Search For:

Displaying 1-50 out of 78 total
Implementing Software Effort Estimation in a Medium-sized Company
Found in: Software Engineering Workshop, Annual IEEE/NASA Goddard
By João Carlos Cunha,Sérgio Cruz,Marco Costa,Ana Rita Rodrigues,Marco Vieira
Issue Date:June 2011
pp. 92-96
Effort estimation in software development projects is far from being an easy task. In fact, despite the several effort estimation techniques available in the literature and the need for companies to perform such task in a daily basis, most small and medium...
 
Integrating GQM and Data Warehousing for the Definition of Software Reuse Metrics
Found in: Software Engineering Workshop, Annual IEEE/NASA Goddard
By Marco Vieira,Henrique Madeira,Sérgio Cruz,Marco Costa,João Carlos Cunha
Issue Date:June 2011
pp. 112-116
Software reuse is the practice of using existing artifacts (code, architecture, requirements, etc.) in new projects. The advantages of using previously developed software in new projects are easily understood. However, reusing artifacts is usually done in ...
 
IEEE International Workshop on Dependable and Secure Services (DSS 2014)
Found in: 2014 IEEE World Congress on Services (SERVICES)
By Nuno Laranjeiro,Pedro Furtado,Marco Vieira
Issue Date:June 2014
pp. 198-199
This workshop focuses on dependability and security of software and services. Service-based systems are being used in business and safety-critical environments to achieve operational goals and possess special characteristics that have been bringing difficu...
 
A Collaborative Approach to Knowledge Extraction from Rough Relational Databases
Found in: Hybrid Intelligent Systems, International Conference on
By Joao Marcos Vieira, Maria do Carmo Nicoletti, Marina T. Pires Vieira
Issue Date:December 2005
pp. 17-22
This paper proposes a collaborative approach, which combines two processes: the extraction of approximate information from a rough relational database and its generalization into symbolical rules. A rough relational database model is basically a standard r...
 
The Web Attacker Perspective - A Field Study
Found in: Software Reliability Engineering, International Symposium on
By José Fonseca, Marco Vieira, Henrique Madeira
Issue Date:November 2010
pp. 299-308
Web applications are a fundamental pillar of today’s globalized world. Society depends and relies on them for business and daily life. However, web applications are under constant attack by hackers that exploit their vulnerabilities to access valuable asse...
 
Understanding Interoperability Issues of Web Service Frameworks
Found in: 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
By Ivano Alessandro Elia,Nuno Laranjeiro,Marco Vieira
Issue Date:June 2014
pp. 323-330
Web Services are a set of technologies designed to support the invocation of remote services by client applications, with the key goal of providing interoperable application-to-application interaction while supporting vendor and platform independence. The ...
 
Analysis of Field Data on Web Security Vulnerabilities
Found in: IEEE Transactions on Dependable and Secure Computing
By Jose Fonseca,Nuno Seixas,Marco Vieira,Henrique Madeira
Issue Date:March 2014
pp. 89-100
Most web applications have critical bugs (faults) affecting their security, which makes them vulnerable to attacks by hackers and organized crime. To prevent these security problems from occurring it is of utmost importance to understand the typical softwa...
 
Penetration Testing for Web Services
Found in: Computer
By Nuno Antunes,Marco Vieira
Issue Date:February 2014
pp. 30-36
Web services are often deployed with critical software security faults that open them to malicious attack. Penetration testing using commercially available automated tools can help avoid such faults, but new analysis of several popular testing tools reveal...
 
On the Need for Training Failure Prediction Algorithms in Evolving Software Systems
Found in: 2014 IEEE 15th International Symposium on High-Assurance Systems Engineering (HASE)
By Ivano Irrera,Joao Duraes,Marco Vieira
Issue Date:January 2014
pp. 216-223
Failure prediction is a promising technique to improve dependability of computer systems, in particular when it is important to foresee incoming failures and take corrective actions to avoid downtime or data corruption. Failure prediction is especially ade...
 
A Technique for Deploying Robust Web Services
Found in: IEEE Transactions on Services Computing
By Nuno Laranjeiro,Marco Vieira,Henrique Madeira
Issue Date:January 2014
pp. 68-81
Developing robust web services is a difficult task. Field studies show that a large number of web services are deployed with robustness problems (i.e., presenting unexpected behaviors in the presence of invalid inputs). Although several techniques for the ...
 
SOA-Scanner: An Integrated Tool to Detect Vulnerabilities in Service-Based Infrastructures
Found in: 2013 IEEE International Conference on Services Computing (SCC)
By Nuno Antunes,Marco Vieira
Issue Date:June 2013
pp. 280-287
Service Oriented Architectures are nowadays used in a wide range of organizations to support critical daily operations. Although the underlying services should behave in a secure manner, they are often deployed with bugs that can be maliciously exploited. ...
 
A view on the past and future of fault injection
Found in: 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
By Nuno Silva,Ricardo Barbosa,Joao Carlos Cunha,Marco Vieira
Issue Date:June 2013
pp. 1-2
Fault injection is a well-known technology that enables assessing dependability attributes of computer systems. Many works on fault injection have been developed in the past, and fault injection has been used in different application domains. This fast abs...
 
Assessing the Impact of Virtualization on the Generation of Failure Prediction Data
Found in: 2013 Sixth Latin-American Symposium on Dependable Computing (LADC)
By Ivano Irrera,Joao Duraes,Henrique Madeira,Marco Vieira
Issue Date:April 2013
pp. 92-97
Fault injection has been successfully used in the past to support the generation of realistic failure data for offline training of failure prediction algorithms. However, runtime computer systems evolution requires the online generation of training data. T...
 
Robustness Evaluation of Controllers in Self-Adaptive Software Systems
Found in: 2013 Sixth Latin-American Symposium on Dependable Computing (LADC)
By Javier Camara,Rogerio de Lemos,Nuno Laranjeiro,Rafael Ventura,Marco Vieira
Issue Date:April 2013
pp. 1-10
An increasingly important requirement for software-intensive systems is the ability to self-manage by adapting their structure and behavior at run-time in an autonomous way as a response to a variety of changes that may occur to the system, its environment...
 
Lessons Learnt in the Implementation of CMMI® Maturity Level 5
Found in: 2012 Eighth International Conference on the Quality of Information and Communications Technology (QUATIC)
By Isabel Lopes Margarido,Raul Moreira Vidal,Marco Vieira
Issue Date:September 2012
pp. 47-56
CMMI® has proven benefits in software process improvement. Typically, organisations that achieve a CMMI level rating improve their performance. However, CMMI implementation is not trivial, in particular for high maturity levels, and not all organisations a...
 
Changeloads: A Fundamental Piece on the SASO Systems Benchmarking Puzzle
Found in: 2012 IEEE Conference on Self-Adaptive and Self-Organizing Systems Workshops (SASOW)
By Raquel Almeida,Marco Vieira
Issue Date:September 2012
pp. 93-96
Benchmarks have been traditionally tailored to static, unchangeable systems, functioning in well-known and controlled environments. Thus, established benchmarks (and benchmarking approaches) are becoming progressively less representative of real world scen...
 
Leveraging 24/7 Availability and Performance for Distributed Real-Time Data Warehouses
Found in: 2012 IEEE 36th Annual Computer Software and Applications Conference - COMPSAC 2012
By Ricardo Jorge Santos,Jorge Bernardino,Marco Vieira
Issue Date:July 2012
pp. 654-659
Real-time Data Warehouses (DWs) must be able to deal with continuous updates while ensuring 24/7 availability. To improve their performance, distributing data using round-robin algorithms on clusters of shared-nothing machines is normally used. This paper ...
 
Changeloads for Resilience Benchmarking of Self-Adaptive Systems: A Risk-Based Approach
Found in: European Dependable Computing Conference
By Raquel Almeida,Marco Vieira
Issue Date:May 2012
pp. 173-184
Benchmarking self-adaptive software systems calls for a new model that takes into account a distinctive characteristic of such systems: alterations over time (i.e., self-achieved modifications or adjustments triggered by changes in the external or internal...
 
Applying Data Mining for Detecting Anomalies in Satellites
Found in: European Dependable Computing Conference
By Denise Rotondi Azevedo,Ana Maria Ambrósio,Marco Vieira
Issue Date:May 2012
pp. 212-217
Telemetry data is the only source for identifying/predicting anomalies in artificial satellites. Human specialists analyze these data in real time, but its large volume, makes this analysis extremely difficult. In this experience paper we study the hypothe...
 
Defending against Web Application Vulnerabilities
Found in: Computer
By Nuno Antunes,Marco Vieira
Issue Date:February 2012
pp. 66-72
Although no single tool or technique can guard against the host of possible attacks, a defense-in-depth approach, with overlapping protections, can help secure Web applications.
 
Balancing Security and Performance for Enhancing Data Privacy in Data Warehouses
Found in: IEEE TrustCom/IEEE ICESS/FCST, International Joint Conference of
By Ricardo Jorge Santos,Jorge Bernardino,Marco Vieira
Issue Date:November 2011
pp. 242-249
Data Warehouses (DWs) store the golden nuggets of the business, which makes them an appealing target. To ensure data privacy, encryption solutions have been used and proven efficient in their security purpose. However, they introduce massive storage space ...
 
A Testing Service for Lifelong Validation of Dynamic SOA
Found in: High-Assurance Systems Engineering, IEEE International Symposium on
By Andrea Ceccarelli,Marco Vieira,Andrea Bondavalli
Issue Date:November 2011
pp. 1-8
Service Oriented Architectures (SOAs) are increasingly being used to support the information infrastructures of organizations. SOAs are dynamic and evolve after deployment in order to adapt to changes in the requirements and infrastructure. Consequently, t...
 
Trustworthiness Benchmarking of Web Applications Using Static Code Analysis
Found in: Availability, Reliability and Security, International Conference on
By Afonso Araújo Neto,Marco Vieira
Issue Date:August 2011
pp. 224-229
Benchmarking the security of web applications is complex and, although there are many proposals of metrics, no consensual quantitative security metric has been proposed so far. Static analysis is an effective approach for detecting vulnerabilities, but the...
 
Selecting Software Packages for Secure Database Installations
Found in: Availability, Reliability and Security, International Conference on
By Afonso Araújo Neto,Marco Vieira
Issue Date:August 2011
pp. 67-74
Security is one of the biggest concerns of database administrators. Most marketed software products announce a variety of features and mechanisms designed to improve security. However, that same variety largely complicates the process of selecting the adeq...
 
24/7 Real-Time Data Warehousing: A Tool for Continuous Actionable Knowledge
Found in: Computer Software and Applications Conference, Annual International
By Ricardo Jorge Santos,Jorge Bernardino,Marco Vieira
Issue Date:July 2011
pp. 279-288
Technological evolution has redefined many business models. Many decision makers are now required to act near real-time, instead of periodically, given the latest transactional information. Decision-making occurs much more frequently and considers the late...
 
Enhancing Penetration Testing with Attack Signatures and Interface Monitoring for the Detection of Injection Vulnerabilities in Web Services
Found in: Services Computing, IEEE International Conference on
By Nuno Antunes,Marco Vieira
Issue Date:July 2011
pp. 104-111
Web services are often deployed with critical software bugs that may be maliciously exploited. Developers often trust on penetration testing tools to detect those vulnerabilities but the effectiveness of such technique is limited by the lack of information...
 
A Composed Approach for Automatic Classification of Web Services Robustness
Found in: Services Computing, IEEE International Conference on
By Rui Oliveira,Nuno Laranjeiro,Marco Vieira
Issue Date:July 2011
pp. 176-183
Testing Web Services (WS) for robustness is a lengthy and arduous process. After testing a set of services, there is typically a very large quantity and variety of test results to be analyzed, which poses a challenge to the developer that has to manually p...
 
TO BEnchmark or NOT TO BEnchmark security: That is the question
Found in: Dependable Systems and Networks Workshops
By Afonso Araujo Neto,Marco Vieira
Issue Date:June 2011
pp. 182-187
The multiplicity of available software and component alternatives has boosted the interest in suitable benchmarks, able to assist in the selection of candidate solutions from the existing diversity, concerning several attributes. The huge success of perfor...
 
A Service Discovery Approach for Testing Dynamic SOAs
Found in: Object/Component/Service-Oriented Real-Time Distributed Computing Workshops , IEEE International Symposium on
By Andrea Ceccarelli, Marco Vieira, Andrea Bondavalli
Issue Date:March 2011
pp. 133-142
Service Oriented Architectures (SOAs) are composed of distributed services that interact through standard interfaces, and evolve transparently to other services and users. Although such dynamicity makes SOA a promising architectural style, it prevents orga...
 
Towards Identifying the Best Variables for Failure Prediction Using Injection of Realistic Software Faults
Found in: Pacific Rim International Symposium on Dependable Computing, IEEE
By Ivano Irrera, João Durães, Marco Vieira, Henrique Madeira
Issue Date:December 2010
pp. 3-10
Predicting failures at runtime is one of the most promising techniques to increase the availability of computer systems. However, failure prediction algorithms are still far from providing satisfactory results. In particular, the identification of the vari...
 
A Learning-Based Approach to Secure Web Services from SQL/XPath Injection Attacks
Found in: Pacific Rim International Symposium on Dependable Computing, IEEE
By Nuno Laranjeiro, Marco Vieira, Henrique Madeira
Issue Date:December 2010
pp. 191-198
Business critical applications are increasingly being deployed as web services that access database systems, and must provide secure operations to its clients. Although the open web environment emphasizes the need for security, several studies show that we...
 
Errors on Space Software Requirements: A Field Study and Application Scenarios
Found in: Software Reliability Engineering, International Symposium on
By Paulo C. Véras, Emilia Villani, Ana Maria Ambrosio, Nuno Silva, Marco Vieira, Henrique Madeira
Issue Date:November 2010
pp. 61-70
This paper presents a field study on real errors found in space software requirements documents. The goal is to understand and characterize the most frequent types of requirement problems in this critical application domain. To classify the software requir...
 
Comparing SQL Injection Detection Tools Using Attack Injection: An Experimental Study
Found in: Software Reliability Engineering, International Symposium on
By Ivano Alessandro Elia, José Fonseca, Marco Vieira
Issue Date:November 2010
pp. 289-298
System administrators frequently rely on intrusion detection tools to protect their systems against SQL Injection, one of the most dangerous security threats in database-centric web applications. However, the real effectiveness of those tools is usually un...
 
Applying Text Classification Algorithms in Web Services Robustness Testing
Found in: Reliable Distributed Systems, IEEE Symposium on
By Nuno Laranjeiro, Rui Oliveira, Marco Vieira
Issue Date:November 2010
pp. 255-264
Testing web services for robustness is an effective way of disclosing software bugs. However, when executing robustness tests, a very large amount of service responses has to be manually classified to distinguish regular responses from responses that indic...
 
Benchmarking the Resilience of Self-Adaptive Systems: A New Research Challenge
Found in: Reliable Distributed Systems, IEEE Symposium on
By Raquel Almeida, Henrique Madeira, Marco Vieira
Issue Date:November 2010
pp. 348-352
Self-adaptive systems are widely recognized as the future of computer systems. Due to their dynamic and evolving nature, the characterization of self-adaptation and resilience attributes is of upmost importance. The problem is that nowadays there is no pra...
 
Benchmarking Vulnerability Detection Tools for Web Services
Found in: Web Services, IEEE International Conference on
By Nuno Antunes, Marco Vieira
Issue Date:July 2010
pp. 203-210
Vulnerability detection tools are frequently considered the silver-bullet for detecting vulnerabilities in web services. However, research shows that the effectiveness of most of those tools is very low and that using the wrong tool may lead to the deploym...
 
From Performance to Resilience Benchmarking
Found in: Distributed Computing Systems Workshops, International Conference on
By Raquel Almedia, Henrique Madeira, Marco Vieira
Issue Date:June 2010
pp. 286-287
No summary available.
 
Comparing the Effectiveness of Penetration Testing and Static Code Analysis on the Detection of SQL Injection Vulnerabilities in Web Services
Found in: Pacific Rim International Symposium on Dependable Computing, IEEE
By Nuno Antunes,Marco Vieira
Issue Date:November 2009
pp. 301-306
Web services are becoming business-critical components that must provide a non-vulnerable interface to the client applications. However, previous research and practice show that many web services are deployed with critical vulnerabilities. SQL Injection vu...
 
A Trust-Based Benchmark for DBMS Configurations
Found in: Pacific Rim International Symposium on Dependable Computing, IEEE
By Afonso Araújo Neto,Marco Vieira
Issue Date:November 2009
pp. 143-150
Database Management Systems (DBMS), the central component of many computers applications, are typically immersed in very complex environments. Protecting the DBMS from security attacks requires evaluating a long list of complex configuration characteristic...
 
Effective Detection of SQL/XPath Injection Vulnerabilities in Web Services
Found in: Services Computing, IEEE International Conference on
By Nuno Antunes, Nuno Laranjeiro, Marco Vieira, Henrique Madeira
Issue Date:September 2009
pp. 260-267
This paper proposes a new automatic approach for the detection of SQL Injection and XPath Injection vulnerabilities, two of the most common and most critical types of vulnerabilities in web services. Although there are tools that allow testing web applicat...
 
BIRF: Keeping Software Development under Control across the Organization
Found in: Software Engineering Advances, International Conference on
By Paulo Marques, Paulo Gomes, Marco Vieira, Juan Prieto, Vicente Navarro, Mauro Pecchioli
Issue Date:September 2009
pp. 458-464
Many organizations have to manage an increasingly large number of software projects. In many cases, these projects are outsourced to different companies or developed across several departments. This creates a problem because it is increasingly difficult fo...
 
Benchmarking Untrustworthiness in DBMS Configurations
Found in: Dependable Computing, Latin-American Symposium on
By Afonso Araújo Neto, Marco Vieira
Issue Date:September 2009
pp. 1-8
Database Management Systems (DBMS) are usually immersed in a so complex environment that assessing the security impact of any particular configuration choice is an extremely hard task. DBMS configuration untrustworthiness can be defined as a measure of how...
 
Appraisals Based on Security Best Practices for Software Configurations
Found in: Dependable Computing, Latin-American Symposium on
By Afonso Araújo Neto, Marco Vieira
Issue Date:September 2009
pp. 57-64
Protecting systems and data from malicious access and corruption requires the existence of effective security mechanisms and the correct configuration of those mechanisms. Configuring large software systems for security is a complex task, entailing a lot o...
 
Detecting SQL Injection Vulnerabilities in Web Services
Found in: Dependable Computing, Latin-American Symposium on
By Nuno Antunes, Marco Vieira
Issue Date:September 2009
pp. 17-24
Web services are often deployed with critical software bugs that can be maliciously exploited. Web vulnerability scanners are regarded as an easy way to test web applications against security vulnerabilities. However, previous research shows that the effec...
 
Improving Web Services Robustness
Found in: Web Services, IEEE International Conference on
By Nuno Laranjeiro, Marco Vieira, Henrique Madeira
Issue Date:July 2009
pp. 397-404
Developing robust web services is a difficult task. Field studies show that a large number of web services are deployed with robustness problems (i.e., presenting unexpected behaviors in the presence of invalid inputs). Several techniques for the identific...
 
Extending Test-Driven Development for Robust Web Services
Found in: Dependability, International Conference on
By Nuno Laranjeiro, Marco Vieira
Issue Date:June 2009
pp. 122-127
Research and practice show that a large number of web services are deployed with robustness problems (i.e., presenting unexpected behaviors in the presence of invalid inputs). Test-driven development, particularly suitable for web service environments, is ...
 
An Appraisal to Assess the Security of Database Configurations
Found in: Dependability, International Conference on
By Afonso Araújo Neto, Marco Vieira, Henrique Madeira
Issue Date:June 2009
pp. 73-80
Database Management Systems (DBMS) have a long tradition in high security and several mechanisms needed to protect data have been proposed/consolidated in the database arena. However, the effectiveness of those mechanisms is very dependent on the actual co...
 
Timing Failures Detection in Web Services
Found in: Asia-Pacific Conference on Services Computing. 2006 IEEE
By Nuno Laranjeiro, Marco Vieira, Henrique Madeira
Issue Date:December 2008
pp. 554-559
Current business critical environments increasingly rely on SOA standards to execute business operations. These operations are frequently based on web service compositions that use several web services over the internet and have to fulfill specific timing ...
 
Assessing and Comparing Security of Web Servers
Found in: Pacific Rim International Symposium on Dependable Computing, IEEE
By Naaliel Mendes, Afonso Araújo Neto, João Durães, Marco Vieira, Henrique Madeira
Issue Date:December 2008
pp. 313-322
This paper presents an approach to assess security of web servers. This method can be used to compare the security features of different web servers installations and to determine how secure a given web server configuration is. The assessment is done by ap...
 
Training Security Assurance Teams Using Vulnerability Injection
Found in: Pacific Rim International Symposium on Dependable Computing, IEEE
By José Fonseca, Marco Vieira, Henrique Madeira
Issue Date:December 2008
pp. 297-304
Writing secure web applications is a complex task. In fact, a vast majority of web applications are likely to have security vulnerabilities that can be exploited using simple tools like a common web browser. This represents a great danger as the attacks ma...
 
 1  2 Next >>