Assessing and Improving Industrial Software Processes

Software process is a complex phenomenon that involves a multitude of different artifacts, human actors with different roles, activities to be performed in order to produce a software product. Even though the research community is devoting a great effort in proposing solutions aimed at improving software process, several issues are still open. In this Thesis work I propose different solutions for assessing and improving software processes carried out in real industrial contexts. More in detail, I proposed a solution, based on ALM and MDE, for supporting Gap Analysis processes for assessing if a software process is carried out in accordance with Standards or Evaluation Framework. Then, I focused on a solution based on tool integration for the management of trace links among the artifacts involved in the software process. As another contribution, I proposed a Reverse engineering process and a tool, named EXACT, for supporting the analysis and comprehension of spreadsheet based artifacts involved in software development processes. Finally, I realized a semi-automatic approach, named AutoMative, for supporting the introduction in real Industrial software processes of SPL for managing the variability of the software products to be developed. Case studies conducted in real industrial settings showed the feasibility and the positive impact of the proposed solutions on real industrial software processes

Continuous assessment of software traceability

Traceability is a critical element of any rigorous software development process. It is required by numerous software lifecycle activities such as, for example, safety analysis, change impact analysis, coverage analysis, and compliance verification. Safety guidelines such as ISO 61508 and its domain specific derivatives explicitly require the implementation of software traceability. Although the crucial importance of traceability is commonly acknowledged, software development projects rarely follow explicit traceability strategies. Traceability is rarely planned or systematically created but should rather be regarded as a desultory ad-hoc effort. In result, existing traces are potentially of dubious quality but serve as the foundation for high impact development decisions. To ensure that traceability is trustworthy, the fitness for purpose of a project’s traceability implementation must be thoroughly ascertained, especially within the context of safety-critical software. Assessing the fitness for purpose is an intricate problem for several reasons. Depending on the project specific traceability goals, different ways of traceability are applied within multiple projects. The development of safety-critical software is subject to different regulations with diverse provisions that need to be regarded. This thesis will present an approach to systematically assess the fitness for purpose of a project’s traceability implementation, comprising two parts. The first part supports the planning of purposed traceability, which is a prerequisite for the traceability assessment. Based on the planning results, the second part supports the actual assessments. It defines an analytical traceability assessment model. This model provides a comprehensive classification of possible traceability problems and defines assessment criteria to systematically detect these problems. The results of a traceability expert survey suggest that proposed traceability problem classification is complete and defines relevant assessment criteria. The proposed assessment approach was applied in two studies. The study results indicate that the proposed assessment provides support for multiple purposes. It can be used in order to determine the feasibility of important software lifecycle activities and the cost effectiveness of a project’s traceability implementation. Safety-critical software projects can be supported with their safety argument. The compliance of projects’ traceability implementations to safety guidelines can be determined.Die Nachvollziehbarkeit von Anforderungen ist wichtiges Qualitätsmerkmal der Softwareentwicklung. Für eine Vielzahl von Softwareentwicklungsaktivitäten ist die Nachvollziehbarkeit von Anforderungen eine notwenige Voraussetzung. Dazu gehören unter anderem die Analyse funktionaler Sicherheit, die Einflussanalyse, die Analyse des Abdeckungsgrades oder die Compliance. Für die Entwicklung sicherheitskritischer Softwaresysteme ist dieses Qualitätsmerkmal von besonderer Bedeutung. Daher wird dieses von entsprechenden Richtlinien zur Entwicklung sicherheitskritischer Software explizit vorgeschrieben. Obwohl die Relevanz der Nachvollziehbarkeit in Softwareprojekten allgemein bekannt ist, findet nur in wenigen Fällen eine systematische Planung zur Erreichung dieses Qualitätsmerkmals Anwendung. Häufig wird Nachvollziehbarkeit erst nachträglich umgesetzt. Daraus resultieren oft unvollständige Implementierungen der Nachvollziehbarkeit, die trotzdem als Grundlage für schwerwiegende Entscheidungen herangezogen werden. Aus diesem Grunde sollten die entsprechenden Implementierungen einer eingehenden Prüfung unterzogen werden, besonders im Rahmen der Entwicklung sicherheitskritischer Systeme. Dazu ist jedoch eine Vielzahl von Herausforderungen zu meistern. Zum einen hängt die Nachvollziehbarkeit von den projektspezifischen Zielen ab. Bei sicherheitskritischen Systemen müssen oft Vorgaben aus Richtlinien erfüllt werden. Auch die Nutzung der Nachvollziehbarkeit ist sehr stark von den jeweiligen Zielen abhängig. In dieser Arbeit wird ein Ansatz zur systematischen Prüfung von Softwareprojekten im Hinblick auf deren Nachvollziehbarkeit der Anforderungen vorgeschlagen. Eine notwendige Voraussetzung für den Prüfansatz ist die präzise Planung und Definition der Nachvollziehbarkeit von Anforderungen in einem Softwareprojekt. Daher wird im Rahmen dieser Arbeit ein entsprechender Planungsansatz präsentiert. Weiterhin wird ein analytisches Modell zur systematischen Prüfung der Nachvollziehbarkeit in Softwareprojekten präsentiert. Dieses Modell umfasst eine vollständige Klassifikation möglicher Fehlertypen. Außerdem werden Kriterien zur systematischen Erkennung dieser Fehler vorgeschlagen. Die Ergebnisse einer Expertenbefragung bestätigen die Vollständigkeit des analytischen Prüfmodells. Zudem wurde der vorgeschlagene Ansatz zur systematischen Prüfung der Nachvollziehbarkeit von Anforderungen in zwei Studien evaluiert. Dabei konnte der Nutzen des Ansatzes für die Entwicklung von sicherheitskritischer und nicht sicherheitskritischer Software nachgewiesen werden

Proceedings of the 1st international workshop on software process education, training and professionalism (SPETP 2015)

These Proceedings contain the papers accepted for publication and presentation at the first 1st International Workshop on Software Process Education, Training and Professionalism (SPETP 2015) held in conjunction with the 15th International Conference on Software Process Improvement and Capability dEtermination (SPICE 2015), Gothenburg, Sweden, during June 15-17, 2015. During the 14th International Conference on Software Process Improvement and Capability dEtermination (SPICE 2014) held in Vilnius, Lithuania, at a post conference dinner, a group of key individuals from education and industry started to discuss the challenges faced for software process education, training and professionalism, especially with the background of the new modes of learning and teaching in higher education. Further discussions held post conference with key players in the relevant professional and personal certification fields led to a consensus that it is time for the industry to rise to the new challenges and set out in a manifesto a common vision for educators and trainers together with a set of recommendations to address the challenges faced. It was therefore agreed co-located the 1st International Workshop on Software Process Education, Training and Professionalism with the 15th International Conference on Software Process Improvement and Capability dEtermination. This workshop focused on the new challenges for and best practices in software process education, training and professionalism. The foundation for learning of software process should be part of a university or college education however software process is often treated as ‘add one’ module to the core curriculum. In a professional context, whilst there have been a number of initiatives focused on the certification related to the software process professional these have had little success for numerous reasons. Cooperation in education between industry, academia and professional bodies is paramount, together with the recognition of how the education world is changing and how education is resourced, delivered (with online and open learning) and taken up. Over the next 10 years on-line learning is projected to grow fifteen fold, accounting for 30% of all education provision, according to the recent report to the European Commission on New modes of learning and teaching in higher education. It is a great pleasure to see the varied contributions to this 1st International Workshop on Software Process Education, Training and Professionalism and we hope that our joint dedication, passion and innovation will lead to success for the profession through the publication of the manifesto as a key outcome from the workshop. On behalf of the SPETP 2015 conference Organizing Committee, we would like to thank all participants. Firstly all the authors, whose quality work is the essence of the conference, and the members of the Program Committee, who helped us with their expertise and diligence in reviewing all of the submissions. As we all know, organizing a conference requires the effort of many individuals. We wish to thank also all the members of our Organizing Committee, whose work and commitment were invaluable

Model-Based Engineering of Collaborative Embedded Systems

This Open Access book presents the results of the "Collaborative Embedded Systems" (CrESt) project, aimed at adapting and complementing the methodology underlying modeling techniques developed to cope with the challenges of the dynamic structures of collaborative embedded systems (CESs) based on the SPES development methodology. In order to manage the high complexity of the individual systems and the dynamically formed interaction structures at runtime, advanced and powerful development methods are required that extend the current state of the art in the development of embedded systems and cyber-physical systems. The methodological contributions of the project support the effective and efficient development of CESs in dynamic and uncertain contexts, with special emphasis on the reliability and variability of individual systems and the creation of networks of such systems at runtime. The project was funded by the German Federal Ministry of Education and Research (BMBF), and the case studies are therefore selected from areas that are highly relevant for Germany’s economy (automotive, industrial production, power generation, and robotics). It also supports the digitalization of complex and transformable industrial plants in the context of the German government's "Industry 4.0" initiative, and the project results provide a solid foundation for implementing the German government's high-tech strategy "Innovations for Germany" in the coming years

Certifications of Critical Systems – The CECRIS Experience

In recent years, a considerable amount of effort has been devoted, both in industry and academia, to the development, validation and verification of critical systems, i.e. those systems whose malfunctions or failures reach a critical level both in terms of risks to human life as well as having a large economic impact.Certifications of Critical Systems – The CECRIS Experience documents the main insights on Cost Effective Verification and Validation processes that were gained during work in the European Research Project CECRIS (acronym for Certification of Critical Systems). The objective of the research was to tackle the challenges of certification by focusing on those aspects that turn out to be more difficult/important for current and future critical systems industry: the effective use of methodologies, processes and tools.The CECRIS project took a step forward in the growing field of development, verification and validation and certification of critical systems. It focused on the more difficult/important aspects of critical system development, verification and validation and certification process. Starting from both the scientific and industrial state of the art methodologies for system development and the impact of their usage on the verification and validation and certification of critical systems, the project aimed at developing strategies and techniques supported by automatic or semi-automatic tools and methods for these activities, setting guidelines to support engineers during the planning of the verification and validation phases

Certifications of Critical Systems – The CECRIS Experience

In recent years, a considerable amount of effort has been devoted, both in industry and academia, to the development, validation and verification of critical systems, i.e. those systems whose malfunctions or failures reach a critical level both in terms of risks to human life as well as having a large economic impact.Certifications of Critical Systems – The CECRIS Experience documents the main insights on Cost Effective Verification and Validation processes that were gained during work in the European Research Project CECRIS (acronym for Certification of Critical Systems). The objective of the research was to tackle the challenges of certification by focusing on those aspects that turn out to be more difficult/important for current and future critical systems industry: the effective use of methodologies, processes and tools.The CECRIS project took a step forward in the growing field of development, verification and validation and certification of critical systems. It focused on the more difficult/important aspects of critical system development, verification and validation and certification process. Starting from both the scientific and industrial state of the art methodologies for system development and the impact of their usage on the verification and validation and certification of critical systems, the project aimed at developing strategies and techniques supported by automatic or semi-automatic tools and methods for these activities, setting guidelines to support engineers during the planning of the verification and validation phases

Comprehensive Lifecycle for Assuring System Safety

CLASS is a novel approach to the enhancement of system safety in which the system safety case becomes the focus of safety engineering throughout the system lifecycle. CLASS also expands the role of the safety case across all phases of the system's lifetime, from concept formation to decommissioning. As CLASS has been developed, the concept has been generalized to a more comprehensive notion of assurance becoming the driving goal, where safety is an important special case. This report summarizes major aspects of CLASS and contains a bibliography of papers that provide additional details

Assuring Safety and Security

Large technological systems produce new capabilities that allow innovative solutions to social, engineering and environmental problems. This trend is especially important in the safety-critical systems (SCS) domain where we simultaneously aim to do more with the systems whilst reducing the harm they might cause. Even with the increased uncertainty created by these opportunities, SCS still need to be assured against safety and security risk and, in many cases, certified before use. A large number of approaches and standards have emerged, however there remain challenges related to technical risk such as identifying inter-domain risk interactions, developing safety-security causal models, and understanding the impact of new risk information. In addition, there are socio-technical challenges that undermine technical risk activities and act as a barrier to co-assurance, these include insufficient processes for risk acceptance, unclear responsibilities, and a lack of legal, regulatory and organisational structure to support safety-security alignment. A new approach is required. The Safety-Security Assurance Framework (SSAF) is proposed here as a candidate solution. SSAF is based on the new paradigm of independent co-assurance, that is, keeping the disciplines separate but having synchronisation points where required information is exchanged. SSAF is comprised of three parts - the Conceptual Model defines the underlying philosophy, and the Technical Risk Model (TRM) and Socio-Technical Model (STM) consist of processes and models for technical risk and socio-technical aspects of co-assurance. Findings from a partial evaluation of SSAF using case studies reveal that the approach has some utility in creating inter-domain relationship models and identifying socio-technical gaps for co-assurance. The original contribution to knowledge presented in this thesis is the novel approach to co-assurance that uses synchronisation points, explicit representation of a technical risk argument that argues over interaction risks, and a confidence argument that explicitly considers co-assurance socio-technical factors

Efficiency and Automation in Threat Analysis of Software Systems

Context: Security is a growing concern in many organizations. Industries developing software systems plan for security early-on to minimize expensive code refactorings after deployment. In the design phase, teams of experts routinely analyze the system architecture and design to find potential security threats and flaws. After the system is implemented, the source code is often inspected to determine its compliance with the intended functionalities. Objective: The goal of this thesis is to improve on the performance of security design analysis techniques (in the design and implementation phases) and support practitioners with automation and tool support.Method: We conducted empirical studies for building an in-depth understanding of existing threat analysis techniques (Systematic Literature Review, controlled experiments). We also conducted empirical case studies with industrial participants to validate our attempt at improving the performance of one technique. Further, we validated our proposal for automating the inspection of security design flaws by organizing workshops with participants (under controlled conditions) and subsequent performance analysis. Finally, we relied on a series of experimental evaluations for assessing the quality of the proposed approach for automating security compliance checks. Findings: We found that the eSTRIDE approach can help focus the analysis and produce twice as many high-priority threats in the same time frame. We also found that reasoning about security in an automated fashion requires extending the existing notations with more precise security information. In a formal setting, minimal model extensions for doing so include security contracts for system nodes handling sensitive information. The formally-based analysis can to some extent provide completeness guarantees. For a graph-based detection of flaws, minimal required model extensions include data types and security solutions. In such a setting, the automated analysis can help in reducing the number of overlooked security flaws. Finally, we suggested to define a correspondence mapping between the design model elements and implemented constructs. We found that such a mapping is a key enabler for automatically checking the security compliance of the implemented system with the intended design. The key for achieving this is two-fold. First, a heuristics-based search is paramount to limit the manual effort that is required to define the mapping. Second, it is important to analyze implemented data flows and compare them to the data flows stipulated by the design