No Arabic abstract
The B method has facilitated the development of software by specifying the design of software as abstract machines and formally verifying the correctness of the abstract machines. The quality of B abstract machines can significantly impact the quality of final software products. In this paper, we propose a set of criteria for measuring the quality of B abstract machines based on ISO/IEC 25010, which is one of the latest international standards for evaluating software quality in software engineering. These criteria evaluate abstract machines using a number of general-purpose and domain-independent equations and model checking techniques, so that the quality of abstract machines can be quantified as vectors. The proposed criteria are implemented as a B model quality evaluator, and they are explained and justified using a number of examples.
Agent-technologies have been used for higher-level decision making in addition to carrying out lower-level automation and control functions in industrial systems. Recent research has identified a number of architectural patterns for the use of agents in industrial automation systems but these practices vary in several ways, including how closely agents are coupled with physical systems and their control functions. Such practices may play a pivotal role in the Cyber-Physical System integration and interaction. Hence, there is a clear need for a common set of criteria for assessing available practices and identifying a best-fit practice for a given industrial use case. Unfortunately, no such common criteria exist currently. This work proposes an assessment criteria approach as well as a methodology to enable the use case based selection of a best practice for integrating agents and industrial systems. The software product quality model proposed by the ISO/IEC 25010 family of standards is used as starting point and is put in the industrial automation context. Subsequently, the proposed methodology is applied, and a survey of experts in the domain is carried out, in order to reveal some insights on the key characteristics of the subject matter.
The integration of industrial automation systems and software agents has been practiced for many years. However, such an integration is usually done by experts and there is no consistent way to assess these practices and to optimally select one for a specific system. Standards such as the ISO/IEC 25023 propose measures that could be used to obtain a quantification on the characteristics of such integration. In this work, the suitability of these characteristics and their proposed calculation for assessing the connection of industrial automation systems with software agents is discussed. Results show that although most of the measures are relevant for the integration of agents and industrial automation systems, some are not relevant in this context. Additionally, it was noticed that some measures, especially those of a more technical nature, were either very difficult to computed in the automation system integration, or did not provide sufficient guidance to identify a practice to be used.
Simple Password Exponential Key Exchange (SPEKE) is a well-known Password Authenticated Key Exchange (PAKE) protocol that has been used in Blackberry phones for secure messaging and Entrusts TruePass end-to-end web products. It has also been included into international standards such as ISO/IEC 11770-4 and IEEE P1363.2. In this paper, we analyse the SPEKE protocol as specified in the ISO/IEC and IEEE standards. We identify that the protocol is vulnerable to two new attacks: an impersonation attack that allows an attacker to impersonate a user without knowing the password by launching two parallel sessions with the victim, and a key-malleability attack that allows a man-in-the-middle (MITM) to manipulate the session key without being detected by the end users. Both attacks have been acknowledged by the technical committee of ISO/IEC SC 27, and ISO/IEC 11770-4 revised as a result. We propose a patched SPEKE called P-SPEKE and present a formal analysis in the Applied Pi Calculus using ProVerif to show that the proposed patch prevents both attacks. The proposed patch has been included into the latest revision of ISO/IEC 11770-4 published in 2017.
Agile development gets more appreciation from the market due to the flexible nature and more productivity. Among the Agile processes, Scrum gives better management of the processes, which are practiced in an organization. Though Scrum process model have several features and strengths but it still lacks in management and quality. This research deals with the improvement of Scrum processes for better management and to improve the quality of the software using the infusion of different practices from internationally renowned quality standards. Survey is used to validate the proposed framework. Statistical analysis shows that the proposed research has a profound effect on Scrum model to develop high quality software.
An abstract machine is a theoretical model designed to perform a rigorous study of computation. Such a model usually consists of configurations, instructions, programs, inputs and outputs for the machine. In this paper we formalize these notions as a very simple algebraic system, called a configuration machine. If an abstract machine is defined as a configuration machine consisting of primitive recursive functions then the functions computed by the machine are always recursive. The theory of configuration machines provides a useful tool to study universal machines.