Continuous deployment is a software engineering process where incremental software changes are automatically tested and frequently deployed to production environments. With continuous deployment, the elapsed time for a change made by a developer to reach a customer can now be measured in days or even hours. To understand the emerging practices surrounding continuous deployment, three annual one-day Continuous Deployment Summits have been held at Facebook, Netflix, and Google in 2015--2017, where 17 companies have described how they used continuous deployment. This short paper will describe the practices and environment used by these companies as they strive to develop secure and privacy-preserving products while making ultra-fast changes.

Continue reading

Software is incredibly hard to secure because it’s a black box. We’ve spent decades trying to verify properties of software by analyz- ing the source code, scanning, fuzzing, pentesting, etc. only to be continually outpaced by software complexity. Instrumentation is a powerful approach for measuring security directly from within run- ning code. In this this talk, you’ll learn how to use the free and open source Java Observability Toolkit (JOT) project to easily create your own powerful runtime instrumentation without coding. You can use JOT to analyze security defenses, identify complex vulnerabili- ties, create custom sandboxes, and enforce policy at runtime. You can even create your own IAST tests and your own RASP defenses using JOT. Ultimately, we’ll show that security instrumentation empowers development and security to work together in harmony.

Continue reading

Cyber-Physical Systems (CPSs) must often self-adapt to respond to changes in their operating environment. However, using formal verification techniques to provide assurances that critical requirements are satisfied can be computationally intractable due to the large state space of self-adaptive CPSs. In this paper we propose a novel language, Adaptive CSP, to model self-adaptive CPSs modularly and provide a technique to support compositional verification of such systems. Our technique allows system designers to identify (a subset of) the CPS components that can affect satisfaction of given requirements, and define adaptation procedures of these components to preserve the requirements in the face of changes to the system's operating environment. System designers can then use Adaptive CSP to represent the system including potential self-adaptation procedures. The requirements can then be verified only against relevant components, independently from the rest of the system, thus enabling computationally tractable verification. Our technique enables the use of existing formal verification technology to check requirement satisfaction. We illustrate this through the use of FDR, a refinement checking tool. To achieve this, we provide an adequate translation from a subset of Adaptive CSP to the language of FDR. Our technique allows system designers to identify alternative adaptation procedures, potentially affecting different sets of CPS components, for each requirement, and compare them based on correctness and optimality. We demonstrate the feasibility of our approach using a substantive example of a smart art gallery. Our results show that our technique reduces the computational complexity of verifying self-adaptive CPSs and can support the design of adaptation procedures.

Continue reading

This paper summarizes the keynote I gave on the SEAMS 2020 conference. Noting the power of natural evolution that makes living systems extremely adaptive, I describe how artificial evolution can be employed to solve design and optimization problems in software. Thereafter, I discuss the Evolution of Things, that is, the possibility of evolving physical artefacts and zoom in on a (r)evolutionary way of creating `bodies' and `brains' of robots for engineering and fundamental research.

Continue reading

The problem of finding and evaluating effective ways of integrating software testing concepts and related techniques into introductory programming courses is still an open research question. In this paper, we present multiple studies that assess our approach to integrating software testing in Computer Science (CS) and Software Engineering (SE) courses. Each study uses SEP-CyLE (Software Engineering and Programming Cyberlearning Environment), an external, web-based learning tool to help instructors integrate testing concepts into their courses. These empirical studies were conducted in eight CS/SE course sections at a medium-sized public university. The results show (1) SEP-CyLE can be efficiently used in the class-room to impact the testing knowledge gained by students, and (2) students find that SEP-CyLE is a useful learning resource that effectively helps them complete course tasks and better master course concepts.

Continue reading

Autonomous driving (AD) is envisioned to have a significant impact on people's life regarding safety and comfort. Positioning is one of the key challenges in realizing AD, where global navigation systems (GNSS) is traditionally used as an important source of information. The area of GNSS are well explored and the different sources of error are deeply investigated. However the existing modeling methods often have very comprehensive requirements for the training data where all affecting conditions such as ephemeris data should be well known. The main goal of this paper is to develop a solution to model GPS error that only requires information which is available in the vehicle without having access to detailed information about the conditions. We propose a statistical generative model using autoregression and Gaussian mixture models and develop a learning algorithm to estimate the parameters using the data collected in real traffic. The proposed model is evaluated by comparing the produced artificial data with the validation data collected at different traffic conditions and the results indicate that the model is successfully mimicking the sensor behavior.

Continue reading

With roots in Human Centred Software Engineering, and in User Centred Systems Design Åsa Cajander has lead research on Patient Accessible Electronic Health Records (PAEHR) for six years. This experience has made her revisit the core values of user centeredness, as the different user groups of PAEHR indeed describe conflicting user needs. In this key note she will present the patients' perspective of the system, and contrast that with the perspectives of physicians and nurses. The conflicting needs of the different user groups will be illustrated by a small role play, and she will relate and discuss the findings in relation to the design and development of eHealth systems.

Continue reading

During the last few years, we assist to spectacular increase of Business intelligence and analytics (BI&A) software revenue in the Middle East and Africa (MENA) totaled $245 million in 2014, a 12 percent increase from 2013 revenue of $219 million, according to Gartner, Inc. The Linked Open Data (LOD) era will contribute positively in keeping this dynamic. LOD datasets complete internal sources by new and relevant information for decision making. This integration in the data warehousing landscape has become a necessity. Recent studies conducted mainly in Europe have been proposed for this direction. Similarly, to first studies of conventional DW design, LOD driven approaches focused on data issues (like integration and multidimensionality) and ignored the importance of functional and non-functional requirements. This issue is a precondition for the success of BI&A projects in Africa. This continent is living an interesting phenomenon related to the multiplication of Open Data initiatives. Based on our experience on developing BI&A projects, our origin and knowing the European and African contexts, we propose a requirement-driven approach for designing semantic data warehouses from internal and LOD datasets, by considering requirements incrementally. All phases of our approach is formalized allowing a traceability of requirements. Experiments are conducted that show the impact of incorporating exploratory requirements of the target warehouse. A case study analyzing book sales transactions is given.

Continue reading