Hidenori Nakai, Naohiko Tsuda, Kiyoshi Honda, Hironori Washizaki, and Yoshiaki Fukazawa, “Initial Framework for a Software Quality Evaluation based on ISO/IEC 25022 and ISO/IEC 25023,” Poster, The 2016 IEEE International Conference on Software Quality, Reliability & Security (QRS 2016)(CORE Rank B), Vienna, Austria, August 1-3, 2016 (to appear)

Although the high quality of software is important for software stakeholders, quality of software products is not effectively defined. Some quality models have been proposed, but they cannot measure and evaluate software product quality comprehensively. Additionally, some companies define their own quality models. However, the quality measured and evaluated based on company-specified quality models cannot be compared to the quality of other software products. To alleviate this problem, ISO/IEC tried to define an international standard for comprehensive quality measurement and evaluation, but this standard includes ambiguous measurements, making it difficult to apply. Herein an initial comprehensive quality measurement framework, which includes a clear measurement plan based on ISO/IEC, is proposed. A case study confirms the usefulness of this framework. However, this framework should be revised to increase its effectiveness.

Chihiro Uchida, Kiyoshi Honda, Hironori Washizaki, Yoshiaki Fukazawa, Kentaro Ogawa, Tomoaki Yagi, Mikako Ishigaki, Masashi Nakagawa, “GO-MUC: A Strategy Design Method Considering Requirements of User and Business by Goal-Oriented Measurement,” 9th International Workshop on Cooperative and Human Aspects of Software Engineering (CHASE 2016), short paper, collocated with ICSE 2016, Autin, Texas, USA, May 16, 2016.

Hironori Washizaki, Sota Fukumoto, Misato Yamamoto, Masatoshi Yoshizawa, Yoshiaki Fukazawa, Shinpei Ogata, Eduardo B. Fernandez, Nobukazu Yoshioka, Takehisa Kato, Haruhiko Kaiya, Hideyuki Kanuka, Yuki Kondo, Takao Okubo, Atsuo Hazeyama, “A Metamodel for Security and Privacy Knowledge in Cloud Services,” 12th IEEE World Congress on Services (IEEE SERVICES 2016), Poster Paper, June 27 – July 2, 2016, San Francisco, USA. (to appear)

It is important to ensure security and privacy in cloud services. Although there are many security and privacy patterns and much non-pattern-based knowledge such as practices and principles in cloud services, it is difficult to select and combine the right ones due to the large number of those items and the nature of the layered cloud stack. In this paper, we propose a metamodel for handling security and privacy in cloud service development and operation. The metamodel is expected to be utilized for building a knowledge base to accumulate, classify and reuse existing cloud security and privacy patterns and practices in a consistent and uniform way. Moreover the metamodel and knowledge base are expected to be utilized for designing and maintaining architectures for cloud service systems incorporating security and privacy.

Haruhiko Kaiya, Nobukazu Yoshioka, Takao Okubo, Hironori Washizaki and Atsuo Hazeyama, “Requirements Analysis for Privacy Protection and Third Party Awareness using Logging Models,” 15th International Conference on Intelligent Software Methodologies, Tools and Techniques (SOMET 2016), September 12-14, 2016, Larnaca, Cyprus.

D3 Naohiko 津田 took up a post as Research Associate at Dept. Computer Science and Engineering, starting this April. Congratulations!

D3 津田君が4月から情報理工学科 助手に着任しました。おめでとう！

Koji Tsumura, Hironori Washizaki, Yoshiaki Fukazawa, Keishi Oshima, Ryota Mibe, “Pairwise Coverage-based Testing with Selected Elements in a Query for Database Applications,” 5th International Workshop on Combinatorial Testing (IWCT 2016), collocated with ICST 2016, Chicago, USA, April 10, 2016.

http://www.slideshare.net/hironoriwashizaki/pairwise-coveragebased-testing-with-selected-elements-in-a-query-for-database-applications

Because program behaviors of database applications depend on the data used, code coverages do not effectively test database applications. Additionally, test coverages for database applications that focus on predicates in Structured Query Language (SQL) queries are not useful if the necessary predicates are omitted. In this paper, we present two new database applications using Plain Pairwise Coverage (PPC) and Selected Pairwise Coverage (SPC) for SQL queries called Plain Pairwise Coverage Testing (PPCT) and Selected Pairwise Coverage Testing (SPCT), respectively. These coverages are based on pairwise testing coverage, which employs selected elements in the SQL SELECT query as parameters. We also implement a coverage calculation tool and conduct case studies on two open source software systems. PPCT and SPCT can detect many bugs, which are not detected by existing test methods based on predicates in the query. Furthermore, the case study suggests that SPCT can detect bugs more efficiently than PPCT and the costs of SPCT can be further reduced by ignoring records filtered out by the conditions of the query.

Hironori Washizaki, “TESEM: A Tool for Verifying Security Design Pattern Applications,” Invited Talk, 3rd International Workshop on Software Test Architecture (InSTA 2016, ICST 2016 Workshop), 10 April 2016, Chicago, U.S.A.

http://www.slideshare.net/hironoriwashizaki/tesem-a-tool-for-verifying-security-design-pattern-applications

Because software developers are not necessarily security experts, identifying potential threats and vulnerabilities in the early stage of the development process is often insufficient. Even if these issues are addressed at an early stage, it does not guarantee that the final software product actually satisfies security requirements. To realize secure design and implementation, we propose extended security patterns, which include requirement- and design-level patterns as well as a new model testing and model-based code testing process. Our approach is implemented in a tool called TESEM, Test Driven Secure Modeling Tool, which supports pattern applications by creating a script to execute model testing automatically (ARES’13, IJSSE’14, ICST’15). Moreover we recently extended the tool to support testing of security design patterns implementation by preparing testcase templates (ARES’14). By using the tool, developers can specify threats and vulnerabilities in the target design and implementation according to security design patterns, verify whether the security patterns are properly applied, and assesses whether these vulnerabilities are resolved.

Eduardo Fernandez, Nobukazu Yoshioka, Hironori Washizaki, Madiha Syed, “Modeling cloud ecosystems,” Future Internet, Special Issue of Security in Cloud Computing and Big Data, 2016. (to appear)(DBLP Indexed)

Clouds do not work in isolation but interact with other clouds and with a variety of associated systems. An ecosystem is the expansion of a software product architecture to include systems outside the product which interact with the product. A powerful representation when building or using cloud ecosystems and similar complex systems is the use of architectural models based on patterns. We have described a cloud ecosystem in the form of a pattern diagram where its components are patterns and reference architectures. We have recently expanded these models to cover fog systems and containers. We intend to use this architecture to answer a variety of questions about the security of this system as well as a reference to design interacting combinations of heterogeneous components.

Daisuke Saito, Hironori Washizaki, Yoshiaki Fukazawa, “Influence of the Programming Environment on Programming Education,” Poster, 21th Annual Conference on Innovation and Technology in Computer Science Education (ITiCSE 2016), Arequipa, Peru, July 11-13, 2016. (to appear)

Prof. Washizaki presented our paper titled “How Are Effective Combinations of Personal Characteristic types different in Controlled Project Based Learning Courses?” at CSEE&T 2016 (CORE Rank C).

Yusuke Sunaga, Masashi Shuto, Hironori Washizaki, Katsuhiko Kakehi, Yoshiaki Fukazawa, Shoso Yamato, Masashi Okubo, “How Are Effective Combinations of Personal Characteristic types different in Controlled Project-Based Learning Courses?,” Proceedings of the 29th IEEE Conference on Software Engineering Education and Training (CSEE&T 2016), short paper, Dallas, USA, April 5-6, 2016. (CORE Rank C)

http://www.slideshare.net/hironoriwashizaki/how-are-effective-combinations-of-personal-characteristic-types-different-in-controlled-projectbased-learning-courses-cseet-2016