Experiences developing architectures for realizing thin‐client diagram editing tools

Diagram‐centric applications such as software design tools, project planning tools and business process modelling tools are usually ‘thick‐client’ applications running as stand‐alone desktop applications. There are several advantages to providing such design tools as Web‐based or even PDA‐ and mobile‐phone‐based applications. These include ease of access and upgrade, provision of collaborative work support and Web‐based integration with other applications. However, building such thin‐client diagram editing tools is very challenging. We have developed several thin‐client diagram editing applications realized as a set of plug‐in extensions to a meta‐tool for visual design environment development. In this paper, we discuss key user interaction and software architecture issues, illustrate examples of interacting with our thin‐client diagram editing tools, describe our design and implementation approaches, and present the results of several different evaluations of the resultant applications. Our experiences will be useful for those interested in developing their own thin‐client diagram editing architectures and applications. Copyright © 2007 John Wiley & Sons, Ltd.     

From formal requirements to automated web testing and prototyping

Use cases and user interface prototypes are agile techniques used to specify required functionalities of an object-oriented system. Testing can find most errors of the software and ensure that the requirement specifications are satisfied by the application. We can derive test cases from use cases and run them in user interfaces, but we do it in a mechanical way. In this paper, we propose a new approach for automating the generation of user interface prototypes and test cases for web applications. Starting from a formalization of the requirements based on controlled use cases extended with the system glossary and the user interface specifications, we automatically generate web pages and test cases which are passed as parameters for an automated web testing tool.     

基于元路径嵌入的移动应用需求偏好分析方法

随着互联网和移动应用平台的快速发展,围绕移动应用所产生的海量用户数据已经成为精确分析用户需求偏好的重要数据源.尽管已有不少学者从这些数据中分析和挖掘用户需求,但现有的方法通常只研究了数据的少数维度的特征,未能有效地挖掘多维移动应用信息以及他们之间的关联.提出一种基于元路径嵌入的移动应用需求偏好分析方法,能够为用户进行个性化移动应用推荐.具体地,首先分析移动应用的文本信息中的语义主题,挖掘用户需求偏好的分析维度.其次,将移动应用信息的语义特征构建了一个融合移动应用多维信息的概念模型,涵盖了能够表征用户需求偏好的多维度数据.基于概念模型的语义,设计了一组有意义的元路径集合,以精确地捕捉用户需求偏好的语义.最后,通过使用元路径嵌入技术进行用户行为画像,进而实现个性化的移动应用推荐.使用苹果应用商店包括1507个移动应用和153501条用户评论的真实数据集进行实验评估.实验结果表明所提的方法在各指标上均优于现有模型,其中平均F1值提升0.02,平均归一化折损累计增益(normalized discounted cumulative gain,NDCG)提升0.1.     

Acceptance tests for validating ARIA requirements in widgets

Accessibility refers to a quality requirement for web applications. However, current accessibility automatic evaluation tools cannot evaluate dynamic generated content that characterizes Ajax applications and RIAs. In this context, this paper describes an approach for evaluating Accessible Rich Internet Applications (ARIA) requirements, by using acceptance tests. The authors implemented a set of disabled user interaction scenarios as acceptance tests in order to verify keyboard accessibility in RIA and automatically evaluate ARIA conformance in widgets. The inclusion of disabled user interaction scenarios in the evaluation process is necessary to analyse ARIA requirements since dynamic changes are accommodated in the DOM structure. Two evaluation tool prototypes were developed and validated in separate case studies. The results show evidence that the proposed evaluation approach is capable of evaluating ARIA conformance in RIA widgets.     

Towards a contingency approach with whitelist- and blacklist-based anti-phishing applications: what do usability tests indicate?

In web browsers, a variety of anti-phishing tools and technologies are available to assist users to identify phishing attempts and potentially harmful pages. Such anti-phishing tools and technologies provide Internet users with essential information, such as warnings of spoofed pages. To determine how well users are able to recognise and identify phishing web pages with anti-phishing tools, we designed and conducted usability tests for two types of phishing-detection applications: blacklist-based and whitelist-based anti-phishing toolbars. The research results mainly indicate no significant performance differences between the application types. We also observed that, in many web browsing cases, a significant amount of useful and practical information for users is absent, such as information explaining professional web page security certificates. Such certificates are crucial in ensuring user privacy and protection. We also found other deficiencies in web identities in web pages and web browsers that present challenges to the design of anti-phishing toolbars. These challenges will require more professional, illustrative, instructional, and reliable information for users to facilitate user verification of the authenticity of web pages and their content.     

LeakSpot: detection and diagnosis of memory leaks in JavaScript applications

The migration of application logic to the client side of modern web applications and the use of JavaScript as the main language for client‐side development have made memory leaks in JavaScript an issue for web applications. Client‐side web applications communicate with the server asynchronously, remaining on the same web page during their lifetime. Thus, even minor memory leaks can eventually lead to excessive memory usage, negatively affecting user‐perceived response time and possibly causing page crashes. To detect memory leaks and guide developers in fixing the leaks quickly and easily, this paper introduces LeakSpot, a tool that creates a run‐time heap model by modifying the application code in a browser‐agnostic way to record object allocations, accesses, and references created to objects. LeakSpot reports those allocation sites causing the leaks instead of all the leaky allocation sites. It also identifies the locations in the code where leaked objects are accumulated, for example, the locations where a reference from a data structure is created but forgotten to be removed by the developer. To facilitate debugging and fixing the leaks, for every leaked object, LeakSpot reports all the locations in the code that create a reference to the object. To confirm usefulness and efficacy of LeakSpot experimentally, we have used LeakSpot to find and fix four memory leaks in a JavaScript benchmark suite and in open‐source web applications. LeakSpot is also shown to be effective in pointing out the potential causes of three leaks in large and popular web applications. Copyright © 2016 John Wiley & Sons, Ltd.     

Visualization and debugging of distributed multiagent systems

Visualizing the behavior of systems with distributed data, control, and process is a notoriously difficult task. Each component in the distributed system has only a local view of the whole setup, and the onus is on the user to integrate, into a coherent whole, the large amounts of limited information they provide. In this article, we describe an architecture and an implemented system for visualizing and controlling distributed multiagent applications. The system comprises a suite of tools, with each tool providing a different perspective of the application being visualized . Each tool interrogates the components of the distributed application, collates the returned information, and presents this information to users in an appropriate manner. This in essence, shifts the burden ofinference from the user to the visualizer. Our visualizer has been evaluated on four distributed multiagent systems: a travel management application, a telecommunications network management application, a business process management demonstrator, and an electronic commerce application. Lastly, we briefly show how the suite of tools can be used together for debugging multiagent applications - a process we refer to as debugging via corroboration.     

Tool choice in innovation diffusion: A human activity readiness theory

The short product life cycle of information and communication technology (ICT) applications makes it critical for developers to expedite the diffusion process by reducing user resistance. At the individual level, the adoption of an ICT application largely depends on how a person is ready to use the computerized tool in place of the corresponding traditional method for a certain purpose. To find out how to facilitate the transition, this study investigates the human choice behavior involved in technology adoption with the Activity Theory that allows for the inclusion of different tools in one unit of analysis. The understanding of user situated experiences from the activity perspective leads to hypothesized relationships between user-, tool- and task-related factors and the dependent variable in terms of tool readiness. The empirical results support that tool experiences have stronger effects on specific tool readiness at the within-subject level, user characteristics have weaker effects on general tool readiness at the between-subject level, and task situations influence both levels of tool readiness. The findings provide insights on how to facilitate innovation diffusion for different tools, tasks and users.     

Towards generic representation of web applications: solutions and trade‐offs

Server pages (also called dynamic pages) render a generic web page into many similar ones. The technique is commonly used for implementing web application user interfaces (UIs). Yet our previous study found a high rate of repetitions (also called ‘clones’) in web applications, particularly in UIs. The finding raised the question as to why such repetitions had not been averted with the use of server pages. For an answer, we conducted an experiment using PHP server pages to explore how far server pages can be pushed to achieve generic web applications. Our initial findings suggested that generic representation obtained using server pages sometimes compromises certain important system qualities such as run‐time performance. It may also complicate the use of WYSIWYG editors. We have analysed the nature of these trade‐offs, and now propose a mixed‐strategy approach to obtain optimum generic representation of web applications without unnecessary compromise to critical system qualities and user experience. The mixed‐strategy approach applies the generative technique of XVCL to achieve genericity at the meta‐level representation of a web application, leaving repetitions to the actual web application. Our experiments show that the mixed‐strategy approach can achieve a good level of genericity without conflicting with other system qualities. Our findings should open the way for others to better‐informed decisions regarding generic design solutions, which should in turn lead to simpler, more maintainable and more reusable web applications. Copyright © 2008 John Wiley & Sons, Ltd.     

State‐of‐the‐Art Report in Web‐based Visualization

In this report, we review the current state of the art of web‐based visualization applications. Recently, an increasing number of web‐based visualization applications have emerged. This is due to the fact that new technologies offered by modern browsers greatly increased the capabilities for visualizations on the web. We first review these technical aspects that are enabling this development. This includes not only improvements for local rendering like WebGL and HTML5, but also infrastructures like grid or cloud computing platforms. Another important factor is the transfer of data between the server and the client. Therefore, we also discuss advances in this field, for example methods to reduce bandwidth requirements like compression and other optimizations such as progressive rendering and streaming. After establishing these technical foundations, we review existing web‐based visualization applications and prototypes from various application domains. Furthermore, we propose a classification of these web‐based applications based on the technologies and algorithms they employ. Finally, we also discuss promising application areas that would benefit from web‐based visualization and assess their feasibility based on the existing approaches.     

Synthy: A system for end to end composition of web services

The demand for quickly delivering new applications is increasingly becoming a business imperative today. However, application development is often done in an ad hoc manner resulting in poor reuse of software assets and longer time-to-delivery. Web services have received much interest due to their potential in facilitating seamless business-to-business or enterprise application integration. A web service composition system can help automate the process, from specifying business process functionalities, to developing executable workflows that capture non-functional (e.g. Quality of Service (QoS)) requirements, to deploying them on a runtime infrastructure. Intuitively, web services can be viewed as software components and the process of web service composition similar to software synthesis. In addition, service composition needs to address the build-time and runtime issues of the integrated application, thereby making it a more challenging and practical problem than software synthesis. However, current solutions based on business web services (using WSDL, BPEL, SOAP, etc.) or semantic web services (using ontologies, goal-directed reasoning, etc.) are both piecemeal and insufficient. We formulate the web service composition problem and describe the first integrated system for composing web services end to end, i.e., from specification to deployment. The proposed solution is based on a novel two-staged composition approach that addresses the information modeling aspects of web services, provides support for contextual information while composing services, employs efficient decoupling of functional and non-functional requirements, and leads to improved scalability and failure handling. We also present Synthy, a prototype of the service composition system, and demonstrate its effectiveness with the help of an application scenario from the telecom domain.     

基于异常利用的安卓应用重打包对抗技术

应用重打包是安卓生态中的一种严重的安全威胁。借助应用重打包技术,攻击者可以向原始应用插入恶意代码以实现不同的恶意功能,如窃取用户隐私数据、发送收费短信及替换应用广告SDK等。有研究表明,85%以上的恶意应用通过应用重打包的方式产生。对抗安卓重打包攻击,主要有三种防御方式:一是在应用开发过程中,由开发者对应用进行加固,实施重打包防御策略;二是在应用上传到应用市场时,进行静态应用重打包检测;三是在终端设备上进行动态重打包应用检测。其中,利用重打包工具解析安卓应用程序安装包的缺陷对应用进行加固来提高攻击者生成重打包应用的技术门槛被证明是一种有效的缓解措施。但距今为止,已有工作并未提出一种系统化的方法来发现可用于保护应用的重打包工具缺陷。本文提出了一种系统化的面向重打包对抗的重打包工具可利用缺陷检测方法。首先,我们通过代码扫描定位重打包工具中的潜在异常点;其次,使用模糊测试的方式来尝试触发被定位的异常;最后,监测触发异常的变异应用在目标安卓设备上的运行情况,并进行进一步的模糊测试来最终构建能被用于对抗重打包攻击的异常触发向量。在以应用广泛的重打包工具Apktool为实验对象的测试中,我们总共发现了12个未知的可利用的缺陷,这些缺陷都已被证明可用于实际应用来对抗重打包攻击。     

Management of a parameter sweep for scientific applications on cluster environments

The GEOsciences Network (GEON, www.geongrid.org ) is a large‐scale collaborative cyberinfrastructure project involving information technology and geoscience researchers from multiple institutions. The GEON infrastructure provides portal, middleware, and data resources to facilitate scientific discovery for domain scientists using applications, tools, and services. It consists of both a service‐oriented Web/Grid framework and application toolkits, using the Web service and portlet programming model to represent applications. Based on those grid environments, we have developed the SYNSEIS (SYNthetic SEISmogram) tool within the GEON infrastructure to support personalized experiments in seismology. In this paper, we present an overview of SYNSEIS from a user point of view, and demonstrate how one can use a simple management scheme to perform a parameter sweep and distribute the work in computational resources, using a scientific application that was not specifically designed to perform parameter sweeps. The performance advantages to be gained by using this scheme with scientific codes for dealing with a large number of jobs on computational grids are very substantial. In particular, we identify the earthquake simulations in the SYNSEIS tool as an example application that can benefit from running jobs on computational resources and subsequently promote the sharing of computational resources among partner sites involved in the GEON project. Finally, we also discuss the parallel scaling behavior of our primary earthquake simulation application. Copyright © 2010 John Wiley & Sons, Ltd.     

A study on development of cognitive support features in recent ontology visualization tools

Ontologies are currently emerging as representation techniques for overlapping compatibility context domains. The continuing need for more effective information retrieval has lead to the creation of the notions of the semantic web and personalized information management. Subsequently, the need for effective ontology visualization for design, management and browsing has arisen. Several ontology visualization tools have come out to strengthen the users’ cognitive support. The primary goal of this paper is to present a survey on recently implemented ontology visualization tools and their contributions in the enrichment of users’ cognitive support. This work also presents the preliminary results of an evaluation of three visualization tools to determine the suitability of each method for end user applications where ontologies are used as browsing aids.     

User interface specification with sequence diagrams: an application to the AIRBUS A380 Datalink system

The development of user interfaces for safety critical systems is driven by requirements specifications. Because user interface specifications are typically embedded within complex systems requirements specifications, they can be intractable to manage. Proprietary requirements specification tools do not support the user interface designer in modelling and specifying the user interface. In this paper, a new way of working with embedded user interface specifications is proposed, exploiting sequence diagrams with a hypertext structure for representing and retrieving use cases. This new tool concept is assessed through an application to the requirements specification for the Airbus A380 air traffic control Datalink system; engineers involved in the development of the Airbus cockpit used a prototype of the tool concept to resolve a set of user interface design anomalies in the requirements specification. The results of the study are positive and indicate the user interface to requirements specification tools which user interface designers themselves need.     

Guidelines for supporting real‐time multi‐touch applications

Multi‐touch driven user interfaces are becoming increasingly prevalent because of their intuitiveness and because of the reduction in the associated hardware costs. In recognition of this trend, multi‐touch software frameworks (MSFs) have begun to emerge. These frameworks abstract the low level issues of multi‐touch software development and deployment. MSFs therefore enable software developers who are unfamiliar with the complexities of multi‐touch software development to implement and deploy multi‐touch applications more easily. However, some multi‐touch applications have real‐time system requirements, and at present, no MSFs provide support for the development and deployment of such real‐time multi‐touch applications. The implication of this is that software developers are unable to take advantage of MSFs and, therefore, are forced to handle the complexities of multi‐touch and real‐time systems development and deployment for themselves in an ad hoc manner. The primary consequence of this is that the multi‐touch and/or real‐time aspects of the application may not function correctly. In this paper, guidelines are presented for applying real‐time system concepts to support the development and deployment of real‐time multi‐touch applications using MSFs. This serves to increase the probability that the application will meet its timing requirements while also reducing the complexity of the development and deployment process associated with multi‐touch applications. Copyright © 2013 John Wiley & Sons, Ltd.