References of "Briand, Lionel 50001049"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailAutomated Extraction and Clustering of Requirements Glossary Terms
Arora, Chetan UL; Sabetzadeh, Mehrdad UL; Briand, Lionel UL et al

in IEEE Transactions on Software Engineering (in press)

A glossary is an important part of any software requirements document. By making explicit the technical terms in a domain and providing definitions for them, a glossary helps mitigate imprecision and ... [more ▼]

A glossary is an important part of any software requirements document. By making explicit the technical terms in a domain and providing definitions for them, a glossary helps mitigate imprecision and ambiguity. A key step in building a glossary is to decide upon the terms to include in the glossary and to find any related terms. Doing so manually is laborious, particularly for large requirements documents. In this article, we develop an automated approach for extracting candidate glossary terms and their related terms from natural language requirements documents. Our approach differs from existing work on term extraction mainly in that it clusters the extracted terms by relevance, instead of providing a flat list of terms. We provide an automated, mathematically-based procedure for selecting the number of clusters. This procedure makes the underlying clustering algorithm transparent to users, thus alleviating the need for any user-specified parameters. To evaluate our approach, we report on three industrial case studies, as part of which we also examine the perceptions of the involved subject matter experts about the usefulness of our approach. Our evaluation notably suggests that: (1) Over requirements documents, our approach is more accurate than major generic term extraction tools. Specifically, in our case studies, our approach leads to gains of 20% or more in terms of recall when compared to existing tools, while at the same time either improving precision or leaving it virtually unchanged. And, (2) the experts involved in our case studies find the clusters generated by our approach useful as an aid for glossary construction. [less ▲]

Detailed reference viewed: 142 (38 UL)
Full Text
Peer Reviewed
See detailConfiguring use case models in product families
Hajri, Ines UL; Göknil, Arda UL; Briand, Lionel UL et al

in Software & Systems Modeling (in press)

In many domains such as automotive and avionics, the size and complexity of software systems is quickly increasing. At the same time, many stakeholders tend to be involved in the development of such ... [more ▼]

In many domains such as automotive and avionics, the size and complexity of software systems is quickly increasing. At the same time, many stakeholders tend to be involved in the development of such systems, which typically must also be configured for multiple customers with varying needs. Product Line Engineering (PLE) is therefore an inevitable practice for such systems. Furthermore, because in many areas requirements must be explicit and traceability to them is required by standards, use cases and domain models are common practice for requirements elicitation and analysis. In this paper, based on the above observations, we aim at supporting PLE in the context of use case-centric development. Therefore, we propose, apply, and assess a use case-driven configuration approach which interactively receives configuration decisions from the analysts to generate Product Specific (PS) use case and domain models. Our approach provides the following: (1) a use case-centric product line modeling method (PUM), (2) automated, interactive configuration support based on PUM, and (3) an automatic generation of PS use case and domain models from Product Line (PL) models and configuration decisions. The approach is supported by a tool relying on Natural Language Processing (NLP), and integrated with an industrial requirements management tool, i.e., IBM Doors. We successfully applied and evaluated our approach to an industrial case study in the automotive domain, thus showing evidence that the approach is practical and beneficial to capture variability at the appropriate level of granularity and to configure PS use case and domain models in industrial settings. [less ▲]

Detailed reference viewed: 238 (104 UL)
Full Text
Peer Reviewed
See detailThe Case for Context-Driven Software Engineering Research
Briand, Lionel UL; Bianculli, Domenico UL; Nejati, Shiva UL et al

in IEEE Software (in press)

Detailed reference viewed: 61 (8 UL)
Full Text
Peer Reviewed
See detailAutomatically Repairing Web Application Firewalls Based on Successful SQL Injection Attacks
Appelt, Dennis; Panichella, Annibale UL; Briand, Lionel UL

in The 28th IEEE International Symposium on Software Reliability Engineering (ISSRE) (in press)

Testing and fixing WAFs are two relevant and complementary challenges for security analysts. Automated testing helps to cost-effectively detect vulnerabilities in a WAF by generating effective test cases ... [more ▼]

Testing and fixing WAFs are two relevant and complementary challenges for security analysts. Automated testing helps to cost-effectively detect vulnerabilities in a WAF by generating effective test cases, i.e., attacks. Once vulnerabilities have been identified, the WAF needs to be fixed by augmenting its rule set to filter attacks without blocking legitimate requests. However, existing research suggests that rule sets are very difficult to understand and too complex to be manually fixed. In this paper, we formalise the problem of fixing vulnerable WAFs as a combinatorial optimisation problem. To solve it, we propose an automated approach that combines machine learning with multi-objective genetic algorithms. Given a set of legitimate requests and bypassing SQL injection attacks, our approach automatically infers regular expressions that, when added to the WAF's rule set, prevent many attacks while letting legitimate requests go through. Our empirical evaluation based on both open-source and proprietary WAFs shows that the generated filter rules are effective at blocking previously identified and successful SQL injection attacks (recall between 54.6% and 98.3%), while triggering in most cases no or few false positives (false positive rate between 0% and 2%). [less ▲]

Detailed reference viewed: 45 (0 UL)
Full Text
Peer Reviewed
See detailSecurity Slicing for Auditing Common Injection Vulnerabilities
Thome, Julian UL; Shar, Lwin Khin UL; Bianculli, Domenico UL et al

in The Journal of Systems & Software (in press)

Cross-site scripting and injection vulnerabilities are among the most common and serious security issues for Web applications. Although existing static analysis approaches can detect potential ... [more ▼]

Cross-site scripting and injection vulnerabilities are among the most common and serious security issues for Web applications. Although existing static analysis approaches can detect potential vulnerabilities in source code, they generate many false warnings and source-sink traces with irrelevant information, making their adoption impractical for security auditing. One suitable approach to support security auditing is to compute a program slice for each sink, which contains all the information required for security auditing. However, such slices are likely to contain a large amount of information that is irrelevant to security, thus raising scalability issues for security audits. In this paper, we propose an approach to assist security auditors by defining and experimenting with pruning techniques to reduce original program slices to what we refer to as security slices, which contain sound and precise information. To evaluate the proposed approach, we compared our security slices to the slices generated by a state-of-the-art program slicing tool, based on a number of open-source benchmarks. On average, our security slices are 76% smaller than the original slices. More importantly, with security slicing, one needs to audit approximately 1% of the total code to fix all the vulnerabilities, thus suggesting significant reduction in auditing costs. [less ▲]

Detailed reference viewed: 161 (31 UL)
Full Text
Peer Reviewed
See detailModel-Based Simulation of Legal Policies: Framework, Tool Support, and Validation
Soltana, Ghanem UL; Sannier, Nicolas UL; Sabetzadeh, Mehrdad UL et al

in Software & Systems Modeling (in press)

Simulation of legal policies is an important decision-support tool in domains such as taxation. The primary goal of legal policy simulation is predicting how changes in the law affect measures of interest ... [more ▼]

Simulation of legal policies is an important decision-support tool in domains such as taxation. The primary goal of legal policy simulation is predicting how changes in the law affect measures of interest, e.g., revenue. Legal policy simulation is currently implemented using a combination of spreadsheets and software code. Such a direct implementation poses a validation challenge. In particular, legal experts often lack the necessary software background to review complex spreadsheets and code. Consequently, these experts currently have no reliable means to check the correctness of simulations against the requirements envisaged by the law. A further challenge is that representative data for simulation may be unavailable, thus necessitating a data generator. A hard-coded generator is difficult to build and validate. We develop a framework for legal policy simulation that is aimed at addressing the challenges above. The framework uses models for specifying both legal policies and the probabilistic characteristics of the underlying population. We devise an automated algorithm for simulation data generation. We evaluate our framework through a case study on Luxembourg’s Tax Law. [less ▲]

Detailed reference viewed: 166 (19 UL)
Full Text
Peer Reviewed
See detailAugmenting Field Data for Testing Systems Subject to Incremental Requirements Changes
Di Nardo, Daniel; Pastore, Fabrizio; Briand, Lionel UL

in ACM Transactions on Software Engineering & Methodology (in press)

Detailed reference viewed: 90 (13 UL)
Full Text
Peer Reviewed
See detailA Model-Driven Approach to Trace Checking of Pattern-based Temporal Properties
Dou, Wei; Bianculli, Domenico UL; Briand, Lionel UL

in Proceedings of the ACM/IEEE 20th International Conference on Model Driven Engineering Languages and Systems (MODELS 2017 ) (2017, September)

Detailed reference viewed: 26 (3 UL)
Full Text
Peer Reviewed
See detailLegal Markup Generation in the Large: An Experience Report
Sannier, Nicolas UL; Adedjouma, Morayo UL; Sabetzadeh, Mehrdad UL et al

in the 25th International Requirements Engineering Conference (RE'17), Lisbon, 4-8 September 2017 (2017, September)

Detailed reference viewed: 15 (0 UL)
Full Text
Peer Reviewed
See detailJoanAudit: A Tool for Auditing Common Injection Vulnerabilities
Thome, Julian UL; Shar, Lwin Khin UL; Bianculli, Domenico UL et al

in 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (2017, September)

JoanAudit is a static analysis tool to assist security auditors in auditing Web applications and Web services for common injection vulnerabilities during software development. It automatically identifies ... [more ▼]

JoanAudit is a static analysis tool to assist security auditors in auditing Web applications and Web services for common injection vulnerabilities during software development. It automatically identifies parts of the program code that are relevant for security and generates an HTML report to guide security auditors audit the source code in a scalable way. JoanAudit is configured with various security-sensitive input sources and sinks relevant to injection vulnerabilities and standard sanitization procedures that prevent these vulnerabilities. It can also automatically fix some cases of vulnerabilities in source code — cases where inputs are directly used in sinks without any form of sanitization — by using standard sanitization procedures. Our evaluation shows that by using JoanAudit, security auditors are required to inspect only 1% of the total code for auditing common injection vulnerabilities. The screen-cast demo is available at https://github.com/julianthome/joanaudit. [less ▲]

Detailed reference viewed: 62 (25 UL)
Full Text
See detailModeling Security and Privacy Requirements for Mobile Applications: a Use Case-driven Approach
Mai, Xuan Phu UL; Göknil, Arda UL; Shar, Lwin Khin UL et al

Report (2017)

Defining and addressing security and privacy requirements in mobile apps is a significant challenge due to the high level of transparency regarding users' (private) information. In this paper, we propose ... [more ▼]

Defining and addressing security and privacy requirements in mobile apps is a significant challenge due to the high level of transparency regarding users' (private) information. In this paper, we propose, apply, and assess a modeling method that supports the specification of security and privacy requirements of mobile apps in a structured and analyzable form. Our motivation is that, in many contexts including mobile app development, use cases are common practice for the elicitation and analysis of functional requirements and should also be adapted for describing security requirements. We integrate and adapt an existing approach for modeling security and privacy requirements in terms of security threats, their mitigations, and their relations to use cases in a misuse case diagram. We introduce new security-related templates, i.e., a mitigation template and a misuse case template for specifying mitigation schemes and misuse case specifications in a structured and analyzable manner. Natural language processing can then be used to automatically detect and report inconsistencies among artifacts and between the templates and specifications. Since our approach supports stakeholders in precisely specifying and checking security threats, threat scenarios and their mitigations, it is expected to help with decision making and compliance with standards for improving security. We successfully applied our approach to industrial mobile apps and report lessons learned and results from structured interviews with engineers. [less ▲]

Detailed reference viewed: 66 (8 UL)
Full Text
Peer Reviewed
See detailSearch-driven String Constraint Solving for Vulnerability Detection
Thome, Julian UL; Shar, Lwin Khin UL; Bianculli, Domenico UL et al

in Proceedings of the 39th International Conference on Software Engineering (ICSE 2017) (2017, May)

Constraint solving is an essential technique for detecting vulnerabilities in programs, since it can reason about input sanitization and validation operations performed on user inputs. However, real-world ... [more ▼]

Constraint solving is an essential technique for detecting vulnerabilities in programs, since it can reason about input sanitization and validation operations performed on user inputs. However, real-world programs typically contain complex string operations that challenge vulnerability detection. State-of-the-art string constraint solvers support only a limited set of string operations and fail when they encounter an unsupported one; this leads to limited effectiveness in finding vulnerabilities. In this paper we propose a search-driven constraint solving technique that complements the support for complex string operations provided by any existing string constraint solver. Our technique uses a hybrid constraint solving procedure based on the Ant Colony Optimization meta-heuristic. The idea is to execute it as a fallback mechanism, only when a solver encounters a constraint containing an operation that it does not support. We have implemented the proposed search-driven constraint solving technique in the ACO-Solver tool, which we have evaluated in the context of injection and XSS vulnerability detection for Java Web applications. We have assessed the benefits and costs of combining the proposed technique with two state-of-the-art constraint solvers (Z3-str2 and CVC4). The experimental results, based on a benchmark with 104 constraints derived from nine realistic Web applications, show that our approach, when combined in a state-of-the-art solver, significantly improves the number of detected vulnerabilities (from 4.7% to 71.9% for Z3-str2, from 85.9% to 100.0% for CVC4), and solves several cases on which the solver fails when used stand-alone (46 more solved cases for Z3-str2, and 11 more for CVC4), while still keeping the execution time affordable in practice. [less ▲]

Detailed reference viewed: 597 (58 UL)
Full Text
See detailSystem Testing of Timing Requirements based on Use Cases and Timed Automata
Wang, Chunhui UL; Pastore, Fabrizio UL; Briand, Lionel UL

in 10th IEEE International Conference on Software Testing, Verification and Validation (ICST 2017), Tokyo 13-18 March 2017 (2017, March 13)

In the context of use-case centric development and requirements-driven testing, this paper addresses the problem of automatically deriving system test cases to verify timing requirements. Inspired by ... [more ▼]

In the context of use-case centric development and requirements-driven testing, this paper addresses the problem of automatically deriving system test cases to verify timing requirements. Inspired by engineering practice in an automotive software development context, we rely on an analyzable form of use case specifications and augment such functional descriptions with timed automata, capturing timing requirements, following a methodology aiming at minimizing modeling overhead. We automate the generation of executable test cases using a test strategy based on maximizing test suite diversity and building over the UPPAAL model checker. Initial empirical results based on an industrial case study provide evidence of the effectiveness of the approach. [less ▲]

Detailed reference viewed: 234 (19 UL)
Full Text
Peer Reviewed
See detailIncremental Reconfiguration of Product Specific Use Case Models for Evolving Configuration Decisions
Hajri, Ines UL; Göknil, Arda UL; Briand, Lionel UL et al

in 23rd International Working Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2017) (2017, March)

[Context and motivation] Product Line Engineering (PLE) is increasingly common practice in industry to develop complex systems for multiple customers with varying needs. In many business contexts, use ... [more ▼]

[Context and motivation] Product Line Engineering (PLE) is increasingly common practice in industry to develop complex systems for multiple customers with varying needs. In many business contexts, use cases are central development artifacts for requirements engineering and system testing. In such contexts, use case configurators can play a significant role to capture variable and common requirements in Product Line (PL) use case models and to generate Product Specific (PS) use case models for each new customer in a product family. [Question/Problem] Although considerable research has been devoted to use case configurators, little attention has been paid to supporting the incremental reconfiguration of use case models with evolving configuration decisions. [Principal ideas/results] We propose, apply, and assess an incremental reconfiguration approach to support evolving configuration decisions in PL use case models. PS use case models are incrementally reconfigured by focusing only on the changed decisions and their side effects. In our prior work, we proposed and applied Product line Use case modeling Method (PUM) to support variability modeling in PL use case diagrams and specifications. We also developed a use case configurator, PUMConf, which interactively collects configuration decisions from analysts to generate PS use case models from PL models. Our approach is built on top of PUM and PUMConf. [Contributions] We provide fully automated tool support for incremental configuration as an extension of PUMConf. Our approach has been evaluated in an industrial case study in the automotive domain, which provided evidence it is practical and beneficial. [less ▲]

Detailed reference viewed: 139 (59 UL)
Full Text
Peer Reviewed
See detailA Change Management Approach in Product Lines for Use Case-Driven Development and Testing
Hajri, Ines UL; Göknil, Arda UL; Briand, Lionel UL

Poster (2017, March)

In this paper, driven by industrial needs, we present a change management approach for product lines within the context of use case-driven development and testing. As part of the approach, we first ... [more ▼]

In this paper, driven by industrial needs, we present a change management approach for product lines within the context of use case-driven development and testing. As part of the approach, we first provide a modeling method to support variability modeling in Product Line (PL) use case diagrams, specifications, and domain models, intentionally avoiding any reliance on feature models and thus avoiding unnecessary modeling and traceability overhead. Then, we introduce a use case-driven configuration approach based on the proposed modelling method to automatically generate Product Specific (PS) use case and domain models from the PL models and configuration decisions. Building on this, we provide a change impact analysis approach for evolving configuration decisions in PL use case models. In addition, we plan to develop a change impact analysis approach for evolving PL use case models and an automated regression test selection technique for evolving configuration decisions and PL models. [less ▲]

Detailed reference viewed: 75 (34 UL)
Full Text
Peer Reviewed
See detailSynthetic Data Generation for Statistical Testing
Soltana, Ghanem UL; Sabetzadeh, Mehrdad UL; Briand, Lionel UL

in 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE 2017) (2017)

Usage-based statistical testing employs knowledge about the actual or anticipated usage profile of the system under test for estimating system reliability. For many systems, usage-based statistical ... [more ▼]

Usage-based statistical testing employs knowledge about the actual or anticipated usage profile of the system under test for estimating system reliability. For many systems, usage-based statistical testing involves generating synthetic test data. Such data must possess the same statistical characteristics as the actual data that the system will process during operation. Synthetic test data must further satisfy any logical validity constraints that the actual data is subject to. Targeting data-intensive systems, we propose an approach for generating synthetic test data that is both statistically representative and logically valid. The approach works by first generating a data sample that meets the desired statistical characteristics, without taking into account the logical constraints. Subsequently, the approach tweaks the generated sample to fix any logical constraint violations. The tweaking process is iterative and continuously guided toward achieving the desired statistical characteristics. We report on a realistic evaluation of the approach, where we generate a synthetic population of citizens' records for testing a public administration IT system. Results suggest that our approach is scalable and capable o [less ▲]

Detailed reference viewed: 25 (3 UL)
Full Text
Peer Reviewed
See detailAn Automated Framework for Detection and Resolution of Cross References in Legal Texts
Sannier, Nicolas UL; Adedjouma, Morayo; Sabetzadeh, Mehrdad UL et al

in Requirements Engineering (2017), 22(2), 215-237

When identifying and elaborating compliance requirements, analysts need to follow the cross references in legal texts and consider the additional information in the cited provisions. Enabling easier ... [more ▼]

When identifying and elaborating compliance requirements, analysts need to follow the cross references in legal texts and consider the additional information in the cited provisions. Enabling easier navigation and handling of cross references requires automated support for the detection of the natural language expressions used in cross references, the interpretation of cross references in their context, and the linkage of cross references to the targeted provisions. In this article, we propose an approach and tool sup- port for automated detection and resolution of cross references. The approach leverages the structure of legal texts, formalized into a schema, and a set of natural language patterns for legal cross reference expressions. These patterns were developed based on an investigation of Luxembourg’s legislation, written in French. To build confidence about their applicability beyond the context where they were observed, these patterns were validated against the Personal Health Information Protection Act (PHIPA) by the Government of Ontario, Canada, written in both French and English. We report on an empirical evaluation where we assess the accuracy and scalability of our framework over several Luxembourgish legislative texts as well as PHIPA. [less ▲]

Detailed reference viewed: 159 (32 UL)
Full Text
Peer Reviewed
See detailAutomated Testing of Hybrid Simulink/Stateflow Controllers: Industrial Case Studies
Matinnejad, Reza UL; Nejati, Shiva UL; Briand, Lionel UL

in Proceedings of 11TH JOINT MEETING OF THE EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND THE ACM SIGSOFT SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (ESEC/FSE 2017) (2017)

We present the results of applying our approach for testing Simulink controllers to one public and one proprietary model, both industrial. Our approach combines explorative and exploitative search ... [more ▼]

We present the results of applying our approach for testing Simulink controllers to one public and one proprietary model, both industrial. Our approach combines explorative and exploitative search algorithms to visualize the controller behavior over its input space and to identify test scenarios in the controller input space that violate or are likely to violate the controller requirements. The engineers' feedback shows that our approach is easy to use in practice and gives them confidence about the behavior of their models. [less ▲]

Detailed reference viewed: 47 (8 UL)
Full Text
Peer Reviewed
See detailImproving Fault Localization for Simulink Models using Search-Based Testing and Prediction Models
Liu, Bing UL; Lucia, Lucia; Nejati, Shiva UL et al

in 24th IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER 2017) (2017)

One promising way to improve the accuracy of fault localization based on statistical debugging is to increase diversity among test cases in the underlying test suite. In many practical situations, adding ... [more ▼]

One promising way to improve the accuracy of fault localization based on statistical debugging is to increase diversity among test cases in the underlying test suite. In many practical situations, adding test cases is not a cost-free option because test oracles are developed manually or running test cases is expensive. Hence, we require to have test suites that are both diverse and small to improve debugging. In this paper, we focus on improving fault localization of Simulink models by generating test cases. We identify three test objectives that aim to increase test suite diversity. We use these objectives in a search-based algorithm to generate diversified but small test suites. To further minimize test suite sizes, we develop a prediction model to stop test generation when adding test cases is unlikely to improve fault localization. We evaluate our approach using three industrial subjects. Our results show (1) the three selected test objectives are able to significantly improve the accuracy of fault localization for small test suite sizes, and (2) our prediction model is able to maintain almost the same fault localization accuracy while reducing the average number of newly generated test cases by more than half. [less ▲]

Detailed reference viewed: 198 (24 UL)
Full Text
Peer Reviewed
See detailA Search-based Testing Approach for XML Injection Vulnerabilities in Web Applications
Jan, Sadeeq UL; Nguyen, Duy Cu UL; Andrea, Arcuri UL et al

in 10th IEEE International Conference on Software Testing, Verification and validation (ICST 2017), Tokyo 13-18 March 2017 (2017)

In most cases, web applications communicate with web services (SOAP and RESTful). The former act as a front-end to the latter, which contain the business logic. A hacker might not have direct access to ... [more ▼]

In most cases, web applications communicate with web services (SOAP and RESTful). The former act as a front-end to the latter, which contain the business logic. A hacker might not have direct access to those web services (e.g., they are not on public networks), but can still provide malicious inputs to the web application, thus potentially compromising related services. Typical examples are XML injection attacks that target SOAP communications. In this paper, we present a novel, search-based approach used to generate test data for a web application in an attempt to deliver malicious XML messages to web services. <br />Our goal is thus to detect XML injection vulnerabilities in web applications. The proposed approach is evaluated on two studies, including an industrial web application with millions of users. Results show that we are able to effectively generate test data (e.g., input values in an HTML form) that detect such vulnerabilities. [less ▲]

Detailed reference viewed: 187 (21 UL)