latifa rabai - Academia.edu (original) (raw)
Papers by latifa rabai
Software quality is the capability of a software process to produce software product satisfying t... more Software quality is the capability of a software process to produce software product satisfying the end user. The quality of process or product entities is described through a set of attributes that may be internal or external. For the product entity, especially, the source code, different internal attributes are defined to evaluate its quality like complexity and cohesion. Concerning external attributes related to the product environment like reliability, their assessment is more difficult. Thus, they are usually predicted by the development of prediction models based on software metrics as independent variables and other measurable attributes as dependent variables. For instance, reliability like other external attributes is generally measured and predicted based on other quality attributes like defect density, defect count and fault-proneness. The success of machine learning (ML) and deep learning (DL) approaches for software defect and faulty modules classification as crucial at...
Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering
Proceedings of the 2nd International Conference on Advances in Artificial Intelligence, 2018
Security risk analysis is an essential part of the management of information systems. Models of s... more Security risk analysis is an essential part of the management of information systems. Models of security risk analysis have the same target to prevent risks caused by information assets, their potential threats, and vulnerabilities, in addition to security controls. Most of these models are used nowadays to quantify risk value without identifying the security problems of the organization. Thus, decisions-makers cannot make the correct decision to select the appropriate methodology for resolving security risks. In this context, a survey of quantitative security risk analysis models for computer systems is presented. We describe the models, their aims, their phases and the different stages of risk management addressed and security metrics. The goal is to give a set of recommendations for choosing the appropriate quantitative model related to security problems faced by organizations today.
Cloud Computing represents a new computing way that increases dynamically capabilities without in... more Cloud Computing represents a new computing way that increases dynamically capabilities without investing new infrastructure. It become much adopted today thanks to many advantages like distributed computing, scalability and performance, multi-tenancy and pay per use services. However, it poses many serious security issues at all cloud delivery models. Software, Platform, and Infrastructure as a Service are the three main service delivery models for Cloud Computing. Infrastructure as a Service (IaaS) serves as the basis layer for the other delivery models, and a lack of security in this layer will affect the other delivery models. This paper presents a detailed study of IaaS components’ security and determines vulnerabilities and security solutions. Finally, to combat security repose, we present a security risk management framework for Cloud system to threats and vulnerabilities reduction security risks mitigation. The proposed security risk management framework is based on a quantit...
2014 Third International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2014
In this paper, we propose a novel linear model for modeling the propagation of security threats a... more In this paper, we propose a novel linear model for modeling the propagation of security threats among the system's architectural components which is the Threats Propagation model (TP). Our model is based on the Mean Failure Cost cyber-security model (MFC) and applied to an e-learning system. The Threats propagation model (TP) enables to show if a threat can propagate to other e-learning systems components. Then, it provides an efficient diagnostic about the most critical threats in order to make the best decision and to establish the suitable countermeasures to avoid them. Our proposed model is useful to implement a safe and secure e-learning environment.
Proceedings of the 17th International Conference on Evaluation of Novel Approaches to Software Engineering
Cloud Security, 2019
Cloud computing technology is a relatively new concept of offering reliable and virtualized resou... more Cloud computing technology is a relatively new concept of offering reliable and virtualized resources, software and hardware on demand to users. It presents a new technology to deliver computing resources as a service. It allows several benefits for example services on demand, provisioning, shared resources and pay per use and suffers from several challenges. In fact, security presents a major obstacle in cloud computing adoption. In this paper, the authors will deal with security problems in cloud computing systems and estimate security breaches using a quantitative security risk assessment model. Finally, the authors use this quantitative model to solve these problems in cloud environments.
Over the last few years, there is a growing attention toward Human Resources (HRs) as one of the ... more Over the last few years, there is a growing attention toward Human Resources (HRs) as one of the most valuable asset of any organizations; and managing successfully this asset is crucial in project management. However, despite its relevance, the literature review was shown a lack of a shared, interoperable framework on Human Resource Management (HRM) that allow HRs as a team to interchange their knowledge, skills and facilitates their proper use of Tools and Techniques (TT further, HRM processes are not enough to perform all HR duties due to a lack of a common terminology and a complete understanding about project requirements. This paper deals with two main contributions. First, we model a semantic point of view of the main concepts related to HRM domain in the context of PMBOK 5th Guide; the outcome of this model will be an ontology promoting interoperability among HRs as well as their efficient use of T&T. After that, we propose an evaluation of the proposed ontology using both c...
Measuring the security of organizations is needed to obtain security evidence. We believe that co... more Measuring the security of organizations is needed to obtain security evidence. We believe that common security identification and quantification related to system’s functionalities can be extended to be used in other systems. Security measurements are common at the business process layer. This paper supports the development of security metrics according to each function of a related system. An elementary metric quantify risk by system’s function. This leads to improve security risk analysis and communication for decision making.
Int. J. Syst. Serv. Oriented Eng., 2021
Fault tolerance techniques are generally based around a common concept that is redundancy whose m... more Fault tolerance techniques are generally based around a common concept that is redundancy whose measurement is required. A suite of four semantic metrics is proposed to assess program redundancy and reflect their ability to tolerate faults. Literature shows that one of these metrics, namely state redundancy, is limited to compute program redundancy only in their initial and final states and ignores their internal states. Consequently, the authors focus in this paper to overcome this shortcoming by proposing a new redundancy-based semantic metric that computes the redundancy of the different program states including internal ones. The empirical study they perform shows that the proposed metric is a measure of program redundancy in one side and is an error detection indicator in another side. Moreover, they demonstrate that it is more accurate than the basic state redundancy metric in detecting masked errors. It is useful for testers to indicate if a tested program is error-free and t...
Semantic metrics are quantitative measures of software quality characteristics based on semantic ... more Semantic metrics are quantitative measures of software quality characteristics based on semantic information extracted from the different phases of the software process. The empirical validation of these metrics is necessary required to consider them as quality indicators; which can’t be achieved only through their automatic computing based on the appropriate software tools. However, some semantic metrics are only based on theoretical formulation and require further empirical studies and experiments to validate and exploit them. This paper will take into consideration one of the theoretical metrics to be automatically calculated using various basic programs. The experimental results show that automatical computing of this metric is beneficial and fruitful in two sides. On one side, it has an efficient role in computing semantic metrics from the program functional attitude. On the other side, this step is essential to empirically validate this metric as a software quality indicator.
Semantic metrics are quantitative measures of software quality attributes based on the program fu... more Semantic metrics are quantitative measures of software quality attributes based on the program functionality not only to the syntax. Different semantic metrics are proposed in literature and most of them are successfully used to assess internal quality attributes like complexity and cohesion. Among these metrics, a recent semantic suite for software testing is proposed to monitor software reliability. The purpose of this suite is to quantify an aspect of software testing and reliability that is fault tolerance by assessing the program redundancy. One of these metrics namely error masking is proposed to reflect the program non-injectivity and measures in bits the amount of erroneous information that can be masked by this program. However, to the best of our knowledge, this metric is only theoretically presented and manually computed. Also, its empirical validation as quantitative measure of erroneous information that a program may mask, still required. Hence, we aim in this paper to ...
INFORMATICS IN EDUCATION, 2015
In the same way that natural languages influence and shape the way we think, programming language... more In the same way that natural languages influence and shape the way we think, programming languages have a profound impact on the way a programmer analyzes a problem and formulates its solution in the form of a program. To the extent that a first programming course is likely to determine the student's approach to program design, program analysis, and programming methodology, the choice of the programming language used in the first programming course is likely to be very important. In this paper, we report on a recent survey we conducted on programming language use in US academic institutions, and discuss the significance of our data by comparison with programming language use in industry.
Software dependability is a generic concept that reflects the system’ trustworthiness by its user... more Software dependability is a generic concept that reflects the system’ trustworthiness by its users. It consists of different quality attributes like reliability and maintainability. To achieve dependable and reliable software systems, different dependability means are defined including fault tolerance. Most of fault tolerance techniques are based on the redundancy concept. To reflect the ability of a program to tolerate faults, the quantitative assessment of the program’ redundancy is required. Literature review shows that a set of semantic metrics whose objective is to assess the programs’ redundancy and to reflect their potential to tolerate faults is proposed. Despite the importance of the different metrics composing this suite, literature shows that they are manually computed for procedural programs, and only a theoretical basis of them is presented. Consequently, we aim in this paper to propose a way to automatically compute one of these metrics termed functional redundancy for...
Proceedings of Fifth International Congress on Information and Communication Technology
Procedia Computer Science
Scientific Programming
Software metrics which are language-dependent are proposed as quantitative measures to assess int... more Software metrics which are language-dependent are proposed as quantitative measures to assess internal quality factors for both method and class levels like cohesion and complexity. The external quality factors like reliability and maintainability are in general predicted using different metrics of internal attributes. Literature review shows a lack of software metrics which are proposed for reliability measurement and prediction. In this context, a suite of four semantic language-independent metrics was proposed by Mili et al. (2014) to assess program redundancy using Shannon entropy measure. The main objective of these metrics is to monitor program reliability. Despite their important purpose, they are manually computed and only theoretically validated. Therefore, this paper aims to assess the redundancy metrics and empirically validate them as significant reliability indicators. As software reliability is an external attribute that cannot be directly evaluated, we employ other me...
International Journal of Systems and Software Security and Protection
This research work presents existing security ontologies and identifies relevant security ontolog... more This research work presents existing security ontologies and identifies relevant security ontology requirements in information systems. Moreover, it proposes a new classification of security ontologies in which, two main families, namely ontologies-based security standards and ontologies-based security risk assessment, are defined. For each family, a set of related research works is selected and a thorough description of their security ontologies is presented. The purpose of this analysis is to identify security ontology requirements as well as ontological characteristics for each study in order to help a security decision maker to select an ontology based off of their security risks and requirements as well as their needed security models and standards. By selecting the appropriate ontology, security stakeholders support security compliance and risk assessment in an enterprise.
International Journal of Information Security
Software quality is the capability of a software process to produce software product satisfying t... more Software quality is the capability of a software process to produce software product satisfying the end user. The quality of process or product entities is described through a set of attributes that may be internal or external. For the product entity, especially, the source code, different internal attributes are defined to evaluate its quality like complexity and cohesion. Concerning external attributes related to the product environment like reliability, their assessment is more difficult. Thus, they are usually predicted by the development of prediction models based on software metrics as independent variables and other measurable attributes as dependent variables. For instance, reliability like other external attributes is generally measured and predicted based on other quality attributes like defect density, defect count and fault-proneness. The success of machine learning (ML) and deep learning (DL) approaches for software defect and faulty modules classification as crucial at...
Proceedings of the 18th International Conference on Evaluation of Novel Approaches to Software Engineering
Proceedings of the 2nd International Conference on Advances in Artificial Intelligence, 2018
Security risk analysis is an essential part of the management of information systems. Models of s... more Security risk analysis is an essential part of the management of information systems. Models of security risk analysis have the same target to prevent risks caused by information assets, their potential threats, and vulnerabilities, in addition to security controls. Most of these models are used nowadays to quantify risk value without identifying the security problems of the organization. Thus, decisions-makers cannot make the correct decision to select the appropriate methodology for resolving security risks. In this context, a survey of quantitative security risk analysis models for computer systems is presented. We describe the models, their aims, their phases and the different stages of risk management addressed and security metrics. The goal is to give a set of recommendations for choosing the appropriate quantitative model related to security problems faced by organizations today.
Cloud Computing represents a new computing way that increases dynamically capabilities without in... more Cloud Computing represents a new computing way that increases dynamically capabilities without investing new infrastructure. It become much adopted today thanks to many advantages like distributed computing, scalability and performance, multi-tenancy and pay per use services. However, it poses many serious security issues at all cloud delivery models. Software, Platform, and Infrastructure as a Service are the three main service delivery models for Cloud Computing. Infrastructure as a Service (IaaS) serves as the basis layer for the other delivery models, and a lack of security in this layer will affect the other delivery models. This paper presents a detailed study of IaaS components’ security and determines vulnerabilities and security solutions. Finally, to combat security repose, we present a security risk management framework for Cloud system to threats and vulnerabilities reduction security risks mitigation. The proposed security risk management framework is based on a quantit...
2014 Third International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2014
In this paper, we propose a novel linear model for modeling the propagation of security threats a... more In this paper, we propose a novel linear model for modeling the propagation of security threats among the system's architectural components which is the Threats Propagation model (TP). Our model is based on the Mean Failure Cost cyber-security model (MFC) and applied to an e-learning system. The Threats propagation model (TP) enables to show if a threat can propagate to other e-learning systems components. Then, it provides an efficient diagnostic about the most critical threats in order to make the best decision and to establish the suitable countermeasures to avoid them. Our proposed model is useful to implement a safe and secure e-learning environment.
Proceedings of the 17th International Conference on Evaluation of Novel Approaches to Software Engineering
Cloud Security, 2019
Cloud computing technology is a relatively new concept of offering reliable and virtualized resou... more Cloud computing technology is a relatively new concept of offering reliable and virtualized resources, software and hardware on demand to users. It presents a new technology to deliver computing resources as a service. It allows several benefits for example services on demand, provisioning, shared resources and pay per use and suffers from several challenges. In fact, security presents a major obstacle in cloud computing adoption. In this paper, the authors will deal with security problems in cloud computing systems and estimate security breaches using a quantitative security risk assessment model. Finally, the authors use this quantitative model to solve these problems in cloud environments.
Over the last few years, there is a growing attention toward Human Resources (HRs) as one of the ... more Over the last few years, there is a growing attention toward Human Resources (HRs) as one of the most valuable asset of any organizations; and managing successfully this asset is crucial in project management. However, despite its relevance, the literature review was shown a lack of a shared, interoperable framework on Human Resource Management (HRM) that allow HRs as a team to interchange their knowledge, skills and facilitates their proper use of Tools and Techniques (TT further, HRM processes are not enough to perform all HR duties due to a lack of a common terminology and a complete understanding about project requirements. This paper deals with two main contributions. First, we model a semantic point of view of the main concepts related to HRM domain in the context of PMBOK 5th Guide; the outcome of this model will be an ontology promoting interoperability among HRs as well as their efficient use of T&T. After that, we propose an evaluation of the proposed ontology using both c...
Measuring the security of organizations is needed to obtain security evidence. We believe that co... more Measuring the security of organizations is needed to obtain security evidence. We believe that common security identification and quantification related to system’s functionalities can be extended to be used in other systems. Security measurements are common at the business process layer. This paper supports the development of security metrics according to each function of a related system. An elementary metric quantify risk by system’s function. This leads to improve security risk analysis and communication for decision making.
Int. J. Syst. Serv. Oriented Eng., 2021
Fault tolerance techniques are generally based around a common concept that is redundancy whose m... more Fault tolerance techniques are generally based around a common concept that is redundancy whose measurement is required. A suite of four semantic metrics is proposed to assess program redundancy and reflect their ability to tolerate faults. Literature shows that one of these metrics, namely state redundancy, is limited to compute program redundancy only in their initial and final states and ignores their internal states. Consequently, the authors focus in this paper to overcome this shortcoming by proposing a new redundancy-based semantic metric that computes the redundancy of the different program states including internal ones. The empirical study they perform shows that the proposed metric is a measure of program redundancy in one side and is an error detection indicator in another side. Moreover, they demonstrate that it is more accurate than the basic state redundancy metric in detecting masked errors. It is useful for testers to indicate if a tested program is error-free and t...
Semantic metrics are quantitative measures of software quality characteristics based on semantic ... more Semantic metrics are quantitative measures of software quality characteristics based on semantic information extracted from the different phases of the software process. The empirical validation of these metrics is necessary required to consider them as quality indicators; which can’t be achieved only through their automatic computing based on the appropriate software tools. However, some semantic metrics are only based on theoretical formulation and require further empirical studies and experiments to validate and exploit them. This paper will take into consideration one of the theoretical metrics to be automatically calculated using various basic programs. The experimental results show that automatical computing of this metric is beneficial and fruitful in two sides. On one side, it has an efficient role in computing semantic metrics from the program functional attitude. On the other side, this step is essential to empirically validate this metric as a software quality indicator.
Semantic metrics are quantitative measures of software quality attributes based on the program fu... more Semantic metrics are quantitative measures of software quality attributes based on the program functionality not only to the syntax. Different semantic metrics are proposed in literature and most of them are successfully used to assess internal quality attributes like complexity and cohesion. Among these metrics, a recent semantic suite for software testing is proposed to monitor software reliability. The purpose of this suite is to quantify an aspect of software testing and reliability that is fault tolerance by assessing the program redundancy. One of these metrics namely error masking is proposed to reflect the program non-injectivity and measures in bits the amount of erroneous information that can be masked by this program. However, to the best of our knowledge, this metric is only theoretically presented and manually computed. Also, its empirical validation as quantitative measure of erroneous information that a program may mask, still required. Hence, we aim in this paper to ...
INFORMATICS IN EDUCATION, 2015
In the same way that natural languages influence and shape the way we think, programming language... more In the same way that natural languages influence and shape the way we think, programming languages have a profound impact on the way a programmer analyzes a problem and formulates its solution in the form of a program. To the extent that a first programming course is likely to determine the student's approach to program design, program analysis, and programming methodology, the choice of the programming language used in the first programming course is likely to be very important. In this paper, we report on a recent survey we conducted on programming language use in US academic institutions, and discuss the significance of our data by comparison with programming language use in industry.
Software dependability is a generic concept that reflects the system’ trustworthiness by its user... more Software dependability is a generic concept that reflects the system’ trustworthiness by its users. It consists of different quality attributes like reliability and maintainability. To achieve dependable and reliable software systems, different dependability means are defined including fault tolerance. Most of fault tolerance techniques are based on the redundancy concept. To reflect the ability of a program to tolerate faults, the quantitative assessment of the program’ redundancy is required. Literature review shows that a set of semantic metrics whose objective is to assess the programs’ redundancy and to reflect their potential to tolerate faults is proposed. Despite the importance of the different metrics composing this suite, literature shows that they are manually computed for procedural programs, and only a theoretical basis of them is presented. Consequently, we aim in this paper to propose a way to automatically compute one of these metrics termed functional redundancy for...
Proceedings of Fifth International Congress on Information and Communication Technology
Procedia Computer Science
Scientific Programming
Software metrics which are language-dependent are proposed as quantitative measures to assess int... more Software metrics which are language-dependent are proposed as quantitative measures to assess internal quality factors for both method and class levels like cohesion and complexity. The external quality factors like reliability and maintainability are in general predicted using different metrics of internal attributes. Literature review shows a lack of software metrics which are proposed for reliability measurement and prediction. In this context, a suite of four semantic language-independent metrics was proposed by Mili et al. (2014) to assess program redundancy using Shannon entropy measure. The main objective of these metrics is to monitor program reliability. Despite their important purpose, they are manually computed and only theoretically validated. Therefore, this paper aims to assess the redundancy metrics and empirically validate them as significant reliability indicators. As software reliability is an external attribute that cannot be directly evaluated, we employ other me...
International Journal of Systems and Software Security and Protection
This research work presents existing security ontologies and identifies relevant security ontolog... more This research work presents existing security ontologies and identifies relevant security ontology requirements in information systems. Moreover, it proposes a new classification of security ontologies in which, two main families, namely ontologies-based security standards and ontologies-based security risk assessment, are defined. For each family, a set of related research works is selected and a thorough description of their security ontologies is presented. The purpose of this analysis is to identify security ontology requirements as well as ontological characteristics for each study in order to help a security decision maker to select an ontology based off of their security risks and requirements as well as their needed security models and standards. By selecting the appropriate ontology, security stakeholders support security compliance and risk assessment in an enterprise.
International Journal of Information Security