Laboratory for Software Engineering and Reliability
LASER (Laboratory for Software Engineering and Reliability) is a research lab of the Institute of Computing at UNICAMP. Involving both theoretical and applied research, the LASER is interested in topics having a high impact on the Software and Systems Engineering research communities, as well as their application and transference to Industry.
Areas of Interest Software Architecture and Microservices Continuous Software Engineering (Agile, DevOps, and Lean) Experimental Software Engineering Model-Driven Engineering (MDA/MDE) Software Testing (Performance, Robustness, and Security) Performance and Dependability Evaluation Fault-tolerant/Resilient Systems
Here, we have a presentation about lab activities (Portuguese only).
In August we received the visit of Prof. Dr. José Alexandre D’Abruzzo Pereira, from the University of Coimbra. His research interests include security and vulnerability detection, static code analysis, software project management, databases, software quality, cloud computing, and self-adaptive systems.
Lecture information:
Title: “Software Security Characterization through Static Data Analysis – Results and Future Research Direction”
Abstract:
Modern enterprises rely on software systems to run their business: financial, healthcare, government, and e-commerce, among many others. However, many systems are deployed with vulnerabilities caused by a design flaw or an implementation bug. The malicious exploitation of those security vulnerabilities may lead to various problems with financial or legal implications. Static Code Analysis (SCA) is a vulnerability detection technique that reports potential problems (alerts) without requiring the execution of the code. This is done through the use of Static Analysis Tools (SATs). However, such tools are frequently too expensive for most organizations, and they either report many false positives or false negatives. Consequently, developers are required to spend a considerable amount of time analyzing the reported cases without being sure that all vulnerabilities have been detected.
In this talk, I will present techniques to characterize of software code units (e.g., functions) from a security vulnerability perspective, making use of static data from the source code. The used dataset contains vulnerabilities from five open-source C/C++ projects (Linux Kernel, Mozilla, Xen, Apache httpd, and glibc), and static data (Software Metrics (SMs) and alerts from SATs) extracted from the vulnerable and neutral versions of the code. Vulnerabilities are organized into categories, devised based on the improper or lack of use of the OWASP best practices. Additionally, I will present the future research direction using static data to characterize software code units.
Short Bio:
José D’Abruzzo Pereira holds a Ph.D. in Informatics Engineering from the University of Coimbra (UC), is currently an Invited Assistant Professor at the University of Coimbra, and a member of the Software and System Engineering (SSE) group at CISUC. His research interests include security and vulnerability detection, static code analysis, software project management, databases, software quality, cloud computing, and self-adaptive systems. He received a MSc in Information Technology and Software Engineering from the University of Coimbra and Carnegie Mellon University and a B.Sc. in Computer Science from the State University of Campinas – Brazil (Unicamp). He is also acting as a professor in the Specialization in Software Engineering at the State University of Campinas – Brazil (Unicamp).
SBQS – XXII Simpósio Brasileiro de Qualidade de Software
Laser had the privilege of having two works accepted at the SBQS conference hosted by the University of Brasília (UNB) on November 23rd.
Technical track
Sara das Mercês, a doctoral student, present one paper entitled "A Case Study on Data Science Processes in an Academia-Industry Collaboration".
WTDQS - XXI WORKSHOP DE TESES E DISSERTAÇÕES EM QUALIDADE DE SOFTWARE
Milene Rigolin, a doctoral student, present online his work entitled "Ethical issues in continuous experimentation".
In September we received the visit of Professor Anna Wiedemann. She is a professor at the Institute of Business Information Technology at the University of Applied Sciences Zurich (ZHAW) and has worked mainly in DevOps.
Lecture information:
Title: Achieving Product Orientation in DevOps Teams
Abstract: Changes in IT organization and technology environments make it necessary to adapt and review how mission-critical IT functions align with firm strategy. IT functions increasingly use cross-functional teams to manage the lifecycle of digital solutions. As cross-functional teams begin to alter how we develop and maintain software, they may also result in control–alignment misfits that diminish the efficacy of functional project and operations controls. With the help of qualitative research methods, we examine how the integration of product-oriented cross-functional teams challenges and transforms the IT function. We apply grounded theory and derive models that give insights into how alignment between development and operations can be achieved in DevOps teams within the IT function.
As a great collaborative effort involving several software engineering researchers, Prof. Paul Ralph (Dalhousie University) organized this ACM SIGSOFT Paper and Peer Review Quality Initiative to define empirical standards for research methods commonly used in software engineering.
The idea is to have the empirical standards as living documents, which should be continuously revised to reflect evolving consensus around research best practices, promoting research quality, and making peer review more effective, reliable, transparent, and fair.
Prof. Breno de França (LASER/IC-UNICAMP) contributed with the standards on quantitative simulation together with Prof. Nauman Bin Ali (BTH/Sweden) and Prof. Dietmar Pfahl (University of Tartu/Estonia).
Other contributions include standards for controlled experiments, case studies, surveys, and others.
While all the research and teaching activities at the Institute of Computing will continue to happen in remote for the first half of 2021, we started to feel the need to have an informal meeting space for our lab, where we can just meet and have a talk. Also, because new students are being admitted in the Postgraduate Program, but they don’t have the opportunity to meet the other people of the lab.
Starting from last month we will have a periodic “Virtual Café”, a kind of extended coffee break in which we can keep updated on what other people are doing, or simply end the Friday afternoon together.
The conference was held completely in remote format, with a huge organization effort by the people from Coimbra that resulted in pleasant experience. The presentation followed a “flipped conference” model: attendees watched pre-recorded presentations before the conference and then had some time to ask questions to authors during the live event.
We are glad to announce the most complete book on Empirical Software Engineering has been recently launched in printed and electronic formats.
So far, it has received very positive feedback on the book from the software engineering community. And, it will be presented in this year’s International Software Engineering Research Network (ISERN) meeting.
The book includes several chapters on topics like design science, research synthesis, open science, experiments, and gray literature. These are contributions of international researchers dedicated to investigating how to improve research in software engineering.
Breno (LASER member) contributes with a chapter on the role of simulation-based studies in software engineering research, in collaboration with Nauman Bin Ali from the Blekinge Institute of Technology (Sweden).
Some days ago we celebrated the Master’s defense of Elder Rodrigues Jr., under the supervision of Prof. Leonardo. During his Master’s, Elder worked on a methodology and framework to manage coding conventions as structured models, and to automatically derive checkers by model transformation.
The defense was in remote format, due to the pandemic. Despite that, it originated a rich and interesting discussion with the members of the committee. The methodology proposed in his dissertation also generated two international publications, which confirm the quality of the work. Congratulations!