【抄録日本語訳】本稿は、WESPr-18の目的と成果をまとめたものである。12月4日に奈良で開催された「The International Workshop on Evidence-based Security and Privacy in the Wild」。本ワークショップは、APSEC 2018と併催された。本論文の著作権は、著者らに帰属します。クリエイティブ・コモンズ・ライセンス 表示 4.0 国際版 (CC BY 4.0) のもとで使用を許可します。
Conference Paper 2021
Restructuring attack trees to identify incorrect or missing relationships between nodes
【抄録】The studies of Repository Mining have been actively conducted. However, it is difficult to search projects with specified languages, development scale, purposes and so on. In this paper, we propose RepositoryProbe, a dataset creation support tool fot the study of repository mining. It makes easier to search and collect the projects in project hosting service on the web, and supports the creation of datasets. In addition, it can collect the social metrics, the amount of development activities.
Abstract security patterns for requirements specification and analysis of secure systems
セキュアシステムの要求仕様と解析のための抽象的なセキュリティパターン
Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki, Joseph Yoder
【抄録】During the requirements and analysis stages of software development, the primary goal is to define precise requirements rather than being concerned with the details of software realizations. Security is a semantic aspect of applications and their constraints on the application should de described at this moment. From a security point of view we only want to indicate which specific security controls are needed, rather than getting involved with low-level design and implementation details. Therefore, at these stages, it is useful to have a set of patterns which define abstract security mechanisms. These patterns should specify only the fundamental characteristics of the security mechanism or service, not specific software aspects. We present the concept of Abstract Security Pattern (ASP), which describes a conceptual security mechanism that realizes one or more security policies able to handle a threat or comply with a security-related regulation or institutional policy. We present a detailed example of an ASP. We relate ASPs to each other using pattern diagrams as well as to Security Solution Frames and tactics. Finally, we discuss their value for defining security requirements and for building secure systems.
Abstract security patterns for requirements specification and analysis of secure systems
セキュアシステムの要求仕様と解析のための抽象的なセキュリティパターン
Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki, Joseph Yoder
【抄録】During the requirements and analysis stages of software development, the primary goal is to define precise requirements rather than being concerned with the details of software realizations. Security is a semantic aspect of applications and their constraints on the application should de described at this moment. From a security point of view we only want to indicate which specific security controls are needed, rather than getting involved with low-level design and implementation details. Therefore, at these stages, it is useful to have a set of patterns which define abstract security mechanisms. These patterns should specify only the fundamental characteristics of the security mechanism or service, not specific software aspects. We present the concept of Abstract Security Pattern (ASP), which describes a conceptual security mechanism that realizes one or more security policies able to handle a threat or comply with a security-related regulation or institutional policy. We present a detailed example of an ASP. We relate ASPs to each other using pattern diagrams as well as to Security Solution Frames and tactics. Finally, we discuss their value for defining security requirements and for building secure systems.
【抄録】Computational thinking is one of the most important skills for using computers. Most existing learning systems for computational thinking work only on desktop or laptop computers, although the popularity of smartphones has rapidly been growing. Moreover, most existing programming languages to teach are based on English and most learning systems employ poor user interfaces. Thus, such programming languages and learning systems are not suitable for users who are not familiar with English or who are enchanted to such user interfaces. We propose a gamified learning system using an appealing user interface with a novel icon-based non-verbal programming language. Our system works on smartphones with which many Japanese teenager students are more familiar than PCs. Our system employs an appealing interface that a female student designs for other female students and icons to motivate university students to learn programming through playing. We conducted an experiment with 16 female students from Waseda University to evaluate our system. We confirmed our system motivated the students to learn programming and helped learn computational thinking concepts.
Conference Paper 2011 10 5 ACM:Association for Computing Machinery
Selection of metrics for predicting the appropriate application of design patterns
デザインパターンの適切な適用を予測するためのメトリクスの選定
Jonatan Hernandez, Atsuto Kubo, Hironori Washizaki, Yoshiaki Fukazawa ACM International Conference Proceeding Series
【抄録】Design patterns are known for their usefulness to solve recurrent problems. Design patterns are a way of transmitting knowledge and experience by using proven, high quality solutions. A problem that emerges when using design patterns is that it is not clear how to measure the impact that has its application on the source code. The relationships between metrics and design patterns is not clear. We propose an experiment for measuring the usefulness of metrics and their success in predicting correct usage of design patterns. With this experiment we will explore which metrics capture best the relationship of design patterns quality of the source code. By using those metrics we will make predictions about the correct usage of the design patterns. In this experiment the selected metrics were not a good predictor, however it is a starting point to explore more metrics and their relationships with design patterns. Copyright 2011 ACM.
Conference Paper 2010 ACM:Association for Computing Machinery
A worm misuse pattern(Last author)
ワームの悪用パターン
Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki ACM International Conference Proceeding Series
【抄録】We have proposed a new type of pattern, the misuse pattern. This pattern describes, from the point of view of the attacker, how a type of attack or misuse is performed (what system units it uses and how); it also provides ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and helps analyzing the attack once it has happened by indicating where can we find forensics data as well as what type of data. A catalog of misuse patterns is needed to let designers evaluate their designs with respect to possible threats. We present here a misuse pattern for a generic worm, which describes the essential and typical characteristics of this type of malware. We consider how to stop this malware and we also discuss some examples and variations.
Armstrong Nhlabatsi, Arosha Bandara, Shinpei Hayashi, Charles B. Haley, Jan Jurjens, Haruhiko Kaiya, Atsuto Kubo, Robin Laney, Haralambos Mouratidis, Bashar Nuseibeh, Thein T. Tun, Hironori Washizaki, Nobukazu Yoshioka, Yijun Yu Software Engineering for Secure Systems: Industrial and Research Perspectives
Eduardo B. Fernandez, Nobukazu Yoshioka, Hironori Washizaki, Jan Jurjens, Michael VanHilst, Guenther Pernul Software Engineering for Secure Systems: Industrial and Research Perspectives
Conference Paper 2009 ACM:Association for Computing Machinery
Overview of the 3rd international workshop on software patterns and quality (SPAQu'09)(First author)
第3回ソフトウェアパターンと品質に関する国際ワークショップ(SPAQu'09)の概要
Hironori Washizaki, Nobukazu Yoshioka, Eduard B. Fernandez, Jan Jurjens Proceedings of the Conference on Object-Oriented Programming Systems, Languages, and Applications, OOPSLA
【抄録】We will discuss here the theoretical, social, technological and practical issues related to quality aspects of software patterns including security and safety aspects. The workshop will provide the opportunity for bringing together researchers and practitioners, and for discussing the future prospects of this area. As for the workshop format, first, we will have short talks on what software patterns are, and how they are related to quality. Second, we will have accepted position paper presentations to expose the latest researches and practices on software patterns and quality. Finally, we will discuss several topics related to these presentations in small groups. Newcomers, interested researchers and practitioners are free to attend the workshop to facilitate their understandings, researches and practices on software patterns and quality.
Building software process line architectures from bottom up(単著 author)
ボトムアップでソフトウェアのプロセスラインアーキテクチャを構築する
Hironori Washizaki Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Experiments on quality evaluation of embedded software in Japan robot software design contest(First author)
日本ロボットソフトウェア設計コンテストにおける組込みソフトウェアの品質評価に関する実験
Hironori Washizaki, Yasuhide Kobayashi, Hiroyuki Watanabe Proceedings - International Conference on Software Engineering
【抄録】As a practical opportunity for educating Japanese young developers in the field of embedded software development, a software design contest involving the design of software to automatically control a line-trace robot, and conduct running performance tests was held. In this paper, we give the results of the contest from the viewpoint of software quality evaluation. We create a framework for evaluating the software quality which integrated design model quality and the final system performance, and conduct analysis using the framework. As a result of analysis, it is found that the quantitative measurement of the structural complexity of the design models bears a strong relationship to qualitative evaluation of the design conducted by judges. It is also found that there is no strong correlation between design model quality evaluated by the judges and the final system performance. For embedded software development, it is particularly important to estimate and verify reliability and performance in the early stages, using the model. Based on the analysis result, we consider possible remedies with respect to the models submitted, the evaluation methods used and the contest specifications. In order to adequately measure several non-functional quality characteristics including performance on the model, it is necessary to improve the way of developing robot software (such as applying model driven development) and reexamine the evaluation methods. Copyright 2006 ACM.
A system for visualizing binary component-based program structure with component functional size(First author)
バイナリコンポーネントによるプログラム構造をコンポーネントの機能サイズとともに可視化するシステム
Hironori Washizaki, Satoru Takano, Yoshiaki Fukazawa WSEAS Transactions on Information Science and Applications
【抄録】Component-based software development is a development approach which aims to reduce development costs and increase software reliability. With component-based development, often new program is created quickly by reusing components in binary form that have been developed by third parties, without access to the source code of those components. In order to maintain such program on an on-going basis, it is important to be able to visualize the overall structure and behavior of the program. However, because existing program visualization systems need to analyze the program source code, it has been difficult to apply them to program that incorporates components in binary form. In this paper, we propose a program visualization system which does not make use of the source code, but uses two techniques, reflection and byte-code analysis, to measure the functional size of each component and to determine the dependency relationships among components and helper classes. These results are used to provide an accurate visualization of the overall structure of the component-based program. Our system can be applied to programs built with JavaBeans components. As a result of comparative evaluations, it is found that our system is useful for visualizing binary component-based program structure with component functional size to support maintenance activities.
Extracting relations among embedded software design patterns
組込みソフトウェアデザインパターン間の関係性の抽出
Atsuto Kubo, Hironori Washizaki, Atsuhiro Takasu, Yoshiaki Fukazawa Journal of Integrated Design and Process Science
【抄録】Pattern is a reusable description of knowledge. Efficient software development can be achieved by sharing and reusing knowledge using patterns and their relations. Because the manual analysis of relations among patterns is costly, we proposed an automatic relation analysis technique for software patterns. Knowledge management in embedded software design has fallen behind. However, in these days, some patterns in embedded software design have become available on the World Wide Web (WWW) and other resources.The purpose of this paper is to obtain some useful relations among embedded software design patterns and GoF's design patterns. Our technique will be useful for the automated relation analysis among patterns. As a result of experiments, some relations among different pattern catalogs (e.g., GoF's design pattern catalog and real-time system design pattern catalog) are extracted. These relations are thought to be useful in software development.
A web-based trial execution system for software components(First author)
ソフトウェア部品のWeb上での試用実行システム
Hironori Washizaki, Mai Motomura, Yoshiaki Fukazawa WSEAS Transactions on Computers
【抄録】The reuse of software components is a key to realize the component-based development. When application programmers want to reuse software components provided by third parties on the Internet, static specification documents attached to components are insufficient as information regarding the behavioral features of components. In this paper, we propose a new system that enables the trial execution of components over the Internet from a remote site. Our system instantiates components on the server, and provides the web browser with readable property values and graphical user interface images of components whenever methods of components are invoked by input argument values. As a result of comparative evaluation, it is found that the usefulness of our system is greater than those of conventional techniques.
A component-extraction-based program reuse system(First author)
コンポーネント抽出によるプログラム再利用システム
Hironori Washizaki, Yoshiaki Fukazawa WSEAS Transactions on Information Science and Applications
【抄録】A program search system is indispensable for software reuse. However, conventional search techniques are inappropriate for prompt reuse of programs because these techniques target a program source code as a retrieval unit. In this paper, we propose a new component-extraction-based program search system. Our system analyzes a collection of object-oriented (OO) programs, and extracts reusable software components composed of interdependent OO classes. Using our system, the extracted components can be searched by keywords, and the result set can be viewed by a web browser such that the user can decide whether the query result component matches his/her requirements. As a result of evaluation experiments, it is found that our system can extract many reusable components, and support the user to search extracted components effectively.
Conference Paper 2004 ACM:Association for Computing Machinery
A search system for java programs by using extracted JavaBeans components(First author)
抽出したJavaBeansコンポーネントを利用したJavaプログラムの検索システム
Hironori Washizaki, Yoshiaki Fukazawa Proceedings of the Conference on Object-Oriented Programming Systems, Languages, and Applications, OOPSLA
【抄録】We propose a new component-extraction-based program search system. Our system analyses existing Java programs, acquires relationships among classes, and extracts JavaBeans components composed of classes. Moreover, our system generates indexes composed of divided type names and comments for newly extracted components. Using our system, the extracted components can be searched by keywords, and the result set can be viewed by a web browser such that the user can decide whether the query result component matches his/her requirements.