发布求助
文献互助 智能选刊 最新文献

2012 IEEE 23rd International Symposium on Software Reliability Engineering最新文献

筛选
英文 中文
Evaluating and Improving Penetration Testing in Web Services 评估和改进Web服务中的渗透测试
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.26
Nuno Antunes, M. Vieira
{"title":"Evaluating and Improving Penetration Testing in Web Services","authors":"Nuno Antunes, M. Vieira","doi":"10.1109/ISSRE.2012.26","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.26","url":null,"abstract":"Developers often rely on penetration testing tools to detect vulnerabilities in web services, although frequently without really knowing their effectiveness. In fact, the lack of information on the internal state of the tested services and the complexity and variability of the responses analyzed, limits the effectiveness of such technique, highlighting the importance of evaluating and improving existing tools. The goal of this paper is to investigate if attack signatures and interface monitoring can be an effective mean to assess and improve the performance of penetration testing tools in web services environments. In practice, attacks performed by such tools are signed and the interfaces between the target application and external resources are monitored (e.g., between services and a database server), allowing gathering additional information on existing vulnerabilities. A prototype was implemented focusing on SQL injection vulnerabilities. The experimental evaluation results clearly show that the proposed approach can be used in real scenarios.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"68 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129456205","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Improving Coverage-Based Localization of Multiple Faults Using Algorithms from Integer Linear Programming 利用整数线性规划算法改进基于覆盖的多故障定位
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.28
F. Steimann, M. Frenkel
{"title":"Improving Coverage-Based Localization of Multiple Faults Using Algorithms from Integer Linear Programming","authors":"F. Steimann, M. Frenkel","doi":"10.1109/ISSRE.2012.28","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.28","url":null,"abstract":"Coverage-based fault localization extends the utility of testing from detecting the presence of faults to their localization. While coverage-based fault localization has shown good evaluation results for the single fault case, its ability to localize several faults at once appears to be limited. In this paper, we show how two partitioning procedures borrowed from integer linear programming can help improve the accuracy of standard coverage-based fault locators in presence of multiple faults by breaking down the localization problem into several smaller ones that can be dealt with independently. Experimental results suggest that our approach is indeed useful, the more so as its cost appears to be negligible.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126521892","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
Overlap and Synergy in Testing Software Components across Loosely Coupled Communities 跨松散耦合社区测试软件组件中的重叠和协同
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.21
Teng Long, Il-Chul Yoon, A. Porter, A. Sussman, A. Memon
{"title":"Overlap and Synergy in Testing Software Components across Loosely Coupled Communities","authors":"Teng Long, Il-Chul Yoon, A. Porter, A. Sussman, A. Memon","doi":"10.1109/ISSRE.2012.21","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.21","url":null,"abstract":"Component integration rather than from-scratch programming increasingly defines software development. As a result software developers often play diverse roles, including that of a component provider -- packaging a component for others to use, a component user -- integrating other providers' components into their software, and a component tester -- ensuring that other providers' components work as part of an integrated system. In this paper, we explore the conjecture that we can better utilize testing resources by focusing not just on individual component-based systems, but on groups of systems that form what we refer to as loosely-coupled software development communities, meaning a set of independently-managed systems that use many of the same components. We demonstrate that such communities do in fact exist, and that there are overlaps and synergies in their test efforts.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128038242","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
State-Based Testing: Industrial Evaluation of the Cost-Effectiveness of Round-Trip Path and Sneak-Path Strategies 基于状态的测试:往返路径和潜行路径策略成本效益的工业评价
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.17
N. E. Holt, R. Torkar, L. Briand, K. Hansen
{"title":"State-Based Testing: Industrial Evaluation of the Cost-Effectiveness of Round-Trip Path and Sneak-Path Strategies","authors":"N. E. Holt, R. Torkar, L. Briand, K. Hansen","doi":"10.1109/ISSRE.2012.17","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.17","url":null,"abstract":"In the context of safety-critical software development, one important step in ensuring safe behavior is conformance testing, i.e., checking compliance between expected behavior and implementation. Round-trip path testing (RTP) is one example of conformance testing. Another essential step, however, is sneak-path testing, that is testing of how software reacts to unexpected events for a particular system state. Despite the importance of being systematic while testing, all testing activities take place, even for safety-critical software, under resource constraints. In this paper, we present an empirical evaluation of the cost-effectiveness of RTP when combined with sneak-path testing in the context of an industrial control system. Results highlight the importance of sneak-path testing since unexpected behavior is shown to be difficult to detect by other common, state-based test strategies. Results also suggest that sneak-path testing is a cost-effective supplement to RTP.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"87 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114596923","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Lightweight Automated Testing with Adaptation-Based Programming 基于适应性编程的轻量级自动化测试
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.1
Alex Groce, Alan Fern, Jervis Pinto, Tim Bauer, Mohammad Amin Alipour, Martin Erwig, Camden Lopez
{"title":"Lightweight Automated Testing with Adaptation-Based Programming","authors":"Alex Groce, Alan Fern, Jervis Pinto, Tim Bauer, Mohammad Amin Alipour, Martin Erwig, Camden Lopez","doi":"10.1109/ISSRE.2012.1","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.1","url":null,"abstract":"This paper considers the problem of testing a container class or other modestly-complex API-based software system. Past experimental evaluations have shown that for many such modules, random testing and shape abstraction based model checking are effective. These approaches have proven attractive due to a combination of minimal requirements for tool/language support, extremely high usability, and low overhead. These \"lightweight\" methods are therefore available for almost any programming language or environment, in contrast to model checkers and concolic testers. Unfortunately, for the cases where random testing and shape abstraction perform poorly, there have been few alternatives available with such wide applicability. This paper presents a generalizable approach based on reinforcement learning (RL), using adaptation-based programming (ABP) as an interface to make RL-based testing (almost) as easy to apply and adaptable to new languages and environments as random testing. We show how learned tests differ from random ones, and propose a model for why RL works in this unusual (by RL standards) setting, in the context of a detailed large-scale experimental evaluation of lightweight automated testing methods.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"574 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116299477","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
A Comprehensive Code-Based Quality Model for Embedded Systems: Systematic Development and Validation by Industrial Projects 嵌入式系统基于代码的综合质量模型:工业项目的系统开发和验证
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.4
Alois Mayr, Reinhold Plösch, Michael Kläs, Constanza Lampasona, Matthias Saft
{"title":"A Comprehensive Code-Based Quality Model for Embedded Systems: Systematic Development and Validation by Industrial Projects","authors":"Alois Mayr, Reinhold Plösch, Michael Kläs, Constanza Lampasona, Matthias Saft","doi":"10.1109/ISSRE.2012.4","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.4","url":null,"abstract":"Existing software quality models typically focus on common quality characteristics such as the ISO 25010 software quality characteristics. However, most of them provide insufficient operationalization for quality assessments of source code. Moreover, they usually focus on software in general or on information systems and do not sufficiently cover the particularities of embedded systems. We have developed a quality model that covers quality requirements for source code that are specific for embedded systems software. It provides comprehensive operationalization (with 336 measures) for C and C++ systems, which allows for largely automated quality assessments. The empirical evaluations performed acknowledge moderate completeness of the requirements and the associated measures. Therefore, we still see room for improvements to allow covering even more aspects of embedded systems software quality. Nevertheless, the empirical validation (based on three industrial products) shows good concordance between the results gained by the automatic model-based assessment and independent expert judgment on code quality.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"116 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127040509","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Detection of Software Failures through Event Logs: An Experimental Study 通过事件日志检测软件故障:一个实验研究
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.24
A. Pecchia, S. Russo
{"title":"Detection of Software Failures through Event Logs: An Experimental Study","authors":"A. Pecchia, S. Russo","doi":"10.1109/ISSRE.2012.24","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.24","url":null,"abstract":"Software faults are recognized to be among the main responsible for system failures in many application domains. Event logs play a key role to support the analysis of failures occurring under real workload conditions. Nevertheless, field experience suggests that event logs may be inaccurate at reporting software failures or they fail to provide accurate support for understanding their causes. This paper analyzes the factors that determine accurate detection of software failures through event logs. The study is based on a data set of 17,387 experiments where failures have been induced by means of software fault injection into three systems. Analysis reveals that the reporting ability of logs collected during the experiments, is not influenced by the type of fault that is activated at runtime. More importantly, analysis demonstrates that, despite the considered systems adopt very similar detection mechanisms, the ability of logs at reporting a given type of failure changes significantly across the systems. A closer inspection of collected logs reveals that characteristics, such as system architecture, placement of the logging instructions and specific supports provided by the execution environment, significantly increase accuracy of logs at runtime.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125380062","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
An Empirical Study of Bugs in Machine Learning Systems 机器学习系统中bug的实证研究
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.22
Ferdian Thung, Shaowei Wang, D. Lo, Lingxiao Jiang
{"title":"An Empirical Study of Bugs in Machine Learning Systems","authors":"Ferdian Thung, Shaowei Wang, D. Lo, Lingxiao Jiang","doi":"10.1109/ISSRE.2012.22","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.22","url":null,"abstract":"Many machine learning systems that include various data mining, information retrieval, and natural language processing code and libraries are used in real world applications. Search engines, internet advertising systems, product recommendation systems are sample users of these algorithm-intensive code and libraries. Machine learning code and toolkits have also been used in many recent studies on software mining and analytics that aim to automate various software engineering tasks. With the increasing number of important applications of machine learning systems, the reliability of such systems is also becoming increasingly important. A necessary step for ensuring reliability of such systems is to understand the features and characteristics of bugs occurred in the systems. A number of studies have investigated bugs and fixes in various software systems, but none focuses on machine learning systems. Machine learning systems are unique due to their algorithm-intensive nature and applications to potentially large-scale data, and thus deserve a special consideration. In this study, we fill the research gap by performing an empirical study on the bugs in machine learning systems. We analyze three systems, Apache Mahout, Lucene, and OpenNLP, which are data mining, information retrieval, and natural language processing tools respectively. We look into their bug databases and code repositories, analyze a sample set of bugs and corresponding fixes, and label the bugs into various categories. Our study finds that 22.6% of the bugs belong to the algorithm/method category, 15.6% of the bugs belong to the non-functional category, and 13% of the bugs belong to the assignment/initialization category. We also report the relationship between bug categories and bug severities, the time and effort needed to fix the bugs, and bug impacts. We highlight several bug categories that deserve attention in future research.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116604239","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 120
A Light-Weight Defect Classification Scheme for Embedded Automotive Software and Its Initial Evaluation 嵌入式汽车软件轻量化缺陷分类方案及其初步评价
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.15
Niklas Mellegård, M. Staron, Fredrik Törner
{"title":"A Light-Weight Defect Classification Scheme for Embedded Automotive Software and Its Initial Evaluation","authors":"Niklas Mellegård, M. Staron, Fredrik Törner","doi":"10.1109/ISSRE.2012.15","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.15","url":null,"abstract":"Objective: Defect classification is an essential part of software development process models as a means of early identification of patterns in defect inflow profiles. Such classification, however, may often be a tedious task requiring analysis work in addition to what is necessary to resolve the issue. To increase classification efficiency, adapted schemes are needed. In this paper a light-weight defect classification scheme adapted for minimal process footprint -- in terms of learning and classification effort -- is proposed and initially evaluated. Method: A case study was conducted at Volvo Car Corporation to adapt the IEEE Std. 1044 for automotive embedded software. An initial evaluation was conducted by applying the adapted scheme to defects from an existing software product with industry professionals as subjects. Results: The results showed that the classification scheme was quick to learn and understand -- required classification time stabilized around 5-10 minutes already after practicing on 3-5 defects. The results also showed that the patterns in the classified defects were interesting for the professionals, although in order to apply statistical methods more data was needed. Conclusions: We conclude that the adapted classification scheme captures what is currently tacit knowledge and has the potential of revealing patterns in the defects detected in different project phases. Furthermore, we were, in the initial evaluation, able to contribute with new information about the development process. As a result we are currently in the process of incorporating the classification scheme into the company's defect reporting system.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114678625","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
An Empirical Study of the Effectiveness of "Forcing" Diversity Based on a Large Population of Diverse Programs 基于大量多样化项目的“强迫”多样性有效性实证研究
2012 IEEE 23rd International Symposium on Software Reliability Engineering Pub Date : 2012-11-27 DOI: 10.1109/ISSRE.2012.27
P. Popov, Vladimir Stankovic, L. Strigini
{"title":"An Empirical Study of the Effectiveness of \"Forcing\" Diversity Based on a Large Population of Diverse Programs","authors":"P. Popov, Vladimir Stankovic, L. Strigini","doi":"10.1109/ISSRE.2012.27","DOIUrl":"https://doi.org/10.1109/ISSRE.2012.27","url":null,"abstract":"Use of diverse software components is a viable defence against common-mode failures in redundant software-based systems. Various forms of \"\"\"\"Diversity-Seeking Decisions\"\"\"\" (\"DSDs\") can be applied to the process of developing, or procuring, redundant components, to improve the chances of the resulting components not failing on the same demands. An open question is how effective these decisions, and their combinations, are for achieving large enough reliability gains. Using a large population of software programs, we studied experimentally the effectiveness of specific \"\"\"\"DSDs\"\"\"\" (and their combinations) mandating differences between redundant components. Some of these combinations produced much better improvements in system probability of failure per demand (PFD) than \"\"\"\"uncontrolled\"\"\"\" diversity did. Yet, our findings suggest that the gains from such \"\"\"\"DSDs\"\"\"\" vary significantly between them and between the application problems studied. The relationship between DSDs and system PFD is complex and does not allow for simple universal rules (e.g. \"\"\"\"the more diversity the better\"\"\"\") to apply.","PeriodicalId":172003,"journal":{"name":"2012 IEEE 23rd International Symposium on Software Reliability Engineering","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115423700","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信