Secure, Compliant and Safe Software Systems

2020-2022

SnT partnership program + FNR BRIDGES

Lionel Briand (PI), Sallam Abualhaija, Muhammad Ilyas Azeem, Orlando Amaral Cejas, and Angelo Rizzi

Linklaters LLP

Technological advances in information sharing have raised concerns about data protection. In Europe, the General Data Protection Regulation (GDPR) imposes obligations onto organizations anywhere, as long as they handle data related to EU residents. Violating GDPR can levy penalty fines reaching up to tens of millions of euros. Manual compliance checking (verifying the textual content of legal documents) is time-consuming and error prone. In ARTAGO, we are developing AI-enabled automated solutions for checking the compliance of diverse legal artifacts according to GDPR. These automated solutions will be used as a means for assisting the legal experts in their work.

2019-2022 and 2022-2025

ESA GSTP

Fabrizio Pastore (PI), Lionel Briand, Enrico Viganò, Oscar Cornejo, Jaekwon Lee

GomSpace Luxembourg, LuxSpace, Huld Finland

The success of space missions depends on the dependability of software, but current practice and standards lack methods to systematically assess the quality of the test suites used to verify such software. To address such limitation, the FAQAS project is building effective techniques to measure the fault detection capability of test suites (mutation analysis) and automatically generate test cases to improve them (mutation testing). FAQAS techniques can inject faults into source code but also alter the data produced by hardware and emulated components. The implemented toolset can be used with embedded software for different kinds of cyber-physical systems.

2022-2023

ESA EXPRO+

Fabrizio Pastore (PI), Angelo Rizzi

n/a

Due to its deployment in a remote environment and its complex interactions with the physical world, space software should have a high degree of robustness even to unusual or corrupted inputs. Fuzz testing, or Fuzzing, is an automated testing technique that has proven to be very cost-effective and successful in finding faults in software from various use-cases and different application domains. This activity aims to support the development of effective fuzz testing tools targeting space software characteristics, which include, for example, real-timeliness, processing of sensor data, interconnected components.

2018-2023

SnT partnership program + FNR BRIDGES

Lionel Briand (PI), Fabrizio Pastore, Donghwan Shin, Mohammed Attaoui, Fitash Ul Haq, Hazem Fahmy

IEE

Autonomous systems like self-driving cars can reshape our future by automating complex tasks and preventing human errors; unfortunately, their adoption in safety-critical contexts remains under debate. Indeed, being based on black-box machine learning solutions such as Deep Neural Networks, they cannot undergo traditional software safety certification processes that rely on the understandability of the system implementation. We are overcoming such limitations by providing automated solutions to (1) verify autonomous systems software, (2) generate explanations for software behaviour, (3) improve autonomous systems software. Our enabling solutions are simulation technology, evolutionary algorithms, and unsupervised learning methods to identify similar DNN behaviours.

2020-2023

FNR IPBG

Seung Yeob Shin (PI), Lionel Briand, Raphaël Ollando

SES

With software being an integral part of software-defined networks (SDN), developing network controllers entails interdisciplinary considerations, which include not only network engineering but also software engineering. In particular, testing software components, while always important, takes on an even greater role in the context of developing SDN-based systems compared to those relying on traditional networks with static and predictable behaviours. The purpose of this project is to develop efficient and effective automated testing techniques for SDN-based systems. In particular, this project will develop an automated test case generation method to reveal faults in software components of the SDN-based system under test.

2021-2023

FNR IPBG

Seung Yeob Shin (PI), Lionel Briand, Domenico Bianculli, Donghwan Shin, Junaid Akram

SES

Cyber-Physical Systems (CPS), such as ground control systems and space network management systems, have become a prominent enabler in the satellite industry for providing advanced satellite communication services. To ensure service reliability and continuity, it is essential to rigorously test the CPS. This project aims to develop a framework for automated software testing of complex CPS. The core enabling techniques for this project are log analysis (to automate the investigation of event sequences recorded in logs), machine learning (to predict the likelihood of fault revealing effectiveness of test cases), and search-based software testing (to efficiently generate new test inputs).

2018-2022

SnT partnership program

Lionel Briand (PI), Fabrizio Pastore, Chanh Duc Ngo

Huawei

Mobile Apps are frequently released, mainly to fulfill marketing strategies aiming at increasing App visibility. Consequently, to reduce costs, quality assurance activities should focus on updated features. Unfortunately, state-of-the-art automated App testing solutions focus on testing the whole App and do not target the testing of App updates.
We fill this gap by relying on model-based approaches that synthesize App models with static analysis, integrate dynamically-refined state abstraction functions and combine complementary testing strategies. We aim at high coverage of updated code with a small number of test inputs, thus alleviating the oracle problem (i.e., less outputs to inspect).

2021-2023

European Union under the Horizon 2020 research and innovation programme

Lionel Briand (PI), Domenico Bianculli (Co-PI), Fabrizio Pastore (co-PI), Joshua Dawes, Yoann Marquer, Alexander Vatov

Aicas, Delft University of Technology, Intelligentia, GMV, Q-media, Siemens, Siemens Healthineers, The Open Group, University of Sannio, Unparallel Innovation, Zurich University of Applied Sciences

Much of the increasing complexity of ICT systems is being driven by the more distributed and heterogeneous nature of these systems, with Cyber Physical Systems (CPS) accounting for an increasing portion of Software Ecosystems. This basic premise underpins the COSMOS project which focuses on blending best practices DevOps solutions with the development processes used in the CPS context: this will enable the CPS world to deliver software more rapidly and result in more secure and trustworthy systems. As part of the project, the UL team will develop automated testing and run-time verification techniques for CPS.

2019-2022

SnT partnership program

Lionel Briand (PI), Domenico Bianculli, Hichem Belgacem

BGL BNP Paribas – Alphonse Weicker Foundation

A pressing problem faced by banks and other financial service providers is to ensure the quality of their data. The proposed project will devise automated techniques for the identification of data anomalies. These anomalies include but are not limited to: duplicate, incomplete, or inconsistent data, missing relationships between data originating from different sources (e.g., profiles of the same client in different databases), and data that is potentially non-compliant with the applicable laws and regulations or the Bank’s internal data practices.

2020-2022

SnT partnership program

Domenico Bianculli (PI), Lionel Briand, Donghwan Shin, Zanis Ali Khan

HITEC

Logging is a common programming practice that is used for gathering runtime information of a software system. The goal of the project is to develop automated techniques for log-based anomaly detection using machine learning, to allow for the detection of and reaction to attacks on the communication system in critical edge-computing infrastructures. To efficiently handle the massive data in the log streams of a system under analysis and better detect anomalies, we mainly address the problem of log template identification and investigate its relationship with anomaly detection.