By Topic

Software Engineering, IEEE Transactions on

Issue 1 • Date Jan.-Feb. 2008

Filter Results

Displaying Results 1 - 21 of 21
  • [Front cover]

    Page(s): c1
    Save to Project icon | Request Permissions | PDF file iconPDF (108 KB)  
    Freely Available from IEEE
  • [Inside front cover]

    Page(s): c2
    Save to Project icon | Request Permissions | PDF file iconPDF (80 KB)  
    Freely Available from IEEE
  • State of the Journal address

    Page(s): 1 - 2
    Save to Project icon | Request Permissions | PDF file iconPDF (73 KB)  
    Freely Available from IEEE
  • Guest Editors' Introduction: Special Section on Software Engineering for Secure Systems

    Page(s): 3 - 4
    Save to Project icon | Request Permissions | PDF file iconPDF (75 KB)  
    Freely Available from IEEE
  • Analyzing Regulatory Rules for Privacy and Security Requirements

    Page(s): 5 - 20
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (4535 KB) |  | HTML iconHTML  

    Information practices that use personal, financial, and health-related information are governed by US laws and regulations to prevent unauthorized use and disclosure. To ensure compliance under the law, the security and privacy requirements of relevant software systems must properly be aligned with these regulations. However, these regulations describe stakeholder rules, called rights and obligations, in complex and sometimes ambiguous legal language. These "rules" are often precursors to software requirements that must undergo considerable refinement and analysis before they become implementable. To support the software engineering effort to derive security requirements from regulations, we present a methodology for directly extracting access rights and obligations from regulation texts. The methodology provides statement-level coverage for an entire regulatory document to consistently identify and infer six types of data access constraints, handle complex cross references, resolve ambiguities, and assign required priorities between access rights and obligations to avoid unlawful information disclosures. We present results from applying this methodology to the entire regulation text of the US Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Privately Finding Specifications

    Page(s): 21 - 32
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1258 KB) |  | HTML iconHTML  

    Buggy software is a reality and automated techniques for discovering bugs are highly desirable. A specification describes the correct behavior of a program. For example, a file must eventually be closed once it has been opened. Specifications are learned by finding patterns in normal program execution traces versus erroneous ones. With more traces, more specifications can be learned more accurately. By combining traces from multiple parties that possess distinct programs but use a common library, it is possible to obtain sufficiently many traces. However, obtaining traces from competing parties is problematic: By revealing traces, it may be possible to learn that one party writes buggier code than another. We present an algorithm by which mutually distrusting parties can work together to learn program specifications while preserving their privacy. We use a perturbation algorithm to obfuscate individual trace values while still allowing statistical trends to be mined from the data. Despite the noise introduced to safeguard privacy, empirical evidence suggests that our algorithm learns specifications that find 85 percent of the bugs that a no-privacy approach would find. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Semantics-Based Design for Secure Web Services

    Page(s): 33 - 49
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (3130 KB) |  | HTML iconHTML  

    We outline a methodology for designing and composing services in a secure manner. In particular, we are concerned with safety properties of service behavior. Services can enforce security policies locally and can invoke other services that respect given security contracts. This call-by-contract mechanism offers a significant set of opportunities, each driving secure ways to compose services. We discuss how we can correctly plan service compositions in several relevant classes of services and security properties. With this aim, we propose a graphical modeling framework based on a foundational calculus called lambda req [13]. Our formalism features dynamic and static semantics, thus allowing for formal reasoning about systems. Static analysis and model checking techniques provide the designer with useful information to assess and fix possible vulnerabilities. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Provable Protection against Web Application Vulnerabilities Related to Session Data Dependencies

    Page(s): 50 - 64
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (3328 KB) |  | HTML iconHTML  

    Web applications are widely adopted and their correct functioning is mission critical for many businesses. At the same time, Web applications tend to be error prone and implementation vulnerabilities are readily and commonly exploited by attackers. The design of countermeasures that detect or prevent such vulnerabilities or protect against their exploitation is an important research challenge for the fields of software engineering and security engineering. In this paper, we focus on one specific type of implementation vulnerability, namely, broken dependencies on session data. This vulnerability can lead to a variety of erroneous behavior at runtime and can easily be triggered by a malicious user by applying attack techniques such as forceful browsing. This paper shows how to guarantee the absence of runtime errors due to broken dependencies on session data in Web applications. The proposed solution combines development-time program annotation, static verification, and runtime checking to provably protect against broken data dependencies. We have developed a prototype implementation of our approach, building on the JML annotation language and the existing static verification tool ESC/Java2, and we successfully applied our approach to a representative J2EE-based e-commerce application. We show that the annotation overhead is very small, that the performance of the fully automatic static verification is acceptable, and that the performance overhead of the runtime checking is limited. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation

    Page(s): 65 - 81
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2900 KB) |  | HTML iconHTML  

    Many software systems have evolved to include a Web-based component that makes them available to the public via the Internet and can expose them to a variety of Web-based attacks. One of these attacks is SQL injection, which can give attackers unrestricted access to the databases that underlie Web applications and has become increasingly frequent and serious. This paper presents a new highly automated approach for protecting Web applications against SQL injection that has both conceptual and practical advantages over most existing techniques. From a conceptual standpoint, the approach is based on the novel idea of positive tainting and on the concept of syntax-aware evaluation. From a practical standpoint, our technique is precise and efficient, has minimal deployment requirements, and incurs a negligible performance overhead in most cases. We have implemented our techniques in the Web application SQL-injection preventer (WASP) tool, which we used to perform an empirical evaluation on a wide range of Web applications that we subjected to a large and varied set of attacks and legitimate accesses. WASP was able to stop all of the otherwise successful attacks and did not generate any false positives. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Applying Formal Methods to a Certifiably Secure Software System

    Page(s): 82 - 98
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2083 KB) |  | HTML iconHTML  

    A major problem in verifying the security of code is that the code's large size makes it much too costly to verify in its entirety. This paper describes a novel and practical approach to verifying the security of code which substantially reduces the cost of verification. In this approach, a compact security model containing only information needed to reason about the security properties of interest is constructed and the security properties are represented formally in terms of the model. To reduce the cost of verification, the code to be verified is partitioned into three categories and only the first category, which is less than 10 percent of the code in our application, requires formal verification. The proof of the other two categories is relatively trivial. Our approach was developed to support a common criteria evaluation of the separation kernel of an embedded software system. This paper describes 1) our techniques and theory for verifying the kernel code and 2) the artifacts produced, that is, a top-level specification (TLS), a formal statement of the security property, a mechanized proof that the TLS satisfies the property, the partitioning of the code, and a demonstration that the code conforms to the TLS. This paper also presents the formal basis for the argument that the kernel code conforms to the TLS and consequently satisfies the security property. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Call-Stack Coverage for GUI Test Suite Reduction

    Page(s): 99 - 115
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (4472 KB) |  | HTML iconHTML  

    Graphical user interfaces (GUIs) are used as front ends to most of today's software applications. The event-driven nature of GUIs presents new challenges for testing. One important challenge is test suite reduction. Conventional reduction techniques/tools based on static analysis are not easily applicable due to the increased use of multilanguage GUI implementations, callbacks for event handlers, virtual function calls, reflection, and multithreading. Moreover, many existing techniques ignore code in libraries and fail to consider the context in which event handlers execute. Consequently, they yield GUI test suites with seriously impaired fault-detection abilities. This paper presents a reduction technique based on the call-stack coverage criterion. Call stacks may be collected for any executing program with very little overhead. Empirical studies in this paper compare reduction based on call-stack coverage to reduction based on line, method, and event coverage, including variations that control for the size and optional consideration of library methods. These studies show that call-stack-based reduction provides unique trade-offs between the reduction in test suite size and the loss of fault detection effectiveness, which may be valuable in practice. Additionally, an analysis of the relationship between coverage requirements and fault-revealing test cases is presented. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • On the Need for Mixed Media in Distributed Requirements Negotiations

    Page(s): 116 - 132
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (5671 KB) |  | HTML iconHTML  

    Achieving agreement with respect to software requirements is a collaborative process that traditionally relies on same-time, same-place interactions. As the trend toward geographically distributed software development continues, colocated meetings are becoming increasingly problematic. Our research investigates the impact of computer-mediated communication on the performance of distributed client/developer teams involved in the collaborative development of a requirements specification. Drawing on media-selection theories, we posit that a combination of lean and rich media is needed for an effective process of requirements negotiations when stakeholders are geographically dispersed. In this paper, we present an empirical study that investigates the performance of six educational global project teams involved in a negotiation process using both asynchronous text-based and synchronous videoconferencing-based communication modes. The findings indicate that requirement negotiations were more effective when the groups conducted asynchronous structured discussions of requirement issues prior to the synchronous negotiation meeting. Asynchronous discussions were useful in resolving issues related to uncertainty in requirements, thus allowing synchronous negotiations to focus more on removing ambiguities in the requirements. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security Requirements Engineering: A Framework for Representation and Analysis

    Page(s): 133 - 153
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (3584 KB) |  | HTML iconHTML  

    This paper presents a framework for security requirements elicitation and analysis. The framework is based on constructing a context for the system, representing security requirements as constraints, and developing satisfaction arguments for the security requirements. The system context is described using a problem-oriented notation, then is validated against the security requirements through construction of a satisfaction argument. The satisfaction argument consists of two parts: a formal argument that the system can meet its security requirements and a structured informal argument supporting the assumptions expressed in the formal argument. The construction of the satisfaction argument may fail, revealing either that the security requirement cannot be satisfied in the context or that the context does not contain sufficient information to develop the argument. In this case, designers and architects are asked to provide additional design information to resolve the problems. We evaluate the framework by applying it to a security requirements analysis within an air traffic control technology evaluation project. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • 2007 Reviewer's List

    Page(s): 154 - 156
    Save to Project icon | Request Permissions | PDF file iconPDF (31 KB)  
    Freely Available from IEEE
  • In this issue - Technically

    Page(s): 157
    Save to Project icon | Request Permissions | PDF file iconPDF (39 KB)  
    Freely Available from IEEE
  • In this issue - Technically

    Page(s): 158
    Save to Project icon | Request Permissions | PDF file iconPDF (42 KB)  
    Freely Available from IEEE
  • In this issue - Technically

    Page(s): 159
    Save to Project icon | Request Permissions | PDF file iconPDF (43 KB)  
    Freely Available from IEEE
  • Society Journals Seek Editors in Chief for 2009-2010 Terms

    Page(s): 160
    Save to Project icon | Request Permissions | PDF file iconPDF (44 KB)  
    Freely Available from IEEE
  • 2007 Annual Index

    Page(s): not in print
    Save to Project icon | Request Permissions | PDF file iconPDF (129 KB)  
    Freely Available from IEEE
  • TSE Information for authors

    Page(s): c3
    Save to Project icon | Request Permissions | PDF file iconPDF (80 KB)  
    Freely Available from IEEE
  • [Back cover]

    Page(s): c4
    Save to Project icon | Request Permissions | PDF file iconPDF (108 KB)  
    Freely Available from IEEE

Aims & Scope

The IEEE Transactions on Software Engineering is interested in well-defined theoretical results and empirical studies that have potential impact on the construction, analysis, or management of software. The scope of this Transactions ranges from the mechanisms through the development of principles to the application of those principles to specific environments. Specific topic areas include: a) development and maintenance methods and models, e.g., techniques and principles for the specification, design, and implementation of software systems, including notations and process models; b) assessment methods, e.g., software tests and validation, reliability models, test and diagnosis procedures, software redundancy and design for error control, and the measurements and evaluation of various aspects of the process and product; c) software project management, e.g., productivity factors, cost models, schedule and organizational issues, standards; d) tools and environments, e.g., specific tools, integrated tool environments including the associated architectures, databases, and parallel and distributed processing issues; e) system issues, e.g., hardware-software trade-off; and f) state-of-the-art surveys that provide a synthesis and comprehensive review of the historical development of one particular area of interest.

Full Aims & Scope

Meet Our Editors

Editor-in-Chief
Matthew B. Dwyer
Dept. Computer Science and Engineering
256 Avery Hall
University of Nebraska-Lincoln
Lincoln, NE 68588-0115 USA
tseeicdwyer@computer.org