Results 241-249 of 249.
Bookmark and Share    
Full Text
See detailBypassing the Combinatorial Explosion: Using Similarity to Generate and Prioritize T-wise Test Suites for Large Software Product Lines
Henard, Christopher UL; Papadakis, Mike UL; Perrouin, Gilles UL et al

Report (2012)

Software Product Lines (SPLs) are families of products whose commonalities and variability can be captured by Feature Models (FMs). T-wise testing aims at finding errors triggered by all interactions ... [more ▼]

Software Product Lines (SPLs) are families of products whose commonalities and variability can be captured by Feature Models (FMs). T-wise testing aims at finding errors triggered by all interactions amongst t features, thus reducing drastically the number of products to test. T-wise testing approaches for SPLs are limited to small values of t -- which miss faulty interactions -- or limited by the size of the FM. Furthermore, they neither prioritize the products to test nor provide means to finely control the generation process. This paper offers (a) a search-based approach capable of generating products for large SPLs, forming a scalable and flexible alternative to current techniques and (b) prioritization algorithms for any set of products. Experiments conducted on 124 FMs (including large FMs such as the Linux kernel) demonstrate the feasibility and the practicality of our approach. [less ▲]

Detailed reference viewed: 144 (6 UL)
Full Text
Peer Reviewed
See detailRefactoring Access Control Policies for Performance Improvement
Elkateb, Donia UL; Mouelhi, Tejeddine UL; Le Traon, Yves UL et al

in Proceedings of the 3rd ACM/SPEC International Conference on Performance Engineering (ICPE 2012) (2012)

In order to facilitate managing authorization, access control architectures are designed to separate the business logic from an access control policy. To determine whether a user can access which ... [more ▼]

In order to facilitate managing authorization, access control architectures are designed to separate the business logic from an access control policy. To determine whether a user can access which resources, a request is formulated from a component, called a Policy Enforcement Point (PEP) located in application code. Given a request, a Policy Decision Point (PDP) evaluates the request against an access control policy and returns its access decision (i.e., permit or deny) to the PEP. With the growth of sensitive information for protection in an application, an access control policy consists of a larger number of rules, which often cause a performance bottleneck. To address this issue, we propose to refactor access control policies for performance improvement by splitting a policy (handled by a single PDP) into its corresponding multiple policies with a smaller number of rules (handled by multiple PDPs). We define seven attribute-set-based splitting criteria to facilitate splitting a policy. We have conducted an evaluation on three subjects of reallife Java systems, each of which interacts with access control policies. Our evaluation results show that (1) our approach preserves the initial architectural model in terms of interaction between the business logic and its corresponding rules in a policy, and (2) our approach enables to substantially reduce request evaluation time for most splitting criteria. Copyright 2012 ACM. [less ▲]

Detailed reference viewed: 136 (0 UL)
Full Text
Peer Reviewed
See detailPeer-to-Peer Load Testing
Meira, Jorge Augusto UL; Almeida, Eduardo Cunha; Le Traon, Yves UL et al

in Software Testing, Verification and Validation (ICST), 2012 IEEE Fifth International Conference on (2012)

Nowadays the large-scale systems are common-place in any kind of applications. The popularity of the web created a new environment in which the applications need to be highly scalable due to the data ... [more ▼]

Nowadays the large-scale systems are common-place in any kind of applications. The popularity of the web created a new environment in which the applications need to be highly scalable due to the data tsunami generated by a huge load of requests (i.e., connections and business operations). In this context, the main question is to validate how far the web applications can deal with the load generated by the clients. Load testing is a technique to analyze the behavior of the system under test upon normal and heavy load conditions. In this work we present a peer-to-peer load testing approach to isolate bottleneck problems related to centralized testing drivers and to scale up the load. Our approach was tested in a DBMS as study case and presents satisfactory results. [less ▲]

Detailed reference viewed: 58 (0 UL)
Full Text
See detailIn-Vivo Bytecode Instrumentation for Improving Privacy on Android Smartphones in Uncertain Environments
Bartel, Alexandre; Klein, Jacques UL; Monperrus, Martin et al

E-print/Working paper (2012)

In this paper we claim that an efficient and readily applicable means to improve privacy of Android applications is: 1) to perform runtime monitoring by instrumenting the application bytecode and 2) in ... [more ▼]

In this paper we claim that an efficient and readily applicable means to improve privacy of Android applications is: 1) to perform runtime monitoring by instrumenting the application bytecode and 2) in-vivo, i.e. directly on the smartphone. We present a tool chain to do this and present experimental results showing that this tool chain can run on smartphones in a reasonable amount of time and with a realistic effort. Our findings also identify challenges to be addressed before running powerful runtime monitoring and instrumentations directly on smartphones. We implemented two use-cases leveraging the tool chain: BetterPermissions, a fine-grained user centric permission policy system and AdRemover an advertisement remover. Both prototypes improve the privacy of Android systems thanks to in-vivo bytecode instrumentation. [less ▲]

Detailed reference viewed: 114 (18 UL)
Full Text
Peer Reviewed
See detailPairwise testing for software product lines: Comparison of two approaches
Perrouin, Gilles UL; Oster, Sebastian; Sen, Sagar et al

in Software Quality Journal (2012), 20(3), 605-643

Software Product Lines (SPL) are difficult to validate due to combinatorics induced by variability, which in turn leads to combinatorial explosion of the number of derivable products. Exhaustive testing in ... [more ▼]

Software Product Lines (SPL) are difficult to validate due to combinatorics induced by variability, which in turn leads to combinatorial explosion of the number of derivable products. Exhaustive testing in such a large products space is hardly feasible. Hence, one possible option is to test SPLs by generating test configurations that cover all possible t feature interactions (t-wise). It dramatically reduces the number of test products while ensuring reasonable SPL coverage. In this paper, we report our experience on applying t-wise techniques for SPL with two independent toolsets developed by the authors. One focuses on generality and splits the generation problem according to strategies. The other emphasizes providing efficient generation. To evaluate the respective merits of the approaches, measures such as the number of generated test configurations and the similarity between them are provided. By applying these measures, we were able to derive useful insights for pairwise and t-wise testing of product lines. [less ▲]

Detailed reference viewed: 186 (3 UL)
Full Text
Peer Reviewed
See detailFormalisation de contextes et d'exigences pour la validation formelle de logiciels embarqués
Dhaussy, Philippe; Boniol, Frédéric; Roger, Jean-Charles et al

in TSI. Technique et science informatiques (2012), 31(6), 797--825

Un défi bien connu dans le domaine des méthodes formelles est d'améliorer leur intégration dans les processus de développement industriel. Dans le contexte des systèmes embarqués, l’utilisation des ... [more ▼]

Un défi bien connu dans le domaine des méthodes formelles est d'améliorer leur intégration dans les processus de développement industriel. Dans le contexte des systèmes embarqués, l’utilisation des techniques de vérification formelle nécessitent tout d'abord de modéliser le système à valider, puis de formaliser les propriétés devant être satisfaites sur le modèle et enfin de décrire le comportement de l'environnement du modèle. Ce dernier point que nous nommons « contexte de preuve » est souvent négligé. Il peut être, cependant, d'une grande importance afin de réduire la complexité de la preuve. Dans notre contribution, nous cherchons à proposer à l’utilisateur une aide pour la formalisation de ce contexte en lien avec la formalisation des propriétés. Dans ce but, nous proposons et expérimentons un langage (DSL), nommée CDL (Context Description Language), pour la description des acteurs de l’environnement, basée sur des diagrammes d’activités et de séquence et des patrons de définition des propriétés à vérifier. Les propriétés sont modélisées et reliées à des régions d’exécution spécifiques du contexte. Nous illustrons notre contribution sur un exemple et décrivons des résultats sur plusieurs applications industrielles embarquées. [less ▲]

Detailed reference viewed: 129 (1 UL)
Full Text
See detailAutomatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android
Bartel, Alexandre UL; Klein, Jacques UL; Monperrus, Martin et al

in Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android (Tech Report) (2011)

Android based devices are becoming widespread. As a result and since those devices contain personal and confidential data, the security model of the android software stack has been analyzed extensively ... [more ▼]

Android based devices are becoming widespread. As a result and since those devices contain personal and confidential data, the security model of the android software stack has been analyzed extensively. One key feature of the security model is that applications must declare a list of permissions they are using to access resources. Using static analysis, we first extracted a table from the Android API which maps methods to permissions. Then, we use this mapping within a tool we developed to check that applications effectively need all the permissions they declare. Using our tool on a set of android applications, we found out that a non negligible part of the applications do not use all the permissions they declare. Consequently, the attack surface of such applications can be reduced by removing the non-needed permissions. [less ▲]

Detailed reference viewed: 225 (5 UL)
Full Text
Peer Reviewed
See detailModel Driven Mutation Applied to Adaptative Systems Testing
Bartel, Alexandre UL; Baudry, Benoit; Munoz, Freddy et al

in 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation Workshops (2011)

Dynamically Adaptive Systems modify their behavior and structure in response to changes in their surrounding environment and according to an adaptation logic. Critical systems increasingly incorporate ... [more ▼]

Dynamically Adaptive Systems modify their behavior and structure in response to changes in their surrounding environment and according to an adaptation logic. Critical systems increasingly incorporate dynamic adaptation capabilities, examples include disaster relief and space exploration systems. In this paper, we focus on mutation testing of the adaptation logic. We propose a fault model for adaptation logics that classifies faults into environmental completeness and adaptation correctness. Since there are several adaptation logic languages relying on the same underlying concepts, the fault model is expressed independently from specific adaptation languages. Taking benefit from model-driven engineering technology, we express these common concepts in a metamodel and define the operational semantics of mutation operators at this level. Mutation is applied on model elements and model transformations are used to propagate these changes to a given adaptation policy in the chosen formalism. Preliminary results on an adaptive web server highlight the difficulty of killing mutants for adaptive systems, and thus the difficulty of generating efficient tests. [less ▲]

Detailed reference viewed: 213 (7 UL)
Full Text
Peer Reviewed
See detailAutomated and Scalable T-wise Test Case Generation Strategies for Software Product Lines
Perrouin, Gilles UL; Sen, Sagar; Klein, Jacques UL et al

in International Conference on Software Test and Validation (2010)

Detailed reference viewed: 325 (1 UL)