Your search keyword '"Antonia Bertolino"' showing total 74 results

1. Quality of Information and Communications Technology : 17th International Conference on the Quality of Information and Communications Technology, QUATIC 2024, Pisa, Italy, September 11–13, 2024, Proceedings

Author

Antonia Bertolino, João Pascoal Faria, Patricia Lago, Laura Semini, Antonia Bertolino, João Pascoal Faria, Patricia Lago, and Laura Semini

Subjects

Software engineering, Computer networks, Application software, Artificial intelligence

Abstract

This book constitutes the proceedings of the 17th International Conference on the Quality of Information and Communications Technology, QUATIC 2024, held in Pisa, Italy, during September 11–13, 2024. The 34 full and short papers of QUATIC 2024 included in this book were carefully reviewed and selected from 49 submissions. QUATIC is a forum for disseminating advanced methods, techniques and tools to support quality approaches to ICT engineering and management. Practitioners and researchers are encouraged to exchange ideas and approaches on how to adopt a quality culture in ICT process and product improvement and to provide practical studies in varying contexts.

Published

2024

2. Standing on the Shoulders of Software Product Line Research for Testing Systems of Systems

Author

Francesca Lonetti, Vania de Oliveira Neves, and Antonia Bertolino

Subjects

System of systems, Test strategy, business.industry, Computer science, Software Product Line, Testing, 020207 software engineering, Cascading Style Sheets, 02 engineering and technology, Reuse, Software, Unified Modeling Language, 0202 electrical engineering, electronic engineering, information engineering, System of Systems, 020201 artificial intelligence & image processing, Product (category theory), Software product line, Software engineering, business, computer, computer.programming_language

Abstract

The complex and dynamic nature of Systems of Systems (SoSs) poses many challenges on their validation and testing, but so far few effective test strategies exist to address them. On the other hand, extensive research has been conducted in the testing of Software Product Lines (SPLs), which present interesting convergence points with SoSs, as both disciplines aim at reducing development costs and time-to-market thanks to extensive reuse of existing artifacts. In this paper, we outline commonalities and differences between the SoS and SPL paradigms from the point of view of testing and investigate how existing methods and tools from SPL testing could be leveraged to address the challenges of SoS testing.

Published

2020

3. A categorization scheme for software engineering conference papers and its application

Author

Eda Marchetti, Breno Miranda, Antonello Calabrò, Francesca Lonetti, and Antonia Bertolino

Subjects

Paper type, 0301 basic medicine, Scheme (programming language), Paper categorization, Research problem, Computer science, business.industry, Conference, 020207 software engineering, 02 engineering and technology, Research contribution, 03 medical and health sciences, 030104 developmental biology, Categorization, Hardware and Architecture, Validation, 0202 electrical engineering, electronic engineering, information engineering, Software engineering, business, computer, Software, Information Systems, computer.programming_language

Abstract

Background In Software Engineering (SE), conference publications have high importance both in effective communication and in academic careers. Researchers actively discuss how a paper should be organized to be accepted in mainstream conferences. Aiming This work tackles the problem of generalizing and characterizing the type of papers accepted at SE conferences. Method The paper offers a new perspective in the analysis of SE literature: a categorization scheme for SE papers is obtained by merging, extending and revising related proposals from a few existing studies. The categorization scheme is used to classify the papers accepted at three top-tier SE conferences during five years (2012–2016). Results While a broader experience is certainly needed for validation and fine-tuning, preliminary outcomes can be observed relative to what problems and topics are addressed, what types of contributions are presented and how they are validated. Conclusions The results provide insights to paper writers, paper reviewers and conference organizers in focusing their future efforts, without any intent to provide judgments or authoritative guidelines.

Published

2018

4. JTeC: A Large Collection of Java Test Classes for Test Code Analysis and Processing

Author

Roberto Verdecchia, Antonia Bertolino, Federico Corò, Emilio Cruciani, Breno Miranda, Software and Sustainability (S2), Network Institute, Information Management & Software Engineering, Software & Services, Università degli Studi di Roma 'La Sapienza' = Sapienza University [Rome] (UNIROMA), Gran Sasso Science Institute (GSSI), Istituto Nazionale di Fisica Nucleare (INFN), Vrije Universiteit Amsterdam [Amsterdam] (VU), Combinatorics, Optimization and Algorithms for Telecommunications (COATI), Inria Sophia Antipolis - Méditerranée (CRISAM), Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-COMmunications, Réseaux, systèmes Embarqués et Distribués (Laboratoire I3S - COMRED), Laboratoire d'Informatique, Signaux, et Systèmes de Sophia Antipolis (I3S), Université Nice Sophia Antipolis (1965 - 2019) (UNS), COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-Centre National de la Recherche Scientifique (CNRS)-Université Côte d'Azur (UCA)-Université Nice Sophia Antipolis (1965 - 2019) (UNS), COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-Centre National de la Recherche Scientifique (CNRS)-Université Côte d'Azur (UCA)-Laboratoire d'Informatique, Signaux, et Systèmes de Sophia Antipolis (I3S), COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-Centre National de la Recherche Scientifique (CNRS)-Université Côte d'Azur (UCA), Federal University of Pernambuco [Recife], Consiglio Nazionale delle Ricerche [Pisa] (CNR PISA), Università degli Studi di Roma 'La Sapienza' = Sapienza University [Rome], COMmunications, Réseaux, systèmes Embarqués et Distribués (Laboratoire I3S - COMRED), Université Nice Sophia Antipolis (... - 2019) (UNS), COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-Centre National de la Recherche Scientifique (CNRS)-Université Côte d'Azur (UCA)-Université Nice Sophia Antipolis (... - 2019) (UNS), COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-COMUE Université Côte d'Azur (2015-2019) (COMUE UCA)-Centre National de la Recherche Scientifique (CNRS)-Université Côte d'Azur (UCA)-Inria Sophia Antipolis - Méditerranée (CRISAM), and Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)

Subjects

Test Suite, Java, Computer science, business.industry, Software Testing, 020207 software engineering, [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], 02 engineering and technology, Benchmarking, computer.software_genre, Large Scale, Test (assessment), GitHub, Test case, Code refactoring, 020204 information systems, Regression testing, 0202 electrical engineering, electronic engineering, information engineering, Test suite, Code (cryptography), Software engineering, business, computer, computer.programming_language

Abstract

International audience; The recent push towards test automation and test-driven development continues to scale up the dimensions of test code that needs to be maintained, analysed, and processed side-by-side with production code. As a consequence, on the one side regression testing techniques, e.g., for test suite prioritization or test case selection, capable to handle such large-scale test suites become indispensable; on the other side, as test code exposes own characteristics, specific techniques for its analysis and refactoring are actively sought. We present JTeC, a large-scale dataset of test cases that researchers can use for benchmarking the above techniques or any other type of tool expressly targeting test code. JTeC collects more than 2.5M test classes belonging to 31K+ GitHub projects and summing up to more than 430 Million SLOCs of ready-to-use real-world test code.

Published

2020

5. EDUFYSoS: A Factory of Educational System of Systems Case Studies

Author

Francesca Lonetti, Miguel Angel Olivero, Guglielmo De Angelis, Vania de Oliveira Neves, Antonia Bertolino, Universidad de Sevilla. Departamento de Lenguajes y Sistemas Informáticos, and Ministero dell'Università e della Ricerca (Italia)

Subjects

Source code, Computer science, media_common.quotation_subject, Case study, ComputerApplications_COMPUTERSINOTHERSYSTEMS, 02 engineering and technology, Extensibility, Software testing, Set (abstract data type), 020204 information systems, SoS Factory, 0202 electrical engineering, electronic engineering, information engineering, System of Systems, media_common, System of systems, Case Study, business.industry, Software Testing, Testbed, Educational Environment, Factory (object-oriented programming), 020201 artificial intelligence & image processing, Software engineering, business, Educational systems

Abstract

We propose a factory of educational System of Systems (SoS) case studies that can be used for evaluating SoS research results, in particular in SoS testing. The factory includes a first set of constituent systems that can collaborate within different SoS architectures to accomplish different missions. In the paper, we introduce three possible SoSs and outline their missions. For more detailed descriptions, diagrams and the source code, we refer to the online repository of EDUFYSoS. The factory is meant to provide an extensible playground, which we aim to grow to include more systems and other missions with the support of the community. Ministero dell'Università e della Ricerca (Italia) SISMA 201752ENYB

Published

2020

6. Advances in test automation for software with special focus on artificial intelligence and machine learning

Author

Antonia Bertolino, Andreas Ulrich, J. Jenny Li, and Xiaoying Bai

Subjects

Focus (computing), Software, business.industry, Computer science, Safety, Risk, Reliability and Quality, Software engineering, business, Automation, test automation, Test (assessment)

Published

2019

7. Debugging Flaky Tests on Web Applications

Author

Javier Tuya, Claudio de la Riva, Jesus Moran, Cristian Augusto, and Antonia Bertolino

Subjects

Root (linguistics), Spectrum-based localization, ComputingMilieux_THECOMPUTINGPROFESSION, business.industry, Computer science, media_common.quotation_subject, Web applications, Root cause, GeneralLiterature_MISCELLANEOUS, Test case, Display size, Debugging, Software testing and debugging, Asynchronous communication, Server, Web application, Test flakiness, business, Software engineering, media_common

Abstract

International Conference on Web Information Systems and Technologies, WEBIST (15th. 2019. Vienna, Austria), This work was supported in part by the Spanish Ministry of Economy and Competitiveness under TestEAMoS (TIN2016-76956-C3-1-R) project and ERDF funds, and by the European Project ElasTest in the Horizon 2020 research and innovation program (GA No. 731535).

Published

2019

8. A Tool-Supported Methodology for Validation and Refinement of Early-Stage Domain Models

Author

Marco Autili, Antonia Bertolino, Guglielmo De Angelis, Davide Di Ruscio, and Alessio Di Sandro

Subjects

Computer science, Domain Modeling, Early Stage Model, Model Driven Engineering, Model Refinement, Model Validation, Natural Language Questionnaires, Semantic Model Quality, Software, Natural language questionnaires, 02 engineering and technology, Activity diagram, computer.software_genre, Domain (software engineering), Unified Modeling Language, 0202 electrical engineering, electronic engineering, information engineering, Domain analysis, computer.programming_language, Context model, business.industry, Model validation, 020207 software engineering, Domain model, Domain modeling, Model driven engineering, Problem domain, Domain engineering, 020201 artificial intelligence & image processing, Data mining, Model-driven architecture, Software engineering, business, computer

Abstract

Model-driven engineering (MDE) promotes automated model transformations along the entire development process. Guaranteeing the quality of early models is essential for a successful application of MDE techniques and related tool-supported model refinements. Do these models properly reflect the requirements elicited from the owners of the problem domain? Ultimately, this question needs to be asked to the domain experts. The problem is that a gap exists between the respective backgrounds of modeling experts and domain experts. MDE developers cannot show a model to the domain experts and simply ask them whether it is correct with respect to the requirements they had in mind. To facilitate their interaction and make such validation more systematic, we propose a methodology and a tool that derive a set of customizable questionnaires expressed in natural language from each model to be validated. Unexpected answers by domain experts help to identify those portions of the models requiring deeper attention. We illustrate the methodology and the current status of the developed tool MOTHIA, which can handle UML Use Case, Class, and Activity diagrams. We assess MOTHIA effectiveness in reducing the gap between domain and modeling experts, and in detecting modeling faults on the European Project CHOReOS.

Published

2016

9. A tour of secure software engineering solutions for connected vehicles

Author

Eda Marchetti, Ilaria Matteucci, Paolo Mori, Antonello Calabrò, Felicita Di Giandomenico, Francesca Lonetti, Giuseppe Lami, Antonia Bertolino, and Fabio Martinelli

Subjects

Engineering, Tool-chain, 02 engineering and technology, Computer security, computer.software_genre, Security information and event management, Connected vehicles, Security engineering, AUTOSAR, 0202 electrical engineering, electronic engineering, information engineering, Safety, Risk, Reliability and Quality, Software process development, Cloud computing security, business.industry, Security by design, 020206 networking & telecommunications, 020207 software engineering, Computer security model, Security service, Software security assurance, business, Software engineering, computer, Automotive systems, Software, Automotive software

Abstract

The growing number of vehicles daily moving on roads increases the need of protecting the safety and security of passengers, pedestrians, and vehicles themselves. This need is intensified when considering the pervasive introduction of Information and Communication Technologies (ICT) systems into modern vehicles, because this makes such vehicles potentially vulnerable from the point of view of security. The convergence of safety and security requirements is one of the main outstanding research challenges in software-intensive systems. This work reviews existing methodologies and solutions addressing security issues in the automotive domain with a focus on the integration between safety and security aspects. In particular, we identify the main security issues with vehicular communication technologies and existing gaps between state-of-the-art methodologies and their implementation in the real world. Starting from a literature survey and referring to widely accepted standards of the domain, such as AUTOSAR and ISO 26262, we discuss research challenges and set baselines for a holistic secure-by-design approach targeting safety and security aspects all along the different phases of the development process of automotive software.

Published

2018

10. An automated model-based test oracle for access control systems

Author

Francesca Lonetti, Said Daoudagh, Antonia Bertolino, and Eda Marchetti

Subjects

FOS: Computer and information sciences, business.industry, Computer science, oracle derivation, XACML, 020207 software engineering, Access control, 02 engineering and technology, Oracle, testing, 020202 computer hardware & architecture, Software Engineering (cs.SE), Computer Science - Software Engineering, 0202 electrical engineering, electronic engineering, information engineering, Graph (abstract data type), business, Software engineering, computer, computer.programming_language

Abstract

In the context of XACML-based access control systems, an intensive testing activity is among the most adopted means to assure that sensible information or resources are correctly accessed. Unfortunately, it requires a huge effort for manual inspection of results: thus automated verdict derivation is a key aspect for improving the cost-effectiveness of testing. To this purpose, we introduce XACMET, a novel approach for automated model-based oracle definition. XACMET defines a typed graph, called the XAC-Graph, that models the XACML policy evaluation. The expected verdict of a specific request execution can thus be automatically derived by executing the corresponding path in such graph. Our validation of the XACMET prototype implementation confirms the effectiveness of the proposed approach., Comment: 7 pages

Published

2018

11. Guest editorial foreword for the special issue on automated software testing [Editorial]: trends and evidence

Author

Andre Takeshi Endo, José Carlos Maldonado, Márcio Eduardo Delamaro, and Antonia Bertolino

Subjects

lcsh:Computer software, 0209 industrial biotechnology, Computer science, business.industry, 02 engineering and technology, Software testing, 020901 industrial engineering & automation, lcsh:QA76.75-76.765, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Software engineering, business, EVIDÊNCIA

Published

2018

12. An orchestrated survey of methodologies for automated software test case generation

Author

Saswat Anand, Edmund K. Burke, Tsong Yueh Chen, John Clark, Myra B. Cohen, Wolfgang Grieskamp, Mark Harman, Mary Jean Harrold, Phil McMinn, Antonia Bertolino, J. Jenny Li, and Hong Zhu

Subjects

Model checking, Test strategy, Model-based testing, Computer science, Test data generation, business.industry, Random testing, Software performance testing, Symbolic execution, Test case, Software, Hardware and Architecture, Acceptance testing, Software construction, Test Management Approach, Software reliability testing, Software engineering, business, System integration testing, Information Systems

Abstract

Test case generation is among the most labour-intensive tasks in software testing. It also has a strong impact on the effectiveness and efficiency of software testing. For these reasons, it has been one of the most active research topics in software testing for several decades, resulting in many different approaches and tools. This paper presents an orchestrated survey of the most prominent techniques for automatic generation of software test cases, reviewed in self-standing sections. The techniques presented include: (a) structural testing using symbolic execution, (b) model-based testing, (c) combinatorial testing, (d) random testing and its variant of adaptive random testing, and (e) search-based testing. Each section is contributed by world-renowned active researchers on the technique, and briefly covers the basic ideas underlying the method, the current state of the art, a discussion of the open research problems, and a perspective of the future development of the approach. As a whole, the paper aims at giving an introductory, up-to-date and (relatively) short overview of research in automatic test case generation, while ensuring a comprehensive and authoritative treatment.

Published

2013

13. What paper types are accepted at the international conference on software engineering?

Author

Eda Marchetti, Breno Miranda, Antonello Calabrò, Francesca Lonetti, and Antonia Bertolino

Subjects

Scheme (programming language), Paper type, Social software engineering, Paper categorization, Research problem, business.industry, Computer science, Software Engineering conference, 05 social sciences, 020207 software engineering, 02 engineering and technology, Software walkthrough, Research contribution, Field (computer science), Software analytics, Software, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, Software engineering, business, computer, 050203 business & management, computer.programming_language

Abstract

With the aim of identifying good structures and examples for papers in the software engineering field, we conducted a study of the type of papers accepted along four decades in the Research Track of the International Conference on Software Engineering (ICSE). We used for this purpose a categorization scheme for Software Engineering papers that was obtained by merging, extending and revising a few existing paper scheme proposals. This paper summarizes some outcomes relative to what topics and problems are addressed, what types of contribution are presented and how they are validated. Insights from the study could help ICSE authors, reviewers and conference organizers in focusing and improving future efforts.

Published

2017

14. Performance measures for supporting project manager decisions

Author

Eda Marchetti, Raffaela Mirandola, and Antonia Bertolino

Subjects

Software development process, business.industry, Computer science, Process (engineering), Applications of UML, Schedule (project management), Project management, business, Software engineering, Software, Software project management, Project manager, Project management triangle

Abstract

Software measurement is a crucial technology along the software development process, and notably for project management. Decision-making in project management requires in fact, accurate estimations and the support of metrics to monitor and control the varying factors affecting the development process. Managers must make reliable schedule predictions and optimize personnel utilization. They therefore must be able to dynamically evaluate whether the resources assigned to a job are sufficient and whether the organization structure is adequate to meet the scheduled deadlines. To support managers in these tasks, we propose a method called Propean (for PROject PErformance ANalysis) based on the combination of classical performance engineering techniques and the Unified Modelling Language (UML). The combined application of these disciplines guarantees on one hand, a validated approach for modelling and estimating the ‘Quality of Service’ parameters when they come to the development process. Performance engineering techniques are in fact based on rigorous mathematical formalisms such as queueing networks, stochastic Petri nets and Markov models. On the other hand, the adoption of UML provides managers with an easy-to-use front-end representation of the process closer to the design notations they routinely employ. To illustrate Propean application, in this article, we model the case of a manager who must decide a release date for a product undergoing the testing phase. Copyright © 2007 John Wiley & Sons, Ltd.

Published

2007

15. The (Im)maturity level of software testing

Author

Antonia Bertolino

Subjects

Test strategy, Engineering, business.industry, Risk-based testing, Software performance testing, Manual testing, General Medicine, Reliability engineering, Non-regression testing, Regression testing, Test Management Approach, Software reliability testing, Software engineering, business

Abstract

A large gap exists between the state-of-the-art in software testing literature, and the state of software testing practice. Empirical research should (and could) play a first class role for bridging this gap. Empirical studies in software testing have focused mainly on the evaluation of techniques for test case selection. But effective selection of test cases by itself is not sufficient to warrant successful testing: we need also empirical studies to start collecting proven patterns that test practitioners can use to predictably solve software testing problems.

Published

2004

16. Software engineering for internet computing internetware and beyond [Guest editors' introduction]

Author

Pankaj Mehra, Hong Mei, Tao Xie, Antonia Bertolino, and M. Brian Blake

Subjects

Computer science, Internet of Things, Service choreographies, Cloud computing, Internetware, World Wide Web, Software, Cultural diversity, Cloud APIs, Software engineering, business.industry, Computer Applications, Corporate governance, Software diversification, Internet computing, Smartphone applications, Wireless sensor networks, Software deployment, Special issues and sections, The Internet, Computer applications, business, Quality assurance, Wireless sensor network

Abstract

Software engineering for Internet computing involves the architecting, development, deployment, management, and quality assurance of software supporting Internet-based systems. It also addresses global-development issues such as communication complexity, distributed control, governance policies, and cultural differences. This issue presents a selection of exciting and representative research on this topic. The Web extra at http://youtu.be/UA7rLAwFbwY is an audio recording in which author IEEE Software Multimedia Editor Davide Falessi interviews Antonia Bertolino, Hong Mei, and Tao Xie, guest editors of the magazine's January/February 2015 issue on Software Engineering for Internet Computing: Internetware and Beyond.

Published

2015

17. Improving test coverage measurement for reused software

Author

Breno Miranda and Antonia Bertolino

Subjects

Software engineering, Computer science, Test data generation, Code coverage, Symbolic execution, Development testing, Software testing, Reliability engineering, Modified condition/decision coverage, Coverage Testing, Fault coverage, Dynamic program analysis, Test suite, Coverage criteria, Relative Coverage, Test of Reused Code

Abstract

Test coverage adequacy measures provide a widely used stopping criterion. Engineering of modern software-intensive systems emphasizes reuse. In the case that a program uses reused code or third-party components in a context that is different from the original one, some of their entities (e.g. branches) might never be exercised, thus producing a code coverage level far from full and not meaningful anymore as a stopping rule for the program at hand. We introduce a new coverage criterion, called "Relevant Coverage", that in each testing context in which a code is reused calculates coverage measures over the set of relevant entities for that context. We provide an approach for identifying relevant entities using dynamic symbolic execution. The introduced coverage adequacy criterion is assessed in an exploratory study against traditional coverage in terms of test suite size reduction factor, cost-effectiveness ratio and rate of fault detection. The results of our study showed that relevant coverage can considerably reduce the test suite size while preserving a high cost-effectiveness ratio with respect to the traditional approach.

Published

2015

18. An Automated Testing Framework of Model-Driven Tools for XACML Policy Specification

Author

Eda Marchetti, Francesca Lonetti, Said Daoudagh, and Antonia Bertolino

Subjects

Test strategy, Database, business.industry, Process (engineering), Computer science, Testing, XACML, 020207 software engineering, Access control, 02 engineering and technology, Model-driven development, computer.software_genre, Test (assessment), Test case, Order (exchange), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, Software engineering, computer, De facto standard, computer.programming_language

Abstract

Access Control is among the most important security mechanisms to put in place in order to secure applications. XACML is the de facto standard for storing and deploying access control policies. However, due to the complexity of the XACML language, policy definition becomes a difficult and error prone process. In recent years, the combined use of models for the access control policy specification, and the model-to-code facilities, for the automatic transformation of the model into the XACML language, has been proposed as a possible solution. These model-driven methodologies and facilities need to be thoroughly validated and verified. In this paper we provide an integrated framework for testing the automatic translation of the specification of an access control model into an XACML policy. The framework includes different test strategies for the derivation of test cases and some facilities for making easier their execution against the XACML policy and the test results collection and analysis. In addition, we illustrate the use of the framework on a case study.

Published

2014

19. A Toolchain for Designing and Testing Access Control Policies

Author

Eda Marchetti, Said Daoudagh, Francesca Lonetti, Antonia Bertolino, and Marianne Busch

Subjects

Access control policies, business.industry, Computer science, D.4.6 Security and Protection. Access controls, XACML, 020207 software engineering, Access control, 02 engineering and technology, Toolchain, Management information systems, Test case, Authorization systems, Embedded system, Security, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Graphical specification, business, Software engineering, computer, Service development, computer.programming_language

Abstract

Security is an important aspect of modern information management systems. The crucial role of security in this systems demands the use of tools and applications that are thoroughly validated and verified. However, the testing phase is an effort consuming activity that requires reliable supporting tools for speeding up this costly stage. Access control systems, based on the integration of new and existing tools are available in the Service Development Environment (SDE). We introduce an Access Control Testing toolchain (ACT) for designing and testing access control policies that includes the following features: (i) the graphical specification of an access control model and its translation into an XACML policy; (ii) the derivation of test cases and their execution against the XACML policy; (iii) the assessment of compliance between the XACML policy execution and the access control model. In addition, we illustrate the use of the ACT toolchain on a case study.

Published

2014

20. A Requirements-Led Approach for Specifying QoS-Aware Service Choreographies: An Experience Report

Author

James Lockerbie, Neil Maiden, Antonia Bertolino, Guglielmo De Angelis, Francesca Lonetti, and Konstantinos Zachos

Subjects

Requirements management, Service (systems architecture), Business requirements, business.industry, Computer science, 020207 software engineering, 02 engineering and technology, Domain (software engineering), Business Process Model and Notation, Choreography, System requirements, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Systems engineering, Orchestration (computing), Software engineering, business

Abstract

[Context and motivation] Choreographies are a form of service composition in which partner services interact in a global scenario without a single point of control. The absence of an explicitly specified orchestration requires changes to requirements practices to recognize the need to optimize software services choreography and monitoring for satisfaction with system requirements. [Question/problem] We developed a requirements-led approach that aims to provide tools and processes to transform requirements expressed on service-based systems to QoS-aware choreography specifications. [Principal ideas/results] The approach is used by domain experts to specify natural language requirements on a service-based system, and by choreography designers to adapt their models to satisfy requirements more effectively. Non-functional requirements are mapped to BPMN choreography diagrams as quality properties, using the Q4BPMN notation, that support analysis and monitoring facilities. [Contribution] We report the new integrated approach and provide lessons learned from applying it to a real-world example of dynamic taxi management.

Published

2014

21. Editorial for the special issue of STVR on the 5th IEEE International Conference on Software Testing, Verification, and Validation (ICST 2012)

Author

Antonia Bertolino and Yvan Labiche

Subjects

Computer science, Software testing, business.industry, D.2.5 SOFTWARE ENGINEERING. Testing and Debugging, Software verification and validation, Safety, Risk, Reliability and Quality, Software engineering, business, Software

Published

2014

22. An extensible framework for online testing of choreographed services

Author

Daniele Fani, Midhat Ali, Andrea Polini, Guglielmo De Angelis, Antonia Bertolino, and Francesco De Angelis

Subjects

Service (systems architecture), General Computer Science, business.industry, computer.internet_protocol, Computer science, Web service testing, Choreography, Service-oriented architecture, computer.software_genre, Extensibility, Software verification and validation, Web service, Software engineering, business, Software architecture, computer

Abstract

Service choreographies present numerous engineering challenges, particularly with respect to testing activities, that traditional design-time approaches cannot properly address. A proposed online testing solution offers a powerful, extensible framework to effectively assess service compositions, leading to a more trustworthy and reliable service ecosystem.

Published

2014

23. Software architecture-based analysis and testing: a look into achievements and future challenges

Author

Paola Inverardi, Antonia Bertolino, and Henry Muccini

Subjects

Numerical Analysis, business.industry, Computer science, Architecture-based analysis and testing, Software Engineering, Reuse, D.2.11 Software Architectures, Computer Science Applications, Theoretical Computer Science, Variety (cybernetics), Computational Mathematics, Computational Theory and Mathematics, Software Architecture, Complexity management, Dependability, Domain engineering, Code generation, Software system, Software architecture, Software engineering, business, D.2 SOFTWARE ENGINEERING, Software

Abstract

The term software architecture (SA) has been introduced to denote the high level structure of a software system. SA has been proposed as a means for managing complexity and improving reuse, by supporting the decomposition of a system into its high level components and their interconnections. SA became prevalent in the beginning of the ’90s when its main role was to describe the system structure (by identifying architectural components and connectors) and the required system behavior. Over the years, the SA scope has evolved, and today it also captures the architecturally-relevant decisions behind design [50] taken by a variety of stakeholders to satisfy their own specific concerns, and codified into different views and viewpoints [46]. Nowadays, the relevance of SA in both academic and industrial worlds is unquestionable, and SAs are used for documenting and communicating design decisions and architectural solutions [24], for driving analysis techniques [57,62,63,79], for code generation purposes in model-driven engineering [3,37], for product line engineering [15], for risks and cost estimation [36,67], and further on. SAs have also been advocated since the 1990s as a means for improving the dependability of complex software systems. In this light, different methods have been

Published

2013

24. A Generative Approach for the Adaptive Monitoring of SLA in Service Choreographies

Author

Antonello Calabrò, Guglielmo De Angelis, Antonia Bertolino, CNR Istituto di Scienza e Tecnologie dell’Informazione 'A. Faedo' [Pisa] (CNR | ISTI), National Research Council of Italy | Consiglio Nazionale delle Ricerche (CNR), and European Project: 257178,EC:FP7:ICT,FP7-ICT-2009-5,CHOREOS(2010)

Subjects

Service (systems architecture), D.2.5 Testing and Debugging, Monitoring, Computer science, Distributed computing, Adaptive monitoring, QoS, [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], 02 engineering and technology, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.2: Design Tools and Techniques, ACM: C.: Computer Systems Organization/C.4: PERFORMANCE OF SYSTEMS, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, SOA, Event correlation, Architecture, D.2.2 Design Tools and Techniques, business.industry, Quality of service, Complex Event Processor, 020207 software engineering, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging, C.4 PERFORMANCE OF SYSTEMS, Choreography, Service level, ACM: D.: Software/D.2: SOFTWARE ENGINEERING, Choreographies, SLA, Software engineering, business, D.2 SOFTWARE ENGINEERING, Generative grammar

Abstract

International audience; Monitoring is an essential means in the management of service-oriented applications. Here, event correlation results crucial when monitoring rules aim at checking the exposed levels of Quality of Service against the Service Level Agreements established among the choreography participants. However, when choreographies are enacted over distributed networks or clouds, the relevant monitoring rules might not be completely defined a-priori, as they may need to be adapted to the specific infrastructure and to the evolution of events. This paper presents an adaptive multi-source monitoring architecture synthesizing instances of rules at run-time and shows examples of use on a demonstration scenario from the European Project CHOReOS.

Published

2013

25. A toolchain for designing and testing XACML policies

Author

Francesca Lonetti, Marianne Busch, Eda Marchetti, Nora Koch, Antonia Bertolino, and Said Daoudagh

Subjects

D.2.5 Testing and Debugging, Computer science, Process (engineering), computer.internet_protocol, UML-based Web Engineering, XACML, Access control, 02 engineering and technology, Computer security, computer.software_genre, Toolchain, XACML policies, Test cases generation, Formal specification, 0202 electrical engineering, electronic engineering, information engineering, computer.programming_language, business.industry, 020206 networking & telecommunications, Service-oriented architecture, D.2.6 Security and Protection. Access controls, Data access, Model compliance, 020201 artificial intelligence & image processing, Software engineering, business, computer, D.2 SOFTWARE ENGINEERING, De facto standard

Abstract

In modern pervasive application domains, such as Service Oriented Architectures (SOAs) and Peer-to-Peer (P2P) systems, security aspects are critical. Justified confidence in the security mechanisms that are implemented for assuring proper data access is a key point. In the last years XACML has become the de facto standard for specifying policies for access control decisions in many application domains. Briefly, an XACML policy defines the constraints and conditions that a subject needs to comply with for accessing a resource and doing an action in a given environment. Due to the complexity of the language, XACML policy specification is a difficult and error prone process that requires specific knowledge and a high effort to be properly managed.

Published

2013

26. Guest Editorial for Special Section from Component-based Software Engineering (CBSE) 2011

Author

Kendra M. L. Cooper and Antonia Bertolino

Subjects

Engineering, business.industry, Component-based Software Engineering, Component-based software engineering, Special section, CBSE Symposium, Software engineering, business, D.2 SOFTWARE ENGINEERING, Software, Computer Science Applications, Information Systems

Published

2013

27. Adaptive SLA Monitoring of Service Choreographies Enacted on the Cloud

Author

Antonello Calabrò, Guglielmo De Angelis, Antonia Bertolino, De Angelis, Guglielmo, Large Scale Choreographies for the Future Internet - CHOREOS - - EC:FP7:ICT2010-10-01 - 2013-09-30 - 257178 - VALID, CNR Istituto di Scienza e Tecnologie dell’Informazione 'A. Faedo' [Pisa] (CNR | ISTI), National Research Council of Italy | Consiglio Nazionale delle Ricerche (CNR), and European Project: 257178,EC:FP7:ICT,FP7-ICT-2009-5,CHOREOS(2010)

Subjects

Engineering, Service (systems architecture), D.2.5 Testing and Debugging, Monitoring, computer.internet_protocol, media_common.quotation_subject, [INFO.INFO-SE] Computer Science [cs]/Software Engineering [cs.SE], QoS, Cloud computing, [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], 02 engineering and technology, Computer security, computer.software_genre, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.2: Design Tools and Techniques, Adaptability, 0202 electrical engineering, electronic engineering, information engineering, SOA, media_common, D.2.2 Design Tools and Techniques, business.industry, Quality of service, 020208 electrical & electronic engineering, Complex Event Processor, 020207 software engineering, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging, Service-oriented architecture, System monitoring, Choreography, Service level, ACM: D.: Software/D.2: SOFTWARE ENGINEERING, Choreographies, SLA, business, Software engineering, computer, D.2 Software Engineering

Abstract

International audience; The deployment and the execution of applications on dynamic Cloud infrastructures introduces new requirements of adaptability with respect to monitoring. Specifically, the governance of service choreographies enacted over Cloud-based solutions relies on the observation and analysis of events happening at different abstraction layers. Adaptability requirements are even more evident when monitoring deals with Service Level Agreements (SLA) established among the choreography participants. In fact, as the Cloud paradigm offers on-demand solutions as a service, often monitoring rules cannot be completely defined off-line. Thus also the monitoring infrastructure must keep track of the continuous evolution of the underlying environment, and adapt itself accordingly. This paper proposes an adaptive multi-source monitoring architecture that can synthesize on-the-fly SLA monitoring rules following the evolution of the Cloud infrastructure. We demonstrate the idea on a case study and discuss limitations as well as planned further advancements.

Published

2013

28. Monitoring Service Choreographies from Multiple Sources

Author

Amira Ben Hamida, Nelson Lago, Antonello Calabrò, Antonia Bertolino, Julien Lesbegueries, Guglielmo De Angelis, CNR Istituto di Scienza e Tecnologie dell’Informazione 'A. Faedo' [Pisa] (CNR | ISTI), National Research Council of Italy | Consiglio Nazionale delle Ricerche (CNR), Department of Computer Science (USP), Universidade de São Paulo = University of São Paulo (USP), Linagora Labs [Toulouse], Linagora [Puteaux], Paris Avgeriou, and European Project: 257178,EC:FP7:ICT,FP7-ICT-2009-5,CHOREOS(2010)

Subjects

Service (systems architecture), Monitoring, Computer science, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging/D.2.5.6: Monitors, Complex event processing, QoS, Cloud computing, 02 engineering and technology, Choreographies, Complex Event Processing, SOA, SLA, [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.2: Design Tools and Techniques, World Wide Web, Software, 0202 electrical engineering, electronic engineering, information engineering, Soa, Architecture, Adaptation (computer science), 020203 distributed computing, business.industry, Grid, ACM: D.: Software/D.2: SOFTWARE ENGINEERING, 020201 artificial intelligence & image processing, business, Software engineering

Abstract

International audience; Modern software applications are more and more conceived as distributed service compositions deployed over Grid and Cloud technologies. Choreographies provide abstract specifications of such compositions, by modeling message-based multi-party interactions without assuming any central coordination. To enable the management and dynamic adaptation of choreographies, it is essential to keep track of events and exchanged messages and to monitor the status of the underlying platform, and combine these different levels of information into complex events meaningful at the application level. Towards this goal, we propose a Multi-source Monitoring Framework that we are developing within the EU Project CHOReOS, which can correlate the messages passed at business-service level with observations relative to the infrastructure resources. We present the monitor architecture and illustrate it on a use-case excerpted from the CHOReOS project.

Published

2012

29. Yet Another Meta-Model to specify Non-Functional Properties

Author

Claudio Pompilio, Francesca Lonetti, Antonia Bertolino, Antinisca Di Marco, Antonello Calabrò, Antonino Sabetta, Dipartimento di Informatica [Italy] (DI), Università degli Studi dell'Aquila (UNIVAQ), Istituto di Scienza e Tecnologie dell'Informazione 'A. Faedo' (ISTI), Consiglio Nazionale delle Ricerche [Roma] (CNR), SAP Research [Belfast], SAP, European Project: 231167,EC:FP7:ICT,FP7-ICT-2007-3,CONNECT(2009), Università degli Studi dell'Aquila = University of L'Aquila (UNIVAQ), CNR Istituto di Scienza e Tecnologie dell’Informazione 'A. Faedo' [Pisa] (CNR | ISTI), and National Research Council of Italy | Consiglio Nazionale delle Ricerche (CNR)

Subjects

Service quality, System deployment, service quality model, business.industry, Computer science, Service design, Software as a service, non-functional properties, Service discovery, Software requirements specification, 020207 software engineering, 02 engineering and technology, [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], Metamodeling, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.1: Requirements/Specifications/D.2.1.1: Languages, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.9: Management/D.2.9.7: Software quality assurance (SQA), 0202 electrical engineering, electronic engineering, information engineering, Systems engineering, 020201 artificial intelligence & image processing, Data as a service, business, Software engineering, Meta-model, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.8: Metrics/D.2.8.1: Performance measures

Abstract

International audience; In service-oriented systems non-functional properties become very important to support run-time service discovery and composition. Software engineers should take care of them for guaranteeing the service quality in all the software life-cycle phases, from requirements speci cation to design, to system deployment and execution monitoring. This wide scope and the criticality of non-functional properties demand that they are expressed in a language which is intuitive and easy to use for the service quality specifi cation, and at the same time is machine-processable to be automatically handled at run-time. In this paper we present a Property Meta-Model that aims to reach these two main objectives and show as a proof of concept its use for the modeling of two di fferent properties.

Published

2011

30. Teaching software testing: Experiences, lessons learned and the path forward

Author

Vidroha Debroy, Aditya P. Mathur, W. Eric Wong, Antonia Bertolino, Jeff Offutt, and Mladen A. Vouk

Subjects

Engineering, Software bug, Software testing, business.industry, Operations management, business, Software engineering, Gross domestic product, Manufacturing engineering, PATH (variable)

Abstract

According to a study commissioned by the National Institute of Standards and Technology in 2002, software bugs cost the U.S. economy an estimated $59.5 billion annually, or about 0.6 percent of the nation's gross domestic product (GDP). The same study also found that more than one-third of these costs, or an estimated $22.2 billion, could be eliminated by an improved testing infrastructure. These numbers would be significantly higher if the study were conducted today.

Published

2011

31. Bringing white-box testing to service oriented architectures through a service oriented approach

Author

Cesare Bartolini, Eda Marchetti, Antonia Bertolino, and Sebastian Elbaum

Subjects

Engineering, Service (systems architecture), computer.internet_protocol, Service delivery framework, media_common.quotation_subject, White-box testing, 02 engineering and technology, Loose coupling, computer.software_genre, Service-Oriented Architecture, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Quality (business), media_common, business.industry, Service design, 020207 software engineering, Service-oriented architecture, Hardware and Architecture, Testing web services, Web service, business, Software engineering, computer, Coverage adequacy criteria, Software, Information Systems

Abstract

The attractive feature of Service Oriented Architecture (SOA) is that pieces of software conceived and developed by independent organizations can be dynamically composed to provide richer functionality. The same reasons that enable flexible compositions, however, also prevent the application of some traditional testing approaches, making SOA validation challenging and costly. Web services usually expose just an interface, enough to invoke them and develop some general (black-box) tests, but insufficient for a tester to develop an adequate understanding of the integration quality between the application and the independent web services. To address this lack we propose an approach that makes web services more transparent to testers through the addition of an intermediary service that provides coverage information. The approach, named Service Oriented Coverage Testing (SOCT), provides testers with feedback about how much a service is exercised by their tests without revealing the service internals. In SOCT, testing feedback is offered itself as a service, thus preserving SOA founding principles of loose coupling and implementation neutrality. In this paper we motivate and define the SOCT approach, and implement an instance of it. We also perform a study to asses SOCT feasibility and provide a preliminary evaluation of its viability and value.

Published

2011

32. Is my model right? Let me ask the expert

Author

Antonia Bertolino, Antonino Sabetta, Guglielmo De Angelis, and Alessio Di Sandro

Subjects

Computer science, Modeling language, Experience report, D.2, D.2.1, D.2.4, i.6.4, 02 engineering and technology, computer.software_genre, Business domain, Domain (software engineering), 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Domain analysis, computer.programming_language, business.industry, Model validation, Conceptual model (computer science), 020207 software engineering, Domain model, Domain modeling, Model driven engineering, Subject-matter expert, Hardware and Architecture, Domain engineering, Domain knowledge, Data mining, Model-driven architecture, Software engineering, business, computer, Software, Information Systems

Abstract

Defining a domain model is a costly and error-prone process. It requires that the knowledge possessed by domain experts be suitably captured by modeling experts. Eliciting what is in the domain expert's mind and expressing it using a modeling language involve substantial human effort. In the process, conceptual errors may be introduced that are hard to detect without a suitable validation methodology. This paper proposes an approach to support such validation, by reducing the knowledge gap that separates modeling experts and domain experts. While our methodology still requires the domain expert's judgement, it partially automates the validation process by generating a set of yes/no questions from the model. Answers differing from expected ones point to elements in the model which require further consideration and can be used to guide the dialogue between domain experts and modeling experts. Our methodology was implemented as a tool and was applied to a real case study, within the IPERMOB project.

Published

2011

33. Sixth international workshop on automation of software test (AST 2011)

Author

Howard Foster, J. Jenny Li, and Antonia Bertolino

Subjects

Social software engineering, Computer science, business.industry, Automated Software Testing, Software development, Software walkthrough, Software quality, Software analytics, Software, Software deployment, Software construction, Personal software process, Software design, Package development process, Software system, Software requirements, Software verification and validation, Software engineering, business, Software design description, Software verification, Software project management

Abstract

The Sixth International Workshop on Automation of Software Test (AST 2011) is associated with the 33rd International Conference on Software Engineering (ICSE 2011). This edition of AST was focused on the special theme of Software Design and the Automation of Software Test and authors were encouraged to submit work in this area. The workshop covers two days with presentations of regular research papers, industrial case studies and experience reports. The workshop also aims to have extensive discussions on collaborative solutions in the form of charette sessions. This paper summarizes the organization of the workshop, the special theme, as well as the sessions.

Published

2011

34. Towards automated robustness testing of BPEL orchestrators

Author

Francesca Lonetti, Cesare Bartolini, Denitsa Manova, Sylvia Ilieva, and Antonia Bertolino

Subjects

computer.internet_protocol, Computer science, Robustness testing, Software performance testing, 0102 computer and information sciences, 02 engineering and technology, computer.software_genre, 01 natural sciences, Business processes, Robustness (computer science), Cloud testing, 0202 electrical engineering, electronic engineering, information engineering, Database, business.industry, 020207 software engineering, Fault injection, Robustness of software systems, Business Process Execution Language, 010201 computation theory & mathematics, Testing SOA applications, Software reliability testing, Software engineering, business, computer, System integration testing

Abstract

Recently, a growing interest on robustness testing of services composition is emerging. In this paper, we propose a robustness testing approach of services composition by means of fault injection of the BPEL process. The proposed solution is implemented into the existing TASSA framework aimed at functional and non-functional testing of service applications. A case study is provided for assessing the effectiveness of the proposed approach.

Published

2011

35. GLIMPSE: A generic and flexible monitoring infrastructure

Author

Antonino Sabetta, Antonello Calabrò, Francesca Lonetti, Antonia Bertolino, CNR Istituto di Scienza e Tecnologie dell’Informazione 'A. Faedo' [Pisa] (CNR | ISTI), National Research Council of Italy | Consiglio Nazionale delle Ricerche (CNR), SAP Research [Belfast], SAP, European Project: 231167,EC:FP7:ICT,FP7-ICT-2007-3,CONNECT(2009), Lonetti, Francesca, and Emergent Connectors for Eternal Software Intensive Networked Systems - CONNECT - - EC:FP7:ICT2009-02-01 - 2012-11-30 - 231167 - VALID

Subjects

Rule engine, Engineering, Monitoring, [INFO.INFO-SE] Computer Science [cs]/Software Engineering [cs.SE], ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging/D.2.5.6: Monitors, Real-time computing, Complex event processing, Context (language use), [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], 02 engineering and technology, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.8: Metrics, 0202 electrical engineering, electronic engineering, information engineering, Adaptation (computer science), computer.programming_language, Publish/subscribe, Flexibility (engineering), Generality, Scope (project management), business.industry, Event (computing), 020206 networking & telecommunications, 020207 software engineering, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging, Monitor, CONNECT, Testing and Debugging, Model-driven architecture, Model-driven engineering, Software engineering, business, Complex-event processing, computer

Abstract

International audience; To respond to the growing needs of evolution and adaptation coming from the modern open connected world, applications must continuously monitor their own execution and the surrounding context. The events to be observed, belonging to guaranteed functional and non-functional properties, can themselves vary in scope and along time. Therefore the monitor must be easily con figurable and able to serve differing event consumers. To address these requirements, we developed the Glimpse monitoring infrastructure conceived having flexibility and generality as main concerns. The paper introduces the architecture of Glimpse and shows how it can support runtime performance analysis through a simple example.

Published

2011

36. Quality in ICT Verification and Validation

Author

Antonia Bertolino

Subjects

Computer science, business.industry, Modeling language, media_common.quotation_subject, Automation, Unified Modeling Language, Systems Modeling Language, Information and Communications Technology, Systems engineering, Verification and validation of computer simulation models, Quality (business), business, Software engineering, computer, computer.programming_language, media_common, Verification and validation

Published

2010

37. CONNECT Challenges: Towards Emergent Connectors for Eternal Networked Systems

Author

Massimo Tivoli, Bengt Jonsson, Gordon S. Blair, Bernhard Steffen, Paola Inverardi, Marta Kwiatkowska, Paul Grace, Radu Calinescu, Antonia Bertolino, Antonino Sabetta, Valérie Issarny, Software architectures and distributed systems (ARLES), Inria Paris-Rocquencourt, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Computer Science Department [Dortmund], Technische Universität Dortmund [Dortmund] (TU), Uppsala University, Computing Department [Lancaster], Lancaster University, Computing Science Laboratory - Oxford University, University of Oxford [Oxford], University of L'Aquila [Italy] (UNIVAQ), Istituto di Scienza e Tecnologie dell'Informazione 'A. Faedo' (ISTI), Consiglio Nazionale delle Ricerche [Roma] (CNR), European Project: 231167,EC:FP7:ICT,FP7-ICT-2007-3,CONNECT(2009), University of Oxford, CNR Istituto di Scienza e Tecnologie dell’Informazione 'A. Faedo' [Pisa] (CNR | ISTI), and National Research Council of Italy | Consiglio Nazionale delle Ricerche (CNR)

Subjects

ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.11: Software Architectures, Monitoring, Computer science, On the fly, Interoperability, system synthesis, interoperability, 02 engineering and technology, computer.software_genre, [INFO.INFO-IU]Computer Science [cs]/Ubiquitous Computing, Software, middleware, 0202 electrical engineering, electronic engineering, information engineering, Connector, Connect, software architecture, Connector synthesis, business.industry, Quality of service, 020207 software engineering, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.5: Testing and Debugging, Automaton, ACM: D.: Software/D.2: SOFTWARE ENGINEERING/D.2.12: Interoperability, Embedded software, behavior learning, Automated learning, Middleware (distributed applications), quality of service, 020201 artificial intelligence & image processing, Telecommunications, business, Software architecture, Software engineering, computer

Abstract

International audience; The CONNECT European project that started in February 2009 aims at dropping the interoperability barrier faced by today's distributed systems. It does so by adopting a revolutionary approach to the seamless networking of digital systems, that is, synthesizing on the fly the connectors via which networked systems communicate. CONNECT investigates formal foundations for connectors together with associated automated support for learning, reasoning about and adapting the interaction behavior of networked systems.

Published

2009

38. Automatic synthesis of behavior protocols for composable Web-services

Author

Patrizio Pelliccione, Antonia Bertolino, Massimo Tivoli, Paola Inverardi, Istituto di Scienza e Tecnologie dell'Informazione 'A. Faedo' (ISTI), Consiglio Nazionale delle Ricerche [Roma] (CNR), Dipartimento di Informatica [Italy] (DI), Università degli Studi dell'Aquila (UNIVAQ), Hans van Vliet and Valérie Issarny, European Project: 231167,EC:FP7:ICT,FP7-ICT-2007-3,CONNECT(2009), CNR Istituto di Scienza e Tecnologie dell’Informazione 'A. Faedo' [Pisa] (CNR | ISTI), National Research Council of Italy | Consiglio Nazionale delle Ricerche (CNR), and Università degli Studi dell'Aquila = University of L'Aquila (UNIVAQ)

Subjects

Service (systems architecture), Open platform, synthesis, Business process, Computer science, Distributed computing, Interoperability, Testing, Automatic Synthesis, 02 engineering and technology, [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], computer.software_genre, Data type, 0202 electrical engineering, electronic engineering, information engineering, learing, Protocol (object-oriented programming), business.industry, Behaviour protocols, ACM, Web-services, 020207 software engineering, testing, Automaton, 020201 artificial intelligence & image processing, Web service, Software engineering, business, computer

Abstract

International audience; Web-services are broadly considered as an effective means to achieve interoperability between heterogeneous parties of a business process and offer an open platform for developing new composite web-services out of existing ones. In the literature many approaches have been proposed with the aim to automatically compose web-services. All of them assume that, along with the webservice signature, some information is provided about how clients interacting with the web-service should behave when invoking it. We call this piece of information the web-service behavior protocol. Unfortunately, in the practice this assumption turns out to be unfounded. To address this need, in this paper we propose a method to automatically derive from the web-service signature an automaton modeling its behavior protocol. The method, called StrawBerry, combines synthesis and testing techniques. In particular, synthesis is based on data type analysis. The conformance between the synthesized automaton and the implementation of the corresponding web-service is checked by means of testing. The application of StrawBerry to the Amazon E-Commerce Service shows that it is practical and realistic.

Published

2009

39. On-line validation of service oriented systems in the european project TAS3

Author

Antonia Bertolino, Guglielmo De Angelis, and Andrea Polini

Subjects

Flexibility (engineering), Authentication, business.industry, Computer science, computer.internet_protocol, 05 social sciences, 020207 software engineering, 02 engineering and technology, Service-oriented architecture, Software quality, Testing web services, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, Dependability, 050211 marketing, The Internet, business, Software engineering, Software architecture, computer, Personally identifiable information

Abstract

The European Project TAS3 addresses the challenge of combining the openness, flexibility, dynamicity offered by service-oriented applications, together with privacy, security and reliability characteristics that are required when personal information is handled. In addition to appropriate authorization and authentication mechanisms, it is important to put in place appropriate validation procedures that can check the trustworthiness and dependability of services provided. We outline the Audition framework and discuss how such on-line validation approach can fit within the TAS3 vision of a seamless connected world, where the final users remain in charge for releasing and administering their data.

Published

2009

40. Automated testing of healthcare document transformations in the PICASSO interoperability platform

Author

Antonia Bertolino, Eda Marchetti, Massimo Pascale, Umberto Rugani, Cesare Bartolini, Andrea Polini, Marcello Roselli, and Francesca Lonetti

Subjects

computer.internet_protocol, XSL, Computer science, Interoperability, 02 engineering and technology, XSLT, World Wide Web, Application domain, 020204 information systems, Schema (psychology), 0202 electrical engineering, electronic engineering, information engineering, Information system, Reference model, computer.programming_language, Electronic data interchange, business.industry, 020207 software engineering, XML Instance generation, Workflow, ComputingMethodologies_DOCUMENTANDTEXTPROCESSING, Automated testing of XSLT documents, Software engineering, business, HL7-V3, computer, XML

Abstract

In every application domain, achieving interoperability among heterogenous information systems is a crucial challenge and alliances are formed to standardize data-exchange formats. In the healthcare sector, HL7-V3 provides the current international reference models for clinical and administrative documents. Codices, an Italian company, provides the PICASSO platform that uses HL7-V3 as the pivot format to fast achieve a highly integrated degree of interoperability among health-related applications. Given the XML structure of HL7-V3, PICASSO can exploit the XSLT technology to flexibly transform documents. However, Codices spends a large part of the PICASSO deployment workflow for manually validating the required XSL stylesheets. In this paper, we describe a pilot experience in test automation, based on the TAXI tool that applies systematic black-box techniques to generate a set of XML instances from a schema. Observed benefits to Codices development process are reported and discussed.

Published

2009

41. Whitening SOA testing

Author

Cesare Bartolini, Sebastian Elbaum, Antonia Bertolino, and Eda Marchetti

Subjects

Engineering, computer.internet_protocol, White-box testing, media_common.quotation_subject, 02 engineering and technology, Loose coupling, computer.software_genre, World Wide Web, 0202 electrical engineering, electronic engineering, information engineering, Quality (business), media_common, Service (business), Flexibility (engineering), business.industry, 020207 software engineering, Service-oriented architecture, Testing web services, 020201 artificial intelligence & image processing, Web service, Software engineering, business, WS-Policy, computer, Coverage adequacy criteria

Abstract

Service Oriented Architectures (SOAs) are becoming increasingly popular and powerful. Fueling that growth is the availability of independent web services that can be costeffectively composed with other services to provide richer functionality. The reasons that make these systems easier to build, however, also make them more challenging to test. Independent web services usually provide just an interface, enough to invoke them and develop some general (black-box) tests, but insufficient for a tester to develop an adequate understanding of the integration quality between the application and independent web services. To address this lack we propose a "whitening" approach to make web services more transparent through the addition of an intermediate coverage service. The approach, named Service Oriented Coverage Testing (SOCT), provides a tester with feedback about how a whitened service, called a Testable Service, is exercised. In this paper we introduce the SOCT approach, implement an instance of it, and perform a preliminary study to show its feasibility and potential value. SOCT enables SOA white-box testing, while maintaining SOA flexibility, dynamism and loose coupling.

Published

2009

42. Approaches to testing service-oriented software systems

Author

Antonia Bertolino

Subjects

Test strategy, business.industry, Integration testing, Computer science, White-box testing, Services computing, Service-level agreement, Black-box testing, World Wide Web, Testing of QoS, Cloud testing, SOA test governance, Test Management Approach, Software engineering, business, System integration testing, Service-oriented architecture, Back-box and white-box testing of web services

Abstract

The attractiveness and popularity of Service-Oriented Software Systems (SOSSs) stem from the growing availability of independent services that can be cost-effectively composed with other services to dynamically provide richer functionality. Service-orientation however poses new and difficult challenges to testers, especially when it comes to testing the interactions between heterogeneous, loosely coupled and independently developed services. Service integration testing requires discipline, standardized processes, and agreed policies to be put in place, which we referred to as SOA (Service Oriented Architecture) Test Governance (STG). Discovered services usually provide just a syntactical interface, enabling some general black-box tests, but insufficient to develop an adequate understanding of the integration quality between the interacting services. Besides, testing for the functional and extra-functional properties of a composite SOSS cannot generally rely on the ready or full availability, for testing purposes, of all invoked services (e.g., their usage might bring unwanted side effects). In this talk we will survey some of our recent results on SOSSs testing that span over the above needs. We will first discuss how the STG concept is implicit behind any approach to testing composite SOSSs and then give an overview of three different, complementary SOSS test approaches realizing different grades of STG, namely: the state-of-practice prototype tool WS-TAXI, for fully automatic generation of black-box test inputs; the novel SOCT approach allowing for test coverage measurement of independent services without loosing their implementation neutrality; the PUPPET tool for model-based generation of a testbed simulating the functional and extra-functional behavior of invoked external services.

Published

2009

43. Software Testing Forever: Old and New Processes and Techniques for Validating Today’s Applications

Author

Antonia Bertolino

Subjects

Social software engineering, Testing and monitoring of dynamic systems, business.industry, Computer science, Testing for functional and non-functional properties, Software development, Software testing research challenges, Software construction, Package development process, Software verification and validation, Software reliability testing, business, Software engineering, System integration testing

Abstract

Software testing is a very complex activity deserving a first-class role in software development. Testing related activities encompass the entire development process and may consume a large part of the effort required for producing software. In this talk, I will first organize into a coherent framework the many topics and tasks forming the software testing discipline, pointing at relevant open issues [1]. Then, among the outlined challenges, I will focus on some hot ones posed by the testing of modern complex and highly dynamic systems [2]. What is assured is that software testers do not risk to remain without their job, and testing researchers are not at short of puzzles. Software testing is and will forever be a fundamental activity of software engineering: notwithstanding the revolutionary advances in the way it is built and employed (or perhaps exactly because of), the software will always need to be eventually tried and monitored. In the years, software testing has evolved from an "art" to a discipline, but test practice largely remains a trial-and-error methodology. We will never find a test approach that is guaranteed to deliver a "perfect" product, whichever is the effort we employ. However, what we can and must pursue is to transform testing from "trial-and-error" to a systematic, cost-effective and predictable engineering practice.

Published

2008

44. Data Flow-Based Validation of Web Services Compositions: Perspectives and Examples

Author

Ioannis Parissis, Cesare Bartolini, Eda Marchetti, and Antonia Bertolino

Subjects

Database, Standardization, business.industry, Computer science, Business process, computer.internet_protocol, Interface description language, computer.software_genre, Data flow diagram, Business Process Execution Language, Web service, Software engineering, business, computer, Composition (language), Verification and validation

Abstract

Composition of Web Services (WSs) is anticipated as the future standard way to dynamically build distributed applications, and hence their verification and validation is attracting great attention. The standardization of BPEL as a composition language and of WSDL as a WS interface definition language has led researchers to investigate verification and validation techniques mainly focusing on the sequence of events in the composition, while minor attention has been paid to the validation of the data flow exchange. In this chapter we study the potential of using data flow modelling for testing composite WSs. After an exhaustive exploration of the issues on testing based on data-related models, we schematically settle future research issues on the perspectives opened by data flow-based validation and present examples for some of them, illustrated on the case study of a composite WS that we have developed, the Virtual Scientific Book Store.

Published

2008

45. Session details: Widened software engineering

Author

Henry Muccini and Antonia Bertolino

Subjects

Engineering, business.industry, Session (computer science), Software engineering, business

Published

2007

46. Welcome to the WISE track

Author

Antonia Bertolino and Henry Muccini

Subjects

Engineering, Social software engineering, business.industry, Software technical review, Personal software process, Software walkthrough, business, Track (rail transport), Software engineering, ComputingMilieux_MISCELLANEOUS

Abstract

This year ESCE/FSE launches the new Widened Software Engineering (WISE) track with an explicit aim to widen international participation, especially from countries which are usually under-represented in the conference audience.

Published

2007

47. Automatic Generation of Test-beds for Pre-Deployment QoS Evaluation of Web Services

Author

Guglielmo De Angelis, Antonia Bertolino, and Andrea Polini

Subjects

Service (systems architecture), Exploit, Database, business.industry, Computer science, Quality of service, computer.software_genre, Test (assessment), Software deployment, Web service, WS-Policy, Software engineering, business, computer

Abstract

This paper presents Puppet (Pick UP Performance Evaluation Test-bed), an approach for the automatic generation of test-beds to empirically evaluate different QoS features of a Web Service under development. Specifically, the generation exploits the information about the coordinating scenario, the service description and the specification of the agreements that the roles will abide. The approach is supported by a proof-of-concept tool to validate the feasibility of the idea.

Published

2007

48. Testing software components for integration: a survey of issues and techniques

Author

Andrea Polini, Fakhra Jabeen, Muhammad Jaffar-ur Rehman, and Antonia Bertolino

Subjects

Test strategy, Software components, Component testing, Metadata, Computer science, Integration testing, business.industry, Software performance testing, Software construction, Component-based software engineering, Systems engineering, Software reliability testing, Safety, Risk, Reliability and Quality, Software engineering, business, System integration testing, Component-based usability testing, D.2.4 Software/Program Verification, Software

Abstract

Component-based development has emerged as a system engineering approach that promises rapid software development with fewer resources. Yet, improved reuse and reduced cost benefits from software components can only be achieved in practice if the components provide reliable services, thereby rendering component analysis and testing a key activity. This paper discusses various issues that can arise in component testing by the component user at the stage of its integration within the target system. The crucial problem is the lack of information for analysis and testing of externally developed components. Several testing techniques for component integration have recently been proposed. These techniques are surveyed here and classified according to a proposed set of relevant attributes. The paper thus provides a comprehensive overview which can be useful as introductory reading for newcomers in this research field, as well as to stimulate further investigation. Copyright © 2006 John Wiley & Sons, Ltd.

Published

2007

49. Software testing research: achievements, challenges, dreams

Author

Antonia Bertolino

Subjects

Software Engineering Process Group, D.2.5 Testing and Debugging, Computer science, Software walkthrough, Software quality analyst, Theory, Software system, Software verification and validation, Social software engineering, business.industry, Software development, Verification, Data science, Software quality, Software metric, Software security assurance, Software deployment, Software construction, Package development process, Software reliability testing, Software engineering, business, System integration testing, Quality assurance, D.2.4 Software/Program Verification, Software verification, Software quality control

Abstract

Software engineering comprehends several disciplines devoted to prevent and remedy malfunctions and to warrant adequate behaviour. Testing, the subject of this paper, is a widespread validation approach in industry, but it is still largely ad hoc, expensive, and unpredictably effective. Indeed, software testing is a broad term encompassing a variety of activities along the development cycle and beyond, aimed at different goals. Hence, software testing research faces a collection of challenges. A consistent roadmap of the most relevant challenges to be addressed is here proposed. In it, the starting point is constituted by some important past achievements, while the destination consists of four identified goals to which research ultimately tends, but which remain as unreachable as dreams. The routes from the achievements to the dreams are paved by the outstanding research challenges, which are discussed in the paper along with interesting ongoing work.

Published

2007

50. A QoS Test-Bed Generator for Web Services

Author

Antonia Bertolino, Guglielmo De Angelis, and Andrea Polini

Subjects

business.industry, Computer science, Service design, Service level objective, Service level requirement, Mobile QoS, Differentiated service, computer.software_genre, World Wide Web, Service-level agreement, Orchestration (computing), Web service, business, Software engineering, computer

Abstract

In the last years both industry and academia have shown a great interest in ensuring consistent cooperation for business-critical services, with contractually agreed levels of Quality of Service. Service Level Agreement specifications as well as techniques for their evaluation are nowadays irremissible assets. This paper presents Puppet (Pick UP Performance Evaluation Test-bed), an approach and a tool for the automatic generation of test-beds to empirically evaluate the QoS features of a Web Service under development. Specifically, the generation exploits the information about the coordinating scenario (be it choreography or orchestration), the service description (WSDL) and the specification of the agreements (WS-Agreement).

Published

2007