A Model-Based Approach to Impact Analysis Using Model Differencing

Impact analysis is concerned with the identification of consequences of changes and is therefore an important activity for software evolution. In modelbased software development, models are core artifacts, which are often used to generate essential parts of a software system. Changes to a model can thus substantially affect different artifacts of a software system. In this paper, we propose a modelbased approach to impact analysis, in which explicit impact rules can be specified in a domain specific language (DSL). These impact rules define consequences of designated UML class diagram changes on software artifacts and the need of dependent activities such as data evolution. The UML class diagram changes are identified automatically using model differencing. The advantage of using explicit impact rules is that they enable the formalization of knowledge about a product. By explicitly defining this knowledge, it is possible to create a checklist with hints about development steps that are (potentially) necessary to manage the evolution. To validate the feasibility of our approach, we provide results of a case study.Comment: 16 pages, 5 figures, In: Proceedings of the 8th International Workshop on Software Quality and Maintainability (SQM), ECEASST Journal, vol. 65 201

An approach for the automatic verification of blockchain protocols: the Tweetchain case study

This paper proposes a model-driven approach for the security modelling and analysis of blockchain based protocols. The modelling is built upon the definition of a UML profile, which is able to capture transaction-oriented information. The analysis is based on existing formal analysis tools. In particular, the paper considers the Tweetchain protocol, a recent proposal that leverages online social networks, i.e., Twitter, for extending blockchain to domains with small-value transactions, such as IoT. A specialized textual notation is added to the UML profile to capture features of this protocol. Furthermore, a model transformation is defined to generate a Tamarin model, from the UML models, via an intermediate well-known notation, i.e., the Alice &Bob notation. Finally, Tamarin Prover is used to verify the model of the protocol against some security properties. This work extends a previous one, where the Tamarin formal models were generated by hand. A comparison on the analysis results, both under the functional and non-functional aspects, is reported here too

Towards a homogeneous characterization of the model-driven web development methodologies

In recent years a large number of Model-Driven Web development approaches have been designed and are being applied with success in real environments. However, as new ones are frequently emerging in this changing time, authors have to change and update them constantly and, consequently; development teams do not know which is the most suitable for them because in many cases it depends on their project scope. Furthermore, approaches are usually appearing with different concepts and terminologies in many cases, although all lack the use of standards and practical experience. Thus, the need of managing quality in this type of approach arises every day. This paper suggests a characterization of these methodologies in order to use this information for the quality management of Model-Driven Web development methodologies for authors and development teams alike. In addition, an experimental study in order to analyse and evaluate a Model-Driven Web development methodology (the NDT methodology) has been carried out within a specific work context.Junta de Andalucía TIC-5789Ministerio de Educación y Ciencia TIN2010-20057-C03-0

Development of GUI test coverage analysis and enforcement tools

Tese de mestrado integrado. Engenharia Informática e Computação. Faculdade de Engenharia. Universidade do Porto. 200

Security-Driven Software Evolution Using A Model Driven Approach

High security level must be guaranteed in applications in order to mitigate risks during the deployment of information systems in open network environments. However, a significant number of legacy systems remain in use which poses security risks to the enterprise’ assets due to the poor technologies used and lack of security concerns when they were in design. Software reengineering is a way out to improve their security levels in a systematic way. Model driven is an approach in which model as defined by its type directs the execution of the process. The aim of this research is to explore how model driven approach can facilitate the software reengineering driven by security demand. The research in this thesis involves the following three phases. Firstly, legacy system understanding is performed using reverse engineering techniques. Task of this phase is to reverse engineer legacy system into UML models, partition the legacy system into subsystems with the help of model slicing technique and detect existing security mechanisms to determine whether or not the provided security in the legacy system satisfies the user’s security objectives. Secondly, security requirements are elicited using risk analysis method. It is the process of analysing key aspects of the legacy systems in terms of security. A new risk assessment method, taking consideration of asset, threat and vulnerability, is proposed and used to elicit the security requirements which will generate the detailed security requirements in the specific format to direct the subsequent security enhancement. Finally, security enhancement for the system is performed using the proposed ontology based security pattern approach. It is the stage that security patterns derived from security expertise and fulfilling the elicited security requirements are selected and integrated in the legacy system models with the help of the proposed security ontology. The proposed approach is evaluated by the selected case study. Based on the analysis, conclusions are drawn and future research is discussed at the end of this thesis. The results show this thesis contributes an effective, reusable and suitable evolution approach for software security

Quality evaluation for Model-Driven Web Engineering methodologies

Context: There are lots of approaches or methodologies in the Model-Driven Web Engineering (MDWE) context to develop Web Applications without reaching a consensus on the use of standards and scarcity of both, practical experience and tool support. Objective: Model-Driven Web Engineering (MDWE) methodologies are constantly evolving. Moreover, Quality is a very important factor to identify within a methodology as it defines processes, techniques and artifacts to develop Web Applications. For this reason, when analyzing a methodology, it is not only necessary to evaluate quality, but also to find out how to improve it. The main goal of this paper is to develop a set of Quality Characteristics and Sub-Characteristics for MDWE approaches based on ISO/ IEC standards. Method: From the software products context, some widely standards proposed, such as ISO/IEC 9126 or ISO/IEC 25000, suggest a Quality Model for software products, although up to now, there are no standard methods to assess quality on MDWE methodologies. Such methodologies can be organized into Properties, thus, a methodology has artifacts, processes and techniques. Then, each item is evaluated through a set of appropriate Quality Characteristics, depending on its nature. This paper proposes to evaluate a methodology as a product itself. Results: This paper recommends a set of Quality Characteristics and Sub-Characteristics based on these standards in order to evaluate MDWE methodologies quality. Additionally, it defines an agile way to relate these Quality Sub-Characteristics to Properties with the sole purpose of not only analyzing, but also assessing and improving MDWE methodologies. Conclusions: The application of these Quality Characteristics and Sub-Characteristics could promote efficiency in methodologies since this kind of assessment enhances both the understanding of strengths and weaknesses of approaches.Ministerio de Educación y Ciencia TIN2007-67843-C06-03Ministerio de Educación y Ciencia TIN2010-20057-C03-0

Functional Size Measurement and Model Verification for Software Model-Driven Developments: A COSMIC-based Approach

Historically, software production methods and tools have a unique goal: to produce high quality software. Since the goal of Model-Driven Development (MDD) methods is no different, MDD methods have emerged to take advantage of the benefits of using conceptual models to produce high quality software. In such MDD contexts, conceptual models are used as input to automatically generate final applications. Thus, we advocate that there is a relation between the quality of the final software product and the quality of the models used to generate it. The quality of conceptual models can be influenced by many factors. In this thesis, we focus on the accuracy of the techniques used to predict the characteristics of the development process and the generated products. In terms of the prediction techniques for software development processes, it is widely accepted that knowing the functional size of applications in order to successfully apply effort models and budget models is essential. In order to evaluate the quality of generated applications, defect detection is considered to be the most suitable technique. The research goal of this thesis is to provide an accurate measurement procedure based on COSMIC for the automatic sizing of object-oriented OO-Method MDD applications. To achieve this research goal, it is necessary to accurately measure the conceptual models used in the generation of object-oriented applications. It is also very important for these models not to have defects so that the applications to be measured are correctly represented. In this thesis, we present the OOmCFP (OO-Method COSMIC Function Points) measurement procedure. This procedure makes a twofold contribution: the accurate measurement of objectoriented applications generated in MDD environments from the conceptual models involved, and the verification of conceptual models to allow the complete generation of correct final applications from the conceptual models involved. The OOmCFP procedure has been systematically designed, applied, and automated. This measurement procedure has been validated to conform to the ISO 14143 standard, the metrology concepts defined in the ISO VIM, and the accuracy of the measurements obtained according to ISO 5725. This procedure has also been validated by performing empirical studies. The results of the empirical studies demonstrate that OOmCFP can obtain accurate measures of the functional size of applications generated in MDD environments from the corresponding conceptual models.Marín Campusano, BM. (2011). Functional Size Measurement and Model Verification for Software Model-Driven Developments: A COSMIC-based Approach [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/11237Palanci

30 Years of Software Refactoring Research:A Systematic Literature Review

Due to the growing complexity of software systems, there has been a dramatic increase and industry demand for tools and techniques on software refactoring in the last ten years, defined traditionally as a set of program transformations intended to improve the system design while preserving the behavior. Refactoring studies are expanded beyond code-level restructuring to be applied at different levels (architecture, model, requirements, etc.), adopted in many domains beyond the object-oriented paradigm (cloud computing, mobile, web, etc.), used in industrial settings and considered objectives beyond improving the design to include other non-functional requirements (e.g., improve performance, security, etc.). Thus, challenges to be addressed by refactoring work are, nowadays, beyond code transformation to include, but not limited to, scheduling the opportune time to carry refactoring, recommendations of specific refactoring activities, detection of refactoring opportunities, and testing the correctness of applied refactorings. Therefore, the refactoring research efforts are fragmented over several research communities, various domains, and objectives. To structure the field and existing research results, this paper provides a systematic literature review and analyzes the results of 3183 research papers on refactoring covering the last three decades to offer the most scalable and comprehensive literature review of existing refactoring research studies. Based on this survey, we created a taxonomy to classify the existing research, identified research trends, and highlighted gaps in the literature and avenues for further research.Comment: 23 page