Software Engineering Tools For Secure Application Development

Software security has become a crucial part of an organization’s overall security strategy due to increasingly sophisticated attacks at the application layer. One of the major concerns in software engineering is the inadequate use of secure software development methods and tools. Such deficiency is caused by a lack of knowledge and training on available secure tools among software developers. This project conducts a thorough investigation of the tools that can be used by developers throughout the software development life cycle to assist in the development of secure applications, including tools used by individuals and teams, classified by open-source or commercial, tools based on project size, etc. This paper also includes a summary table that provides a quick overview of all the tools listed for developers and individuals to use

Software Design Change Artifacts Generation through Software Architectural Change Detection and Categorisation

Software is solely designed, implemented, tested, and inspected by expert people, unlike other engineering projects where they are mostly implemented by workers (non-experts) after designing by engineers. Researchers and practitioners have linked software bugs, security holes, problematic integration of changes, complex-to-understand codebase, unwarranted mental pressure, and so on in software development and maintenance to inconsistent and complex design and a lack of ways to easily understand what is going on and what to plan in a software system. The unavailability of proper information and insights needed by the development teams to make good decisions makes these challenges worse. Therefore, software design documents and other insightful information extraction are essential to reduce the above mentioned anomalies. Moreover, architectural design artifacts extraction is required to create the developer’s profile to be available to the market for many crucial scenarios. To that end, architectural change detection, categorization, and change description generation are crucial because they are the primary artifacts to trace other software artifacts. However, it is not feasible for humans to analyze all the changes for a single release for detecting change and impact because it is time-consuming, laborious, costly, and inconsistent. In this thesis, we conduct six studies considering the mentioned challenges to automate the architectural change information extraction and document generation that could potentially assist the development and maintenance teams. In particular, (1) we detect architectural changes using lightweight techniques leveraging textual and codebase properties, (2) categorize them considering intelligent perspectives, and (3) generate design change documents by exploiting precise contexts of components’ relations and change purposes which were previously unexplored. Our experiment using 4000+ architectural change samples and 200+ design change documents suggests that our proposed approaches are promising in accuracy and scalability to deploy frequently. Our proposed change detection approach can detect up to 100% of the architectural change instances (and is very scalable). On the other hand, our proposed change classifier’s F1 score is 70%, which is promising given the challenges. Finally, our proposed system can produce descriptive design change artifacts with 75% significance. Since most of our studies are foundational, our approaches and prepared datasets can be used as baselines for advancing research in design change information extraction and documentation

A Framework for Seamless Variant Management and Incremental Migration to a Software Product-Line

Context: Software systems often need to exist in many variants in order to satisfy varying customer requirements and operate under varying software and hardware environments. These variant-rich systems are most commonly realized using cloning, a convenient approach to create new variants by reusing existing ones. Cloning is readily available, however, the non-systematic reuse leads to difficult maintenance. An alternative strategy is adopting platform-oriented development approaches, such as Software Product-Line Engineering (SPLE). SPLE offers systematic reuse, and provides centralized control, and thus, easier maintenance. However, adopting SPLE is a risky and expensive endeavor, often relying on significant developer intervention. Researchers have attempted to devise strategies to synchronize variants (change propagation) and migrate from clone&own to an SPL, however, they are limited in accuracy and applicability. Additionally, the process models for SPLE in literature, as we will discuss, are obsolete, and only partially reflect how adoption is approached in industry. Despite many agile practices prescribing feature-oriented software development, features are still rarely documented and incorporated during actual development, making SPL-migration risky and error-prone.Objective: The overarching goal of this PhD is to bridge the gap between clone&own and software product-line engineering in a risk-free, smooth, and accurate manner. Consequently, in the first part of the PhD, we focus on the conceptualization, formalization, and implementation of a framework for migrating from a lean architecture to a platform-based one.Method: Our objectives are met by means of (i) understanding the literature relevant to variant-management and product-line migration and determining the research gaps (ii) surveying the dominant process models for SPLE and comparing them against the contemporary industrial practices, (iii) devising a framework for incremental SPL adoption, and (iv) investigating the benefit of using features beyond PL migration; facilitating model comprehension.Results: Four main results emerge from this thesis. First, we present a qualitative analysis of the state-of-the-art frameworks for change propagation and product-line migration. Second, we compare the contemporary industrial practices with the ones prescribed in the process models for SPL adoption, and provide an updated process model that unifies the two to accurately reflect the real practices and guide future practitioners. Third, we devise a framework for incremental migration of variants into a fully integrated platform by exploiting explicitly recorded metadata pertaining to clone and feature-to-asset traceability. Last, we investigate the impact of using different variability mechanisms on the comprehensibility of various model-related tasks.Future work: As ongoing and future work, we aim to integrate our framework with existing IDEs and conduct a developer study to determine the efficiency and effectiveness of using our framework. We also aim to incorporate safe-evolution in our operators

Leveraging big data tools and technologies: Addressing the challenges of the water quality sector

The water utility sector is subject to stringent legislation, seeking to address both the evolution of practices within the chemical/pharmaceutical industry, and the safeguarding of environmental protection, and which is informed by stakeholder views. Growing public environmental awareness is balanced by fair apportionment of liability within-sector. This highly complex and dynamic context poses challenges for water utilities seeking to manage the diverse chemicals arising from disparate sources reaching Wastewater Treatment Plants, including residential, commercial, and industrial points of origin, and diffuse sources including agricultural and hard surface water run-off. Effluents contain broad ranges of organic and inorganic compounds, herbicides, pesticides, phosphorus, pharmaceuticals, and chemicals of emerging concern. These potential pollutants can be in dissolved form, or arise in association with organic matter, the associated risks posing significant environmental challenges. This paper examines how the adoption of new Big Data tools and computational technologies can offer great advantage to the water utility sector in addressing this challenge. Big Data approaches facilitate improved understanding and insight of these challenges, by industry, regulator, and public alike. We discuss how Big Data approaches can be used to improve the outputs of tools currently in use by the water industry, such as SAGIS (Source Apportionment GIS system), helping to reveal new relationships between chemicals, the environment, and human health, and in turn provide better understanding of contaminants in wastewater (origin, pathways, and persistence). We highlight how the sector can draw upon Big Data tools to add value to legacy datasets, such as the Chemicals Investigation Programme in the UK, combined with contemporary data sources, extending the lifespan of data, focusing monitoring strategies, and helping users adapt and plan more efficiently. Despite the relative maturity of the Big Data technology and adoption in many wider sectors, uptake within the water utility sector remains limited to date. By contrast with the extensive range of applications of Big Data in in other sectors, highlight is drawn to how improvements are required to achieve the full potential of this technology in the water utility industry

IT infrastructure & microservices authentication

Mestrado IPB-ESTGBIOma - Integrated solutions in BIOeconomy for the Mobilization of the Agrifood chain project is structured in 6 PPS (Products, Processes, and Services) out of which, a part of PPS2 is covered in this work. This work resulted in the second deliverable of PPS2 which is defined as PPS2.A1.E2 - IT infrastructure design and graphical interface conceptual design. BIOma project is in the early stage and this deliverable is a design task of the project. For defining the system architecture, requirements, UML diagrams, physical architecture, and logical architecture have been proposed. The system architecture is based on microservices due to its advantages like scalability and maintainability for bigger projects like BIOma where several sensors are used for big data analysis. Special attention has been devoted to the research and study for the authentication and authorization of users and devices in a microservices architecture. The proposed authentication solution is a result of research made for microservices authentication where it was concluded that using a separate microservice for user authentication is the best solution. FIWARE is an open-source initiative defining a universal set of standards for context data management that facilitates the development of Smart solutions for different domains like Smart Cities, Smart Industry, Smart Agrifood, and Smart Energy. FIWARE’s PEP (Policy Enforcement Point) proxy solution has been proposed in this work for the better management of user’s identities, and client-side certificates have been proposed for authentication of IoT (Internet of Things) devices. The communication between microservices is done through AMQP (Advanced Message Queuing Protocol), and between IoT devices and microservices is done through MQTT (Message Queuing Telemetry Transport) protocol

Supply Chain (micro)TMS development

Project Work presented as the partial requirement for obtaining a Master's degree in Information Management, specialization in Information Systems and Technologies ManagementThe rise of technology across many verticals has necessitated the company’s move to digitalization. Despite “XPTO” company a well know player on the retail and success on e‐commerce internal market, they aimed at the strategy of continuous innovation to drive business growth and strengthen their position as a premium brand. They decided to move forward into digitalism inside cloud based solutions to get all the advantages of microservices architecture: optimize logistics and supply chain management, speed up the workflow and maximize service efficiency. An agile organization is not achieved purely by shifting the focus from traditional functional/ technological oriented organizations. The new way to organize teams must reflect all the principles and right segregations of roles, which will be the most immediate and visible disruption and cutover from the traditional way of managing the IT. In this project we aim to use agile framework with development based in house cloud microservice solution for a (micro)TMS solution/system that address the immediate needs imposed by the market in order to use it has competitive advantage

An Approach for Guiding Developers to Performance and Scalability Solutions

This thesis proposes an approach that enables developers who are novices in software performance engineering to solve software performance and scalability problems without the assistance of a software performance expert. The contribution of this thesis is the explicit consideration of the implementation level to recommend solutions for software performance and scalability problems. This includes a set of description languages for data representation and human computer interaction and a workflow

A mobile tour guide app for sustainable tourism

Portugal has had a flourishing tourism sector for the past few years. In fact, Portugal’s tourism boom has made the industry one of the biggest contributors to the national economy and the largest employer. In the year 2019, Portugal had a total of 27 million tourists, surpassing once again the record established in the previous year. However, tourism also brings a series of unintended negative side effects, such as overcrowding. The Santa Maria Maior historic district in Lisbon is being particularly affected by this problem. The work undertaken in this dissertation is part of the Sustainable Tourism Crowding project, that aims to mitigate the overcrowding phenomenon in this district, by fostering a balanced distribution of visitors while promoting the visitation of sustainable points of interest. This dissertation focuses on developing a mobile app prototype targeted at tourists, through which these sustainable walking tour recommendations can be delivered. To validate the functional requirements of the prototype, more specifically the trip creation process, a series of unit tests, integration tests, and manual tests were developed. To evaluate the usability of the prototype, a user-centered approach was adopted during the design stage, in which two usability techniques were conducted with members of ISCTE’s research center ISTAR and partners from the Junta de Freguesia de Santa Maria Maior, that guided and validated the decisions made. The achieved prototype contains mechanisms for measuring tourists’ adherence to the recommended tours using the Dynamic Time Warping algorithm, which raises new research opportunities on tourists’ behaviour.O desenvolvimento próspero do setor turístico em Portugal nos últimos anos fez da indústria um dos maiores contribuintes para a economia nacional e o maior empregador do país. No ano de 2019, Portugal recebeu um total de 27 milhões de turistas, ultrapassando uma vez mais uma vez o recorde estabelecido no ano anterior. No entanto, o turismo traz também uma série de efeitos secundários negativos não intencionais, tais como overcrowding. A freguesia histórica de Santa Maria Maior em Lisboa está a ser particularmente afetada por este problema. O trabalho desenvolvido nesta dissertação faz parte do projeto de pesquisa Sustainable Tourism Crowding, que visa mitigar o fenómeno de overcrowding nesta freguesia, promovendo uma distribuição equilibrada dos visitantes e incentivando a visita de pontos de interesse sustentáveis. Esta dissertação foca-se no desenvolvimento de uma aplicação móvel protótipo destinada a turistas, através do qual recebem recomendações de visitas sustentáveis. Para validar os requisitos funcionais do protótipo, mais especificamente o processo de criação de visitas, foram desenvolvidos testes unitários, testes de integração, e testes manuais. Para avaliar a usabilidade do protótipo, foi adotada uma abordagem centrada no utilizador durante a fase de conceção, em que foram utilizadas duas técnicas de usabilidade em parceria com o ISTAR (centro de investigação do ISCTE) e com a Junta de Freguesia de Santa Maria Maior, cujos resultados guiaram e validaram as decisões tomadas. O protótipo desenvolvido contém mecanismos para medir a aderência dos turistas às recomendações sugeridas através do algoritmo Dynamic Time Warping, proporcionando novas oportunidades de pesquisa nesta área