By Topic

IEEE Transactions on Software Engineering

Issue 1 • Date Jan.-Feb. 2008

Filter Results

Displaying Results 1 - 21 of 21
  • [Front cover]

    Publication Year: 2008, Page(s): c1
    Request permission for commercial reuse | PDF file iconPDF (108 KB)
    Freely Available from IEEE
  • [Inside front cover]

    Publication Year: 2008, Page(s): c2
    Request permission for commercial reuse | PDF file iconPDF (80 KB)
    Freely Available from IEEE
  • State of the Journal address

    Publication Year: 2008, Page(s):1 - 2
    Request permission for commercial reuse | PDF file iconPDF (73 KB)
    Freely Available from IEEE
  • Guest Editors' Introduction: Special Section on Software Engineering for Secure Systems

    Publication Year: 2008, Page(s):3 - 4
    Request permission for commercial reuse | PDF file iconPDF (75 KB) | HTML iconHTML
    Freely Available from IEEE
  • Analyzing Regulatory Rules for Privacy and Security Requirements

    Publication Year: 2008, Page(s):5 - 20
    Cited by:  Papers (114)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (4535 KB) | HTML iconHTML

    Information practices that use personal, financial, and health-related information are governed by US laws and regulations to prevent unauthorized use and disclosure. To ensure compliance under the law, the security and privacy requirements of relevant software systems must properly be aligned with these regulations. However, these regulations describe stakeholder rules, called rights and obligati... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privately Finding Specifications

    Publication Year: 2008, Page(s):21 - 32
    Cited by:  Papers (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1258 KB) | HTML iconHTML

    Buggy software is a reality and automated techniques for discovering bugs are highly desirable. A specification describes the correct behavior of a program. For example, a file must eventually be closed once it has been opened. Specifications are learned by finding patterns in normal program execution traces versus erroneous ones. With more traces, more specifications can be learned more accuratel... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Semantics-Based Design for Secure Web Services

    Publication Year: 2008, Page(s):33 - 49
    Cited by:  Papers (20)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (3130 KB) | HTML iconHTML

    We outline a methodology for designing and composing services in a secure manner. In particular, we are concerned with safety properties of service behavior. Services can enforce security policies locally and can invoke other services that respect given security contracts. This call-by-contract mechanism offers a significant set of opportunities, each driving secure ways to compose services. We di... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Provable Protection against Web Application Vulnerabilities Related to Session Data Dependencies

    Publication Year: 2008, Page(s):50 - 64
    Cited by:  Papers (2)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (3328 KB) | HTML iconHTML

    Web applications are widely adopted and their correct functioning is mission critical for many businesses. At the same time, Web applications tend to be error prone and implementation vulnerabilities are readily and commonly exploited by attackers. The design of countermeasures that detect or prevent such vulnerabilities or protect against their exploitation is an important research challenge for ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation

    Publication Year: 2008, Page(s):65 - 81
    Cited by:  Papers (41)  |  Patents (2)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2900 KB) | HTML iconHTML

    Many software systems have evolved to include a Web-based component that makes them available to the public via the Internet and can expose them to a variety of Web-based attacks. One of these attacks is SQL injection, which can give attackers unrestricted access to the databases that underlie Web applications and has become increasingly frequent and serious. This paper presents a new highly autom... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Applying Formal Methods to a Certifiably Secure Software System

    Publication Year: 2008, Page(s):82 - 98
    Cited by:  Papers (16)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (2083 KB) | HTML iconHTML

    A major problem in verifying the security of code is that the code's large size makes it much too costly to verify in its entirety. This paper describes a novel and practical approach to verifying the security of code which substantially reduces the cost of verification. In this approach, a compact security model containing only information needed to reason about the security properties of interes... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Call-Stack Coverage for GUI Test Suite Reduction

    Publication Year: 2008, Page(s):99 - 115
    Cited by:  Papers (26)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (4472 KB) | HTML iconHTML

    Graphical user interfaces (GUIs) are used as front ends to most of today's software applications. The event-driven nature of GUIs presents new challenges for testing. One important challenge is test suite reduction. Conventional reduction techniques/tools based on static analysis are not easily applicable due to the increased use of multilanguage GUI implementations, callbacks for event handlers, ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the Need for Mixed Media in Distributed Requirements Negotiations

    Publication Year: 2008, Page(s):116 - 132
    Cited by:  Papers (23)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (5671 KB) | HTML iconHTML

    Achieving agreement with respect to software requirements is a collaborative process that traditionally relies on same-time, same-place interactions. As the trend toward geographically distributed software development continues, colocated meetings are becoming increasingly problematic. Our research investigates the impact of computer-mediated communication on the performance of distributed client/... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Requirements Engineering: A Framework for Representation and Analysis

    Publication Year: 2008, Page(s):133 - 153
    Cited by:  Papers (114)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (3584 KB) | HTML iconHTML

    This paper presents a framework for security requirements elicitation and analysis. The framework is based on constructing a context for the system, representing security requirements as constraints, and developing satisfaction arguments for the security requirements. The system context is described using a problem-oriented notation, then is validated against the security requirements through cons... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • 2007 Reviewer's List

    Publication Year: 2008, Page(s):154 - 156
    Request permission for commercial reuse | PDF file iconPDF (31 KB)
    Freely Available from IEEE
  • In this issue - Technically

    Publication Year: 2008, Page(s): 157
    Request permission for commercial reuse | PDF file iconPDF (39 KB)
    Freely Available from IEEE
  • In this issue - Technically

    Publication Year: 2008, Page(s): 158
    Request permission for commercial reuse | PDF file iconPDF (42 KB)
    Freely Available from IEEE
  • In this issue - Technically

    Publication Year: 2008, Page(s): 159
    Request permission for commercial reuse | PDF file iconPDF (43 KB)
    Freely Available from IEEE
  • Society Journals Seek Editors in Chief for 2009-2010 Terms

    Publication Year: 2008, Page(s): 160
    Request permission for commercial reuse | PDF file iconPDF (44 KB)
    Freely Available from IEEE
  • 2007 Annual Index

    Publication Year: 2008, Page(s): not in print
    Request permission for commercial reuse | PDF file iconPDF (129 KB)
    Freely Available from IEEE
  • TSE Information for authors

    Publication Year: 2008, Page(s): c3
    Request permission for commercial reuse | PDF file iconPDF (80 KB)
    Freely Available from IEEE
  • [Back cover]

    Publication Year: 2008, Page(s): c4
    Request permission for commercial reuse | PDF file iconPDF (108 KB)
    Freely Available from IEEE

Aims & Scope

The IEEE Transactions on Software Engineering is interested in well-defined theoretical results and empirical studies that have potential impact on the construction, analysis, or management of software. The scope of this Transactions ranges from the mechanisms through the development of principles to the application of those principles to specific environments. Specific topic areas include: a) development and maintenance methods and models, e.g., techniques and principles for the specification, design, and implementation of software systems, including notations and process models; b) assessment methods, e.g., software tests and validation, reliability models, test and diagnosis procedures, software redundancy and design for error control, and the measurements and evaluation of various aspects of the process and product; c) software project management, e.g., productivity factors, cost models, schedule and organizational issues, standards; d) tools and environments, e.g., specific tools, integrated tool environments including the associated architectures, databases, and parallel and distributed processing issues; e) system issues, e.g., hardware-software trade-off; and f) state-of-the-art surveys that provide a synthesis and comprehensive review of the historical development of one particular area of interest.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Matthew B. Dwyer
Dept. Computer Science and Engineering
256 Avery Hall
University of Nebraska-Lincoln
Lincoln, NE 68588-0115 USA
tse-eic@computer.org