Concerns about Cybersecurity: The Implications of the use of ICT for Citizens and Companies

The widespread use of Information and Communication Technologies - ICT substantially increases the risks related to information security. In fact, due to the increase in the number and type of cyber attacks, Cybersecurity has become a growing concern in today's society. This phenomenon affects not only individual citizens, but also companies and even State entities. Despite the numerous advantages of this "digitalisation" of society, there are several risks, ranging from identity theft, scam emails or phone calls, online fraud, offensive material and child pornography, material promoting racial hatred or religious extremism, access to online services, email account hacking, online banking fraud, cyber extortion or malicious software. In order to determine the impact that cyber attacks have on society it is necessary to understand how people and companies use ICTs, such as social networks, the information they share, their privacy concerns, or the use of electronic services such as online payments or the cloud. This study becomes central not only to try to prevent/minimise risks, showing what has been done in this area, but more importantly, the way forward to try to prevent or minimise possible risks in the future.info:eu-repo/semantics/publishedVersio

Detailed Overview of Software Smells

This document provides an overview of literature concerning software smells covering various dimensions of smells along with their corresponding references

Defining and validating a multimodel approach for product architecture derivation and improvement

The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-642-41533-3_24Software architectures are the key to achieving the non-functional requirements (NFRs) in any software project. In software product line (SPL) development, it is crucial to identify whether the NFRs for a specific product can be attained with the built-in architectural variation mechanisms of the product line architecture, or whether additional architectural transformations are required. This paper presents a multimodel approach for quality-driven product architecture derivation and improvement (QuaDAI). A controlled experiment is also presented with the objective of comparing the effectiveness, efficiency, perceived ease of use, intention to use and perceived usefulness with regard to participants using QuaDAI as opposed to the Architecture Tradeoff Analysis Method (ATAM). The results show that QuaDAI is more efficient and perceived as easier to use than ATAM, from the perspective of novice software architecture evaluators. However, the other variables were not found to be statistically significant. Further replications are needed to obtain more conclusive results.This research is supported by the MULTIPLE project (MICINN TIN2009-13838) and the Vali+D fellowship program (ACIF/2011/235).González Huerta, J.; Insfrán Pelozo, CE.; Abrahao Gonzales, SM. (2013). Defining and validating a multimodel approach for product architecture derivation and improvement. En Model-Driven Engineering Languages and Systems. Springer. 388-404. https://doi.org/10.1007/978-3-642-41533-3_24S388404Ali-Babar, M., Lago, P., Van Deursen, A.: Empirical research in software architecture: opportunities, challenges, and approaches. Empirical Software Engineering 16(5), 539–543 (2011)Ali-Babar, M., Zhu, L., Jeffery, R.: A Framework for Classifying and Comparing Software Architecture Evaluation Methods. In: 15th Australian Software Engineering Conference, Melbourne, Australia, pp. 309–318 (2004)Basili, V.R., Rombach, H.D.: The TAME project: towards improvement-oriented software environments. IEEE Transactions on Software Engineering 14(6), 758–773 (1988)Barkmeyer, E.J., Feeney, A.B., Denno, P., Flater, D.W., Libes, D.E., Steves, M.P., Wallace, E.K.: Concepts for Automating Systems Integration NISTIR 6928. National Institute of Standards and Technology, U.S. Dept. of Commerce (2003)Bosch, J.: Design and Use of Software Architectures. Adopting and Evolving Product-Line Approach. Addison-Wesley, Harlow (2000)Botterweck, G., O’Brien, L., Thiel, S.: Model-driven derivation of product architectures. In: 22th Int. Conf. on Automated Software Engineering, New York, USA, pp. 469–472 (2007)Buschmann, F., Meunier, R., Rohnert, H., Sommerlad, P., Stal, M.: Pattern-Oriented software architecture, vol. 1: A System of Patterns. Wiley (1996)Cabello, M.E., Ramos, I., Gómez, A., Limón, R.: Baseline-Oriented Modeling: An MDA Approach Based on Software Product Lines for the Expert Systems Development. In: 1st Asia Conference on Intelligent Information and Database Systems, Vietnam (2009)Carifio, J., Perla, R.J.: Ten Common Misunderstandings, Misconceptions, Persistent Myths and Urban Legends about Likert Scales and Likert Response Formats and their Antidotes. Journal of Social Sciences 3(3), 106–116 (2007)Clements, P., Northrop, L.: Software Product Lines: Practices and Patterns. Addison-Wesley, Boston (2007)Czarnecki, K., Kim, C.H.: Cardinality-based feature modeling and constraints: A progress report. In: Int. Workshop on Software Factories, San Diego-CA (2005)Datorro, J.: Convex Optimization & Euclidean Distance Geometry. Meboo Publishing (2005)Davis, F.D.: Perceived usefulness, perceived ease of use and user acceptance of information technology. MIS Quarterly 13(3), 319–340 (1989)Douglass, B.P.: Real-Time Design Patterns: Robust Scalable Architecture for Real-Time Systems. Addison-Wesley, Boston (2002)Feiler, P.H., Gluch, D.P., Hudak, J.: The Architecture Analysis & Design Language (AADL): An Introduction. Tech. Report CMU/SEI-2006-TN-011. SEI, Carnegie Mellon University (2006)Gómez, A., Ramos, I.: Cardinality-based feature modeling and model-driven engineering: Fitting them together. In: 4th Int. Workshop on Variability Modeling of Software Intensive Systems, Linz, Austria (2010)Gonzalez-Huerta, J., Insfran, E., Abrahao, S.: A Multimodel for Integrating Quality Assessment in Model-Driven Engineering. In: 8th International Conference on the Quality of Information and Communications Technology (QUATIC 2012), Lisbon, Portugal, September 3-6 (2012)Gonzalez-Huerta, J., Insfran, E., Abrahao, S., McGregor, J.D.: Non-functional Requirements in Model-Driven Software Product Line Engineering. In: 4th Int. Workshop on Non-functional System Properties in Domain Specific Modeling Languages, Insbruck, Austria (2012)Guana, V., Correal, V.: Variability quality evaluation on component-based software product lines. In: 15th Int. Software Product Line Conference, Munich, Germany, vol. 2, pp. 19.1–19.8 (2011)Insfrán, E., Abrahão, S., González-Huerta, J., McGregor, J.D., Ramos, I.: A Multimodeling Approach for Quality-Driven Architecture Derivation. In: 21st Int. Conf. on Information Systems Development (ISD 2012), Prato, Italy (2012)ISO/IEC 25000:2005, Software Engineering. Software product Quality Requirements and Evaluation SQuaRE (2005)Kazman, R., Klein, M., Clements, P.: ATAM: Method for Architecture Evaluation (CMU/SEI-2000-TR-004, ADA382629). Software Engineering Institute, Carnegie Mellon University, Pittsburgh (2000), http://www.sei.cmu.edu/publications/documents/00.reports/00tr004.htmlKim, T., Ko, I., Kang, S., Lee, D.: Extending ATAM to assess product line architecture. In: 8th IEEE Int. Conference on Computer and Information Technology, Sydney, Australia, pp. 790–797 (2008)Kitchenham, B.A., Pfleeger, S.L., Hoaglin, D.C., Rosenber, J.: Preliminary Guidelines for Empirical Research in Software Engineering. IEEE Transactions on Software Engineering 28(8) (2002)Kruchten, P.B.: The Rational Unified Process: An Introduction. Addison-Wesley (1999)Martensson, F.: Software Architecture Quality Evaluation. Approaches in an Industrial Context. Ph. D. thesis, Blekinge Institute of Technology, Karlskrona, Sweden (2006)Maxwell, K.: Applied Statistics for Software Managers. Software Quality Institute Series. Prentice-Hall (2002)Olumofin, F.G., Mišic, V.B.: A holistic architecture assessment method for software product lines. Information and Software Technology 49, 309–323 (2007)Perovich, D., Rossel, P.O., Bastarrica, M.C.: Feature model to product architectures: Applying MDE to Software Product Lines. In: IEEE/IFIP & European Conference on Software Architecture, Helsinki, Findland, pp. 201–210 (2009)Robertson, S., Robertson, J.: Mastering the requirements process. ACM Press, New York (1999)Roos-Frantz, F., Benavides, D., Ruiz-Cortés, A., Heuer, A., Lauenroth, K.: Quality-aware analysis in product line engineering with the orthogonal variability model. Software Quality Journal (2011), doi:10.1007/s11219-011-9156-5Saaty, T.L.: The Analytical Hierarchical Process. McGraw- Hill, New York (1990)Taher, L., Khatib, H.E., Basha, R.: A framework and QoS matchmaking algorithm for dynamic web services selection. In: 2nd Int. Conference on Innovations in Information Technology, Dubai, UAE (2005)Wohlin, C., Runeson, P., Host, M., Ohlsson, M.C., Regnell, B., Weslen, A.: Experimentation in Software Engineering - An Introduction. Kluwer (2000

A document based traceability model for test management

Software testing has became more complicated in the emergence of distributed network, real-time environment, third party software enablers and the need to test system at multiple integration levels. These scenarios have created more concern over the quality of software testing. The quality of software has been deteriorating due to inefficient and ineffective testing activities. One of the main flaws is due to ineffective use of test management to manage software documentations. In documentations, it is difficult to detect and trace bugs in some related documents of which traceability is the major concern. Currently, various studies have been conducted on test management, however very few have focused on document traceability in particular to support the error propagation with respect to documentation. The objective of this thesis is to develop a new traceability model that integrates software engineering documents to support test management. The artefacts refer to requirements, design, source code, test description and test result. The proposed model managed to tackle software traceability in both forward and backward propagations by implementing multi-bidirectional pointer. This platform enabled the test manager to navigate and capture a set of related artefacts to support test management process. A new prototype was developed to facilitate observation of software traceability on all related artefacts across the entire documentation lifecycle. The proposed model was then applied to a case study of a finished software development project with a complete set of software documents called the On-Board Automobile (OBA). The proposed model was evaluated qualitatively and quantitatively using the feature analysis, precision and recall, and expert validation. The evaluation results proved that the proposed model and its prototype were justified and significant to support test management

Semi-automated assessment of SQL schemas via database unit testing

A key skill for students learning relational database concepts is how to design and implement a database schema in SQL. This skill is often tested in an assignment where students derive a schema from a natural language specification. Grading of such assignments can be complex and time consuming, and novice database students often lack the skills to evaluate whether their implementation accurately reflects the specified requirements. In this paper we describe a novel semi-automated system for grading student-created SQL schemas, based on a unit testing model. The system verifies whether a schema conforms to a machine-readable specification and runs in two modes: a staff mode for grading, and a reduced functionality student mode that enables students to check that their schema meets specified minimum requirements. Analysis of student performance over the period this system was in use shows evidence of improved grades as a result of students using the system.Peer Reviewe

On the Feasibility of Transfer-learning Code Smells using Deep Learning

Context: A substantial amount of work has been done to detect smells in source code using metrics-based and heuristics-based methods. Machine learning methods have been recently applied to detect source code smells; however, the current practices are considered far from mature. Objective: First, explore the feasibility of applying deep learning models to detect smells without extensive feature engineering, just by feeding the source code in tokenized form. Second, investigate the possibility of applying transfer-learning in the context of deep learning models for smell detection. Method: We use existing metric-based state-of-the-art methods for detecting three implementation smells and one design smell in C# code. Using these results as the annotated gold standard, we train smell detection models on three different deep learning architectures. These architectures use Convolution Neural Networks (CNNs) of one or two dimensions, or Recurrent Neural Networks (RNNs) as their principal hidden layers. For the first objective of our study, we perform training and evaluation on C# samples, whereas for the second objective, we train the models from C# code and evaluate the models over Java code samples. We perform the experiments with various combinations of hyper-parameters for each model. Results: We find it feasible to detect smells using deep learning methods. Our comparative experiments find that there is no clearly superior method between CNN-1D and CNN-2D. We also observe that performance of the deep learning models is smell-specific. Our transfer-learning experiments show that transfer-learning is definitely feasible for implementation smells with performance comparable to that of direct-learning. This work opens up a new paradigm to detect code smells by transfer-learning especially for the programming languages where the comprehensive code smell detection tools are not available

Aplicando una estrategia de mejora que incluye conceptos de requisitos funcionales y no funcionales

Organizations should set and reach business goals for varied purposes using the suitable strategies. Basically, a strategy specifies the activities, methods and another related resources that should be considered in order to achieve a given goal purpose. Goal purposes and their associated strategies can aim at evaluating, testing, developing, or maintaining some entity. Some concrete evaluation purposes such as to understand or monitor can be achieved by strategies embracing non-functional requirements definition, measurement, evaluation and analysis activities. Other specific evaluation purposes such as to improve or control also imply changing the target entity; therefore, strategies should embrace functional requirements definition activities as well. Moreover, specific development and maintenance purposes always involve functional requirements. In this work, we relate business and information need goals with functional and nonfunctional requirements concepts, which are paramount for well-defined strategies. Therefore, we specify vocabularies for them, and illustrate the applicability of an improving strategy –which embeds these concepts- in the context of a running example. Having well-structured vocabularies serving as common ground for diverse strategies may promote a more effective operationalization of projects dealing with evaluation, testing, development and maintenance goal purposes.Las organizaciones deben establecer y alcanzar metas de negocio para diferentes propósitos utilizando las estrategias adecuadas. Básicamente, una estrategia especifica las actividades, los métodos y los recursos relacionados que deben considerarse para lograr un determinado propósito. Los propósitos de las metas y sus estrategias asociadas pueden apuntar a la evaluación, prueba, desarrollo o mantenimiento de alguna entidad. Algunos propósitos específicos de evaluación, como comprender o monitorear, pueden lograrse mediante estrategias que abarcan actividades de definición de requisitos no funcionales, medición, evaluación y análisis. Otros propósitos de evaluación, como mejorar o controlar, implican además cambiar la entidad o su contexto; por lo tanto, las estrategias también deben incluir actividades de definición de requisitos funcionales. En cuanto a los propósitos específicos de desarrollo y mantenimiento, estos siempre implican requisitos funcionales. Este trabajo relaciona las metas de negocio y de necesidad de información con conceptos de requisitos funcionales y no funcionales, que son fundamentales para estrategias bien definidas. Por lo tanto, especificamos sus vocabularios e ilustramos la aplicabilidad de una estrategia de mejora –la cual embebe estos conceptos- mediante un ejemplo que desarrollamos a lo largo de las secciones. Tener vocabularios bien estructurados que sirvan de base común para diversas estrategias puede promover una operacionalización más efectiva de los proyectos que tienen que ver con propósitos de metas de evaluación, prueba, desarrollo y mantenimiento.Facultad de Informátic