Network


Latest external collaboration on country level. Dive into details by clicking on the dots.

Hotspot


Dive into the research topics where Le Minh Sang Tran is active.

Publication


Featured researches published by Le Minh Sang Tran.


conference on advanced information systems engineering | 2011

Dealing with known unknowns: towards a game-theoretic foundation for software requirement evolution

Le Minh Sang Tran; Fabio Massacci

Requirement evolution has drawn a lot of attention from the community with a major focus on management and consistency of requirements. Here, we tackle the fundamental, albeit less explored, alternative of modeling the future evolution of requirements. Our approach is based on the explicit representation of controllable evolutions vs observable evolutions, which can only be estimated with a certain probability. Since classical interpretations of probability do not suit well the characteristics of software design, we introduce a game-theoretic approach to give an explanation to the semantic behind probabilities. Based on this approach we also introduce quantitative metrics to support the choice among evolution-resilient solutions for the system-to-be. To illustrate and show the applicability of our work, we present and discuss examples taken from a concrete case study (the security of the SWIM system in Air Traffic Management).


Journal of Systems and Software | 2014

Assessing a requirements evolution approach: Empirical studies in the air traffic management domain

Fabio Massacci; Federica Paci; Le Minh Sang Tran; Alessandra Tedeschi

Requirements evolution is still a challenging problem in engineering practices. In this paper, we report the results of the empirical evaluation of a novel approach for modeling and reasoning on evolving requirements. We evaluated the effectiveness of the approach in modeling requirements evolution by means of a series of empirical studies in the air traffic management (ATM) domain. As we also wanted to assess whether the knowledge of the method and/or the application domain influences the effectiveness of the approach, the studies involved researchers, master students and domain experts with different level of knowledge of the approach and of the ATM domain. The participants have applied the approach to a real evolutionary scenario which focuses on the introduction of a new queue management tool, the Arrival MANager (AMAN) and a new network for information sharing (SWIM) connecting the main ATM actors. The results from the studies show that the modeling approach is effective in capturing requirements evolution. In addition, domain knowledge and method knowledge do not have an observable effect on the effectiveness of the approach. Furthermore, the evaluation provided us useful insights on how to improve the modeling approach.


International Journal of Secure Software Engineering | 2014

Evolution of security engineering artifacts: a state of the art survey

Michael Felderer; Basel Katt; Philipp Kalb; Jan Jürjens; Martín Ochoa; Federica Paci; Le Minh Sang Tran; Thein Than Tun; Koen Yskout; Riccardo Scandariato; Frank Piessens; Dries Vanoverberghe; Elizabeta Fourneret; Matthias Gander; Bjørnar Solhaug; Ruth Breu

Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security engineering artifacts. The article covers the state of the art on evolution of security requirements, security architectures, secure code, security tests, security models, and security risks as well as security monitoring. For each of these artifacts the authors give an overview of evolution and security aspects and discuss the state of the art on its security evolution in detail. Based on this comprehensive survey, they summarize key issues and discuss directions of future research.


DBSec 2013 Proceedings of the 27th Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy XXVII - Volume 7964 | 2013

An approach to select cost-effective risk countermeasures

Le Minh Sang Tran; Bjørnar Solhaug; Ketil Stølen

Risk is unavoidable in business and risk management is needed amongst others to set up good security policies. Once the risks are evaluated, the next step is to decide how they should be treated. This involves managers making decisions on proper countermeasures to be implemented to mitigate the risks. The countermeasure expenditure, together with its ability to mitigate risks, is factors that affect the selection. While many approaches have been proposed to perform risk analysis, there has been less focus on delivering the prescriptive and specific information that managers require to select cost-effective countermeasures. This paper proposes a generic approach to integrate the cost assessment into risk analysis to aid such decision making. The approach makes use of a risk model which has been annotated with potential countermeasures, estimates for their cost and effect. A calculus is then employed to reason about this model in order to support decision in terms of decision diagrams. We exemplify the instantiation of the generic approach in the CORAS method for security risk analysis.


ieee international conference on requirements engineering | 2014

An Approach for Decision Support on the Uncertainty in Feature Model Evolution

Le Minh Sang Tran; Fabio Massacci

Software systems could be seen as a hierarchy of features which are evolving due to the dynamic of the working environments. The companies who build software thus need to make an appropriate strategy, which takes into consideration of such dynamic, to select features to be implemented. In this work, we propose an approach to facilitate such selection by providing a means to capture the uncertainty of evolution in feature models. We also provide two analyses to support the decision makers. The approach is exemplified in the Smart Grid scenario.


2012 Second IEEE International Workshop on Empirical Requirements Engineering (EmpiRE) | 2012

Assessing a requirements evolution approach: Empirical studies in the Air Traffic Management domain

Fabio Massacci; Deepa Nagaraj; Federica Paci; Le Minh Sang Tran; Alessandra Tedeschi

Requirements evolution is still a challenging problem in engineering practices. This paper presents a family of empirical studies about the applicability and usefulness of an approach for modeling evolving requirements. The empirical studies involved different categories of users (researchers, master students and domain experts) who have applied the approach to a real industrial evolutionary scenario drawn from the Air Traffic Management (ATM) domain. The results from the studies demonstrated the usefulness of the approach for requirements evolution in complex industrial settings such as the ones in the ATM domain. Furthermore, the validation provided us useful insights about the problem of requirements evolution faced in different industrial contexts.


Engineering Secure Future Internet Services and Systems | 2014

Empirical Assessment of Security Requirements and Architecture: Lessons Learned

Riccardo Scandariato; Federica Paci; Le Minh Sang Tran; Katsiaryna Labunets; Koen Yskout; Fabio Massacci; Wouter Joosen

Over the past three years, our groups at the University of Leuven and the University of Trento have been conducting a number of experimental studies. In particular, two common themes can be easily identified within our work. First, we have investigated the value of several threat modeling and risk assessment techniques. The second theme relates to the problem of preserving security over time, i.e., security evolution. Although the empirical results obtained in our studies are interesting on their own, the main goal of this chapter is to share our experience. The objective is to provide useful, hands-on insight on this type of research work so that the work of other researchers in the community would be facilitated. The contribution of this chapter is the discussion of the challenges we faced during our experimental work. Contextually, we also outline those solutions that worked out in our studies and could be reused in the field by other studies.


empirical software engineering and measurement | 2013

An Experimental Comparison of Two Risk-Based Security Methods

Katsiaryna Labunets; Fabio Massacci; Federica Paci; Le Minh Sang Tran


arXiv: Other Computer Science | 2013

An Approach to Select Cost-Effective Risk Countermeasures Exemplified in CORAS

Le Minh Sang Tran; Bjørnar Solhaug; Ketil Stølen


CAiSE Forum | 2013

UNICORN: A Tool for Modeling and Reasoning on the Uncertainty of Requirements Evolution.

Le Minh Sang Tran; Fabio Massacci

Collaboration


Dive into the Le Minh Sang Tran's collaboration.

Top Co-Authors

Avatar
Top Co-Authors

Avatar
Top Co-Authors

Avatar
Top Co-Authors

Avatar

Koen Yskout

Katholieke Universiteit Leuven

View shared research outputs
Top Co-Authors

Avatar
Top Co-Authors

Avatar
Top Co-Authors

Avatar

Dries Vanoverberghe

Katholieke Universiteit Leuven

View shared research outputs
Top Co-Authors

Avatar

Frank Piessens

Katholieke Universiteit Leuven

View shared research outputs
Researchain Logo
Decentralizing Knowledge