Integrating RFID with quality assurance system – Framework and applications

A quality assurance system (QAS) is designed and used to inspect product quality, determine causes of abnormal by collecting, analyzing and testing data from the product line, and then determining how an improvement plan should be conducted. By utilizing radio frequency identification (RFID), a QAS may be able to detect, and even prevent, quality problems more effectively than the traditional quality assurance system. The proposed framework provides a structure for an RFID-based QAS that allows on-site staff to monitor complicated variations in production process by handling numerous possible abnormalities simultaneously. Two industry applications are provided to demonstrate using of the proposed framework.     

Avoiding,finding and fixing spreadsheet errors – A survey of automated approaches for spreadsheet QA

Spreadsheet programs can be found everywhere in organizations and they are used for a variety of purposes, including financial calculations, planning, data aggregation and decision making tasks. A number of research surveys have however shown that such programs are particularly prone to errors. Some reasons for the error-proneness of spreadsheets are that spreadsheets are developed by end users and that standard software quality assurance processes are mostly not applied. Correspondingly, during the last two decades, researchers have proposed a number of techniques and automated tools aimed at supporting the end user in the development of error-free spreadsheets. In this paper, we provide a review of the research literature and develop a classification of automated spreadsheet quality assurance (QA) approaches, which range from spreadsheet visualization, static analysis and quality reports, over testing and support to model-based spreadsheet development. Based on this review, we outline possible opportunities for future work in the area of automated spreadsheet QA.     

Skoll: A Process and Infrastructure for Distributed Continuous Quality Assurance

Software engineers increasingly emphasize agility and flexibility in their designs and development approaches. They increasingly use distributed development teams, rely on component assembly and deployment rather than green field code writing, rapidly evolve the system through incremental development and frequent updating, and use flexible product designs supporting extensive end-user customization. While agility and flexibility have many benefits, they also create an enormous number of potential system configurations built from rapidly changing component implementations. Since today's quality assurance (QA) techniques do not scale to handle highly configurable systems, we are developing and validating novel software QA processes and tools that leverage the extensive computing resources of user and developer communities in a distributed, continuous manner to improve software quality significantly. This paper provides several contributions to the study of distributed, continuous QA (DCQA). First, it shows the structure and functionality of Skoll, which is an environment that defines a generic around-the-world, around-the-clock QA process and several sophisticated tools that support this process. Second, it describes several novel QA processes built using the Skoll environment. Third, it presents two studies using Skoll: one involving user testing of the Mozilla browser and another involving continuous build, integration, and testing of the ACE+TAO communication software package. The results of our studies suggest that the Skoll environment can manage and control distributed continuous QA processes more effectively than conventional QA processes. For example, our DCQA processes rapidly identified problems that had taken the ACE+TAO developers much longer to find and several of which they had not found. Moreover, the automatic analysis of QA results provided developers information that enabled them to quickly find the root causes of problems     

Security Testing of Internal Tools

As the software industry continues to mature, software companies are realizing that they must dedicate more resources to quality assurance (QA) processes. But even though security testing as part of an overall QA process for products shipped to customers is starting to gain acceptance in the software industry as a necessity, the majority of software vendors pay little to no attention to the security of the tools they use internally. In this article, the author explore why testing (security testing in particular) on internal tools should be incorporated into the QA process. In short, a responsible software company shouldn't produce insecure software, regardless of whether this software is meant for internal use only.     

HUMAN FACTORS IN QUALITY ASSURANCE

The enthusiasm for total quality management may be diverting managers from some fundamental realities—namely, that quality programs are about people, not just models. As this column advises, quality assurance (QA) and related programs are first and foremost human resources programs. IS managers who attend to the human details succeed in a way that QA theorists never do.     

信息系统安全风险的概念模型和评估模型

本文阐述了信息系统安全风险的概念模型和评估模型,旨在为风险评估工作提供理论指导,使风险评估的过程和结果具有逻辑性和系统性,从而提高风险评估的质量和效果。     

System security assurance: A systematic literature review

System security assurance provides the confidence that security features, practices, procedures, and architecture of software systems mediate and enforce the security policy and are resilient against security failure and attacks. Alongside the significant benefits of security assurance, the evolution of new information and communication technology (ICT) introduces new challenges regarding information protection. Security assurance methods based on the traditional tools, techniques, and procedures may fail to account new challenges due to poor requirement specifications, static nature, and poor development processes. The common criteria (CC) commonly used for security evaluation and certification process also comes with many limitations and challenges. In this paper, extensive efforts have been made to study the state-of-the-art, limitations and future research directions for security assurance of the ICT and cyber–physical systems (CPS) in a wide range of domains. We conducted a systematic review of requirements, processes, and activities involved in system security assurance including security requirements, security metrics, system and environments and assurance methods. We highlighted the challenges and gaps that have been identified by the existing literature related to system security assurance and corresponding solutions. Finally, we discussed the limitations of the present methods and future research directions.     

基于多类网络模型的AI芯片测评方法研究

随着AI芯片制程不断升级以及结构设计不断优化,AI芯片在并行计算能力和泛化能力等方面展现出明显的优势,这些优势使得AI芯片在宇航领域得到越来越多的关注和应用。与传统的质量保证方法不同,AI芯片测评作为一项新的重要环节,对于AI芯片的选型和使用具有重要意义。本文针对面向宇航应用的AI芯片,研究了一种宇航用AI芯片的测评方法,该方法可以测评出AI芯片的精度、算力、功耗和量化支持能力,并基于该方法对AI芯片的性能和功能性指标进行了详细的分析和评价,最后针对宇航用AI芯片测评方法的进一步研究方向提出了相关建议。     

Centers of academic excellence: a case study

The US National Security Agency's Centers of Academic Excellence (CAEs) in Information Assurance Education program is in its seventh year, and 59 educational institutions have received the coveted "CAE" designation. The program was originally designed to jump-start education of an information security workforce by providing incentives to academic institutions to form information assurance programs and to students by providing scholarships. It has since been augmented by scholarship programs from the US National Science Foundation and the US Department of Defense. Several hundred graduates from these scholarship programs are already in the federal workforce. Indeed, information security and assurance has quickly become an important topic in computer science departments worldwide, with increasing numbers of information security specialists earning associate, undergraduate, masters, and doctoral degrees in the subject     

Assuring software quality assurance

The term quality assurance (or QA) has a variety of interpretations. The most common one is that it ensures that developers, testers, or independent auditors have performed some form of scrutiny on a system to validate that it will work as required. Software quality assurance is similar but applies to the code or noncode artifacts.     

CMM质量保证的理论与实践

作为软件工程的一个重要领域,软件质量保证(SQA,Software Quality Assurance)正日益受到人们重视。介绍了CMM框架和CMM中的软件质量保证关键过程域,如何启动项目质量保证活动,如何实施项目质量保证活动,如何评审和监控项目质量保证活动以及如何对质量保证进行独立评估。阐述了软件质量保证的重要性以及产品质量和过程质量的关系。     

基于熵权法的密码模块安全保障能力评估

针对密码模块这类信息安全产品指标值不固定、指标系统难以建立、安全保障能力难以定量评估的问题,提出了一种定量描述密码模块安全保障能力的可行方法。方法运用区间数描述密码模块的安全属性,采用熵权法结合主观赋权法确定每个安全属性的权重值,运用区间型多属性决策方法进行综合评价,最后运用所提方法对两种商用密码模块进行了实例分析,计算结果表明所提方法可行。     

Risk assessment for a video surveillance system based on Fuzzy Cognitive Maps

For various IT systems security is considered a key quality factor. In particular, it might be crucial for video surveillance systems, as their goal is to provide continuous protection of critical infrastructure and other facilities. Risk assessment is an important activity in security management; it aims at identifying assets, threats and vulnerabilities, analysis of implemented countermeasures and their effectiveness in mitigating risks. This paper discusses an application of a new risk assessment method, in which risk calculation is based on Fuzzy Cognitive Maps (FCMs) to a complex automated video surveillance system. FCMs are used to capture dependencies between assets and FCM based reasoning is applied to aggregate risks assigned to lower-level assets (e.g. cameras, hardware, software modules, communications, people) to such high level assets as services, maintained data and processes. Lessons learned indicate, that the proposed method is an efficient and low-cost approach, giving instantaneous feedback and enabling reasoning on effectiveness of security system.     

目标驱动的软件质量保证实施

软件业发展日新月异,部分软件公司注意力集中投入资本在新产品的开发上,却往往忽略了软件质量保证体系的建立与改进.介绍如何以目标驱动的软件质量保证实施,怎样从软件质量保证(SQA)目标出发,建立必要的质量保证活动规范,平衡SQA在各个开发阶段的工作量,缩短整个开发周期,从而在满足商业目的的同时完善软件开发过程,提高软件质量.     

Harmonizing professional standards in ergonomics while recognizing diversity

Abstract

High quality performance is an aspiration of all professions and processes of quality assurance are normally carefully defined. These include the design of educational programmes to ensure that graduates achieve a high standard of performance and are able to compete in the world market and meet consumers' needs; a method of evaluating the relevance and standard of that education; and a means of ensuring continuing competence in practice. The diversity of paths taken to become an ergonomist offers a challenge to ergonomics societies to define effective and equitable approaches to quality assurance. This paper advocates the definition of core ergonomics competencies as a linking resource for educational planning, accreditation processes and certification procedures. Such an approach could provide the basis for harmonization in the recognition of ergonomists with varying educational backgrounds, expertise and experience.     

Information requirements of the quality assurance system

The rapid growth in the use of computers in Egypt since 1963 has led to significant changes in the information which is available for decision making and control. This information expansion has taken place against a background in which the information requirements of quality assurance systems were poorly defined. The result has been an “overabundance of irrelevant information”, and no corresponding improvement in the quality of products and services.

Most of the computer applications in the field of quality assurance deal with particular problems, specific organizations, or just guidelines for developing an information system.

On certain level of details, a general model of the quality assurance system could be defined. A corresponding general model of information system for quality assurance is proposed. The model is used for identifying the information requirements of the general quality assurance system and integrating the available applications in the field.     

Metrological assurance at industrial enterprise: Problems and solutions

Conceptual and systematic issues regarding the design of metrological assurance system at an industrial enterprise are considered. The system is constructed as a part of quality management system of the enterprise; process approach forms methodological foundation in development and operation of the system. The processes of implementing metrological functions, as well as the system of enterprise standards regulating control mechanisms for these processes are described.     

An Efficient and Scalable Quasi-Aggregate Signature Scheme Based on LFSR Sequences

Aggregate signatures can be a crucial building block for providing scalable authentication of a large number of users in several applications like building efficient certificate chains, authenticating distributed content management systems, and securing path vector routing protocols. Aggregate signatures aim to prevent resources (signature and storage elements, and computation) from growing linearly in the number of signers participating in a network protocol. In this paper, we present an efficient and scalable quasi-aggregate signature scheme, {rm CLFSR}- {rm QA}, based on third-order linear feedback shift register (cubic LFSR) sequences that can be instantiated using both XTR and GH public key cryptosystems. In the proposed {rm CLFSR}-{rm QA} construction, signers sign messages sequentially; however, the verfier need not know the order in which messages were signed. The proposed scheme offers constant length signatures, fast signing, aggregation, and verification operations at each node, and requires the least storage elements (public keys needed to verify the signature), compared to any other aggregate signature scheme. To the best of our knowledge, {rm CLFSR}- {rm QA} is the first aggregate signature scheme to be constructed using LFSR sequences. We believe that the {rm CLFSR}- {rm QA} signature scheme can be catalytic in improving the processing latency as well as reducing space requirements in building secure, large-scale distributed network protocols. We perform extensive theoretical analysis including correctness and security of {rm CLFSR}- {rm QA} and also present a performance (computation and communication costs, storage overhead) comparison of the proposed scheme with well-known traditional constructions.     

Developing and sustaining information assurance. The role of community colleges. Part 1

In 2001, articles in several technology journals underscored the shortage of qualified security professionals who understood information assurance (IA) concepts. At the time, only a handful of universities offered academic programs in IA, and those were at the masters and doctoral levels. Although a few colleges had classes that covered IA topics, no undergraduate-level programs existed. Continual training and education are necessary to manage the ever-evolving technologies of computer systems and network administration, which place increasingly heavy demands on public and private entities. New positions open frequently for qualified applicants in IA, sometimes forcing existing employees to step into the job of maintaining secure and available computer infrastructures to support their organizations. To help address the ongoing need for security training; several US community colleges have stepped up to develop academic programs over the past several years. This article presents the case for IA training at that level, setting the stage for further examination of the particular challenges that it entails.     

Fault Reconstruction for Continuous‐Time Systems Via Learning Observers

This paper addresses the problem of learning observer (LO)‐based fault reconstruction in continuous‐time systems. An LO is constructed such that simultaneous reconstruction of system states and actuator faults can be guaranteed. Then, existence conditions of LOs are first introduced to verify whether or not the LOs for fault reconstruction exist. An effective LO‐design algorithm is explored such that observer gain matrices can be conveniently solved using linear matrix inequality technique. An extension to sensor‐fault reconstruction is also investigated. Finally, two simulation examples are employed to demonstrate the effectiveness of the proposed LO‐based fault‐reconstructing approaches.