support the execution of Dynamically Adaptive Systems (DAS). However, the ability of a DAS to evolve is limited to the addition, update or removal of adaptation rules or reconfiguration scripts. These artifacts are very specific to the control loop managing such a DAS and runtime evolution of the DAS requirements may affect other parts of the DAS. In this paper, we argue to evolve all parts of the loop. We suggest leveraging recent advances in model-driven techniques to offer an approach that supports the evolution of both systems and their adaptation capabilities. The basic idea is to consider the control loop itself as an adaptive system. [less ▲]

Detailed reference viewed: 151 (1 UL)
Full Text
Peer Reviewed
See detailAccess Control Enforcement Testing
El Kateb, Donia UL; Elrakaiby, Yehia; Mouelhi, Tejeddine UL et al

in 8th International Workshop on Automation of Software Test (AST), 2013 (2012, May)

A policy-based access control architecture com- prises Policy Enforcement Points (PEPs), which are modules that intercept subjects access requests and enforce the access decision reached by a Policy ... [more ▼]

A policy-based access control architecture com- prises Policy Enforcement Points (PEPs), which are modules that intercept subjects access requests and enforce the access decision reached by a Policy Decision Point (PDP), the module implementing the access decision logic. In applications, PEPs are generally implemented manually, which can introduce errors in policy enforcement and lead to security vulnerabilities. In this paper, we propose an approach to systematically test and validate the correct enforcement of access control policies in a given target application. More specifically, we rely on a two folded approach where a static analysis of the target application is first made to identify the sensitive accesses that could be regulated by the policy. The dynamic analysis of the application is then conducted using mutation to verify for every sensitive access whether the policy is correctly enforced. The dynamic analysis of the application also gives the exact location of the PEP to enable fixing enforcement errors detected by the analysis. The approach has been validated using a case study implementing an access control policy. [less ▲]

Detailed reference viewed: 159 (7 UL)
Full Text
Peer Reviewed
See detailRefactoring access control policies for performance improvement
El Kateb, Donia UL; Mouelhi, Tejeddine UL; Le Traon, Yves UL et al

in Proceedings of the 3rd ACM/SPEC International Conference on Performance Engineering (2012, April)

Detailed reference viewed: 121 (4 UL)
Full Text
Peer Reviewed
See detailUsing Mutants to Locate "Unknown" Faults
Papadakis, Mike UL; Le Traon, Yves UL

in ICST 2012 (2012)

Detailed reference viewed: 223 (5 UL)
Full Text
Peer Reviewed
See detailTesting Obligation Policy Enforcement using Mutation Analysis
El Rakaiby, Yehia UL; Mouelhi, Tejeddine UL; Le Traon, Yves UL

in Proceedings of the 7th International Workshop on Mutation Analysis (associated to the Fifth International Conference on Software Testing, Verification, and Validation, ICST 2012) (2012)

The support of obligations with access control policies allows the expression of more sophisticated requirements such as usage control, availability and privacy. In order to enable the use of these ... [more ▼]

The support of obligations with access control policies allows the expression of more sophisticated requirements such as usage control, availability and privacy. In order to enable the use of these policies, it is crucial to ensure their correct enforcement and management in the system. For this reason, this paper introduces a set of mutation operators for obligation policies. The paper first identifies key elements in obligation policy management, then presents mutation operators which injects minimal errors which affect these aspects. Test cases are qualified w.r.t. their ability in detecting problems, simulated by mutation, in the interactions between policy management and the application code. The use of policy mutants as substitutes for real flaws enables a first investigation of testing obligation policies in a system. We validate our work by providing an implementation of the mutation process: the experiments conducted on a Java program provide insights for improving test selection. [less ▲]

Detailed reference viewed: 129 (0 UL)
Full Text
Peer Reviewed
See detailTesting obligation policy enforcement using mutation analysis
Elrakaiby, Yehia UL; Mouelhi, Tejeddine UL; Le Traon, Yves UL

in Proceedings - IEEE 5th International Conference on Software Testing, Verification and Validation, ICST 2012 (2012)

The support of obligations with access control policies allows the expression of more sophisticated requirements such as usage control, availability and privacy. In order to enable the use of these ... [more ▼]

The support of obligations with access control policies allows the expression of more sophisticated requirements such as usage control, availability and privacy. In order to enable the use of these policies, it is crucial to ensure their correct enforcement and management in the system. For this reason, this paper introduces a set of mutation operators for obligation policies. The paper first identifies key elements in obligation policy management, then presents mutation operators which injects minimal errors which affect these aspects. Test cases are qualified w.r.t. their ability in detecting problems, simulated by mutation, in the interactions between policy management and the application code. The use of policy mutants as substitutes for real flaws enables a first investigation of testing obligation policies in a system. We validate our work by providing an implementation of the mutation process: the experiments conducted on a Java program provide insights for improving test selection. © 2012 IEEE. [less ▲]

Detailed reference viewed: 120 (0 UL)
Full Text
Peer Reviewed
See detailAutomatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android
Bartel, Alexandre UL; Klein, Jacques UL; Monperrus, Martin et al

in IEEE/ACM International Conference on Automated Software Engineering (2012)

In the permission-based security model (used e.g. in An- droid and Blackberry), applications can be granted more permissions than they actually need, what we call a permission gap?. Malware can leverage ... [more ▼]

In the permission-based security model (used e.g. in An- droid and Blackberry), applications can be granted more permissions than they actually need, what we call a permission gap?. Malware can leverage the unused permissions for achieving their malicious goals, for instance using code injection. In this paper, we present an approach to detecting permission gaps using static analysis. Using our tool on a dataset of Android applications, we found out that a non negligible part of applications suffers from permission gaps, i.e. does not use all the permissions they declare. [less ▲]

Detailed reference viewed: 184 (5 UL)
Full Text
Peer Reviewed
See detailDexpler: Converting Android Dalvik Bytecode to Jimple for Static Analysis with Soot
Bartel, Alexandre UL; Klein, Jacques UL; Monperrus, Martin et al

in ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP 2012) (2012)

This paper introduces Dexpler, a software package which converts Dalvik bytecode to Jimple. Dexpler is built on top of Dedexer and Soot. As Jimple is Soot’s main internal rep- resentation of code, the ... [more ▼]

This paper introduces Dexpler, a software package which converts Dalvik bytecode to Jimple. Dexpler is built on top of Dedexer and Soot. As Jimple is Soot’s main internal rep- resentation of code, the Dalvik bytecode can be manipu- lated with any Jimple based tool, for instance for performing point-to or flow analysis. [less ▲]

Detailed reference viewed: 210 (11 UL)
Full Text
See detailImproving Privacy on Android Smartphones Through In-Vivo Bytecode Instrumentation
Bartel, Alexandre UL; Klein, Jacques UL; Monperrus, Martin et al

Report (2012)

In this paper we claim that a widely applicable and efficient means to fight against malicious mobile Android applications is: 1) to perform runtime monitoring 2) by instrumenting the application bytecode ... [more ▼]

In this paper we claim that a widely applicable and efficient means to fight against malicious mobile Android applications is: 1) to perform runtime monitoring 2) by instrumenting the application bytecode and 3) in-vivo, i.e. directly on the smartphone. We present a tool chain to do this and present experimental results showing that this tool chain can run on smartphones in a reasonable amount of time and with a realistic effort. Our findings also identify challenges to be addressed before running powerful runtime monitoring and instrumentations directly on smartphones. We implemented two use-cases leveraging the tool chain: FineGPolicy, a fine-grained user centric permission policy system and AdRemover an advertisement remover. Both prototypes improve the privacy of Android systems thanks to in-vivo bytecode instrumentation. [less ▲]

Detailed reference viewed: 273 (26 UL)
Full Text
Peer Reviewed
See detailA Model-Based Approach to Automated Testing of Access Control Policies
Xu, Dianxiang; Thomas, Lijo UL; Kent, Michael et al

in Proceedings of the 17th ACM Symposium on Access Control Models and Technologies (2012)

Access control policies in software systems can be implemented incorrectly for various reasons. This paper presents a model-based approach for automated testing of access control implementation. To feed ... [more ▼]

Access control policies in software systems can be implemented incorrectly for various reasons. This paper presents a model-based approach for automated testing of access control implementation. To feed the model-based testing process, test models are constructed by integrating declarative access control rules and contracts (preconditions and post-conditions) of the associated activities. The access control tests are generated from the test models to exercise the interactions of access control activities. Test executability is obtained through a mapping of the modeling elements to implementation constructs. The approach has been implemented in an industry-adopted test automation framework that supports the generation of test code in a variety of languages, such as Java, C, C++, C#, and HTML/Selenium IDE. The full model-based testing process has been applied to two systems implemented in Java. The effectiveness is evaluated in terms of access-control fault detection rate using mutation analysis of access control implementation. The experiments show that the model-based tests killed 99.7% of the mutants and the remaining mutants caused no policy violations. [less ▲]

Detailed reference viewed: 147 (0 UL)