The Software Engineering Realsearch Group at North Carolina State University is committed to sound empirical software engineering research. Our roots are in Extreme Programming and Pair Programming research, but we have expanded into the areas of reliability, security, static analysis, and test case prioritization. Working closely with our industry partners, we conduct our research with the goal of improving the software development process and software quality.

RealSearch Projects

iTrust
This project involves the development of an application through which doctors can obtain and share essential patient information and can view aggregate patient data. Privacy and security of patient records are ensured, as protected by the HIPAA statute.

AWARE - Sarah Heckman and Lucas Layman
AWARE is an Eclipse plug-in which presents alerts generated by automated static analysis to developers. The alerts are ranked by the likelihood a specific alert is an indication of a fault. The researchers are investigating how to rank alerts and when to present highly ranked alerts to the developer.

MuClipse- Ben Smith
MuClipse is an Eclipse plugin which acts as a wrapper for the JMutation System (MuJava), which performs Mutation Testing. Increased usability is provided using the features of the IDE, including the ability to easily compare mutants, to track mutant status, and to repeat mutation testing executions through Eclipse runtime configurations.

WARD- Michael Gegick
The Web Application Reliability and Defense (WARD) framework is a two-part security solution that can be used during code development. WARD is composed of SecureUnit for vulnerability detection and SecureFilter for vulnerability protection. SecureUnit enables developers to write automated, reusable, and customizable JUnit tests to launch attacks on their system to reveal security vulnerabilities. SecureFilter is a customizable server-side choke point containing a regular expression-based filter to match legal input according to system requirements.

I-BACCI- Jiang Zheng
The Integrated - Black-box Approach for Component Change Identification (I-BACCI) process is an integration of a static binary code change identification process and a code-based regression test selection process. The objective of the process is to reduce the regression testing required for COTS-based applications when components change and source code is not available. Supporting tools have been developed for analyzing binaries of components in Common Object File Format (COFF) and Portable Executable (PE) formats.

The Decomposer and Trivial Information Zapper (D-TIZ) tool was created to decompose the binary flies and remove trivial information such as timestamps and file pointers, which are irrelevant to the change identification. The Trivial Identifier of Differences in BInary-analysis Text Zapper (TID-BITZ) tool removes most of the false positives caused by trivial differences such as shifted addresses and register reallocations. The Call-graph Analyzer - Affected Function Identifier (CAAFI) tool generates and analyzes the function call graphs within components.