seminar

Speaker: Eric Yuan

Title: A Taxonomy and Survey of Self-Protecting Software Systems

Date/Time: Friday, 5/25/2012 @ 12pm

Location: 4201, Engineering Building

Food: Pizza/Soda

Abstract:

Self-protecting software systems are a class of autonomic systems capable of detecting and mitigating security threats at runtime. They are growing in importance, as the stovepipe static methods of securing software systems have shown inadequate for the challenges posed by modern software systems. While existing research has made significant progress towards autonomic and adaptive security, gaps and challenges remain. In this paper, we report on an extensive study and analysis of the literature in this area. The crux of our contribution is a comprehensive taxonomy to classify and characterize research efforts in this arena. We also describe our experiences with applying the taxonomy to numerous existing approaches. This has shed light on several challenging issues and resulted in interesting observations that could guide the future research.

Bio:

Eric Yuan is a Ph.D. IT student in the Volgenau School of Information Technology and Engineering at GMU. He received his bachelor’s degrees in Computer Science and Management Information Systems from Tsinghua University in China in 1993 and his M.S. degree in Systems Engineering from University of Virginia in 1996. He has over 15 years of professional experience in IT and management consulting in both commercial and public sectors. His current research interests include service oriented architectures, distributed computing, software

engineering, and information security.

Speaker: Riyadh Mahmood

Title: A Whitebox Approach for Automated Security Testing of Android Applications on the Cloud

Date/Time: Friday, 5/25/2012 @ 12pm

Location: 4201, Engineering Building

Food: Pizza/Soda

Abstract:

By changing the way software is delivered to end users, markets for mobile apps create a false sense of security: apps are downloaded from a market that can potentially be regulated. In practice, this is far from truth and instead, there has been evidence that security is not one of the primary design tenets for the mobile app stores. Recent studies have indicated mobile markets are harboring apps that are either malicious or vulnerable leading to compromises of millions of devices. The key technical obstacle for the organizations overseeing these markets is the lack of practical and automated mechanisms to assess the security of mobile apps, given that thousands of apps are added and updated on a daily basis. In this seminar, we provide an overview of a multi-faceted project targeted at automatically testing the security and robustness of Android apps in a scalable manner. We describe an Android-specific program analysis technique capable of generating a large number of test cases for fuzzing an app, as well as a test bed that given the generated test cases, executes them in parallel on numerous emulated Androids running on the cloud.

Bio:

Riyadh Mahmood is a PhD student in the Computer Science department at George Mason University. Riyadh has been working in the software engineering / IT consulting field for over a decade. He holds a Bachelor’s degree in Computer Engineering and a Master’s degree in Information Technology from Virginia Tech. Riyadh is currently working on his dissertation proposal, focusing on security testing Android applications on the cloud.

Speaker: Mike Papadakis

Title: Using Mutants to Detect and Locate Bugs

Date/Time: Monday, 4/23/2012 @ 12pm

Location: 3507, Engineering Building

Food: Pizza/Soda

Abstract:

One of the most important challenges in software development is the detection and correction of software faults. Software testing and debugging techniques form the current practice for identifying, locating and fixing software defects. Both testing and debugging activities are among the most tedious tasks of software development which are usually performed by hand. Therefore, substantial benefits can be gained by the full or partial automation of these activities. Towards this direction, this talk will present emergent results of the use of mutation analysis in automating both testing and debugging. More precisely, automated techniques with respect to a) test case generation, b) test evaluation and c) fault localization will be presented in this talk.

Bio:

Mike Papadakis is a research associate at the Interdisciplinary Centre for Security, Reliability and Trust (SnT) of Luxembourg University. He received his B.Sc., M.Sc. and Ph.D. degrees in Computer Science from the Athens University of Economics and Business (Greece). His research interests include software quality assurance and in particular, software testing, software debugging and mutation testing.

Speaker: Vinicius Durelli

Title: Toward Harnessing High-level Language Virtual Machines for Further Speeding up Weak Mutation Testing

Date/Time: Friday, 4/13/2012 @ 11am

Location: 4201, Engineering Building

Abstract:

High-level language virtual machines (HLL VMs) are now widely used to implement high-level programming languages. To a certain extent, their widespread adoption is due to the software engineering benefits provided by these managed execution environments, for example, garbage collection (GC) and cross-platform portability. Although HLL VMs are widely used, most research has concentrated on high-end optimizations such as dynamic compilation and advanced GC techniques. Few efforts have focused on introducing features that automate or facilitate certain software engineering activities, including software testing. This research suggests that HLL VMs provide a reasonable basis for building an integrated software testing environment. As a proof-of-concept, we have augmented a Java virtual machine (JVM) to support weak mutation analysis. Our mutation-aware HLL VM capitalizes on the relationship between a program execution and the underlying managed execution environment, thereby speeding up the execution of the program under test and its associated mutants. To provide some evidence of the performance of our implementation, we conducted an experiment to compare the efficiency of our VM-based implementation with a strong mutation testing tool (muJava). Experimental results show that the VM-based implementation achieves speedups of as much as 89% in some cases.

Bio:

Vinicius Durelli is a Ph.D. candidate in Computer Science at University of São Paulo, Brazil. He received his M.S.on Computer Science from Federal University of São Paulo in 2008. His research interests focus on Software Testing, High-level Language Virtual Machines, and Refactoring. Currently, he has been trying to retrofit software testing features into high-level language virtual machines.

Speaker: Marcio Delamaro

Title: Software Testing Research at ICMC

Date/Time: Wed, 4/11/2012 @ 11am

Location: 4801, Engineering Building

Abstract:

In this talk prof Delamaro will present the highlights of the research he and his group are developing at the Instituto de Ciências Matemáticas e de Computação of the University of São Paulo, in Brazil. The themes addressed include techniques, criteria and tools for software testing in different domains such as embedded systems and virtual reality environments.

Bio:

Prof Marcio Delamaro has a Bachelor and a Masters degree in Computer Science and a Doctorate degree in Computational Physics. From 1997 he has been working as teacher and researcher in universities in Brazil. In 2000 visited the Politecnico di Milano in Italy for a one year pot-doc stage. Currently he is Associate Professor at Universidade de São Paulo, the larger and most prestigious university in Latin America. His area of interest is software testing.

Speaker: Bill Shelton

Title: Adding Criteria-Based Tests to Test Driven Development

Date/Time: Friday, 4/6/2012 @ 1:30pm

Location: 4801, Engineering Building

Abstract:

Test driven development (TDD) is the practice of writing unit tests before writing the source. TDD practitioners typically start with example-based unit tests to verify an understanding of the software’s intended functionality and to drive software design decisions. Hence, the typical role of test cases in TDD leans more towards specifying and documenting expected behavior, and less towards detecting faults. Conversely, traditional criteria-based test coverage ignores functionality in favor of tests that thoroughly exercise the software. This paper examines whether it is possible to combine both approaches. Specifically, can additional criteria-based tests improve the quality of TDD test suites without disrupting the TDD development process?

This paper presents the results of an observational study that generated additional criteria-based tests as part of a TDD exercise. The criterion was mutation analysis and the additional tests were designed to kill mutants not killed by the TDD tests. The additional unit tests found several software faults and other deficiencies in the software. Subsequent interviews with the programmers indicated that they welcomed the additional tests, and that the additional tests did not inhibit their productivity.

Bio:

William "Bill" Shelton is a PhD student in the Computer Science Department at the Volgenau School of Information Technology and Engineering at GMU, currently focusing on applying software testing research to real world situations. He received his bachelor’s degree in Music from Berklee College of Music, Boston, MA., and his M.S. degree in Software Engineering from George Mason University. He is currently employed as a Sr. Software Engineer at the new Consumer Financial Protection Bureau where his focus is, among many other software engineering tasks, test automation and continuous delivery.

Speaker: Nan Li

Title: Better Algorithms to Minimize the Cost of Test Paths

Date/Time: Friday, 4/6/2012 @ 1:30pm

Location: 4801, Engineering Building

Abstract:

Model-based testing creates tests from abstract models of the software. These models are often described as graphs, and test requirements are defined as subpaths in the graphs. As a step toward creating concrete tests, complete (test) paths that include the subpaths through the graph are generated. Each test path is then transformed into a test. If we can generate fewer and shorter test paths, the cost of testing can be reduced. The minimum cost test paths problem is finding the test paths that satisfy all test requirements with the minimum cost.

This paper presents new algorithms to solve the problem, and then presents data from an empirical comparison. The algorithms adapt approximation algorithms for the shortest superstring problem. The comparison is with an existing tool that uses a brute force approach to extend each subpath to a complete path. One new algorithm is based on the greedy set-covering algorithm and the other is based on finding a matching over a prefix graph. The comparison was performed on open software and showed that both new solutions generate fewer test paths than the brute force approach. The prefix-graph based solution takes much less time than the other two solutions when the number

of test requirements is large.

The paper has been accepted for ICST 2012 in Montreal, Canada. This seminar is a practice for Nan's conference presentation.

Bio:

Nan Li is a PhD student in Computer Science Department, Volgenau School of Information Technology and Engineering at GMU. He received his bachelor’s degree in Software Engineering from Beihang University in China in 2006 and his M.S. degree in Computer Science from Fairleigh Dickinson University in 2008. His current research mainly focuses on mutation testing, model-based testing and test automation.

Speaker: Naeem Esfahani

Title: Taming Uncertainty in Self-Adaptive Software

Date/Time: Tuesday, 2/28/2012 @ 12pm

Location: 4201, Engineering Building

Food: Pizza/Soda

Abstract:

Self-adaptation endows a software system with the ability to satisfy certain objectives by automatically modifying its behavior. While many promising approaches for the construction of self-adaptive software systems have been developed, the majority of them ignore the uncertainty underlying the adaptation decisions. This has been one of the key obstacles to wide-spread adoption of self-adaption techniques in risk-averse real-world settings. In this talk, I describe an approach, called POssIbilistic SElfaDaptation (POISED), for tackling the challenge posed by uncertainty in making adaptation decisions. POISED builds on possibility theory to assess both the positive and negative consequences of uncertainty. It makes adaptation decisions that result in the best range of potential behavior.

Bio:

Naeem Esfahani is a Ph.D. candidate in Computer Science Department, Volgenau School of Engineering. He got his B.Sc. degrees on Electrical and Computer Engineering from University of Tehran in 2005. He also received a M.Sc. degree in Computer Engineering from Sharif University of Technology in 2008. His current research mainly focuses on Software Architecture, Self-Adaptive Software Systems, and Software Quality of Service Analysis & Improvement.

Speaker: Piazza Team

Title: A Tour of the Piazza Discussion Forums

Date/Time: Tuesday, 1/24/2012 @ 12pm

Location: Research Hall 163

Abstract:

Members of the Piazza team are visiting GMU on Tuesday, January 24 for a lunchtime seminar, with lunch provided. They will spend some time demonstrating the site, sharing best practices, and answering any questions.

Piazza is a free online gathering place where students can ask, answer, and explore 24/7, under the guidance of their instructors. Students as well as instructors can answer questions, fueling a healthy, collaborative discussion. Instructors can go into deeper detail on complex topics, and spot areas where students are struggling.

In SWE 432, we found that Piazza streamlined the teaching experience. All those hours spent responding to individual emails can now be put to better use. You will never have to answer the same question twice. Better yet, a student might answer it for you. On top of that, you always have complete editorial control over your class.

Most bulletin boards are organized top-down with the instructor creating and controlling all topics and threads. Piazza allows bottom-up organization by students, leading to a richer, more interactive, more collaborative, and more free learning experience. This leads to more participation from students and more learning by students.

You can read more about Piazza in this article from the New York Times: http://www.nytimes.com/2011/07/04/technology/04piazza.htm. Or you can see demos and sign up at http://www.piazza.com.

Speaker: Lima Beauvais

Title: Atomic Section Analysis Tool (AtSAT)

Date/Time: Friday, 1/20/2012 @ 12pm

Location: 4201, Engineering Building

Abstract:

Testing the presentation layer of web applications requires novel methodologies. In general analyzing, modeling, and testing web applications and their three main layers creates challenges. However the testing techniques used for traditional software can be applied to the data computation and data representation layers. This talk discusses the Atomic Section Analysis Tool (AtSAT), which helps to mechanize the process of testing the presentation layer of web applications. AtSAT is based on the proposed framework of Offutt and Wu (2009) and automates seven of the nine steps; reducing the time to apply the methodology and minimizing human errors.

Bio:

Lima Beauvais earned an MS degree in Instructional Technology at Bloomsburg University, PA in June 2001. He is currently a candidate for the Engineer Degree at GMU, Fairfax, with a concentration on software testing. He worked as a Senior Multimedia Developer at PerformTech, Inc. from June 2001 to November 2007, developing computer-based and web-based courseware. He has been working as a Senior Software Engineer at Pal-Tech, Inc. since November 2007, developing web applications and training packages. He taught seminar classes on multimedia development at the Art Institute of Washington in Arlington, VA and Sanford Brown college in McLean, VA. He is a member of the Corporate Advisory Council (CAC) of the Institute of Interactive Technology at Bloomsburg University.

Speaker: Mohammad Abu Matar

Title: Variability Modeling and Meta-Modeling for Model Driven Service Oriented Architectures

Date/Time: Monday, 10/24/2011 @ 12pm

Location: 4201, Engineering Building

Abstract:

Service Oriented Architecture (SOA) has emerged as an architectural style for distributed computing that promotes flexible deployment and reuse. One of the major benefits claimed for SOA is the flexible building of IT solutions that can react to changing business requirements quickly and economically. Services could be consumed by many applications that have different requirements. In addition, applications usually change by adding new requirements, removing existing requirements, or updating existing requirements. Thus, applications that consume the same service usually exhibit varying requirements. Varying requirements usually necessitate varying software architectures that satisfy the varying requirements of software applications. Thus, both requirements and architectures have intrinsic variability characteristics.

SOA development practices currently lack a systematic approach for managing variability in service requirements and architectures. This talk reports on research that addresses this gap by introducing a framework for managing variability in SOA in a systematic and unified way. The research introduces an approach to model SOA variability with a multiple-view service variability model and a corresponding meta-model. The research integrates Software Product Lines (SPL) concepts with the different service views using UML and SoaML. The research argues that the multiple-view service variability modeling approach facilitates variability modeling of service application families in a systematic and platform independent way. The key contributions of this research include: Multiple-View Service Variability Meta-Model, Multiple-View Service Variability Model, Consistency Checking and Mapping Rules, Model Driven Framework for Service-Oriented SPLs, Service Member Applications Derivation Rules, Explicit Modeling of Service Coordination Variability, and a prototype that realizes the introduced framework.

Bio:

Mohammad Abu Matar is a software engineering academic and practitioner with over 17 years of technical experience in teaching, research, management, architecture, systems engineering, training, software design and development. Mohammad has earned a BS in Electrical Engineering (Wright State University), an MS in Information Technology (Regis University), an MS in Software Engineering (George Mason University), and he is a PhD candidate in Software Engineering at George Mason University.

Mohammad’s specialty is the architecture of multi-tier distributed software systems with a special interest in Service Oriented Architecture (SOA). Mohammad is an Affiliate Adjunct Faculty at the MS in Software Engineering program of Regis University (Denver, Colorado). In addition, Mohammad has developed and delivered many technical corporate training sessions in software design, architecture, and SOA.

Speaker: Lionel C. Briand

Title: Useful Software Engineering Research: Leading a Double-Agent Life

Date/Time: Thursday, 9/29/2011 @ 12pm

Location: 4201, Engineering Building

Abstract:

Though in essence an engineering discipline, software engineering research has always been struggling to demonstrate impact. This is reflected in part by the funding challenges that the discipline faces in many countries, the difficulties we have to attract industrial participants to our conferences, and the scarcity of papers reporting industrial case studies.

There are clear historical reasons for this, for example the fact that software engineering branched off from computer science and applied mathematics only a few decades ago. But we nevertheless need, as a community, to question our research paradigms and peer evaluation processes in order to improve the situation. We also need, as other engineering fields before us, to emancipate ourselves from the scientific disciplines we originate from. Engineering research is focused on innovation and impact on society, and is inherently very different from research in natural sciences or mathematics.

From a personal standpoint, relevance and impact are concerns that I have been struggling with for a long time, which eventually led me to leave a comfortable academic position and a research chair to work in industry-driven research. I will use—some people might say abuse—this keynote address to share my personal, and sometimes provocative reflections on the matter.

I will base my talk on concrete research project examples to convey why we need more inductive research, that is, research working from specific observations in real settings to broader generalizations and theories. Among other things, the examples will show how a more thorough understanding of practice and closer interactions with practitioners can profoundly influence the definition of research problems, and the development and evaluation of solutions to these problems. Furthermore, these examples will illustrate why, to a large extent, useful research is necessarily multidisciplinary to reach comprehensive solutions.

Such research paradigm has however a profound impact on how research is organized, conducted, and evaluated. I will therefore address issues regarding its implementation in our academic community and show how our own biases can make our research even more disconnected from reality, thus undermining our very own interests.

On a more humorous note, the title hints at the fact that being a scientist in software engineering and aiming at having impact on practice often entails leading two parallel careers and impersonate different roles to peers and partners.

Bio:

Lionel C. Briand is heading software verification and validation activities at Simula Research Laboratory, Norway, where he is leading the newly established Certus research center and projects in collaboration with industrial partners. He is also a professor at the University of Oslo (Norway). Before that, he was on the faculty of the department of Systems and Computer Engineering, Carleton University, Ottawa, Canada, where he was full professor and held the Canada Research Chair (Tier I) in Software Quality Engineering. He has also been the software quality engineering department head at the Fraunhofer Institute for Experimental Software Engineering, Germany, and worked as a research scientist for the Software Engineering Laboratory, a consortium of the NASA Goddard Space Flight Center, CSC, and the University of Maryland, USA. Lionel has been on the program, steering, or organization committees of many international, IEEE and ACM conferences.

He is the coeditor-in-chief of Empirical Software Engineering (Springer) and is a member of the editorial boards of Systems and Software Modeling (Springer) and Software Testing, Verification, and Reliability (Wiley). He was on the board of IEEE Transactions on Software Engineering from 2000 to 2004. Lionel was elevated to the grade of IEEE Fellow for his work on the testing of object-oriented systems. His research interests include: model-driven development, testing and verification, search-based software engineering, and empirical software engineering.

Speaker: Jeff Offutt Slides

Title: Thoughts on Distance Education for the MS-SWE Program

Date/Time: Monday 3/28/2011 @ 12pm

Location: 4201, Engineering Building

Abstract:

GMU has asked the MS-SWE program to offer more classes via distance education. This talk will offer experience-based analysis of the costs and benefits to students, the program, instructors, the department, and the university. The talk will introduce different "flavors" of DE and my base requirements of "students first." The talk will then discuss goals of DE, some of the effects using DE has on the class and the instructor, including specific habits that instructors must adopt or change to use DE effectively. The talk will end with survey results from students in SWE 642, recommendations for using DE effectively, and an answer to the question: "What would it take for the Software Engineering program to make full commitment to distance education?"

Bio:

Jeff Offutt is Professor of Software Engineering at GMU, where he leads the MS program in Software Engineering.

Speaker: Nan Li

Title: An Analysis of OO Mutation Operators

Date/Time: Monday 3/7/2011 @ 12pm

Location: 4201, Engineering Building

Abstract:

This paper presents results from empirical studies using object-oriented, class-level mutation operators. Class mutation operators modify OO programming language features such as inheritance, polymorphism, dynamic binding and encapsulation. Most previous empirical studies of mutation operators used statement-level operators; this study asked questions about the static and dynamic nature of class-level mutation

operators. Results include statistics on the various types of mutants, how many are equivalent, new rules for avoiding creation of equivalent mutants, the difficulty of killing individual mutants, and the difficulty of killing mutants from the various operators. The paper draws conclusions about which mutation operators are more or less useful, leading to recommendations about how future OO mutation systems should be built. The paper has been accepted for Mutation 2011 in Berlin, Germany. This seminar is a practice for Nan's conference presentation.

Bio:

Nan Li is a PhD student in Computer Science Department, Volgenau School of Information Technology and Engineering. He received his bachelor’s degree in Software Engineering from Beihang University in China in 2006 and his M.S. degree in Computer Science from Fairleigh Dickinson University in 2008. His current research mainly focuses on mutation testing and model-based testing.

Speaker: Walid Taha

Title: Mathematical Equations as Executable Models of Mechanical Systems

Date/Time: Wed. 1/26/2011 @ 3pm

Location: 4201, Engineering Building

Abstract:

[This talk is based on a paper presented at ICCPS 2010, Stockholm, Sweden.]

Cyber-physical systems comprise digital components that directly interact with a physical environment. Specifying the behavior desired of such systems requires analytical modeling of physical phenomena. Similarly, testing them requires simulation of continuous systems. While numerous tools support later stages of developing simulation codes, there is still a large gap between analytical modeling and building running simulators. This gap significantly impedes the ability of scientists and engineers to develop novel cyber-physical systems.

We propose bridging this gap by automating the mapping from analytical models to simulation codes. Focusing on mechanical systems as an

important class of physical systems, we study the form of analytical models that arise in this domain, along with the process by which domain experts map them to executable codes. We show that the key steps needed to automate this mapping are 1) a light-weight analysis to partially direct equations, 2) a binding-time analysis, and 3) symbolic differentiation. In addition to producing a prototype modeling environment, we highlight some limitations in the state of the art in tool support of simulation, and suggest ways in which some of these limitations could be overcome.

Bio:

Prof. Taha is a Professor of Computer Science at Halmstad University in Sweden, and holds and adjunct position at Rice University in Houston, TX. He is credited for developing the idea of multi-stage programming, and is the designer of several systems that develop this idea, including MetaOCaml, ConCoqtion, Java Mint, and the Verilog Preprocessor. He was also involved in the development of several other ideas, including statically typed macros, tag elimination, tagless staged interpreters, event-driven functional reactive programming (E-FRP), the notion of exact software design, and gradual typing. In 2010, Taha's publications had over 1,600 citations, and his h-index was 26. Taha was the principal investigator on a number of research awards and contracts from the National Science Foundation (NSF), Semi-conductor Research Consortium (SRC), and Texas Advanced Technology Program (ATP). He received an NSF CAREER award to develop Java Mint. He founded the ACM Conference on Generative Programming and Component Engineering (GPCE), the IFIP Working Group on Program Generation (WG 2.11), and the Middle Earth Programming Languages Seminar (MEPLS). Taha chaired the 2009 IFIP Working Conference on Domain Specific Languages.