发布求助
文献互助 智能选刊 最新文献

2017 IEEE 28th Annual Software Technology Conference (STC)最新文献

筛选
英文 中文
Software development for medical devices: State of practice 医疗器械软件开发:实践状况
2017 IEEE 28th Annual Software Technology Conference (STC) Pub Date : 2017-09-01 DOI: 10.1109/STC.2017.8234459
M. Kassab, J. Defranco, P. Laplante
{"title":"Software development for medical devices: State of practice","authors":"M. Kassab, J. Defranco, P. Laplante","doi":"10.1109/STC.2017.8234459","DOIUrl":"https://doi.org/10.1109/STC.2017.8234459","url":null,"abstract":"Software in medical devices can be used in many ways to improve patient outcomes. Little contemporary data exists to document the actual practices used by software professionals for software engineering activities while building Software intensive medical devices. A carefully constructed survey has the potential to: 1) remedy the deficiency of lack of data and 2) to identify the software engineering best practices, which can then be disseminated. Two recent survey studies were conducted to explore the state of practice in Requirements Engineering and Software Architecture. Each survey attracted projects across a broad range of application domains. In this paper, we filter the reported projects from the two surveys with a focused scope on the software for medical devices projects. The results from our analysis of the filtered data are presented herein.","PeriodicalId":303527,"journal":{"name":"2017 IEEE 28th Annual Software Technology Conference (STC)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132513991","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Cyber defense via event-based modeling: An approach for modeling and querying system of systems behaviors for unwanted states 基于事件建模的网络防御:一种针对不需要的状态对系统行为进行建模和查询的方法
2017 IEEE 28th Annual Software Technology Conference (STC) Pub Date : 2017-09-01 DOI: 10.1109/STC.2017.8234452
J. Rivera
{"title":"Cyber defense via event-based modeling: An approach for modeling and querying system of systems behaviors for unwanted states","authors":"J. Rivera","doi":"10.1109/STC.2017.8234452","DOIUrl":"https://doi.org/10.1109/STC.2017.8234452","url":null,"abstract":"This paper presents a new approach for identifying unknown and/or unwanted states within a system of systems (SoS) architecture using a graphical representation of the event-based modeling language, Monterey Phoenix. The paper demonstrates how the graphical modeling tool can create a single model that contains a mix of human, system, and environmental events, all of which contain event attributes. The purpose of this paper is to demonstrate a new approach to cyber defense by evaluating attributes of human, system, and environmental events.","PeriodicalId":303527,"journal":{"name":"2017 IEEE 28th Annual Software Technology Conference (STC)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122420509","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Assessing software supply chain risk using public data 使用公共数据评估软件供应链风险
2017 IEEE 28th Annual Software Technology Conference (STC) Pub Date : 2017-09-01 DOI: 10.1109/STC.2017.8234461
Sebastian Benthall
{"title":"Assessing software supply chain risk using public data","authors":"Sebastian Benthall","doi":"10.1109/STC.2017.8234461","DOIUrl":"https://doi.org/10.1109/STC.2017.8234461","url":null,"abstract":"The software supply chain is a source of cybersecurity risk for many commercial and government organizations. Public data may be used to inform automated tools for detecting software supply chain risk during continuous integration and deployment. We link data from the National Vulnerability Database (NVD) with open version control data for the open source project OpenSSL, a widely used secure networking library that made the news when a significant vulnerability, Heartbleed, was discovered in 2014. We apply the Alhazmi-Malaiya Logistic (AML) model for software vulnerability discovery to this case. This model predicts a sigmoid cumulative vulnerability discovery function over time. Some versions of OpenSSL do not conform to the predictions of the model because they contain a temporary plateau in the cumulative vulnerability discovery plot. This temporary plateau feature is an empirical signature of a security failure mode that may be useful in future studies of software supply chain risk.","PeriodicalId":303527,"journal":{"name":"2017 IEEE 28th Annual Software Technology Conference (STC)","volume":"1 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131437303","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Covering arrays: Evaluating coverage and diversity in the presence of disallowed combinations 覆盖阵列:在不允许的组合存在的情况下评估覆盖范围和多样性
2017 IEEE 28th Annual Software Technology Conference (STC) Pub Date : 2017-09-01 DOI: 10.1109/STC.2017.8234455
Joseph Morgan, R. Lekivetz, Tom Donnelly
{"title":"Covering arrays: Evaluating coverage and diversity in the presence of disallowed combinations","authors":"Joseph Morgan, R. Lekivetz, Tom Donnelly","doi":"10.1109/STC.2017.8234455","DOIUrl":"https://doi.org/10.1109/STC.2017.8234455","url":null,"abstract":"Test engineers are often faced with the challenge of selecting test cases that maximize the chance of discovering faults while working with a limited budget. Combinatorial testing is an effective test case selection strategy to address this challenge. The basic idea is to select test cases that ensure that all possible combinations of settings from two (or more) inputs are accounted for, regardless of which subset of two (or more) inputs are selected. Currently, combinatorial testing usually implies a covering array as the underlying mathematical construct. Yet, despite their demonstrated utility, practitioners sometimes encounter challenges that impede their use. For example, given a covering array with constraints on allowed combinations of settings for some subset of inputs, it is often unclear how to assess the coverage and diversity [2] properties of the resulting covering array.","PeriodicalId":303527,"journal":{"name":"2017 IEEE 28th Annual Software Technology Conference (STC)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133066042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Increasing test efficiency with automated feature-interaction-testing: Feature testing of engine ECU software 通过自动化功能交互测试提高测试效率:发动机ECU软件的功能测试
2017 IEEE 28th Annual Software Technology Conference (STC) Pub Date : 2017-09-01 DOI: 10.1109/STC.2017.8234451
S. Dominka, M. Mandl, Dominik Ertl, Michael Dübner, Florian Schramml
{"title":"Increasing test efficiency with automated feature-interaction-testing: Feature testing of engine ECU software","authors":"S. Dominka, M. Mandl, Dominik Ertl, Michael Dübner, Florian Schramml","doi":"10.1109/STC.2017.8234451","DOIUrl":"https://doi.org/10.1109/STC.2017.8234451","url":null,"abstract":"The number of software-driven features within a modern automotive powertrain rises significantly. With increasing number of features, also the risk of undesired interactions between those features rises drastically. This leads to new challenges with regard to efficiency in testing such automotive features. Automated Feature-Interaction-Testing significantly increases the efficiency of such feature testing.","PeriodicalId":303527,"journal":{"name":"2017 IEEE 28th Annual Software Technology Conference (STC)","volume":"99 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127162035","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Defending android applications availability 捍卫android应用程序的可用性
2017 IEEE 28th Annual Software Technology Conference (STC) Pub Date : 2017-09-01 DOI: 10.1109/STC.2017.8234463
Suzanna E. Schmeelk, A. Aho
{"title":"Defending android applications availability","authors":"Suzanna E. Schmeelk, A. Aho","doi":"10.1109/STC.2017.8234463","DOIUrl":"https://doi.org/10.1109/STC.2017.8234463","url":null,"abstract":"There are over a billion devices running the Android operating system. It is being used globally in personal, public, private and government organizations. Device and application availability, often overlooked in research, is a huge component to globally maintaining healthy applications and personal communications. Published research into Android application availability threats and vulnerabilities is limited and incomplete. At most, published research on static analysis techniques used to prevent and thwart Android availability denial of service has been discussed as an aside in only a few papers. To fill the research gap in understanding, this paper examines Android device denial of service techniques both at a system level and at an application level. Our research quantitatively examines applications' availability risks. These risks are used to develop Android mitigation techniques for application denial of service scenarios and inform the development of our third contribution produced from this research. In our third contribution, we introduce a novel open source Android application, the App-Nanny, as a watchdog application to help ensure that applications are playing fair on the device. Lastly, we give insights into future mobile availability testing which includes developing a ChaosMonkeyApp helping to ensure hardening and resiliency in both devices and their running applications.","PeriodicalId":303527,"journal":{"name":"2017 IEEE 28th Annual Software Technology Conference (STC)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131884017","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
From continuous integration to continuous assurance 从持续集成到持续保证
2017 IEEE 28th Annual Software Technology Conference (STC) Pub Date : 2017-09-01 DOI: 10.1109/STC.2017.8234450
J. Kupsch, B. Miller, V. Basupalli, J. Burger
{"title":"From continuous integration to continuous assurance","authors":"J. Kupsch, B. Miller, V. Basupalli, J. Burger","doi":"10.1109/STC.2017.8234450","DOIUrl":"https://doi.org/10.1109/STC.2017.8234450","url":null,"abstract":"Continuous assurance extends the concept of continuous integration into the software assurance space. The goal is to naturally integrate the security assessment of software into the software development workflow. The Software Assurance Marketplace (SWAMP) [1] was established to support continuous assurance, helping to simplify and automate the process of running code analysis tools, especially static code analysis (SCA) tools. We describe how the SWAMP can be integrated easily into the continuous assurance workflow, providing direct access from integrated development environments (IDEs) such as Eclipse, source code management systems such as git and Subversion, and continuous integration systems such as Jenkins.","PeriodicalId":303527,"journal":{"name":"2017 IEEE 28th Annual Software Technology Conference (STC)","volume":"117 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133221265","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Rapid realization of executable domain models via automatic code generation 通过自动代码生成快速实现可执行领域模型
2017 IEEE 28th Annual Software Technology Conference (STC) Pub Date : 2017-09-01 DOI: 10.1109/STC.2017.8234464
Bo Wang, D. Rosenberg, B. Boehm
{"title":"Rapid realization of executable domain models via automatic code generation","authors":"Bo Wang, D. Rosenberg, B. Boehm","doi":"10.1109/STC.2017.8234464","DOIUrl":"https://doi.org/10.1109/STC.2017.8234464","url":null,"abstract":"The gap between design and implementation always exists because changes happen frequently throughout software development process, along with rapid release cycles, and accompanied by time constraints and limited resources. The focus of our work is to reduce this gap for service-oriented projects. We proposed an approach which considers both technical strategies and agile methods, trying to streamline the progression from design to implementation at a relatively early phase, and then throughout the whole development lifecycle. Automatic code generation has the potential to reduce above problems to a certain extent. This paper describes our efforts to enable rapid and continuous delivery while leveraging parallelism in development via automatic code generation — specifically making domain models instantly executable. We describe a code generator that has been built to enable parallel development of services. It uses UML class diagram to model the problem domain, then rapidly realize the domain model as a set of NoSQL database collections, automate the generation of common database access functions, and automate the wrapping of these database functions within a set of RESTful APIs. We also consider several common deployment scenarios (e.g. requirements for media-handling, security, scalability) to ensure the flexibility and reusability of the target source code for subsequent development iterations. Several empirical project instances have been built using this code generation technique. Combine with agile methods, we attempt to shorten development schedule in both design and implementation stages, and to eliminate the risks caused by evolutionary development. The result shows a great saving of effort on development and less issues in implementation stage.","PeriodicalId":303527,"journal":{"name":"2017 IEEE 28th Annual Software Technology Conference (STC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129034595","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
How does contributors involvement influence open source systems 贡献者的参与如何影响开源系统
2017 IEEE 28th Annual Software Technology Conference (STC) Pub Date : 2017-09-01 DOI: 10.1109/STC.2017.8234462
Reem Alfayez, Pooyan Behnamghader, Kamonphop Srisopha, B. Boehm
{"title":"How does contributors involvement influence open source systems","authors":"Reem Alfayez, Pooyan Behnamghader, Kamonphop Srisopha, B. Boehm","doi":"10.1109/STC.2017.8234462","DOIUrl":"https://doi.org/10.1109/STC.2017.8234462","url":null,"abstract":"Open source software systems are based on the principle of open collaboration for innovation and production. They highly depend on volunteer developers contributions for their existence and continuity; attracting new volunteer developers is crucial for the OSS community sustainability. However, new developers might be hesitant to join and participate to a project due to many obstacles such as lack of awareness and guidelines in the OSS community and inability for long-term commitment and dedication which might result in a low retention rate. In the OSS community, contributors come from different backgrounds and skill levels, and they have different levels of participation in the system. They can be categorized into core and peripheral based on the frequency of the commits they author. While it is acknowledged that developers have different levels of participation to a software system, little is known about how different degrees of contribution impact the OSS system. In this study, we explore whether core and peripheral developers contributions to the OSS systems vary in terms of type and quality by analyzing a total of 19,580 commits from 38 Apache Java software systems to better understand how different levels of developers involvement within a software system relate to the type and quality of the their contributions.","PeriodicalId":303527,"journal":{"name":"2017 IEEE 28th Annual Software Technology Conference (STC)","volume":"32 10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116360174","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
A light-weight incremental effort estimation model for use case driven projects 用于用例驱动项目的轻量级增量工作量估计模型
2017 IEEE 28th Annual Software Technology Conference (STC) Pub Date : 2017-09-01 DOI: 10.1109/STC.2017.8234456
K. Qi, B. Boehm
{"title":"A light-weight incremental effort estimation model for use case driven projects","authors":"K. Qi, B. Boehm","doi":"10.1109/STC.2017.8234456","DOIUrl":"https://doi.org/10.1109/STC.2017.8234456","url":null,"abstract":"Use case analysis has been widely adopted in modern software engineering due to its strength in capturing the functional requirements of a system. It is often done with a UML use case model that formalizes the interactions between actors and a system in the requirements elicitation iteration, and with architectural alternatives explored and user interface details specified in the following analysis and design iteration. On the other hand, to better support decision making in software management, effort estimation models are required to provide estimates about the required project effort at the very early stage of a project, which, however, provides little information for accurately evaluating system complexity. To solve this dilemma, an incremental approach of integrating information available throughout the early iterations to provide multiple effort estimations is preferred in keeping the balance between utility and accuracy. In this paper, we proposed an effort estimation model that incorporates two sub-models to provide two points of effort estimation during the early iterations of a use case driven project. Our proposed model is lightweight due to the fact that its size metrics are defined to be countable directly from the artifacts of the early iterations. To better calibrate the model, especially in considering the situation of having limited data points available, we also introduced a normalization framework in our model calibration process to reduce noise from the effort data. By calibrating the proposed sub-models with the data points collected from 4 historical projects, we demonstrated that the sub-models fit the data set well, and the later-phase model is superior to the early-phase model for it fits the data set better and shows less uncertainty in the calibrated parameters.","PeriodicalId":303527,"journal":{"name":"2017 IEEE 28th Annual Software Technology Conference (STC)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115758108","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信