发布求助
文献互助 智能选刊 最新文献

2016 23rd Asia-Pacific Software Engineering Conference (APSEC)最新文献

筛选
英文 中文
The Introduction of Technical Debt Tracking in Large Companies 在大公司引入技术债务跟踪
2016 23rd Asia-Pacific Software Engineering Conference (APSEC) Pub Date : 1900-01-01 DOI: 10.1109/APSEC.2016.032
A. Martini, Terese Besker, J. Bosch
{"title":"The Introduction of Technical Debt Tracking in Large Companies","authors":"A. Martini, Terese Besker, J. Bosch","doi":"10.1109/APSEC.2016.032","DOIUrl":"https://doi.org/10.1109/APSEC.2016.032","url":null,"abstract":"Large software companies need to support continuous and fast delivery of customer value both in the short and long term. However, this can be hindered if both evolution and maintenance of existing systems are hampered by Technical Debt. Although a lot of theoretical work on Technical Debt has been recently produced, its practical management lacks empirical studies. In this paper we investigate the state of practice in several companies in order to understand how they start tracking Technical Debt. We combined different methodologies: we conducted a survey, involving 226 respondents from 15 organizations and a more in-depth multiple case-study in three organizations, where Technical Debt was tracked: we involved 13 interviews and 79 Technical Debt issues analysis. We found that the development time dedicated to manage Technical Debt is substantial (around 25% of the overall development) but not systematic: only a few participants methodically track Technical Debt. By studying the approaches in the companies participating in the case-study, we understood how companies start tracking Technical Debt and what are the initial benefits and challenges. Finally, we propose a Strategic Adoption Model based to define and adopt a dedicated process for tracking Technical Debt","PeriodicalId":339123,"journal":{"name":"2016 23rd Asia-Pacific Software Engineering Conference (APSEC)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133791959","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Analytical Study of Cognitive Layered Approach for Understanding Security Requirements Using Problem Domain Ontology 基于问题领域本体的安全需求理解认知分层方法分析研究
2016 23rd Asia-Pacific Software Engineering Conference (APSEC) Pub Date : 1900-01-01 DOI: 10.1109/APSEC.2016.024
Bong-Jae Kim, Seok-Won Lee
{"title":"Analytical Study of Cognitive Layered Approach for Understanding Security Requirements Using Problem Domain Ontology","authors":"Bong-Jae Kim, Seok-Won Lee","doi":"10.1109/APSEC.2016.024","DOIUrl":"https://doi.org/10.1109/APSEC.2016.024","url":null,"abstract":"Socio-technical Systems (STS) consist of complicated requirements that consider a variety of stakeholders' viewpoints, and are inherently complex due to heterogeneity characteristics of STS components. However, security in STS is still a major issue, which can be explained by the resulting cost and the impact of the STS intrusion on the whole enterprise. However, research related to recommending security requirements for a target STS is insufficient. Firstly, systematic acquisition of understanding the problem with rich context-awareness is not provided to STS, since the knowledge for the development and execution of STS is scattered. Secondly, the majority of security analysis focuses on only the technical approach, although it is necessary to perform a holistic analysis of STS due to heterogeneity characteristics. In order to solve these problems, we conduct a study of the three-layered framework for recommending security requirements through goal-oriented risk assessment using a Problem Domain Ontology (PDO). By using this framework, we demonstrate how the PDO is built through collecting, analyzing, and categorizing different information and knowledge from various sources, and how security requirements are recommended from the threat analysis and the goal-oriented risk assessment based on PDO. In addition, we discuss the applicability of this framework with a case study based on a real threat scenario. This paper contributes to security requirements engineering research by proposing a methodology for systematically organizing knowledge with a security requirements recommendation framework using the PDO.","PeriodicalId":339123,"journal":{"name":"2016 23rd Asia-Pacific Software Engineering Conference (APSEC)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123503512","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Predictive Tool for Software Team Performance 软件团队绩效预测工具
2016 23rd Asia-Pacific Software Engineering Conference (APSEC) Pub Date : 1900-01-01 DOI: 10.1109/APSEC.2016.063
Tri Nguyen, C. Chua
{"title":"Predictive Tool for Software Team Performance","authors":"Tri Nguyen, C. Chua","doi":"10.1109/APSEC.2016.063","DOIUrl":"https://doi.org/10.1109/APSEC.2016.063","url":null,"abstract":"When supervising software engineering team projects, having all team members contribute actively to the project is often a challenge. Most often than not, there will be teams having some members with limited or no contribution. Thus one of the key roles of a team leader and academic supervisor are to monitor who is contributing and who is falling behind. Assessing the progress information of each team member becomes vital. This is to introduce strategies that encourages ensure every member is contributing effectively and efficiently in a timely manner. This paper proposes a rubric solution that assesses the progress information of each team member and provides a formative performance feedback on how each member is contributing to the project. This will enable each team member to reflect on his or her performance, and hopefully self-regulate and put in the necessary contribution. At the same time, this will assist the team leader and academic supervisor in monitoring the team member.","PeriodicalId":339123,"journal":{"name":"2016 23rd Asia-Pacific Software Engineering Conference (APSEC)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124095874","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
A Model for Defining Coupling Metrics 定义耦合度量的模型
2016 23rd Asia-Pacific Software Engineering Conference (APSEC) Pub Date : 1900-01-01 DOI: 10.1109/APSEC.2016.030
E. Tempero, P. Ralph
{"title":"A Model for Defining Coupling Metrics","authors":"E. Tempero, P. Ralph","doi":"10.1109/APSEC.2016.030","DOIUrl":"https://doi.org/10.1109/APSEC.2016.030","url":null,"abstract":"Many metrics have been proposed to measure coupling—the degree of association between modules in a system. However, most metrics are under-defined, meaning that different tool developers can reasonably implement the same metric in many ways. This gives rise to families of metrics, which are superficially similar but potentially produce different results. To understand how different these metrics are, we propose a single model of coupling based on the concept of dependencies. This model is useful for defining existing coupling metrics, analysing their differences and clarifying divergent implementations. We demonstrate its efficacy by using it to describe existing coupling metrics and inform tool development. We have applied the tool to the 112 systems in the Qualitas Corpus, generating 21 million measurements from 88 coupling metrics. The simplicity of the tool implementation and the number of metrics it supports demonstrates the usefulness of our model.","PeriodicalId":339123,"journal":{"name":"2016 23rd Asia-Pacific Software Engineering Conference (APSEC)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128213876","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Splitting Commits via Past Code Changes 通过过去的代码变更分割提交
2016 23rd Asia-Pacific Software Engineering Conference (APSEC) Pub Date : 1900-01-01 DOI: 10.1109/APSEC.2016.028
Hiroyuki Kirinuki, Yoshiki Higo, Keisuke Hotta, S. Kusumoto
{"title":"Splitting Commits via Past Code Changes","authors":"Hiroyuki Kirinuki, Yoshiki Higo, Keisuke Hotta, S. Kusumoto","doi":"10.1109/APSEC.2016.028","DOIUrl":"https://doi.org/10.1109/APSEC.2016.028","url":null,"abstract":"It is generally said that we should not perform code changes formultiple tasks in a single commit. Such code changes are called tangledones. Committing tangled changes is harmful to developers. Forexample, it is costly to merge a part of tangled changes with othercommits. Moreover, the presence of such tangled changes hindersanalyzing code repositories. That is because most of the miningsoftware repository approaches are designed under the assumption thatevery commit includes only changes for a single task. In this paper, wepropose a technique which informs developers that they are about tocommit tangled changes. The technique also suggests how to split agiven commit into multiple commits by using past code changes. Theproposed technique allows developers to determine whether they acceptthe suggestion or commit as it stands. By providing such support todevelopers, they can avoid committing tangled changes.","PeriodicalId":339123,"journal":{"name":"2016 23rd Asia-Pacific Software Engineering Conference (APSEC)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121654051","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
LibSift: Automated Detection of Third-Party Libraries in Android Applications LibSift: Android应用程序中第三方库的自动检测
2016 23rd Asia-Pacific Software Engineering Conference (APSEC) Pub Date : 1900-01-01 DOI: 10.1109/APSEC.2016.017
C. Soh, Hee Beng Kuan Tan, Y. Arnatovich, A. Narayanan, Lipo Wang
{"title":"LibSift: Automated Detection of Third-Party Libraries in Android Applications","authors":"C. Soh, Hee Beng Kuan Tan, Y. Arnatovich, A. Narayanan, Lipo Wang","doi":"10.1109/APSEC.2016.017","DOIUrl":"https://doi.org/10.1109/APSEC.2016.017","url":null,"abstract":"Android applications typically contain multiple third-party libraries and recent studies have shown that the presence of third-party libraries may introduce privacy risks and security threats. Furthermore, researchers have reported the importance of considering the third-party libraries for their program analysis tasks. A reason being that the presence of third-party libraries may dilute the features and affect the accuracy of their results. Existing literature typically employs a whitelist to exclude the third-party libraries from their analysis in order to achieve accurate results. However, these whitelists are generally incomplete and weak against the renaming obfuscation technique that is commonly employed in Android applications. In this paper, we propose LibSift, a tool to automatically detect third-party libraries in Android applications. LibSift detects third-party libraries based on package dependencies that are resilient to most common obfuscations. The evaluation results not only indicate that LibSift can detect third-party libraries accurately and effectively, but also show that LibSift can detect even the less popular libraries that are not detected by two of the state-of-the-art approaches.","PeriodicalId":339123,"journal":{"name":"2016 23rd Asia-Pacific Software Engineering Conference (APSEC)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121957382","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Projected Control Graph for Accurate and Efficient Analysis of Safety and Security Vulnerabilities 投影控制图用于准确有效地分析安全和安全漏洞
2016 23rd Asia-Pacific Software Engineering Conference (APSEC) Pub Date : 1900-01-01 DOI: 10.1109/APSEC.2016.026
Ahmed Tamrawi, S. Kothari
{"title":"Projected Control Graph for Accurate and Efficient Analysis of Safety and Security Vulnerabilities","authors":"Ahmed Tamrawi, S. Kothari","doi":"10.1109/APSEC.2016.026","DOIUrl":"https://doi.org/10.1109/APSEC.2016.026","url":null,"abstract":"The goal of path-sensitive analysis (PSA) is to achieve accuracy by accounting precisely for the execution behavior along each path of a control flow graph (CFG). A practical adoption of PSA is hampered by two roadblocks: (a) the exponential growth of the number of CFG paths, and (b) the exponential complexity of a path feasibility check. We introduce projected control graph (PCG) as an optimal mathematical abstraction to address these roadblocks.The PCG follows from the simple observation that for any given analysis problem, the number of distinct relevant execution behaviors may be much smaller than the number of CFG paths. The PCG is a projection of the CFG to retain only the relevant execution behaviors and elide duplicate paths with identical execution behavior. A mathematical definition of PCG and an efficient algorithm to transform CFG to PCG are presented.We present an empirical study for three major versions of the Linux kernel to assess the practical benefit of using the optimal mathematical abstraction. As a measure of the efficiency gain, the study reports the reduction from CFG to PCG graphs for all relevant functions for pairing Lock and Unlock on all feasible execution paths. We built a tool to compute these graphs for 66,609 Lock instances. The CFG and PCG graphs with their source correspondence are posted on a website. We used these PCG graphs in a classroom project to audit the results of Lock and Unlock pairing done by the Linux Driver Verification (LDV) tool, the top-rated formal verification tool for the Linux kernel. Our audit has revealed complex Linux bugs missed by LDV.","PeriodicalId":339123,"journal":{"name":"2016 23rd Asia-Pacific Software Engineering Conference (APSEC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128685607","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Detecting and Localizing Visual Inconsistencies in Web Applications 检测和定位Web应用程序中的视觉不一致
2016 23rd Asia-Pacific Software Engineering Conference (APSEC) Pub Date : 1900-01-01 DOI: 10.1109/APSEC.2016.060
Sonal Mahajan, K.B. Gadde, A. Pasala, William G. J. Halfond
{"title":"Detecting and Localizing Visual Inconsistencies in Web Applications","authors":"Sonal Mahajan, K.B. Gadde, A. Pasala, William G. J. Halfond","doi":"10.1109/APSEC.2016.060","DOIUrl":"https://doi.org/10.1109/APSEC.2016.060","url":null,"abstract":"Failures in the presentation layer of a web application can negatively impact its usability and end users' perception of the application's quality. The problem of verifying the consistency of a web application's user interface across its different pages is one of the many challenges that software development teams face in testing the presentation layer. In this paper we propose a novel automated approach to detect and localize visual inconsistencies in web applications. To detect visual inconsistencies, our approach uses computer vision techniques to compare a test web page with its reference. Then to localize, our approach analyzes the structure and style of the underlying HTML elements to find the faulty elements responsible for the observed inconsistencies.","PeriodicalId":339123,"journal":{"name":"2016 23rd Asia-Pacific Software Engineering Conference (APSEC)","volume":"113 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117283289","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Minimalist Qualitative Models for Model Checking Cyber-Physical Feature Coordination 用于模型检验的网络物理特征协调的极简定性模型
2016 23rd Asia-Pacific Software Engineering Conference (APSEC) Pub Date : 1900-01-01 DOI: 10.1109/APSEC.2016.041
Michael Rathmair, Christoph Luckeneder, H. Kaindl
{"title":"Minimalist Qualitative Models for Model Checking Cyber-Physical Feature Coordination","authors":"Michael Rathmair, Christoph Luckeneder, H. Kaindl","doi":"10.1109/APSEC.2016.041","DOIUrl":"https://doi.org/10.1109/APSEC.2016.041","url":null,"abstract":"Feature-based systems may have interacting features, where undesired feature interaction(s) may even lead to safety-critical behavior in cyber-physical systems. Automotive systems are such systems, where more and more features are currently being integrated, which have to be coordinated. Automated and formal verification of the resulting behavior against safetyrelevant properties is important, and it should not be restricted to the cyber-part (inside the software implementing the features.)In order to address this problem, we investigate coordination of physical feature interactions in this context using model checking. In particular, we created and used a qualitative model for formal verification against a property in time logic. This model is intended to be minimalist, in particular the logical model based on a physical model (including speed and distance). This logical model defines the essence of operations in the dedicated environment. As a result, we formally verified the high-level logic of a composite feature to be used in automotive systems against a formalized accident property. In summary, we employ minimalist qualitative models for model checking (safety-critical) cyberphysical feature coordination. Such a verified qualitative model may provide a reference model for both quantitative models and real software implementations.","PeriodicalId":339123,"journal":{"name":"2016 23rd Asia-Pacific Software Engineering Conference (APSEC)","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115255633","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
CURE: Automated Patch Generation for Dynamic Software Update CURE:自动补丁生成动态软件更新
2016 23rd Asia-Pacific Software Engineering Conference (APSEC) Pub Date : 1900-01-01 DOI: 10.1109/APSEC.2016.043
Ze-Yi Zhao, Tianxiao Gu, Xiaoxing Ma, Chang Xu, Jian Lu
{"title":"CURE: Automated Patch Generation for Dynamic Software Update","authors":"Ze-Yi Zhao, Tianxiao Gu, Xiaoxing Ma, Chang Xu, Jian Lu","doi":"10.1109/APSEC.2016.043","DOIUrl":"https://doi.org/10.1109/APSEC.2016.043","url":null,"abstract":"Dynamic software updating (DSU) aims to patch software for fixing bugs or adding functions while it is running. Before update, developers need to make a dynamic patch ready, which includes update points, state transformers and a corresponding code patch. Existing practice mostly assumes manual preparation of dynamic patches, but this process can be both time-consuming and error-prone. Some pioneer work attempts to automate this process, but cannot guarantee the generation of safe dynamic patches for most updates. This paper presents a novel approach CURE to automatically generating safe dynamic patches. CURE takes two versions of software and their test cases as input, and automatically synthesizes state transformers and selects update points. We applied CURE to 28 updates for three real-world server software. The experimental results show that CURE generated safe dynamic patches automatically and their corresponding updates achieved an 88.7% success rate, as compared to 74.3% for TOS and 61.2% for default patches.","PeriodicalId":339123,"journal":{"name":"2016 23rd Asia-Pacific Software Engineering Conference (APSEC)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125025306","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信