Software assurance for security

The article discusses an approach to security analysis that we have applied successfully over the past several years (to 1999) at Reliable Software Technologies. Our approach is no magic bullet, but it offers a reasoned methodology that has proven to be useful in the trenches. Our methodology, like many useful things, is a mix of art and engineering. The idea is straightforward: design a system with security in mind, analyze the system in light of known and anticipated risks, rank the risks according to their severity, test to the risks, and cycle broken systems back through the design process. The process outlined above has one essential underlying goal: avoiding the unfortunately pervasive penetrate-and-patch approach to computer security-that is, avoiding the problem of desperately trying to come up with a fix to a problem that is being actively exploited by attackers. In simple economic terms, finding and removing bugs in a software system before its release is orders of magnitude cheaper and more effective than trying to fix systems after release     

Software HEVC video decoder: towards an energy saving for mobile applications

Multimedia Tools and Applications - With the explosive growth of mobile video consumption over the Internet, delivering video at high quality while controlling the energy consumption of embedded...     

Software quality assurance economics

ContextSoftware companies invest in quality assurance in order to lower software development and maintenance cost, and to increase revenue and profit margins. To contribute to increase of net income, a quality assurance organization has to consider cost and value of the testware involved in assuring quality of software artifacts, such as requirements, specifications, designs, and code.ObjectiveThis paper proposes a set of economic metrics: testware return on investment, inflation, and cost and value sensitivity to artifact changes and time passage. The paper proposes a set of guidelines on lowering testware cost, on increasing value, on maximizing return on investment, and on when to release.MethodThis paper presents an industrial case study data on the relation between test case cost and value, and on cost and value sensitivity to time passage and artifact changes.ResultsThe industrial case study showed return on investment on test cases of up to 200%, deflation of up to −2% per month, undesirable economic effects, such as test case cost outpacing test case value and rapid test case value depreciation based on time passage.ConclusionA viable QA organization should measure and improve test case return on investment, inflation, and cost and value sensitivity to artifact changes and time passage.     

Software development for mobile computers

The author describes a course that he developed and teaches on software development for mobile computing. The course provides the theory and hands-on experience that students need to develop applications for new mobile computing environments.     

Customer-centered design for mobile applications

Designing applications for mobile platforms presents unique and harder challenges than traditional software design. Users of such devices expect to be able to run such applications with no training, no traditional packaging elements such as quick start cards, and no help system. Customer-centered design is probably the only way such applications can be designed successfully. This paper presents our experience using customer-centered design to create a sophisticated mobile application—mSports Baseball. We describe the application and detail how we modified contextual Design (CD), our customer-centered design process, to produce an application users could enjoy with no training and no help.

Software testing and preventive quality assurance for metrology

Software controlled measuring systems can be approved with the help of different kinds of conformity assessment techniques based either on the final product, the product design or corresponding development and production processes. To validate the software as an integral part of the measuring system, different approaches of software quality assurance have to be applied for different conformity assessment procedures. There are two essential categories of software quality assurance, both of which supplement each other. On the one hand side, analytical methods of software testing, static analysis, and code inspection are used in the scope of conformity assessments of final or intermediate products. On the other hand, preventive audits of software development processes are applied to evaluate and improve appropriate software processes and to consequently support process related conformity assessment procedures. Depending on the validation objectives, validation methods, audit areas, and the appropriate requirements have to be selected and refined. A major problem of validation efforts, namely the process of defining and refining testable requirements, can be solved with the help of international software standards. In Germany, the accredited software testing laboratory at PTB supports software quality in metrology.     

Software quality assurance in practice

This paper presents the key findings of a survey of a representative sample of the Australian software industry as to the actual use and application of quality assurance techniques in the development of software. The survey aims to confirm previous survey findings through a management questionnaire and to investigate the software development practices at the screen face through a developer questionnaire. The separate responses are analysed to rate the extent to which quality management practices have penetrated the information systems department. The project commenced in July 1994 and the results of this initial survey support the hypothesis that software quality assurance programmes have not yet penetrated to the systems developers at lower levels of organizations.     

MobiLine: A Nested Software Product Line for the domain of mobile and context-aware applications

Mobile devices are multipurpose and multi-sensor equipments supporting applications able to adapt their behavior according to changes in the user’s context (device, location, time, etc.). Meanwhile, the development of mobile and context-aware software is not a simple task, mostly due to the peculiar characteristics of these devices. Although several solutions have been proposed to facilitate their development, reuse is not systematically used throughout the software development life-cycle. In this paper, we discuss an approach for the development of mobile and context-aware software using the Software Product Line (SPL) paradigm. Furthermore, a Nested SPL for the domain of mobile and context-aware applications is presented, lessons learned in the SPL development are discussed and a product for a context-aware visit guide is shown.     

Real-time map labelling for mobile applications

It is essential to label roads, landmarks, and other important features on maps for mobile applications to help users to understand their location and the environment. This paper aims to examine real-time map labelling methods suitable for the small screen on mobile devices. A slider method with a continuous search space was proposed to sequentially label both line and point features. The method starts with defining a range box for possible locations of the label. Then a search is performed, and the range box is reduced, if there are any cartographic objects that overlap the range box. Finally, the label is placed, at the best possible position in the reduced range box according to normal cartographic preferences, where it does not obscure any cartographic object. We implemented this method in a Java environment using the open source library JTS Topology Suite. A case study showed sound cartographic results of the labelling and acceptable computational efficiency.     

Advanced IPS technology for mobile applications

Abstract— In‐plane‐switching LCD (IPS‐LCD) technologies originally developed for LCD monitors and TV applications are applied to mobile applications. Advantages of the IPS mode over other optical modes for mobile applications are quantitatively clarified. The panel achieves stable color reproduction and chromaticity in the viewing‐angle range for mobile displays. Superiority of the IPS mode over other optical modes is discussed also from the viewpoints of stability in chromaticity during the brightness change and the driving power consumption. A transflective IPS mode with good performance is accomplished by the use of a proper optical design. A new structure, IPS‐Pro, which enables sunlight readability by increasing the transmittance, i.e., the brightness of the panel, without additional cost and power consumption in contrast to additional fabrication processes required to fabricate the transflective mode is realized. Furthermore, to improve the users' convenience, an automatic luminance control system and a controllable viewing‐angle device are developed. The panels developed fulfill the market requirements of increasing the function and performance variations and will be the most appropriate ones to be applied to mobile appliances, such as cellular phones, digital still cameras, music players, GPS, mobile TV sets, etc.     

Gossip-based cooperative caching for mobile applications in mobile wireless networks

Cooperative caching is an efficient way to improve the performance of data access in mobile wireless networks, by cache nodes selecting different data items in their limited storage in order to reduce total access delay. With more demands on sharing a video or other data, especially for mobile applications in an Internet-based Mobile Ad Hoc Network, considering the relations among data items in cooperative caching becomes more important than before. However, most of the existing works do not consider these inherent relations among data items, such as the logical, temporal, or spatial relations. In this paper, we present a novel solution, Gossip-based Cooperative Caching (GosCC) to address the cache placement problem, and consider the sequential relation among data items. Each mobile node stores the IDs of data items cached locally and the ID of the data item in use into its progress report. Each mobile node also makes use of these progress reports to determine whether a data item should be cached locally. These progress reports are propagated within the network in a gossip-based way. To improve the user experience, GosCC aims to provide users with an uninterrupted data access service. Simulation results show that GosCC achieves better performance than Benefit-based Data Caching and HybridCache, in terms of average interruption intervals and average interruption times, while sacrificing message cost to a certain degree.     

移动应用修炼之道

IT界的移动领域,如今暗潮涌动。3G、AppStore、Android、iPhone,甚至是山寨,一个个接踵而来的名词不断地回响在我们的耳边,经过这个移动终端、网络、应用、平台和内容各大运营商争夺用户的"乱世"之后,新一代移动平台及其生态系统即将诞生了。而最能反映整个移动生态链变化的,便是基于移动应用的诸多产品。从它们的创意产生,直至捞到第一桶金,每一个环节都与整个生态链息息相关。而且,"得应用者得天下"一句并不为过。拥有一个好的移动应用产品,不仅能够使厂商广为获利,更重要的是同时能够虏获千万用户的心。本期特别策划,就将围绕移动应用产品的生命周期,将移动产品最有特点的生产环节进行拆分、组合,为读者讲述移动应用产品的修炼之道,同时反映出新一代移动平台的生态状况,在更高的层次上关注移动产品,关注移动领域。     

Software assurance by bounded exhaustive testing

Bounded exhaustive testing (BET) is a verification technique in which software is automatically tested for all valid inputs up to specified size bounds. A particularly interesting case of BET arises in the context of systems that take structurally complex inputs. Early research suggests that the BET approach can reveal faults in small systems with inputs of low structural complexity, but its potential utility for larger systems with more complex input structures remains unclear. We set out to test its utility on one such system. We used Alloy and TestEra to generate inputs to test the Galileo dynamic fault tree analysis tool, for which we already had both a formal specification of the input space and a test oracle. An initial attempt to generate inputs using a straightforward translation of our specification to Alloy did not work well. The generator failed to generate inputs to meaningful bounds. We developed an approach in which we factored the specification, used TestEra to generate abstract inputs based on one factor, and passed the results through a postprocessor that reincorporated information from the second factor. Using this technique, we were able to generate test inputs to meaningful bounds, and the inputs revealed nontrivial faults in the Galileo implementation, our specification, and our oracle. Our results suggest that BET, combined with specification abstraction and factoring techniques, could become a valuable addition to our verification toolkit and that further investigation is warranted.     

Optimal deployment of mobile cloudlets for mobile applications in edge computing

The Journal of Supercomputing - In the evolution of Internet of Things and 5G networks, edge computing, as an emerging computing paradigm, can effectively reduce the latency of accessing the cloud...     

Securing dynamic itineraries for mobile agent applications

In this paper we present a novel mechanism for the protection of dynamic itineraries for mobile agent applications. Itineraries that are decided as the agent goes are essential in complex applications based on mobile agents, but no approach has been presented until now to protect them. We have conceived a cryptographic scheme for shielding dynamic itineraries from tampering, impersonation and disclosure. By using trust strategically, our scheme provides a balanced trade-off between flexibility and security. Our protection scheme has been thought always bearing in mind a feasible implementation, and thus facilitates the development of applications that make use of it. An example application based on a real healthcare scenario is also presented to show its operation.     

移动位置服务的应用发展研究

移动位置服务是移动运营商和服务提供商联合推出的基于地理位置信息服务,用户通过移动终端获取位置信息及产品服务。中国的移动位置服务开展较早,但相比于美国等发达国家,并没有获得用户的广泛接受。本文通过研究移动位置服务的发展现状和用户行为,提出发展对策。     

Personal service areas for mobile Web applications

Location-based mobile services let wireless mobile users access Web-based information about resources in their immediate vicinities. The authors describe an algorithm that draws on context mobility elements, such as the user's travel direction and speed, to form personal service areas. Their experimental context-aware tourist information system (CATIS) leverages XML technologies and Web services to provide tourist information to mobile users based on these personal service areas and the users' preferences. Because Web service performance depends on the underlying databases, the authors also developed a layered caching scheme for storing environmental data to improve response time.     

Double-track mobile robot for hazardous environment applications

This paper introduces a link-type tracked vehicle, which is developed for potential applications such as fire fighting, handicapped assistance and mine detection in various hazardous environments. The vehicle consists of three parts—front frame, rear frame and body. The front frame is connected to the rear frame by a rotational passive adaptation mechanism, which is the driving mechanism of the vehicle. This is similar to a link structure such that one frame rotates to the other by external forces between the vehicle and the ground. This passive adaptation mechanism permits good adaptability to uneven terrain including stairs. This link structure also improves energy efficiency, and makes the vehicle simple and small. The body is a control system for remote control of the vehicle. It communicates visual and distance information to the operator, and commands direction and velocity orders.     

Design patterns for user interface for mobile applications

The topic of this paper is a collection of user interface (UI) design patterns for mobile applications. In the paper we present the structure of the patterns collection – the patterns are suggested solutions to problems that are grouped into a set of problem areas that are further grouped into three main problem areas – a structure which is valuable both as an index to identifying patterns to use, and it gives a fairly comprehensive overview of issues when designing user interfaces for mobile applications. To show the breadth of the patterns collection we present six individual problems with connected design patterns in some detail – each coming from different problem areas. They represent important and relevant problems, and are on different levels of abstraction, thus showing how patterns may be used to present problems and solutions on different levels of detail. To show the relevance and usefulness of the patterns collection for usability professionals with a mixed background, we present some relevant findings from a validation of the patterns collection. In addition to verifying the relevance and usefulness of the patterns collection, it also shows both expected and surprising correlations between background and perceived relevance and usefulness. One important finding from the validation is an indication that the patterns collection is best suited for experienced UI developers wanting to start developing mobile UIs. Using a patterns collection for documenting design knowledge and experience has been a mixed experience, so we discuss pros and cons of this. Finally, we present related work and future research.     

A standard for developing secure mobile applications

The abundance of mobile software applications (apps) has created a security challenge. These apps are widely available across all platforms for little to no cost and are often created by small companies and less-experienced programmers. The lack of development standards and best practices exposes the mobile device to potential attacks. This article explores not only the practices that should be adopted by developers of all apps, but also those practices the enterprise user should demand of any app that resides on a mobile device that is employed for both business and private uses.