A Product Line Asset Management Tool

Abstract. When developing a software product line, software engineers are confronted with the task of configuration and revision management for the product line as a whole. Furthermore, both on domain and product level explicit variation management has to be provided for. While there are partial solutions to these tasks, there is no integrated support for the product line developers. In this paper we present a tool for the integrated management of software assets for software product line development. We address the problems of configuration and revision management, explicit variation point handling, and the differences in domain and product development. In our approach, the available solutions to specific tasks are integrated to provide a new solution.

Idea: Towards Architecture-Centric Security Analysis of Software

Abstract. Static security analysis of software has made great progress over the last years. In particular, this applies to the detection of lowlevel security bugs such as buffer overflows, Cross-Site Scripting and SQL injection vulnerabilities. Complementarily to commercial static code review tools, we present an approach to the static security analysis which is based upon the software architecture using a reverse engineering tool level, and a more focused analysis is possible, concentrating on software modules regarded as security-critical. In addition, certain security flaws can be detected at the architectural level such as the circumvention of APIs or incomplete enforcement of access control. We discuss our approach in the context of a business application and Android’s Java-based middleware

Data Exchange in Bauhaus

In the context of the Bauhaus project, reengineering environments to support program understanding of legacy code are being developed. Bauhaus defines two formats to represent information that has been extracted from source code. One of these formats, RG, is suitable as an exchange format. This paper introduces RG, describes how it is represented as an exchange format, and discusses schema conversions in RG. 1. Introduction The Bauhaus project performs research on techniques to support program understanding of legacy code and more specifically on the recovery of the system's architecture, which consists of its components, connectors, and constraints. Information about the system is exclusively extracted from the source code (often this is the only reliable source of information) in a semi-automatic way that actively involves the user of one of these environments. To model source language information, the Bauhaus tools use two representations: The InterMediate Language (IML) [1] m..

Bauhaus – A Tool Suite for Program Analysis and Reverse Engineering

Abstract. The maintenance and evolution of critical software with high requirements for reliability is an extremely demanding, time consuming and expensive task. Errors introduced by ad-hoc changes might have disastrous effects on the system and must be prevented under all circumstances, which requires the understanding of the details of source code and system design. This paper describes Bauhaus, a comprehensive tool suite that supports program understanding and reverse engineering on all layers of abstraction, from source code to architecture.