Avaliação da ferramenta de visualização de software SoftVisOAH como apoio à depuração de programas: um experimento controlado

Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES)

SW-V: modelo de streaming de software baseado em técnicas de virtualização e transporte peer-to-peer

Pós-graduação em Ciência da Computação - IBILCE

Ontologia empresarial do modelo de referência MPS para software (MR-MPS-SW) com foco nos níveis G e F

Pós-graduação em Ciência da Computação - IBILCE

Apoio à maturidade pessoal visando a melhoria dos projetos de software

Pós-graduação em Ciência da Computação - IBILCE

Aquisição de serviços de TI como um processo de qualidade no fornecimento de software - estudo de caso de terceirização em medicina transfusional

Face às dimensões continentais do país, as organizações situadas em regiões carentes de fornecedores de desenvolvimento de sistemas de software especializado estão distribuindo suas operações de Information Technology Outsourcing (ITO), para outras regiões. Como consequência, a redução de custos e a melhoria da contratação de serviços em Tecnologia da Informação (TI) têm sido os dois grandes focos da atualidade, incentivando à noção de parceiros múltiplos em operações recíprocas e engajados tanto em relacionamentos formais quanto informais como a terceirização. Os serviços terceirizados são diversificados e entre eles está o desenvolvimento e manutenção de software através de contratos, realizados por organizações situadas em regiões onde existe demanda de software com características específicas. Sabe-se que a terceirização de Software e Serviços Correlatos (S&SC), que inclui as atividades de contratação e gestão do processo de aquisição é uma tarefa complexa e necessária para as organizações, principalmente no que diz respeito às condições envolvidas na contratação. Nesses casos, o exercício da governança tem sido um importante instrumento para, com a terceirização de TI, promover a gestão adequada do risco e o retorno do investimento. Sendo assim, o processo de compra ou venda de um produto de software nesse ambiente é uma atividade que envolve um grande número de conceitos subjetivos, referentes principalmente a características dos produtos. Torna-se maior o desafio quando se trata de software de prateleira modificável (Modified Off-The-Shelf - MOTS) que sofrem modificações e adições de requisitos a cada novo cliente. Neste contexto, buscando adequar as exigências do mercado com as necessidades de métodos e diretrizes para melhoria dos processos de aquisição e fornecimento de software, este trabalho procura explorar as principais características acerca do contrato, do controle de qualidade, e os resultados dos relacionamentos adotados na implementação de projetos de terceirização desenvolvidos á distância. São apresentados os resultados obtidos de um estudo de caso conduzido em uma empresa pública de Medicina Transfusional situada no norte do Brasil que adotou este processo. Por fim, este texto apresenta uma discussão sobre os diferenciais e limitações deste trabalho, e apresenta direcionamentos para investigações futuras neste campo de estudo.

IPSFlow: Um framework para Sistema de Prevenção de Intrusão baseado em Redes Definidas por Software

Os Sistemas de Detecção e Prevenção de Intrusão (Intrusion Detection Systems – IDS e Intrusion Prevention Systems - IPS) são ferramentas bastante conhecidas e bem consagradas no mundo da segurança da informação. Porém, a falta de integração com os equipamentos de rede como switches e roteadores acaba limitando a atuação destas ferramentas e exige um bom dimensionamento de recursos de hardware como processamento, memória e interfaces de rede de alta velocidade, utilizados para implementá-las. Diante de diversas limitações deparadas por pesquisadores e administradores de redes, surgiu o conceito de Rede Definida por Software (Software Defined Network – SDN), que ao separar os planos de controle e de dados, permite adaptar o funcionamento da rede de acordo com as necessidades de cada um. Desta forma, devido à padronização e flexibilidade propostas pelas SDNs, e das limitações apresentadas dos IPSs, esta dissertação de mestrado propõe o IPSFlow, um framework que utiliza uma rede baseada na arquitetura SDN e o protocolo OpenFlow para a criação de um IPS com ampla cobertura e que permite bloquear um tráfego caracterizado pelos IDS(s) como malicioso no equipamento mais próximo da origem. Para validar o framework, experimentos no ambiente virtual Mininet foram realizados utilizando-se o Snort como IDS para analisar tráfego de varredura (scan) gerado pelo Nmap de um host ao outro. Os resultados coletados apresentam que o IPSFlow funcionou conforme planejado ao efetuar o bloqueio de 85% do tráfego de varredura.

Análise de estruturas reticuladas utilizando o software excel pelo método dos elementos finitos

Pós-graduação em Engenharia Mecânica - FEG

A Reference Architecture based on Reflection for Self-adaptive Software

Self-adaptive Software (SaS) presents specific characteristics compared to traditional ones, as it makes possible adaptations to be incorporated at runtime. These adaptations, when manually performed, normally become an onerous, error-prone activity. In this scenario, automated approaches have been proposed to support such adaptations; however, the development of SaS is not a trivial task. In parallel, reference architectures are reusable artifacts that aggregate the knowledge of architectures of software systems in specific domains. They have facilitated the development, standardization, and evolution of systems of those domains. In spite of their relevance, in the SaS domain, reference architectures that could support a more systematic development of SaS are not found yet. Considering this context, the main contribution of this paper is to present a reference architecture based on reflection for SaS, named RA4SaS (Reference Architecture for SaS). Its main purpose is to support the development of SaS that presents adaptations at runtime. To show the viability of this reference architecture, a case study is presented. As result, it has been observed that RA4SaS has presented good perspective to efficiently contribute to the area of SaS.

COMPARISON BETWEEN MECHANICAL PROPERTIES AND MICROSTRUCTURE OF ALLOY TI-6AL4V, COLD WORK VERSUS PROTOTIPES BY DIRECT METAL LASER SINTERING

The present work aims to study the microstructure and mechanical properties of titanium alloys, widely used in the manufacture of orthopedic implants in order to compare a new manufacturing technology of implants, rapid prototyping in metals with conventional manufacturing processes. Rapid prototyping is being used in many areas of human knowledge to assist in the study and often in the manufacture of components for their own use. Nowadays with the advancement of software and equipment such as computed tomography and magnetic resonance imaging, we can reproduce any part of the human body in three-dimensional images with great perfection and it is used in the reproduction of implants, scaffolds, material aid and preparation in surgery. This work aims to do: A comparison between the microstructure of the alloy in the two manufacturing processes (prototyping and conventional), showing the grain size, the nature, form, quantity, and distribution of various ingredients or certain inclusions and study of mechanical properties of titanium in both cases.

XSOFT: estudo de reconhecimento, exploração e prevenção de vulnerabilidades de software através de uma distribuição LINUX

This work aims to give greater visibility to the issue of software security, due to people talk a lot in security conferences, that much of both IT (Information Technology) staff and, more specifically, IS (Information Security) staff does not know this, and, thanks to the spread of the mobile computing and of the cloud computing, this lack of deeper knowledge on this subject is increasingly becoming worrisome. It aims too, make applications to be developed in a security manner, priorizing the security of the information processed. It attempts to demonstrate the secure coding techniques, the principles of software security, the means to identify software vulnerabilities, the cutting-edge software exploitation techniques and the mechanisms of mitigation. Nowadays, the security guys are in charge of the most of the security tests in applications, audits and pentests, and it is undeniable that the so-called security experts, most often come from computer network field, having few experience in software development and programming. Therefore, the development process does not consider the security issue, thanks to the lack of knowledge on the subject by the developer, and the security tests could be improved whether security experts had a greater know-how on application development. Given this problem, the goal here is to integrate information security with software development, spreading out the process of secure software development. To achieve this, a Linux distribution with proof of concept applicati... (Complete abstract click electronic access below)

Gestão de recursos humanos em projetos de software: proposta integrada ao processo pessoal

The software quality represents a more and more important attribute for the survival and growth of software industries. In order to ensure the quality of products manufactured, various practices have been incorporated into the development process. In this context, some successful software organizations have invested in an approach to human resource management, which consists in integrating the management activities with a personal process called Personal Software Process - PSP, which has led to the maintenance of greater discipline and control over all development phases. Given this, this work presents a proposal for integration of techniques set out in the PSP with a web system previously developed, which is called System to Aid Project Management - SAPM.

Mapeamento de ontologias empresariais para modelos de processos de negócio em BPMN, com aplicação em processos de software

Pós-graduação em Ciência da Computação - IBILCE

Infrastructure Support for Controlled Experimentation with Software Testing and Regression Testing Techniques

Where the creation, understanding, and assessment of software testing and regression testing techniques are concerned, controlled experimentation is an indispensable research methodology. Obtaining the infrastructure necessary to support such experimentation, however, is difficult and expensive. As a result, progress in experimentation with testing techniques has been slow, and empirical data on the costs and effectiveness of techniques remains relatively scarce. To help address this problem, we have been designing and constructing infrastructure to support controlled experimentation with testing and regression testing techniques. This paper reports on the challenges faced by researchers experimenting with testing techniques, including those that inform the design of our infrastructure. The paper then describes the infrastructure that we are creating in response to these challenges, and that we are now making available to other researchers, and discusses the impact that this infrastructure has and can be expected to have.

Helping End-User Programmers “Engineer” Dependable Software

Not long ago, most software was written by professional programmers, who could be presumed to have an interest in software engineering methodologies and in tools and techniques for improving software dependability. Today, however, a great deal of software is written not by professionals but by end-users, who create applications such as multimedia simulations, dynamic web pages, and spreadsheets. Applications such as these are often used to guide important decisions or aid in important tasks, and it is important that they be sufficiently dependable, but evidence shows that they frequently are not. For example, studies have shown that a large percentage of the spreadsheets created by end-users contain faults, and stories abound of spreadsheet faults that have led to multi-million dollar losses. Despite such evidence, until recently, relatively little research had been done to help end-users create more dependable software.

Using Source-Code Analysis to Help End-user Programmers Create Dependable Software

Not long ago, most software was written by professional programmers, who could be presumed to have an interest in software engineering methodologies and in tools and techniques for improving software dependability. Today, however, a great deal of software is written not by professionals but by end-users, who create applications such as multimedia simulations, dynamic web pages, and spreadsheets. Applications such as these are often used to guide important decisions or aid in important tasks, and it is important that they be sufficiently dependable, but evidence shows that they frequently are not. For example, studies have shown that a large percentage of the spreadsheets created by end-users contain faults. Despite such evidence, until recently, relatively little research had been done to help end-users create more dependable software. We have been working to address this problem by finding ways to provide at least some of the benefits of formal software engineering techniques to end-user programmers. In this talk, focusing on the spreadsheet application paradigm, I present several of our approaches, focusing on methodologies that utilize source-code-analysis techniques to help end-users build more dependable spreadsheets. Behind the scenes, our methodologies use static analyses such as dataflow analysis and slicing, together with dynamic analyses such as execution monitoring, to support user tasks such as validation and fault localization. I show how, to accommodate the user base of spreadsheet languages, an interface to these methodologies can be provided in a manner that does not require an understanding of the theory behind the analyses, yet supports the interactive, incremental process by which spreadsheets are created. Finally, I present empirical results gathered in the use of our methodologies that highlight several costs and benefits trade-offs, and many opportunities for future work.