Articles are available in Portable Document Format (PDF) or PostScript® format and some of them are compressed with gzip. Downloading any one of these documents indicates that you agree to abide by a copyright notice.

2008

• "Automated Identification of Interface Mismatches in Web Applications"
  W. Halfond and A. Orso
  Proceedings of the ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE 2008).
  [ To Appear ]


• "BERT: BEhavioral Regression Testing"
  A. Orso and Tao Xie
  Proceedings of the Sixth International ISSTA Workshop on Dynamic Analysis (WODA 2008).
  [ To Appear ]


• "WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation"
  W. Halfond, A. Orso, and P. Manolios.
  IEEE Transactions on Software Engineering.
  [ Abstract, BibTeX ref., PDF ]

2007

• "Effective Memory Protection Using Dynamic Tainting"
  J. Clause, I. Doudalis, A. Orso, and M. Prvulovic.
  Proceedings of the 22nd IEEE and ACM International Conference on Automated Software Engineering (ASE 2007).
  [ Abstract, BibTeX ref., PDF 220 Kb, Slides 5532 Kb ]


• "SCARPE: A Technique and Tool for Selective Record and Replay of Program Executions"
  S. Joshi and A. Orso
  Proceedings of the 23rd IEEE International Conference on Software Maintenance (ICSM 2007).
  [ Abstract, BibTeX ref., PDF 1208 Kb, Slides 2288 Kb ]


• "Improving Test Case Generation for Web Applications Using Automated Interface Discovery"
  W. Halfond and A. Orso
  Proceedings of the European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2007).
  [ Abstract, BibTeX ref. PDF 472 Kb, Slides 612 Kb ]


• "Dytan: A Generic Dynamic Taint Analysis Framework"
  J. Clause, W. Li, and A. Orso
  Proceedings of The ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2007).
  [ Abstract, BibTeX ref., PDF 316 Kb, Slides 1388 Kb ]


• "Using Component Metadata to Regression Test Component-based Software"
  A. Orso, H. Do, G. Rothermel, M. J. Harrold and D. Rosenblum
  Software Testing, Verification and Reliability
  [ Abstract, BibTeX ref. ]


• "A Technique for Enabling and Supporting Debugging of Field Failures"
  J. Clause and A. Orso
  Proceedings of the 29th IEEE and ACM SIGSOFT International Conference on Software Engineering (ICSE 2007).
  [ Abstract, BibTeX ref., PDF 1320 Kb, Slides 2560 Kb ]


• "Techniques for Classifying Executions of Deployed Software to Support Software Engineering Tasks"
  M. Haran, A. Karr, M. Last, A. Orso, A. Porter, A. Sanil, and S. Fouché.
  IEEE Transactions on Software Engineering.
  [ Abstract, BibTeX ref., PDF 1352 Kb ]


• "Type-dependence Analysis and Program Transformation for Symbolic Execution"
  S. Anand, A. Orso, and M.J. Harrold
  Proceedings of the 13th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2007).
  [ Abstract, BibTeX ref. PDF 248 Kb, ]


• "JDiff: A Differencing Technique and Tool for Object-Oriented Programs"
  T. Apiwattanapong, A. Orso and M. J. Harrold
  Automated Software Engineering: An International Journal
  [ Abstract, BibTeX ref. ]

2006

• "Using Positive Tainting and Syntax-Aware Evaluation to Protect Web Applications"
  W. Halfond, A. Orso, and P. Manolios.
  Proceedings of the 14th ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE 2006).
  [ Abstract, BibTeX ref., PDF 600 Kb, Slides 1652 Kb ]


• "Command-Form Coverage for Testing Database Applications"
  W. Halfond and A. Orso
  Proceedings of the IEEE and ACM International Conference on Automated Software Engineering (ASE 2006).
  [ Abstract, BibTeX ref., PDF 496 Kb, Slides 3172 Kb ]


• "MaTRIX: Maintenance-Oriented Testing Requirements Identifier and Examiner"
  T. Apiwattanapong, R. Santelices, P. Kumar Chittimalli, A. Orso, and M.J. Harrold
  Proceedings of the IEEE Workshop on "Testing: Academic & Industrial Conference, Practice and Research Techniques" (TAIC PART 2006)
  [ Abstract, BibTeX ref., PDF 256 Kb, Slides 2240 Kb ]


• "Preventing SQL Injection Attacks Using AMNESIA"
  W. Halfond and A. Orso
  28th IEEE and ACM SIGSOFT International Conference on Software Engineering (ICSE 2006) -- Formal Demos track
  [ Abstract, BibTeX ref., PDF 208 Kb, Slides 676 Kb ]


• "Isolating relevant Component Interactions with JINSI"
  A. Orso, S. Joshi, M. Burger, and A. Zeller
  Proceedings of the Fourth International ICSE Workshop on Dynamic Analysis (WODA 2006).
  [ Abstract, BibTeX ref., PDF 312 Kb, ]


• "Recognizing Behavioral Patterns at Runtime using Finite Automata"
  L. Wendehals and A. Orso
  Proceedings of the Fourth International ICSE Workshop on Dynamic Analysis (WODA 2006).
  [ Abstract, BibTeX ref., PDF 308 Kb, ]


• "A Classification of SQL Injection Attacks and Prevention Techniques"
  W. Halfond, J. Viegas and A. Orso
  Proceedings of the IEEE International Symposium on Secure Software Engineering (ISSSE 2006)
  [ Abstract, BibTeX ref., PDF 136 Kb, Slides 1364 Kb ]

2005

• "InsECTJ: A Generic Instrumentation Framework for Collecting Dynamic Information within Eclipse"
  A. Seesing and A. Orso
  Proceedings of the eclipse Technology eXchange (eTX) Workshop at OOPSLA 2005.
  [ Abstract, BibTeX ref., PDF 160 Kb, Slides 2060 Kb ]


• "AMNESIA: Analysis and Monitoring for NEutralizing SQL-Injection Attacks"
  W. Halfond and A. Orso
  Proceedings of the IEEE and ACM International Conference on Automated Software Engineering (ASE 2005).
  [ Abstract, BibTeX ref., PDF 296 Kb, Slides 744 Kb ]


• "MonDe: Safe Updating through Monitored Deployment of New Component Versions"
  J. Cook and A. Orso
  Proceedings of the ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE 2005).
  [ Abstract, BibTeX ref., PDF 104 Kb, Slides 1820 Kb ]


• "Applying Classification Techniques to Remotely-Collected Program Execution Data"
  M. Haran, A. Karr, A. Orso, A. Porter, and A. Sanil
  Proceedings of the European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2005).
  [ Abstract, BibTeX ref., PDF 152 Kb, Slides 704 Kb ]


• "Selective Capture and Replay of Program Executions"
  A. Orso and B. Kennedy.
  Proceedings of the Third International ICSE Workshop on Dynamic Analysis (WODA 2005).
  [ Abstract, BibTeX ref., PDF 132 Kb, Slides 1780 Kb ]


• "Combining Static Analysis and Runtime Monitoring to Counter SQL-Injection Attacks"
  W. Halfond and A. Orso.
  Proceedings of the Third International ICSE Workshop on Dynamic Analysis (WODA 2005).
  [ Abstract, BibTeX ref., PDF 464 Kb, Slides 596 Kb ]


• "Efficient and Precise Dynamic Impact Analysis Using Execute-After Sequences"
  T. Apiwattanapong, A. Orso, and M.J. Harrold.
  Proceedings of the 27th IEEE and ACM SIGSOFT International Conference on Software Engineering (ICSE 2005).
  [ Abstract, BibTeX ref., PDF 168 Kb, Slides 356 Kb ]

2004

• "Scaling Regression Testing to Large Software Systems."
  A. Orso, N. Shi, and M.J. Harrold.
  Proceedings of the 12th ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE 2004).
  [ Abstract, BibTeX ref. PDF 256 Kb, Slides (PDF) 812 Kb ]


• "A Differencing Algorithm for Object-oriented Programs."
  T. Apiwattanapong, A. Orso, and M.J. Harrold.
  Proceedings of the 19th IEEE International Conference on Automated Software Engineering (ASE 2004). (This paper was presented with the Best Paper Award and with an ACM-SIGSOFT Distinguished Paper Award.)
  [ Abstract, BibTeX ref., PDF 428 Kb Slides (PDF) 1868 Kb ]


• "A Generic Instrumentation Framework for Collecting Dynamic Information."
  A. Chawla and A. Orso.
  Online Proceeding of the ISSTA Workshop on Empirical Research in Software Testing (WERST 2004). July 2004.
  [ Abstract, BibTeX ref., PDF 92 Kb ]


• "Classifying Data Dependences in the Presence of Pointers for Program Comprehension, Testing, and Debugging."
  A. Orso, S. Sinha, and M.J. Harrold.
  ACM Transactions on Software Engineering and Methodology (TOSEM), 2004, Volume 13, Number 2, pages 199--239.
  [ Abstract, BibTeX ref., PDF 364 Kb ]


• "Gammatella: Visualizing Program-Execution Data for Deployed Software."
  J. Jones, A. Orso, and M.J. Harrold.
  Information Visualization, 2004, Volume 3, Number 3, pages 173--188.
  [ Abstract, BibTeX ref., PDF 1220 Kb ]


• "An Empirical Comparison of Dynamic Impact Analysis Algorithms."
  A. Orso, T. Apiwattanapong, J. Law, G. Rothermel, and M.J. Harrold.
  Proceedings of the 26th IEEE and ACM SIGSOFT International Conference on Software Engineering (ICSE 2004). May 2004.
  [ Abstract, BibTeX ref., PDF 280 Kb ]


• "Automated Support for Development, Maintenance, and Testing in the Presence of Implicit Control Flow."
  S. Sinha, A. Orso, and M.J. Harrold.
  Proceedings of the 26th IEEE and ACM SIGSOFT International Conference on Software Engineering (ICSE 2004). May 2004.
  [ Abstract, BibTeX ref., PDF 244 Kb ]

2003

• Presentation: "Improving Dynamic Analysis through Partial Replay of Users' Executions."
  A. Orso and B. Kennedy.
  Online Proceedings of the Dagstuhl Seminar on Understanding Program Dynamics. December 2003.
  [ Abstract, BibTeX ref., Slides (PDF) 1248 Kb ]


• "Leveraging Field Data for Impact Analysis and Regression Testing."
  A. Orso, T. Apiwattanapong, and M.J. Harrold.
  Proceedings of the European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2003). September 2003.
  [ Abstract, BibTeX ref., PDF 284 Kb, Slides (PDF) 1984 Kb ]


• "Visualization of Program-Execution Data for Deployed Software."
  A. Orso, J. Jones, and M.J. Harrold.
  Proceedings of the ACM symposium on Software Visualization (SOFTVIS 2003). June 2003. (This paper was presented with an ACM-SIGSOFT Distinguished Paper Award.)
  [ Abstract, BibTeX ref., PDF 684 Kb Slides (PDF) 2792 Kb ]

2002

• "Interclass Testing of Object Oriented Software."
  V. Martena, A. Orso, and M. Pezzè.
  Proceedings of the IEEE International Conference on Engineering of Complex Computer Systems (ICECCS 2002). December 2002.
  [ Abstract, BibTeX ref., PDF 104 Kb ]


• "Monitoring Deployed Software Using Software Tomography."
  J. Bowring, A. Orso, and M.J. Harrold.
  Proceedings of the ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE 2002). November 2002.
  [ Abstract, BibTeX ref., PDF 124 Kb ]


• "A Technique for Dynamic Updating of Java Software."
  A. Orso, A. Rao, and M.J. Harrold.
  Proceedings of the IEEE International Conference on Software Maintenance (ICSM 2002). October 2002.
  [ Abstract, BibTeX ref., PDF 128 Kb, PostScript.gz 60 Kb ]


• "Gamma System: Continuous Evolution of Software after Deployment."
  A. Orso, D. Liang, M.J. Harrold, and R. Lipton.
  Proceedings of the International Symposium on Software Testing and Analysis (ISSTA 2002). July 2002.
  [ Abstract, BibTeX ref., PDF 124 Kb, PostScript.gz 76 Kb ]

2001

• "Using Component Metacontents to Support the Regression Testing of Component-Based Software."
  A. Orso, M.J. Harrold, D. Rosenblum, G. Rothermel, M.L. Soffa, and H. Do.
  Proceedings of the IEEE International Conference on Software Maintenance (ICSM 2001). November 2001.
  [ Abstract, BibTeX ref., PDF 116 Kb, PostScript.gz 52 Kb ]


• "Incremental Slicing Based on Data-Dependences Types."
  A. Orso, S. Sinha, and M.J. Harrold.
  Proceedings of the IEEE International Conference on Software Maintenance (ICSM 2001). November 2001.
  [ Abstract, BibTeX ref., PDF 172 Kb, PostScript.gz 116 Kb ]


• "Regression Test Selection for Java Software."
  M.J. Harrold, J. Jones, T. Li, D. Liang, A. Orso, M. Pennings, S. Sinha, S. Spoon, and A. Gujarathi.
  Proceedings of the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2001). October 2001.
  [ Abstract, BibTeX ref., PDF 268 Kb ]


• "MASSA: Mobile Agents Security through Static/Dynamic Analysis."
  A. Orso, G. Vigna, and M.J. Harrold.
  Proceedings of the ICSE Workshop on Software Engineering and Mobility. May 2001.
  [ Abstract, BibTeX ref., PDF 72 Kb, PostScript.gz 32 Kb ]


• "Effects of Pointers on Data Dependences."
  A. Orso, S. Sinha, and M.J. Harrold.
  Proceedings of the International Workshop on Program Comprehension (IWPC 2001). May 2001.
  [ Abstract, BibTeX ref., PDF 104 Kb, PostScript.gz 340 Kb ]

2000 and before

• "Component Metadata for Software Engineering Tasks."
  A. Orso, M.J. Harrold, and D. Rosenblum.
  Proceedings of EDO 2000, LNCS Vol. 1999, Springer-Verlag. November 2000.
  [ Abstract, BibTeX ref., PDF 220 Kb, PostScript.gz 76 Kb ]


• "Automated Testing of Classes."
  U. buy, A. Orso and M. Pezzè.
  Proceedings of International Symposium on Software Testing and Analysis (ISSTA 2000). August 2000.
  [ Abstract, BibTeX ref., PDF 388 Kb ]


• "Integration Testing of Procedural Object-Oriented Languages with Polymorphism."
  A. Orso and M.Pezzè.
  Proceedings of the International Conference on Testing Computer Software (TCS 1999). June 1999.
  [ Abstract, BibTeX ref., PDF 292 Kb, PostScript.gz 112 Kb ]


• "A Framework for Testing Object-Oriented Components."
  U. Buy, C. Ghezzi, A. Orso, M.Pezzè, and M. Valsasna.
  Proceedings of the ICSE Workshop on Testing Distributed Component-Based Systems 1999. May 1999.
  [ Abstract, BibTeX ref., PDF 152 Kb, PostScript.gz 44 Kb ]


• "Integration Testing of Object-Oriented Software."
  A. Orso,
  Ph.D. Dissertation, Dipartimento di Elettronica e Informazione, Politecnico di Milano, Italy. February 1999.
  [ Abstract, BibTeX ref., PDF 584 Kb, PostScript.gz 220 Kb ]


• "Open Issues and Research Directions in Object-Oriented Testing."
  A. Orso and S. Silva.
  Proceedings of the Fourth International Conference on Achieving Quality in Software (AQUIS 1998). January 1998.
  [ Abstract, BibTeX ref., PDF 68 Kb, PostScript.gz 32 Kb ]


• "Introducing Formal Specification Methods in Industrial Practice."
  L. Baresi, A. Orso, and M. Pezzè.
  Proceedings of the International Conference on Software Engineering (ICSE 1997). May 1997.
  [ Abstract, BibTeX ref., PDF 264 Kb, PostScript.gz 116 Kb ]


• "Customizable Notations for Kernel Formalisms."
  L. Baresi, A. Orso, and M. Pezzè.
  Proceedings of the International Conference on Engineering of Complex Computer Systems (ICECCS 1995). November 1995.
  [ Abstract, BibTeX ref., PDF 300 Kb, PostScript.gz 80 Kb ]

• Gammatella: Visualization of Program-Execution Data for Deployed Software,
  at the 26th IEEE and ACM SIGSOFT International Conference on Software Engineering (ICSE 2004). Edinburgh, Scotland, May 2004.
  (with J. Jones and M.J. Harrold)


• Visualization of Program-Execution Data for Deployed Software,
  at the ACM symposium on Software Visualization (SOFTVIS 2003). San Diego, CA, June 2003.
  (with J. Jones and M.J. Harrold)


• Software Tomography: Enabling Continuous Improvement in Software Development,
  at the ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE 2002). Charleston, SC, November 2002.
  (with J. Bowring and M.J. Harrold)


• Dynamic Update of Java Software,
  at the Yamacraw Industrial Advisory Board Workshop. Atlanta, GA, October 2002.
  (with M. Balakrishnan and M.J. Harrold)


• DejaVOO: A Regression Testing Tool for Java Software,
  at the ACM Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA 2001). Tampa Bay, Florida, USA, October 2001.
  (with D. Liang and M.J. Harrold)