DOCSLIB.ORG

RELREA-An Analytical Approach Supporting Continuous Release Readiness Evaluation

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
RELREA-An Analytical Approach Supporting Continuous Release Readiness Evaluation University of Calgary PRISM: University of Calgary's Digital Repository Graduate Studies The Vault: Electronic Theses and Dissertations 2014-09-30 RELREA-An Analytical Approach Supporting Continuous Release Readiness Evaluation Shahnewaz, S. M. Shahnewaz, S. M. (2014). RELREA-An Analytical Approach Supporting Continuous Release Readiness Evaluation (Unpublished master's thesis). University of Calgary, Calgary, AB. doi:10.11575/PRISM/27619 http://hdl.handle.net/11023/1867 master thesis University of Calgary graduate students retain copyright ownership and moral rights for their thesis. You may use this material in any way that is permitted by the Copyright Act or through licensing that has been assigned to the document. For uses that are not allowable under copyright legislation or licensing, you are required to seek permission. Downloaded from PRISM: https://prism.ucalgary.ca UNIVERSITY OF CALGARY RELREA-An Analytical Approach Supporting Continuous Release Readiness Evaluation by S. M. Shahnewaz A THESIS SUBMITTED TO THE FACULTY OF GRADUATE STUDIES IN PARTIAL FULFILMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE GRADUATE PROGRAM IN ELECTRICAL AND COMPUTER ENGINEERING CALGARY, ALBERTA SEPTEMBER, 2014 © S. M. Shahnewaz 2014 Abstract As part of iterative development, decision about “Is the software product ready to be released at some given release date?” have to be made at the end of each release, sprint or iteration. While this decision is critically important, so far it is largely done either informally or in a simplistic manner relying on a small set of isolated metrics. In addition, continuity in release readiness evaluation is not achieved and any problems related to release issues cannot be addressed proactively. In this thesis, an analytical approach called RELREA is proposed to address these gaps. The main characteristics of RELREA are: i) project specific release readiness attributes and metrics are selected in a systematic way, ii) overall release readiness is determined by aggregating and evaluating the degree of satisfaction of the most relevant readiness attributes, iii) continuous visibility on release readiness status, and iv) projection of release readiness at release time. Case studies with proprietary and open source software projects are performed to evaluate the proposed approach and its implementation. The case study results show that the RELREA approach and its implementation are able to assist one product manager in evaluating, monitoring, and analyzing release readiness at any point of time in the release cycle. ii Publications Some of the ideas, materials, tables, figures used in this thesis have appeared previously in the following referred publications: Referred published and accepted papers: 1. S. M. Shahnewaz and G. Ruhe, "RELREA - An Analytical Approach for Evaluating Release Readiness," in Proceedings of the 26thInternational Conference on Software Engineering and Knowledge Engineering (SEKE), pp. 437 – 442, 2014. 2. S. M. D. A. Alam, S. M. Shahnewaz, D. Pfahl, and G. Ruhe, "Monitoring Bottlenecks in Achieving Release Readiness – A Retrospective Case Study across Ten OSS Projects”, Accepted in "8th International Symposium on Empirical Software Engineering and Measurement (ESEM)," 2014. 3. Jason Ho, S. M. Shahnewaz and G. Ruhe, "A Prototype Tool Supporting When-to- release Decisions in Iterative Development," in Proceedings of the 2nd International Workshop on Release Engineering (RELENG), 2014. Papers under review: 4. S. M. D. A. Alam, S. M. Shahnewaz, D. Pfahl, and G. Ruhe, "Analysis and Improvement of Release Readiness – A Genetic Optimization Approach, Submitted in "15th International Conference on Product-Focused Software Development and Process Improvement (PROFES)", 2014. 5. S. M. D. A. Alam, Jason Ho, D. Pfahl, and G. Ruhe, and S. M. Shahnewaz "Are We Ready to Release? Analyzing Factors that Limit Release Readiness, Submitted in "IEEE Software Special Issue", 2014. iii Acknowledgements This thesis would not have taken place without the continuous guidance and the help of several individuals who in one way or other contributed and extended their valuable assistance in the preparation and completion of this thesis. I am mostly grateful to my supervisor Dr. Guenther Ruhe for his valuable guidance, continuous support, and supervision. Without his inspiring enthusiasm and encouragement this thesis could not be successfully completed. I would also like to thank my former supervisor Dr. Vahid Garousi for introducing me in the world of software engineering research. My heartfelt thanks and appreciation go to my colleagues in the Software Decision Support Laboratory for their benevolent effort to put valuable comments on this thesis. Discussing with them, from time to time, has really sharpened my thoughts’ process for the research. Finally, this work is really indebted to the endless support from my parents, relatives, and one very special person. The distance among us was never a hindrance to their way of encouraging me. Last but not the least, the friends from my house, who are also from my home country, gave me a perfect milieu to study and flavor of my country to make me reminiscent of my family. iv This thesis is dedicated to my father and mother for all their continuous support, love and inspiration. v Table of Contents Abstract ........................................................................................................................................... ii Publications .................................................................................................................................... iii Acknowledgements ........................................................................................................................ iv Table of Contents ........................................................................................................................... vi List of Tables ................................................................................................................................. ix List of Figures and Illustrations ..................................................................................................... xi List of Abbreviations ................................................................................................................... xiii CHAPTER ONE: INTRODUCTION ..............................................................................................1 1.1 Motivation ..............................................................................................................................1 1.2 Difficulties in Evaluating Software Release Readiness .........................................................2 1.3 Research Objectives ...............................................................................................................4 1.4 Overview of the Solution Approach ......................................................................................5 1.5 Thesis Structure .....................................................................................................................7 CHAPTER TWO: BACKGROUND AND LITERATURE REVIEW ...........................................8 2.1 Background ............................................................................................................................8 2.1.1 Iterative Software Development ....................................................................................8 2.1.2 Definition of Release in Iterative Development ............................................................9 2.1.3 Software Product Management ...................................................................................10 2.1.4 Definition of Release Readiness ..................................................................................11 2.1.5 Value of Continuous RR Evaluation in the Context of SPM ......................................12 2.1.6 Concept of Fuzzy Set Theory ......................................................................................13 2.1.6.1 The Use of Fuzzy Set Theory in Software Engineering ....................................15 2.1.7 Overview of the Aggregation Operators .....................................................................18 2.1.7.1 Mathematical and Behavioural Properties of Aggregation Operators ...............18 2.1.7.2 Some Popular Aggregation Operators ...............................................................21 2.1.8 Overview of the Time Series Projection Methods ......................................................23 2.1.8.1 Simple Regression .............................................................................................24 2.1.8.2 Exponential Smoothing......................................................................................24 2.1.8.3 Time Series Decomposition ...............................................................................25 2.2 A Glossary of Terms Related to Software Release Readiness ............................................26 2.3 Literature Review ................................................................................................................27 2.3.1 Existing Release Readiness Approaches .....................................................................27 2.3.1.1 Checklist-based Approaches ..............................................................................27 2.3.1.2 Multi-dimensional Metrics Aggregation-based Approaches .............................29 2.3.1.3 Testing Metrics-based Approach
Load more

Recommended publications
  • Coordination Avoidance in Database Systems
    COORDINATION Peter Bailis Stanford/MIT/Berkeley AVOIDANCE Alan Fekete University of Sydney IN Mike Franklin Ali Ghodsi DATABASE Joe Hellerstein Ion Stoica SYSTEMS UC Berkeley Slides of Peter Bailis' VLDB’15 talk VLDB 2014 Default Supported? Serializable Actian Ingres NO YES Aerospike NO NO transactions are Persistit NO NON Clustrix NO NON not as widely Greenplum NO YESN IBM DB2 NO YES deployed as you IBM Informix NO YES MySQL NO YES might think… MemSQL NO NO MS SQL Server NO YESN NuoDB NO NO Oracle 11G NO NON Oracle BDB YES YESN Oracle BDB JE YES YES PostgreSQL NO YES SAP Hana NO NO ScaleDB NO NON VoltDB YES YESN VLDB 2014 Default Supported? Serializable Actian Ingres NO YES Aerospike NO NO transactions are Persistit NO NON Clustrix NO NON not as widely Greenplum NO YESN IBM DB2 NO YES deployed as you IBM Informix NO YES MySQL NO YES might think… MemSQL NO NO MS SQL Server NO YESN NuoDB NO NO Oracle 11G NO NON Oracle BDB YES YESN WHY?Oracle BDB JE YES YES PostgreSQL NO YES SAP Hana NO NO ScaleDB NO NON VoltDB YES YESN serializability: equivalence to some serial execution “post on timeline” “accept friend request” very general! serializability: equivalence to some serial execution r(x) w(y←1) r(y) w(x←1) very general! …but restricts concurrency serializability: equivalence to some serial execution CONCURRENT EXECUTION r(x)=0 r(y)=0 w(y←1) IS NOT w(x←1) SERIALIZABLE! verySerializability general! requires Coordination …buttransactions restricts cannot concurrency make progress independently Serializability requires Coordination transactions cannot make progress independently Two-Phase Locking Multi-Version Concurrency Control Blocking Waiting Optimistic Concurrency Control Pre-Scheduling Aborts Costs of Coordination Between Concurrent Transactions 1.
    [Show full text]
  • PTC Integrity™ Lifecycle Manager™
    PTC Integrity ™ Lifecycle Manager™ The PTC Integrity product family helps organizations accelerate product innovation by reducing complexity, improving collaboration, and automating best practices for software and systems engi- neering. PTC Integrity Lifecycle Manager, a member of the Integrity family, is a flexible, process-based ALM (Application Lifecycle Management) platform that helps teams deliver higher quality, more innovative software with less risk. In today’s world, the demand for smarter, more With seamless, collaborative management of all activi- connected products is increasingly fulfilled through ties and assets, the PTC Integrity Lifecycle Manager software. Software – whether embedded in a product platform helps software engineering teams achieve or providing supporting functionality – is key to driving greater transparency, better productivity and shorter product differentiation and profitability. PTC Integrity cycle times across the entire development lifecycle. Lifecycle Manager provides a global software devel- opment platform that supports all activities and What Makes Integrity Different? assets associated with the engineering and delivery of applications and embedded software. Business All too often, organizations struggle to gain an end- analysts, architects, engineers, developers, quality to-end view of software assets that span multiple managers, testers, partners/suppliers and other tools, with meta-data stored in multiple, disjointed stakeholders all use PTC Integrity Lifecycle Manager repositories. The result is a lack of visibility and as the means for collaboration and control over the traceability across the lifecycle, higher defects and end-to-end development lifecycle. longer development cycles. Our solution provides a unified, global software development platform that supports all activities and assets associated with the engineering and delivery of applications and products.
    [Show full text]
  • Command Line Interface
    Command Line Interface Squore 21.0.2 Last updated 2021-08-19 Table of Contents Preface. 1 Foreword. 1 Licence. 1 Warranty . 1 Responsabilities . 2 Contacting Vector Informatik GmbH Product Support. 2 Getting the Latest Version of this Manual . 2 1. Introduction . 3 2. Installing Squore Agent . 4 Prerequisites . 4 Download . 4 Upgrade . 4 Uninstall . 5 3. Using Squore Agent . 6 Command Line Structure . 6 Command Line Reference . 6 Squore Agent Options. 6 Project Build Parameters . 7 Exit Codes. 13 4. Managing Credentials . 14 Saving Credentials . 14 Encrypting Credentials . 15 Migrating Old Credentials Format . 16 5. Advanced Configuration . 17 Defining Server Dependencies . 17 Adding config.xml File . 17 Using Java System Properties. 18 Setting up HTTPS . 18 Appendix A: Repository Connectors . 19 ClearCase . 19 CVS . 19 Folder Path . 20 Folder (use GNATHub). 21 Git. 21 Perforce . 23 PTC Integrity . 25 SVN . 26 Synergy. 28 TFS . 30 Zip Upload . 32 Using Multiple Nodes . 32 Appendix B: Data Providers . 34 AntiC . 34 Automotive Coverage Import . 34 Automotive Tag Import. 35 Axivion. 35 BullseyeCoverage Code Coverage Analyzer. 36 CANoe. 36 Cantata . 38 CheckStyle. ..
    [Show full text]
  • La Metodología TRIZ E Integración De Software De Licencia Libre Con Módulos Multifuncionales Como Estrategia De
    10º Congreso de Innovación y Desarrollo de Productos Monterrey, N.L., del 18 al 22 de Noviembre del 2015 Instituto Tecnológico de Estudios Superiores de Monterrey, Campus Monterrey. 1 10º Congreso de Innovación y Desarrollo de Productos Monterrey, N.L., del 18 al 22 de Noviembre del 2015 Instituto Tecnológico de Estudios Superiores de Monterrey, Campus Monterrey. La metodología TRIZ e Integración de software de licencia libre con módulos multifuncionales: como estrategia de fortalecimiento y competitividad en empresas emergentes de México. Guillermo Flores Téllez Jaime Garnica González Joselito Medina Marín Elisa Arisbé Millán Rivera José Carlos Cortés Garzón Resumen El sistema productivo de México se constituye en gran proporción, por empresas emergentes que funcionan como negocios familiares, surgidos a través de una idea creativa, para emprender una actividad económica específica, ya sea de la producción de un bien o prestación de servicio. El funcionamiento de este tipo de empresas es limitado, son compañías surgidas del emprendimiento con contribuciones positivas hacia la práctica de la innovación, desarrollo de procesos y generación de empleos principalmente. Sin embargo, estas empresas se encuentran en desventaja para afrontar el entorno tecnológico global, porque no disponen de los recursos económicos, infraestructura, maquinaria o equipo que les brinde la posibilidad de operación estable y competencia internacional. El presente artículo exhibe alternativas viables y sus medios de implementación; como lo son la sinergia de operación de la metodología TRIZ y los módulos de software de gestión de negocios, para apoyar el proceso de innovación y el monitoreo de nuevas ideas llevadas al mercado, por parte de una empresa emergente.
    [Show full text]
  • Opinnäytetyö Ohjeet
    Lappeenrannan–Lahden teknillinen yliopisto LUT School of Engineering Science Tietotekniikan koulutusohjelma Kandidaatintyö Mikko Mustonen PARHAITEN OPETUSKÄYTTÖÖN SOVELTUVAN VERSIONHALLINTAJÄRJESTELMÄN LÖYTÄMINEN Työn tarkastaja: Tutkijaopettaja Uolevi Nikula Työn ohjaaja: Tutkijaopettaja Uolevi Nikula TIIVISTELMÄ LUT-yliopisto School of Engineering Science Tietotekniikan koulutusohjelma Mikko Mustonen Parhaiten opetuskäyttöön soveltuvan versionhallintajärjestelmän löytäminen Kandidaatintyö 2019 31 sivua, 8 kuvaa, 2 taulukkoa Työn tarkastajat: Tutkijaopettaja Uolevi Nikula Hakusanat: versionhallinta, versionhallintajärjestelmä, Git, GitLab, SVN, Subversion, oppimateriaali Keywords: version control, version control system, Git, GitLab, SVN, Subversion, learning material LUT-yliopistossa on tietotekniikan opetuksessa käytetty Apache Subversionia versionhallintaan. Subversionin käyttö kuitenkin johtaa ylimääräisiin ylläpitotoimiin LUTin tietohallinnolle. Lisäksi Subversionin julkaisun jälkeen on tullut uusia versionhallintajärjestelmiä ja tässä työssä tutkitaankin, olisiko Subversion syytä vaihtaa johonkin toiseen versionhallintajärjestelmään opetuskäytössä. Työn tavoitteena on löytää opetuskäyttöön parhaiten soveltuva versionhallintajärjestelmä ja tuottaa sille opetusmateriaalia. Työssä havaittiin, että Git on suosituin versionhallintajärjestelmä ja se on myös suhteellisen helppo käyttää. Lisäksi GitLab on tutkimuksen mukaan Suomen yliopistoissa käytetyin ja ominaisuuksiltaan ja hinnaltaan sopivin Gitin web-käyttöliittymä. Näille tehtiin
    [Show full text]
  • Market Definition/Description Magic Quadrant
    Magic Quadrant for Application Development Life Cycle Management http://www.gartner.com/technology/reprints.do?id=1-1OR69EF&ct=131231&st=sb# 19 November 2013 ID:G00249074 Analyst(s): Thomas E. Murphy, Jim Duggan, Nathan Wilson Market Definition/Description The application development life cycle management (ADLM) tool market is focused on the planning and governance activities of the software development life cycle (SDLC). ADLM products are focused on the "development" portion of an application's life, with the term ADLM evolving from the term application life cycle management (ALM). Key elements of an ADLM solution include: Software requirements definition and management Software change and configuration management Software project planning, with a current focus on agile planning Work item management Quality management, including defect management In addition, other key capabilities include: Reporting Workflow Integration to version management Support for wikis and collaboration Strong facilities for integration to other ADLM tools This Magic Quadrant represents a snapshot of the ADLM market at a particular point in time. Gartner advises readers not to compare the placement of vendors from prior years. The market is changing — vendor acquisitions, partnerships, solution development and alternative delivery are evidence of these changes — and the criteria for selecting and ranking vendors continue to evolve. Our assessments take into account the vendors' current product offerings and overall strategies, as well as their future initiatives and product road maps. We also factor in how well vendors are driving market changes or adapting to changing market requirements. This Magic Quadrant will help CIOs and business and IT leaders who are developing their ADLM strategies to assess whether they have the right products and enterprise platforms to support them.
    [Show full text]
  • PTC Integrity
    The Digital Enterprise Journey Matthew Hause PTC Engineering Fellow MBSE Specialist BOEING is a trademark of Boeing Management Company Copyright © 2016 Boeing. All rights reserved. Copyright © 2014 Northrop Grumman Corporation. All rights reserved. GPDIS_2016.ppt | 1 Integrated Systems Engineering Vision Hydraulic Fluid: SAE 1340 not- Power compliant Rating: 18 Amps Thermal/Heat Dissipation: 780° Ergonomic/Ped al Feedback: 34 ERGS Hydraulic Pressure: 350 PSI Sensor MTBF: 3000 hrs MinimumMinimum TurnTurn Radius:Radius: 2424 ft.ft. DryDry PavementPavement BrakingBraking DistanceDistance atat 6060 MPHMPH: : 110110 ft.ft. 90 ft INCOSE IW10 MBSE Workshop page 2 Current Integrated Systems Engineering Global Product Data Interoperability Summit | 2016 • Current systems engineering tools leverage computing and information technologies to some degree, and make heavy use of office applications for documenting system designs. The tools have limited integration with other engineering tools BOEING is a trademark of Boeing Management Company Copyright © 2016 Boeing. All rights reserved. Copyright © 2014 Northrop Grumman Corporation. All rights reserved. GPDIS_2016.ppt3 | 3 Global Product Data Interoperability Summit | 2016 A WORLD IN MOTION INCOSE Systems Engineering Vision • 2025 BOEING is a trademark of Boeing Management Company Copyright © 2016 Boeing. All rights reserved. Copyright © 2014 Northrop Grumman Corporation. All rights reserved. GPDIS_2016.ppt | 4 Integrated Systems Engineering Vision 2025 Global Product Data Interoperability Summit |
    [Show full text]
  • An Analysis of the OASIS OSLC Integration Standard, for a Cross
    An Analysis of the OASIS OSLC Integration Standard by Jad El-khoury, [email protected] ISBN : 978-91-7873-525-9 An Analysis of the OASIS OSLC Integration Standard, for a Cross-disciplinary Integrated Development Environment - Analysis of market penetration, performance and prospects By: Jad ElEl----khoury,khoury, PhD KTH Royal Institute of Technology ITM School, Mechatronics Division Phone: +46(0)70 773 93 45 [email protected] Date: 30th April 2020 ISBN : 978-91-7873-525-9 An Analysis of the OASIS OSLC Integration Standard by Jad El-khoury, [email protected] ISBN : 978-91-7873-525-9 Abstract OASIS OSLC is a standard that targets the integration of engineering software applications. Its approach promotes loose coupling, in which each application autonomously manages its own product data, while providing RESTful web services through which other applications can interact. This report aims to analyse the suitability of OSLC as an overarching integration mechanism for the complete set of engineering activities of Cyber Physical Systems (CPS) development. To achieve this, a review of the current state of the OASIS OSLC integration standard is provided in terms of its market penetration in commercial applications, its capabilities, and the architectural qualities of OSLC-based solutions. This review is based on a survey of commercial software applications that provide some support for OSLC capabilities. Page 1 of 28 An Analysis of the OASIS OSLC Integration Standard by Jad El-khoury, [email protected] ISBN : 978-91-7873-525-9 Table of Contents Abstract ................................................................................................................................................... 1 1 Aim of the Study ............................................................................................................................. 3 2 A Vision for a Cross-disciplinary Integrated Development Environment ......................................
    [Show full text]
  • Table of Contents
    Table of Contents Page 2 Leaders of Legal – Calendar of Events 3 Practical Law: Managing the Global Law Department 15 TR 2021 State of Corporate Law Departments 34 ACC-MLA Law Department Management Benchmarking Report 69 The General Counsel’s Guide to Legal GRC: 2021 79 Practical Law Multinational (info sheet) www.inhousefocus.com | [email protected] LEADERS OF LEGAL – UPCOMING EPISODES Register at www.inhousefocus.com PRACTICE NOTE Managing the Global Law Department by Practical Law Status: Maintained | Jurisdiction: United States This document is published by Practical Law and can be found at: us.practicallaw.tr.com/w-010-2768 Request a free trial and demonstration at: us.practicallaw.tr.com/about/freetrial A Practice Note discussing key issues in global law department management and identifying practical tips and strategies for general counsel to more effectively manage the global legal function. Topics covered include the composition of the legal team and its reporting structure, alignment of legal services with business needs, building a cohesive team, global communication, engagement and retention of team members, training and resource allocation, consistency of legal services, performance appraisals, and legal and cultural differences. As companies expand operations into the global These legal staff members may be integrated into a marketplace, they rely on their in-house law departments centralized global law department or may operate in to structure cross-border transactions and comply with decentralized pockets within their regions or business local law. To provide these legal services on a global scale, units. The company and its general counsel (GC) should many law departments have staff in different jurisdictions understand the scope of work covered and quality of and must find ways to efficiently and effectively manage services generated by these existing legal functions to their teams and resources.
    [Show full text]
  • Sdm Self-Sponsored Fellows
    resume book system design & management sdm self-sponsored fellows SHWETA AGARWAL 235 Albany Street, Apt # 3069, Cambridge, MA 02139 +1 (917) 435-2825 | [email protected] EDUCATION Massachusetts Institute of Technology Cambridge, MA School of Engineering & Sloan School of Management 08/2016 – 01/2018 Candidate for M.S., System Design and Management, Jan 2018 | CGPA 4.5/5 Active member of Technology, Product Management, FinTech, and Entrepreneurship and Innovation clubs Project: Designed image recognition tool for restaurants to identify customers, their emotion and fetch their food preferences from past records, enabling personalized services to the right customer at the right time GMAT: 720 Indian School of Business (ISB) Hyderabad, India Post Graduate Programme in Management (M.B.A.) 2013 - 2014 Concentration: Information and Technology Management; Marketing Events Coordinator, Women in Business Club; Lead Coordinator, Business Technology Club Galgotias College of Engineering and Technology Greater Noida, India Bachelor of Technology, Electronics and Communication Engineering 2005 - 2009 Graduated 1st / 125 students in my department & among top 5% of university B.Tech batch of ~26,000 students EXPERIENCE Axis Bank Mumbai, India India’s leading private bank, offering a wide range of consumer and corporate banking services; annual turnover: $6.2B Senior Manager, IT - Technology & Digital Innovation Group 05/2014 – 02/2016 Innovation Management and IT Strategy - CIO Advisory Handpicked by the senior management to devise digital transformation
    [Show full text]
  • PTC Integrity Modeler
    InDetail InDetail Paper by Bloor Author David Norfolk Publish date August 2015 PTC Integrity Modeler …a standards-based tool for Systems and Software Engineering A key success factor“ for PTC Integrity Modeler is the continuing active involvement of its parent company in the development of key OMG standards such as the SysML extension to UML and the UPDM consolidation of the MODAF and DoDAF Enterprise Architecture frameworks. Author David Norfolk” Executive summary PTC Integrity Modeler is a standards-based, graphical systems and software engineering tool which, in our view, caters well for large distributed teams working on mission-critical and safety-critical projects involving the integration of software, hardware and human process. owever, in order to fully business and the technical needs of all appreciate this tool, it is customers with the goal of providing H important that its potential a quality product that meets the user users understand the concept of Systems needs.” Engineering (SE) and how it differs from In line with this, the PTC Integrity merely writing computer programs. In Modeler tool (in conjunction with the rest In our view, a company essence, Systems Engineering starts with of the PTC Integrity, Windchill, Creo and really needs“ to understanding a business-level problem ThingWorx tool-suites) promises to help institutionalise a and its context, independently of any companies to develop effective, holistic automated solution, and works forward solutions to large business-critical mature, metrics- to implementing human processes, problems, using systems engineering focussed, business- software and hardware which together principles and software engineering aligned systems solve the problem by means of “Systems to make the SE models “actionable” development culture of Systems” (SoS).
    [Show full text]
  • Khodayari and Giancarlo Pellegrino, CISPA Helmholtz Center for Information Security
    JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals Soheil Khodayari and Giancarlo Pellegrino, CISPA Helmholtz Center for Information Security https://www.usenix.org/conference/usenixsecurity21/presentation/khodayari This paper is included in the Proceedings of the 30th USENIX Security Symposium. August 11–13, 2021 978-1-939133-24-3 Open access to the Proceedings of the 30th USENIX Security Symposium is sponsored by USENIX. JAW: Studying Client-side CSRF with Hybrid Property Graphs and Declarative Traversals Soheil Khodayari Giancarlo Pellegrino CISPA Helmholtz Center CISPA Helmholtz Center for Information Security for Information Security Abstract ior and avoiding the inclusion of HTTP cookies in cross-site Client-side CSRF is a new type of CSRF vulnerability requests (see, e.g., [28, 29]). In the client-side CSRF, the vul- where the adversary can trick the client-side JavaScript pro- nerable component is the JavaScript program instead, which gram to send a forged HTTP request to a vulnerable target site allows an attacker to generate arbitrary requests by modifying by modifying the program’s input parameters. We have little- the input parameters of the JavaScript program. As opposed to-no knowledge of this new vulnerability, and exploratory to the traditional CSRF, existing anti-CSRF countermeasures security evaluations of JavaScript-based web applications are (see, e.g., [28, 29, 34]) are not sufficient to protect web appli- impeded by the scarcity of reliable and scalable testing tech- cations from client-side CSRF attacks. niques. This paper presents JAW, a framework that enables the Client-side CSRF is very new—with the first instance af- analysis of modern web applications against client-side CSRF fecting Facebook in 2018 [24]—and we have little-to-no leveraging declarative traversals on hybrid property graphs, a knowledge of the vulnerable behaviors, the severity of this canonical, hybrid model for JavaScript programs.
    [Show full text]