An improved software process management tool: ReMoTe (recursively estimating multi-threaded observation tool enterprise)

Xia, Shujiang

01 January 2005

The principal purpose of the project is to enable ReMoTe support for multi-databases. ReMoTe stands for the Recursively Estimating Multi-Threaded Observation Technology Enterprise, which is a web-based computer aided software engineering tool for monitoring software development process. Development of ReMoTe is based on the RMT (Recursive Multi-Threaded) software life cycle developed by Scott Simon, a CSUSB alum, in his master's thesis in 1997. ReMoTe enables the monitoring of projects that use different databases in various locations. Central management can view the progress information of each project using a web browser no matter where the database or project team is located. In this project, three database software were supported, namely MySQL, Oracle, and Microsoft Access, and employed contemporary technologies such as JavaScript, PHP, and Open Database Connectivity (ODBC). Source codes are included.

Software engineering

Software engineering Management

Recursive programming

Recursive programming

Software engineering

Software engineering Management.

Software Engineering

Development and Validation of Feedback-Based Testing Tutor Tool to Support Software Testing Pedagogy

Cordova, Lucas Pascual

January 2020

Current testing education tools provide coverage deficiency feedback that either mimics industry code coverage tools or enumerates through the associated instructor tests that were absent from the student’s test suite. While useful, these types of feedback mechanisms are akin to revealing the solution and can inadvertently lead a student down a trial-and-error path, rather than using a systematic approach. In addition to an inferior learning experience, a student may become dependent on the presence of this feedback in the future. Considering these drawbacks, there exists an opportunity to develop and investigate alternative feedback mechanisms that promote positive reinforcement of testing concepts. We believe that using an inquiry-based learning approach is a better alternative (to simply providing the answers) where students can construct and reconstruct their knowledge through discovery and guided learning techniques. To facilitate this, we present Testing Tutor, a web-based assignment submission platform to support different levels of testing pedagogy via a customizable feedback engine. This dissertation is based on the experiences of using Testing Tutor at different levels of the curriculum. The results indicate that the groups using conceptual feedback produced higher-quality test suites (achieved higher average code coverage, fewer redundant tests, and higher rates of improvement) than the groups that received traditional code coverage feedback. Furthermore, students also produced higher quality test suites when the conceptual feedback was tailored to task-level for lower division student groups and self-regulating-level for upper division student groups. We plan to perform additional studies with the following objectives: 1) improve the feedback mechanisms; 2) understand the effectiveness of Testing Tutor’s feedback mechanisms at different levels of the curriculum; and 3) understand how Testing Tutor can be used as a tool for instructors to gauge learning and determine whether intervention is necessary to improve students’ learning.

pedagogy

software engineering

testing

Adaptive Regression Testing Strategy: An Empirical Study

Arafeen, Md. Junaid

January 2012

When software systems evolve, different amounts of code modifications can be involved in different versions. These factors can affect the costs and benefits of regression testing techniques, and thus, there may be no single regression testing technique that is the most cost-effective technique to use on every version. To date, many regression testing techniques have been proposed, but no research has been done on the problem of helping practitioners systematically choose appropriate techniques on new versions as systems evolve. To address this problem, we propose adaptive regression testing (ART) strategies that attempt to identify the regression testing techniques that will be the most cost-effective for each regression testing session considering organization’s situations and testing environment. To assess our approach, we conducted an experiment focusing on test case prioritization techniques. Our results show that prioritization techniques selected by our approach can be more cost-effective than those used by the control approaches.

Computer software.

Software engineering.

Automating Self Evaluations for Software Engineers

Miranda, Jonathan Rodrigo A

01 June 2016

Software engineers frequently compose self-evaluations as part of employee perfor- mance reviews. These evaluations can be a key artifact for assessing a software engineer’s contributions to a team and organization, and for generating useful feed- back. Self-evaluations can be challenging because a) they can be time consuming, b) individuals may forget about important contributions especially when the review period is long such as a full year, c) some individuals can consciously or unconsciously overstate their contributions, and d) some individuals can be reluctant to describe their contributions for fear of appearing too proud [24]. UNBIASED, Useful New Basic Interactive Automated Self-Evaluation Demon- stration, is a web application designed to tackle the challenges of performing a self- evaluation by automatically gathering data from existing third party APIs, perform- ing an analysis on the data, and generating a self-evaluation starting point for soft- ware engineers to build off. The third party APIs currently supported are: Bitbucket, Gmail, Google Calendar, GitHub, and JIRA.

Computer Sciences

Software Engineering

On-Line Journal: A Tool for Enhancing Student Journals

Riser, Robert, Gotterbarn, Donald

01 August 1998

This paper discusses the development of a web-based on-line journal to replace a traditional project journal in a writing intensive undergraduate software engineering course. The on-line journal allows students to conveniently maintain their project journals while allowing the instructor to more effectively review student journals and provide timely feedback.

journal

software engineering

Towards Large-Scale and Robust Code Authorship Identification with Deep Feature Learning

Abuhamad, Mohammed

01 January 2020

Successful software authorship identification has both software forensics applications and privacy implications. However, the process requires an efficient extraction of quality authorship attributes. The extraction of such attributes is very challenging due to several factors such as the variety of software formats, number of available samples, and possible obfuscation or adversarial manipulation. We focus on software authorship identification from three central perspectives: large-scale single-authored software, real-world multi-authored software, and the robustness assessment of code authorship identification methods against adversarial attacks. First, we propose DL-CAIS, a deep Learning-based approach for software authorship attribution, that facilitates large-scale, format-independent, language-oblivious, and obfuscation-resilient software authorship identification. DL-CAIS incorporates learning deep authorship attribution using a recurrent neural network and identifying programmers using ensemble random forest. We demonstrate the effectiveness of DL-CAIS under different experimental settings and scenarios for identifying programmers of both source code and software binaries. Second, we propose Multi-X, a fine-grained multi-author identification system of programmers in single code files. Multi-X incorporates code segmentation, code representation, authorship verification, code integration, and authorship identification. We evaluate Multi-X with several Github projects (Caffe, Facebook's Folly, TensorFlow, etc.) and show remarkable accuracy. We examine the performance of Multi-X against multiple dimensions and design choices, and demonstrate its effectiveness. Finally, we propose Author-SHIELD to examine the robustness of six state-of-the-art code authorship attribution approaches against adversarial examples. We define three adversarial attacks on attribution techniques---confidence reduction, a programmer imitation, and evasion attacks---and realize them in targeted and non-targeted adversarial code perturbation. Our experiments demonstrate the vulnerability of current authorship attribution methods against adversarial attacks.

Computer Sciences

Software Engineering

Translations to Support Loop Invariant Generation in JML

Koja, Kohei

01 January 2022

Software is used in many critical systems in the real world such as autonomous cars and medical devices. Such software must be reliable to protect the general public. One standard way to make reliable software is to use Hoare-style verification techniques. However, for Hoare-style verification of loop correctness, loop invariants are necessary but are difficult for people to write themselves. Since Java is one of the most popular programming languages in the world, it is useful to have a tool to generate loop invariants for Java programs. OpenJML is a widely used program verification tool for Java. However, it does not provide automatic loop invariant generation. Therefore, the problem that this thesis addresses is to automatically generate loop invariants in OpenJML. The plan is to use a third-party tool to achieve this goal. Since this external tool does not support Java, a package is necessary to translate from Java/JML to the syntax of the loop invariant tool. However, there are a few conditions that the package has to meet. Since the programming language that the third- party tool supports has a limited grammar, we have to work around unsupported syntax. The resulting package is successful because it can integrate a loop invariant generation tool with OpenJML. Therefore, this package may help developers produce more reliable Java programs.

Computer Sciences

Software Engineering

Analyzing the Blockchain Attack Surface: A Top-down Approach

Saad, Muhammad

01 January 2021

Blockchains enable secure asset exchange in a distributed system, thereby facilitating innovative applications such as cryptocurrencies and smart contracts. Although the cryptographic constructs of blockchains are highly secure, however, their practical deployments are vulnerable to various attacks due to their application-specific policies, and their peer-to-peer (P2P) network intricacies. In this work, we take a top-down approach towards exploring those attacks, starting with the application-specific abuse of blockchain-based cryptocurrencies and concluding with the network conditions that violate the blockchain consistency. In the top-down approach, we first analyze the application-specific abuse of blockchain-based cryptocurrencies by uncovering (1) covert cryptocurrency mining in the web browsers, and (2) artificially inflating the transaction fee by attacking the blockchain memory pools. For both attacks, we show how the application policies are exploited to affect benign users. After exploring the application-specific attacks, we proceed towards a systematic analysis of inconsistencies in the blockchain P2P network. For this analysis, we focus on Bitcoin which is the most dominant blockchain system. Our analysis reveals that the biased distribution of resources in the Bitcoin network can be exploited to launch various partitioning attacks. Furthermore, through a root cause analysis, we discover that (1) the Bitcoin network is asynchronous in the real world, and (2) its security model does not embrace the risks associated with network churn. The last two components in the dissertation consolidate our attack surface analysis by analyzing the impact of network asynchrony and network churn on the blockchain consistency property. We conduct theoretical analysis and measurements to show how various network characteristics can be exploited to reduce the cost of launching notable attacks that violate consistency. Our top-down approach uncovers various novel attacks that have not been studied in the prior works. For each attack, we also propose countermeasures to harden the blockchain security.

Computer Sciences

Software Engineering

Marknadsplattform för träningsanläggningar / Digital marketplace for training facilities

Andarzig, Kiana, Müller Rasmussen, Ilja, Raattamaa, Niklas, Dahlsberg, Victor, Eshak, Jonatan, Fröberg, Elise, Särnhammar, Emanuel

January 2022

Denna rapport beskriver ett projekt som gjordes i kursen TDDD96 - Kandidatprojekt i programvaruutveckling vid Linköpings universitet under våren 2022. Projektets mål var att utveckla en marknadsplattform åt företaget Zoezi där deras kunder hade möjligheten attvisa upp sina tjänster. Resultatet av projektet är en framände skriven i TypeScript somutvecklades med hjälp av ramverket React, samt en bakände skriven i Python som utvecklades med hjälp av ramverket Flask. Rapporten redovisar även hur gruppen arbetademed utvecklingsmetoden Scrum samt andra metoder som användes under utvecklingenav produkten. Vidare så presenterar rapporten de erfarenheter som gruppmedlemmarnahar erhållit under arbetets gång.De slutsatser som gruppen kommit fram till är att det är viktigt att sätta upp tydligabegränsningar och att ha rak kommunikation med beställaren för att skapa värde för kunden; gruppen har erhållit många erfarenheter under projektets gång, framförallt om hurman arbetar i grupp; en systemanatomi kan vara till stöd för en grupp, framförallt i börjanav ett projekt; agila arbetssätt har både positiva och negativa effekter på grupparbeten.Dessutom innehåller rapporten sju individuella delar som skrivits av gruppmedlemmarna och som behandlar ämnen relaterade till projektet.

Marknadsplattform

Software Engineering

Programvaruteknik

Modeling, Analysis, and Detection of Information Leakage via Protocol-Based Covert Channels

Jaskolka, Jason

09 1900

<p>With the emergence of computers in every day activities and with the ever-growing complexity of networks and network protocols, covert channels are becoming an eminent threat to confidentiality of information. With increasing sensitivity of data in many computer application domains, the leakage of confidential information can have severe repercussions on the institution from which the information was leaked. <br /><br />In light of this eminent threat, we propose a technique to detect confidential information leakage via covert channels. We limit our focus to instances where the users of covert channels modulate the information that is being sent; either by encryption, or some other form of encoding.<br /><br />In the literature, the difference between classes of covert channels under the current classification is unclear. This lack of clarity results in the development of incomplete techniques for modeling, detecting and preventing covert channels. In this thesis, we propose a new classification for covert channels which organizes covert channels into two types: protocol-based covert channels and environment-based covert channels. We also develop a novel, comprehensive model for protocol-based covert channel communication. Using the developed model, we explore the relationship between covert channel communication, steganography and watermarking. The intent is to provide a better understanding of covert channel communication in an attempt to develop investigative support for confidentiality. Finally, we propose a technique for detecting confidential information leakages via covert channels. The technique is based on relation algebra and offers tests for verifying the existence of an abstraction relation which relates the confidential information to the information that is observed to be sent on the communication channel. It focuses on protocol-based covert channels. <br /><br />With a better understanding of covert channel communication, we are able to develop more effective and efficient mechanisms for detecting and preventing the use of covert channels to leak confidential information in computer systems.</p> / Master of Applied Science (MASc)

Software Engineering

Software Engineering