Software Architecture Risk Containers

Our motivation is to determine whether risks such as im- plementation error-proneness can be isolated into three types of con- tainers at design time. This paper identifies several container candidates in other research that fit the risk container concept. Two industrial case studies were used to determine which of three container types tested is most effective at isolating and predicting at design time the risk of im- plementation error-proneness. We found that Design Rule Containers were more effective than Use Case and Resource Containers

Myths and Facts About Static Application Security Testing Tools: An Action Research at Telenor Digital

It is claimed that integrating agile and security in practice is challenging. There is the notion that security is a heavy process, requires expertise, and consumes developers’ time. These contrast with the agile vision. Regardless of these challenges, it is important for organizations to address security within their agile processes since critical assets must be protected against attacks. One way is to integrate tools that could help to identify security weaknesses during implementation and suggest methods to refactor them. We used quantitative and qualitative approaches to investigate the efficiency of the tools and what they mean to the actual users (i.e. developers) at Telenor Digital. Our findings, although not surprising, show that several barriers exist both in terms of tool’s performance and developers’ perceptions. We suggest practical ways for improvement.publishedVersio

Probabilistic Verification at Runtime for Self-Adaptive Systems

An effective design of effective and efficient self-adaptive systems may rely on several existing approaches. Software models and model checking techniques at run time represent one of them since they support automatic reasoning about such changes, detect harmful configurations, and potentially enable appropriate (self-)reactions. However, traditional model checking techniques and tools may not be applied as they are at run time, since they hardly meet the constraints imposed by on-the-fly analysis, in terms of execution time and memory occupation. For this reason, efficient run-time model checking represents a crucial research challenge. This paper precisely addresses this issue and focuses on probabilistic run-time model checking in which reliability models are given in terms of Discrete Time Markov Chains which are verified at run-time against a set of requirements expressed as logical formulae. In particular, the paper discusses the use of probabilistic model checking at run-time for self-adaptive systems by surveying and comparing the existing approaches divided in two categories: state-elimination algorithms and algebra-based algorithms. The discussion is supported by a realistic example and by empirical experiments

Reliability Analysis of Component-Based Systems with Multiple Failure Modes

This paper presents a novel approach to the reliability modeling and analysis of a component-based system that allows dealing with multiple failure modes and studying the error propagation among components. The proposed model permits to specify the components attitude to produce, propagate, transform or mask different failure modes. These component-level reliability specifications together with information about systems global structure allow precise estimation of reliability properties by means of analytical closed formulas, probabilistic modelchecking or simulation methods. To support the rapid identification of components that could heavily affect systems reliability, we also show how our modeling approach easily support the automated estimation of the system sensitivity to variations in the reliability properties of its components. The results of this analysis allow system designers and developers to identify critical components where it is worth spending additional improvement efforts

Using Maintainability Based Risk Assessment and Severity Analysis in Prioritizing Corrective Maintenance Tasks 1

Abstract:- A software product spends more than 65 % of its lifecycle in maintenance. Software systems with good maintainability can be easily modified to fix faults. In this paper, we adapt our methodology for assessing maintainability-based risk into the context of corrective maintenance. The methodology depends on the architectural artifacts and their evolution through the life cycle of the system. In order to prioritize corrective maintenance tasks, we combine component maintainability – based risk with the severity of a failure that may happen as a result of unfixed fault. We illustrate the methodology on a case study using UML models. 1

Software Architecture Risk Assessment (SARA) Tool 1

Risk assessment helps projects to avoid unpredicted catastrophic problems. Also, it largely prevents wrong allocation of resources. In this paper, we present a tool that support architectural level model-based risk assessment, which includes reliability-based risk, requirements-based risk and maintainability-based risk. The tool accepts different kind of inputs. It parses these input files and produce quantitative metrics that are used to estimate the required risk factors. A sound architecture is the means to build a software system with high quality attributes. Software architecture explicates the structure of the system in terms of components and interactions among them to accomplis