Found 166 result(s)
Found 9 page(s)
Page Size: 10, 20, 50
Export: bibtex, xml, json, csv

2016 Conference object Unknown

Does code coverage provide a good stopping rule for operational profile based testing?
Miranda B., Bertolino A.
We introduce a new coverage measure, called the operational coverage, which is customized to the usage profile (count spectrum) of the entities to be covered. Operational coverage is proposed as an adequacy criterion for operational profile based testing, i.e., to assess the thoroughness of a black box test suite derived from the operational profile. To validate the approach we study the correlation between operational coverage of branches, statements, and functions, and the probability that the next test input will not fail. On the three subjects considered, we observed a moderate correlation in all cases (except a low correlation for function coverage for one subject), and consistently better results than traditional coverage measure.Source: 11th International Workshop on Automation of Software Test, pp. 22–28, Austin, Texas, USA, 14-15 May 2016
DOI: 10.1145/2896921.2896934

See at: DOI Resolver | CNR People | www.scopus.com


2016 Report Unknown

Scope-aided test prioritization, selection and minimization for software reuse
Miranda B., Bertolino A.
Software reuse can improve productivity, but does not exempt developers from the need to test the reused code into the new context. For this purpose, we propose here specific approaches to white-box test prioritization, selection and minimization that take into account the reuse context when reordering or selecting test cases, by leveraging possible constraints delimiting the new input domain scope. Our scope-aided testing approach aims at detecting those faults that under such constraints would be more likely triggered in the new reuse context, and is proposed as a boost to existing approaches. Our empirical evaluation shows that in test suite prioritization we can improve the average rate of faults detected when considering faults that are in scope, while remaining competitive considering all faults; in test case selection and minimization we can considerably reduce the test suite size, with small to no extra impact on fault detection effectiveness considering both in-scope and all faults. Indeed, in minimization, we improve the in-scope fault detection effectiveness in all cases.

See at: CNR People


2017 Conference object Unknown

What paper types are accepted at the international conference on software engineering?
Bertolino A., Calabro A., Lonetti F., Marchetti E., Miranda B.
With the aim of identifying good structures and examples for papers in the software engineering field, we conducted a study of the type of papers accepted along four decades in the Research Track of the International Conference on Software Engineering (ICSE). We used for this purpose a categorization scheme for Software Engineering papers that was obtained by merging, extending and revising a few existing paper scheme proposals. This paper summarizes some outcomes relative to what topics and problems are addressed, what types of contribution are presented and how they are validated. Insights from the study could help ICSE authors, reviewers and conference organizers in focusing and improving future efforts.Source: 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C), pp. 399–401, Buenos Aires, 20.28/05/2017
DOI: 10.1109/ICSE-C.2017.50

See at: DOI Resolver | CNR People | www.scopus.com


2017 Conference object Unknown

Online robustness testing of distributed embedded systems: An industrial approach
Alnawasreh K., Pelliccione P., Hao Z., Range M., Bertolino A.
Having robust systems that behave properly even in presence of faults is becoming increasingly important. This is the case of the system we investigate in this paper, which is an embedded distributed system consisting of components that communicate with each other via messages exchange in the RBS (Radio Based Station) at Ericsson AB in Gothenburg, Sweden. Specifically, this paper describes a novel fault injection approach for testing the robustness of distributed embedded systems with very limited computation power. The new approach is inspired by Netflix's ChaosMonkey, a fault injection approach that has been developed for testing distributed systems hosted in the cloud. However, ChaosMonkey cannot be used in the context of RBS since the latter consists of small-embedded components with specific requirements of performance, programming language, and communication paradigm. This paper reports about the approach called Postmonkey we developed, illustrates the results of applying it to RBS, and discusses the potential of utilizing fault injection to test complex, embedded, and distributed systems. The approach and tool are now adopted by Ericsson.Source: International Conference on Software Engineering, pp. 133–142, 20-28/05/ 2017
DOI: 10.1109/ICSE-SEIP.2017.17

See at: DOI Resolver | CNR People | www.scopus.com


2015 Conference object Unknown

Improving test coverage measurement for reused software
Miranda B., Bertolino A.
Test coverage adequacy measures provide a widely used stopping criterion. Engineering of modern software-intensive systems emphasizes reuse. In the case that a program uses reused code or third-party components in a context that is different from the original one, some of their entities (e.g. branches) might never be exercised, thus producing a code coverage level far from full and not meaningful anymore as a stopping rule for the program at hand. We introduce a new coverage criterion, called "Relevant Coverage", that in each testing context in which a code is reused calculates coverage measures over the set of relevant entities for that context. We provide an approach for identifying relevant entities using dynamic symbolic execution. The introduced coverage adequacy criterion is assessed in an exploratory study against traditional coverage in terms of test suite size reduction factor, cost-effectiveness ratio and rate of fault detection. The results of our study showed that relevant coverage can considerably reduce the test suite size while preserving a high cost-effectiveness ratio with respect to the traditional approach.Source: SEAA 2015 - 41st Euromicro Conference on Software Engineering and Advanced Applications, pp. 27–34, Funchal, Portugal, 26-28 August 2015
DOI: 10.1109/SEAA.2015.69

See at: DOI Resolver | CNR People


2013 Part of book or chapter of book Unknown

Tag Identification Protocols in RFID Systems
Lonetti F., Martelli F.
Fast and reliable identification of multiple objects that are present at the same time is very important in many applications. A very promising technology for this purpose is Radio Frequency Identification (RFID), which is fast pervading many application fields, like public transportation and ticketing, access control, production control, animal identification, and localization of objects and people. The problem approached in this chapter is the tag identification in RFID systems. This problem occurs when several tags try to answer at the same time to a reader query. If more than one tag answers, their messages will collide on the RF communication channel, and the reader cannot identify these tags. There are two families of protocols for approaching the tag collision problem: a family of probabilistic protocols, and a family of deterministic ones. In this chapter, the authors give an overview of the most important approaches and trends for tag identification in RFID systems and provide the results of a deep comparison of the presented tag identification protocols in terms of complexity and performance.Source: Security and Trends in Wireless Identification and Sensing Platform Tags: Advancements in RFID, edited by Pedro Peris Lopez, Julio C. Hernandez-Castro, Tieyan Li, pp. 1–33, 2013
DOI: 10.4018/978-1-4666-1990-6.ch001

See at: DOI Resolver | CNR People | www.igi-global.com


2017 Conference object Open Access OPEN

Towards ex vivo testing of mapreduce applications
Morán J., Bertolino A., De La Riva C., Tuya J.
Big Data programs are those that process large data exceeding the capabilities of traditional technologies. Among newly proposed processing models, MapReduce stands out as it allows the analysis of schema-less data in large distributed environments with frequent infrastructure failures. Functional faults in MapReduce are hard to detect in a testing/preproduction environment due to its distributed characteristics. We propose an automatic test framework implementing a novel testing approach called Ex Vivo. The framework employs data from production but executes the tests in a laboratory to avoid side-effects on the application. Faults are detected automatically without human intervention by checking if the same data would generate different outputs with different infrastructure configurations. The framework (MrExist) is validated with a real-world program. MrExist can identify a fault in a few seconds, then the program can be stopped, not only avoiding an incorrect output, but also saving money, time and energy of production resources.Source: QRS 2017 - IEEE International Conference on Software Quality, Reliability and Security, pp. 73–80, Prague, Czech Republic, 25-29 July 2017
DOI: 10.1109/QRS.2017.17

See at: Repositorio Institucional de la Universidad de Oviedo Open Access | DOI Resolver | ieeexplore.ieee.org | CNR People


2002 Book Unknown

Guest Editors' Introduction: 2000 International Sysmposium on Software Testing and Analysis
Harrold M. J., Bertolino A.
No abstract availableSource: info:cnr-pdr/source/autori:Harrold M.J.; Bertolino A./titolo:Guest Editors' Introduction: 2000 International Sysmposium on Software Testing and Analysis/editore:/anno:2002

See at: CNR People


2014 Part of book or chapter of book Unknown

A toolchain for designing and testing access control policies
Bertolino A., Busch M., Daoudagh S., Lonetti F., Marchetti E.
Security is an important aspect of modern information management systems. The crucial role of security in this systems demands the use of tools and applications that are thoroughly validated and verified. However, the testing phase is an effort consuming activity that requires reliable supporting tools for speeding up this costly stage. Access control systems, based on the integration of new and existing tools are available in the Service Development Environment (SDE). We introduce an Access Control Testing toolchain (ACT) for designing and testing access control policies that includes the following features: (i) the graphical specification of an access control model and its translation into an XACML policy; (ii) the derivation of test cases and their execution against the XACML policy; (iii) the assessment of compliance between the XACML policy execution and the access control model. In addition, we illustrate the use of the ACT toolchain on a case study.Source: Engineering Secure Future Internet Services and Systems - Current Research, edited by Maritta Heisel, Wouter Joosen, Javier Lopez, Fabio Martinelli, pp. 266–286, 2014
DOI: 10.1007/978-3-319-07452-8_11
Project(s): NESSOS via OpenAIRE

See at: DOI Resolver | link.springer.com | CNR People


2014 Conference object Unknown

Software testing and/or software monitoring: differences and commonalities
Bertolino A.
Validation is an essential part of the software life cycle. The actual functional and non-functional behaviour of an application needs to be checked against the expected or intended behaviour. Both testing and monitoring are widely used approaches for this purpose. More traditionally testing is considered as a technique for fault removal and forecasting during development. Monitoring is instead conceived for run-time observation of deployed software. Testing and monitoring approaches are usually contrasted as being, respectively, in-the-laboratory vs. in-the-field, and active vs. passive. In this talk I will overview concepts and techniques for software testing and monitoring, and will discuss how for modern pervasive and dynamic software systems the two approaches tend to converge in combined and synergic ways.Source: Jornadas Sistedes - Jornadas de la Asociación de Ingeniería del Software y Tecnologías de Desarrollo de Software (Sistedes), Casiz, Spain, 16 - 19 September 2014

See at: CNR People


2014 Book Unknown

Computer Safety, Reliability, and Security. 33rd International Conference
Bondavalli A., Di Giandomenico F.
This year we celebrate the 33rd edition of SAFECOMP, a major forum to provide ample opportunity for academic and industrial researchers to exchange insights and experience on emerging methods, approaches and practical solutions in the areas of safety, security and reliability of critical computer applications. Since it was established in 1979 by the European Workshop on Industrial Computer Systems, Technical Committee 7 on Reliability, Safety and Security (EWICS TC7), SAFECOMP has contributed to the progress of the state-of-the-art in dependable application of computers in safety-related and safety-critical systems. This year SAFECOMP is organized within FLORENCE 2014 a one-week scientific event on the development of safe, secure, dependable and performing systems covering design and assessment both from a quantitative and a formal perspective. Together with SAFECOMP 2014 the other major event is Quantita- tive Evaluation of SysTems - QEST 2014. Many other satellite events, in addition to the six SAFECOMP workshops, are taking place, such as FORMATS (the International Conference on Formal Modeling and Analysis of Timed Systems), EPEW (the European Workshop on Performance Engineering) and FMICS (the International Workshop on Formal Met hods for Industrial Critical Systems). We are very proud to present this year's SAFECOMP program, which in- cludes 20 research papers and 3 reports on practical experience and tools, out of 85 submissions from 22 countries. Four keynotes given by outstanding repre- sentatives from academia (Prof. Henrique Madeira and Prof. Philip Koopman), industry (Mr. Philippe Quere) and EU Research Programs (Mr. Werner Stein- hoegl) enrich the program. We are grateful to them for their invaluable con- tribution in providing additional fuel for fruitful discussion and inspiration for research. Following the tradition of thoroughness of this conference, all the manuscripts went through a rigorous review process by the 48 members of the Program Committee and a number of external reviewers. Then, final discussion was held at the plenary meeting on May 7th in Pisa, attended by 24 PC members, where the papers appearing in th e program were selected. We would like to express our deep gratitude to the PC members, who con- tributed their expertise and time from their busy schedules before, during, and after the PC meeting to ensure the quality of the reviewing and shepherding processes. We also greatly appreciate the efforts and expertise of the external reviewers. Of course, we would like to gratefully acknowledge and thank all the authors for their effort in submitting papers! Several other individuals deserve our gratitude for their help, guidance, visible and invisible work in preparing the conference, among them the EWICS TC7 Chair Francesca Saglietti, the Worskhop Chair Frank Ortmeier, the Industry- Liaison Chair Michael Paulitsch, the Publicity Chair Francesco Flammini, the Publication Chair Andrea Ceccarelli, the Local Organizing Chair Paolo Lollini and his team (Nicola Nostro, Leonardo Montecchi, Andreia Rossi, Marco Mori, Valentina Bonfiglio) and our Finance Chair Ettore Ricciardi. Finally, we warmly welcome all the a ttendees in Florence and wish a very interesting, fruitful, and enjoyable conference!Source: info:cnr-pdr/source/autori:Bondavalli A.; Di Giandomenico F.,/titolo:Computer Safety, Reliability, and Security. 33rd International Conference/editore:/anno:2014
DOI: 10.1007/978-3-319-10506-2

See at: DOI Resolver | link.springer.com | CNR People


2017 Conference object Unknown

Automated deployment and management of Self-* applications on hybrid clouds
Hillah L. M., Assad R., Bertolino A., Maesano L., Iyoda J.
This position paper outlines an intercontinental research whose goal is twofold: (i) low code implementation of portable cloud applications with self-configuration, self-healing, self-recovery capabilities; (ii) low code automation of installation, configuration, and setup of self-* applications on hybrid clouds.Source: Cloudscape Brazil and Workshop on Cloud Networks 2017, Sao Paolo, Brazil, 5-6 July 2017

See at: eubrasilcloudforum.eu | CNR People


2018 Article Unknown

Automatic testing of design faults in MapReduce applications
Moran J., Bertolino A., De La Riva C., Tuya J.
New processing models are being adopted in Big Data engineering to overcome the limitations of traditional technology. Among them, MapReduce stands out by allowing for the processing of large volumes of data over a distributed infrastructure that can change during runtime. The developer only designs the functionality of the program and its execution is managed by a distributed system. As a consequence, a program can behave differently at each execution because it is automatically adapted to the resources available at each moment. Therefore, when the program has a design fault, this could be revealed in some executions and masked in others. However, during testing, these faults are usually masked because the test infrastructure is stable, and they are only revealed in production because the environment is more aggressive with infrastructure failures, among other reasons. This paper proposes new testing techniques that aimed to detect these design faults by simulating different infrastructure configurations. The testing techniques generate a representative set of infrastructure configurations that as whole are more likely to reveal failures using random testing, and partition testing together with combinatorial testing. The techniques are automated by using a test execution engine called MRTest that is able to detect these faults using only the test input data, regardless of the expected output. Our empirical evaluation shows that MRTest can automatically detect these design faults within a reasonable time.Source: IEEE transactions on reliability 67 (2018): 717–732. doi:10.1109/TR.2018.2802047
DOI: 10.1109/TR.2018.2802047

See at: DOI Resolver | ieeexplore.ieee.org | CNR People


2016 Article Unknown

Achieving functional and non functional interoperability through synthesized connectors
Nostro N., Spalazzese R., Di Giandomenico F., Inverardi P.
Our everyday life is pervaded by the use of a number of heterogeneous systems that are continuously and dynamically available in the networked environment to interoperate to achieve some goal. Goals may include both functional and non functional aspects and the evolving nature of such environment requires automated solutions as means to reach the needed level of flexibility. Achieving interoperability in such environment is a challenging problem. Even though some of such systems may in principle interact since they have compatible functionalities and similar interaction protocols, mismatches in their protocols and non functional issues arising from the environment may undermine their seamless interoperability. In this paper, we propose an approach for the automated synthesis of application layer connectors between heterogeneous networked systems (NSs) addressing both functional and some non functional interoperability. Our contributions are: (i) an automated connectors synthesis approach for NSs interoperability taking into account functional, performance and dependability aspects spanning pre-deployment time and run-time; (ii) a connector adaptation process, related to the performance and dependability aspects; and (iii) a stochastic model-based implementation of the performance and dependability analysis. In addition, we implemented, analyzed, and critically discussed a case study.Source: The Journal of systems and software 111 (2016): 185–199. doi:10.1016/j.jss.2015.09.038
DOI: 10.1016/j.jss.2015.09.038

See at: DOI Resolver | CNR People | www.sciencedirect.com


2013 Conference object Unknown

Adaptive SLA Monitoring of Service Choreographies Enacted on the Cloud
Bertolino A., Calabrò A., De Angelis G.
The deployment and the execution of applications on dynamic Cloud infrastructures introduces new requirements of adaptability with respect to monitoring. Specifically, the governance of service choreographies enacted over Cloud-based solutions relies on the observation and analysis of events happening at different abstraction layers. Adaptability requirements are even more evident when monitoring deals with Service Level Agreements (SLA) established among the choreography participants. In fact, as the Cloud paradigm offers on-demand solutions as a service, often monitoring rules cannot be completely defined off-line. Thus also the monitoring infrastructure must keep track of the continuous evolution of the underlying environment, and adapt itself accordingly. This paper proposes an adaptive multi-source monitoring architecture that can synthesize on-the-fly SLA monitoring rules following the evolution of the Cloud infrastructure. We demonstrate the idea on a case study and discuss limitations as well as planned further advancements.Source: IEEE - 7th International Symposium on the Maintenance and Evolution of Service-Oriented and Cloud-Based Systems, pp. 92–101, Eindhoven, Netherlands, 22-23 September 2013
DOI: 10.1109/MESOCA.2013.6632741
Project(s): CHOREOS via OpenAIRE

See at: DOI Resolver | ieeexplore.ieee.org | CNR People


2016 Article Unknown

Automata for specifying and orchestrating service contracts
Basile D., Degano P., Ferrari G.
An approach to the formal description of service contracts is presented in terms of automata. We focus on the basic property of guaranteeing that in the multi-party composition of principals each of them gets his requests satisfied, so that the overall composition reaches its goal. Depending on whether requests are satisfied synchronously or asynchronously, we construct an orchestrator that at static time either yields composed services enjoying the required properties or detects the principals responsible for possible violations. To do that in the asynchronous case we resort to Linear Programming techniques. We also relate our automata with two logically based methods for specifying contracts.Source: Logical Methods in Computer Science 12 (2016). doi:10.2168/LMCS-12(4:6)2016
DOI: 10.2168/LMCS-12(4:6)2016

See at: DOI Resolver | lmcs.episciences.org | CNR People


2015 Part of book or chapter of book Unknown

Safe adaptation through implicit effect coercion
Basile D., Galletta L., Mezzetti G.
Context-Oriented programming languages provide us with primitive constructs to adapt programs behaviour depending on the evolution of their operational environment. In this paradigm developers must provide behaviour for any context a program may find in. A missing behaviour causes a new kind of runtime error: an adaptation error. We propose a novel mechanism, based on implicit function, that allows the execution environment to supply such behaviour when the program is not able to adapt. We assess our proposal extending a core functional language designed for adaptivity. We integrate the mechanism in a type and effect system, in the form of implicit coercions, showing that our type discipline guarantees that no adaptation errors occur.Source: Programming Languages with Applications to Biology and Security. Essays Dedicated to Pierpaolo Degano on the Occasion of His 65th Birthday, edited by Chiara Bodei, Gian-Luigi Ferrari, Corrado Priami, pp. 122–141, 2015
DOI: 10.1007/978-3-319-25527-9_10

See at: DOI Resolver | CNR People | www.scopus.com


2016 Conference object Open Access OPEN

Towards business process execution adequacy criteria
Bertolino A., Calabro A., Lonetti F., Marchetti E.
Monitoring of business process execution has been proposed for the evaluation of business process performance. An important aspect to assess the thoroughness of the business process execution is to monitor if some entities have not been observed for some time and timely check if something is going wrong. We propose in this paper business process execution adequacy criteria and provide a proof-of-concept monitoring framework for their assessment. Similar to testing adequacy, the purpose of our approach is to identify the main entities of the business process that are covered during its execution and raise a warning if some entities are not covered. We provide a first assessment of the proposed approach on a case study in the learning context.Source: Software Quality. The Future of Systems and Software Development. 8th International Conference, pp. 37–48, Wien, Austria, 18-21 January 2016
DOI: 10.1007/978-3-319-27033-3_3
Project(s): LEARN PAD via OpenAIRE

See at: PUblication MAnagement Open Access | DOI Resolver | CNR People | www.scopus.com


2013 Conference object Unknown

ServicePot - An extensible registry for choreography governance
Ali M., De Angelis G., Polini A.
The Future Internet (FI) vision fosters the establishment of highly dynamic and continuously evolving systems in which different organizations, via provided e-services, dynamically cooperate at run-time, and possibly just for a single application level transaction. Service choreographies contribute to establish the FI vision, by providing support for the description of complex and interorganizational service-based applications. Specifically, the choreography paradigm facilitates the dynamic integration and interoperability of services managed and made available by different organizations. Nevertheless the real take off of choreography based solutions asks for the definition and development of suitable supporting frameworks (i.e. platforms and tools) permitting to govern the whole life-cycle of a service choreography. In this paper, we have introduced the main challenges and requirements for a software infrastructure supporting choreography adoption, and our response to these challenges: ServicePot. ServicePot is an extensible registry for choreography-based solutions offering choreography lifecycle management and governance features. The registry implements all the fundamental functionalities for choreography support and it has a plug-in based extensible architecture permitting the easy introduction of additional choreography related manipulation activities. A reference implementation of the registry is also introduced and discussed, taking into account choreographies specifications defined using the BPMN 2.0 standard notation.Source: SOSE 2013 - Seventh IEEE International Symposium on Service-Oriented System Engineering, pp. 113–124, San Francisco, March 25-28 2013
DOI: 10.1109/SOSE.2013.35
Project(s): CHOREOS via OpenAIRE

See at: DOI Resolver | ieeexplore.ieee.org | CNR People


2014 Conference object Unknown

An automated testing framework of model-driven tools for XACML policy specification
Bertolino A., Daoudagh S., Lonetti F., Marchetti E.
Access Control is among the most important security mechanisms to put in place in order to secure applications. XACML is the de facto standard for storing and deploying access control policies. However, due to the complexity of the XACML language, policy definition becomes a difficult and error prone process. In recent years, the combined use of models for the access control policy specification, and the model-to-code facilities, for the automatic transformation of the model into the XACML language, has been proposed as a possible solution. These model-driven methodologies and facilities need to be thoroughly validated and verified. In this paper we provide an integrated framework for testing the automatic translation of the specification of an access control model into an XACML policy. The framework includes different test strategies for the derivation of test cases and some facilities for making easier their execution against the XACML policy and the test results collection and analysis. In addition, we illustrate the use of the framework on a case study.Source: QUATIC 2014 - 9th International Conference on the Quality of Information and Communications Technology, pp. 75–84, Guimarães, Portugal, 23-26 September 2014
DOI: 10.1109/QUATIC.2014.17
Project(s): NESSOS via OpenAIRE

See at: DOI Resolver | CNR People | www.scopus.com