Spelling suggestions: "subject:"5oftware aintenance anda devolution"" "subject:"5oftware aintenance anda c.volution""
1 |
Supporting Software Evolution in Agent SystemsDam, Khanh Hoa, s3007289@student.rmit.edu.au January 2009 (has links)
Software maintenance and evolution is arguably a lengthy and expensive phase in the life cycle of a software system. A critical issue at this phase is change propagation: given a set of primary changes that have been made to software, what additional secondary changes are needed to maintain consistency between software artefacts? Although many approaches have been proposed, automated change propagation is still a significant technical challenge in software maintenance and evolution. Our objective is to provide tool support for assisting designers in propagating changes during the process of maintaining and evolving models. We propose a novel, agent-oriented, approach that works by repairing violations of desired consistency rules in a design model. Such consistency constraints are specified using the Object Constraint Language (OCL) and the Unified Modelling Language (UML) metamodel, which form the key inputs to our change propagation framework. The underlying change propagation mechanism of our framework is based on the well-known Belief-Desire-Intention (BDI) agent architecture. Our approach represents change options for repairing inconsistencies using event-triggered plans, as is done in BDI agent platforms. This naturally reflects the cascading nature of change propagation, where each change (primary or secondary) can require further changes to be made. We also propose a new method for generating repair plans from OCL consistency constraints. Furthermore, a given inconsistency will typically have a number of repair plans that could be used to restore consistency, and we propose a mechanism for semi-automatically selecting between alternative repair plans. This mechanism, which is based on a notion of cost, takes into account cascades (where fixing the violation of a constraint breaks another constraint), and synergies between constraints (where fixing the violation of a constraint also fixes another violated constraint). Finally, we report on an evaluation of the approach, covering both effectiveness and efficiency.
|
2 |
A Verification Framework for Access Control in Dynamic Web ApplicationsAlalfi, Manar 30 April 2010 (has links)
Current technologies such as anti-virus software programs and network firewalls provide
reasonably secure protection at the host and network levels, but not at the application
level. When network and host-level entry points are comparatively secure, public interfaces
of web applications become the focus of malicious software attacks. In this thesis, we focus
on one of most serious web application vulnerabilities, broken access control. Attackers
often try to access unauthorized objects and resources other than URL pages in an indirect
way; for instance, using indirect access to back-end resources such as databases. The
consequences of these attacks can be very destructive, especially when the web application
allows administrators to remotely manage users and contents over the web. In such cases,
the attackers are not only able to view unauthorized content,but also to take over site administration.
To protect against these types of attacks, we have designed and implemented
a security analysis framework for dynamic web applications. A reverse engineering process
is performed on an existing dynamic web application to extract a role-based access-control
security model. A formal analysis is applied on the recovered model to check access-control
security properties. This framework can be used to verify that a dynamic web application
conforms to access control polices specified by a security engineer. Our framework provides
a set of novel techniques for the analysis and modeling of web applications for the purpose
of security verification and validation. It is largely language independent, and based on
adaptable model recovery which can support a wide range of security analysis tasks. / Thesis (Ph.D, Computing) -- Queen's University, 2010-04-30 14:30:53.018
|
3 |
An automated approach to assign software change requestsCAVALCANTI, Yguaratã Cerqueira 31 January 2014 (has links)
Submitted by Nayara Passos (nayara.passos@ufpe.br) on 2015-03-13T13:04:40Z
No. of bitstreams: 2
TESE Yaguaratã Cerqueira Cavalcanti.pdf: 2989671 bytes, checksum: cdde3d6cea6de1cabb90748865421b78 (MD5)
license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) / Made available in DSpace on 2015-03-13T13:04:40Z (GMT). No. of bitstreams: 2
TESE Yaguaratã Cerqueira Cavalcanti.pdf: 2989671 bytes, checksum: cdde3d6cea6de1cabb90748865421b78 (MD5)
license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5)
Previous issue date: 2014 / The efficient management of Change Requests (CRs) is fundamental for successful
software maintenance; however the assignment of CRs to developers is an expensive aspect
in this regard, due to the time and expertise demanded. To overcome this, researchers have
proposed automated approaches for CR assignment. Although these proposals present advances
to this topic, they do not consider many factors inherent to the assignments, such as: developers’
workload, CRs severity, interpersonal relationships, and developers know-how. Actually, as
we demonstrate in this work, CR assignment is a complex activity and automated approaches
cannot rely on simplistic solutions. Ideally, it is necessary to consider and reason over contextual
information in order to provide an effective automation.
In this regarding, this work proposes, implements, and validates a context-aware architecture
to automate CR assignment. The architecture emphasizes the need for considering the
different information available at the organization to provide a more context-aware solution to
automated CR assignment. The development of such architecture is supported by evidence synthesized
from two empirical studies: a survey with practitioners and a systematic mapping study.
The survey provided us with a set of requirements that automated approaches should satisfy. In
the mapping study, in turn, we figured out how state-of-the-art approaches are implemented in
regarding to these requirements, concluding that many of them are not satisfied. In addition, new
requirements were identified in this mapping study.
For the implementation of the proposed architecture, we developed a strategy to automate
CR assignments which is based on two main components: a Rule-Based Expert System (RBES)
and an Information Retrieval (IR) model. The strategy coordinately applies these two components
in different steps to find the potential developer to a CR. The RBES takes care of the simple
and complex rules necessary to consider contextual information in the assignments, e.g., to
prevent assigning a CR to a busy or unavailable developer. Since these rules vary from one
organization/project to another, the RBES facilitates their modification for different contexts.
On the other hand, the IR model is useful to make use of the historical information of CR
assignments to match CRs and developers.
Results from the validation study showed that our solution is promising. It is, by
comparing the solution with an approach that uses only a machine learning algorithm, such as
the Support Vector Machine (SVM), we could improve the accuracy of assignments by almost
50%. The analysis of the solution’s payoff also pointed that such an accuracy is able to pay for
the efforts necessary to deploy the solution.-------------------------------------O gerenciamento eficiente de solicitações de mudança (SM) é fundamental para o
sucesso das atividades de manutenção e evolução de software. Entretanto, a atribuição de
SMs a desenvolvedores é um aspecto custoso desse gerenciamento, pois demanda tempo e
conhecimento apropriado do projeto de software. Várias pesquisas já propuseram métodos de
atribuição automática de SMs. Embora representem avanços na área, existem fatores inerentes a
atribuição de SMs que não são considerados nessas pesquisas e são essenciais para a automação.
Como demonstrado nesse trabalho, a atribuição automática deve, por exemplo, considerar
a carga de trabalho, a experiência e o conhecimento dos desenvolvedores, a prioridade e a
severidade das SMs, a afinidade dos desenvolvedores com os problemas descritos nas SMs, e até
mesmo os relacionamentos interpessoais. Para tornar esse cenário ainda mais complexo, esses
fatos podem variar de acordo com o projeto de software que está sendo desenvolvido. Assim,
uma solução para o problema de atribuição de SMs depende de informações contextuais.
Assim, esse trabalho propõe, implementa e valida uma solução arquitetural sensível ao
contexto para atribuição automática de SMs. Dado o aspecto contextual da solução, a arquitetura
considera diversas fontes de informações presentes na organização, assim como a necessidade de
se desenvolver algorítimos que implementem diferentes estratégias de atribuição. Nossa proposta
de solução é embasada em resultados de duas pesquisas quantitativas: um estudo de mapeamento
sistemático da literatura, e uma pesquisa de questionário com desenvolvedores de software. Esse
último forneceu um conjunto de requisitos que a solução automatizada deve satisfazer para que
as estratégias de atribuição sejam atendidas, enquanto o mapeamento da literatura identificou
técnicas, algoritmos, e outros requisitos necessários a automação.
A implementação da arquitetura segue uma estratégia de automação, definida nesse
trabalho, que possui dois componentes principais: um sistema especialista baseado em regras
(SEBR); e um modelo de recuperação de informação (MRI) com técnicas de aprendizagem. Em
nossa estratégia, esses dois componentes são executados alternadamente em momentos diferentes
a fim de atribuir uma SM automaticamente. O SEBR processa regras, considerando informações
contextuais do projeto de software e da organização que o desenvolve. O MRI é utilizado para
fazer o casamento entre SMs e desenvolvedores de acordo com o histórico de atribuições.
Os resultados do estudo de validação apontaram que a solução é promissora. Isto
é, ao compararmos nossa solução com uma abordagem que utiliza apenas um algoritmo de
aprendizado de máquina, como o Support Vector Machine (SVM), pudemos melhorar em quase
50% a acurácia de atribuição. Já a análise de custo de implantação apontou que a acurácia
atingida pela solução possui um bom custo benefício.
|
Page generated in 0.1208 seconds