Software Engineering Research, Management and Applications

The most important technology in the mobile commerce based on mobile applications is to guarantee the certification and security of trading information exchange. Many technologies are proposed as a standard to support this security problem. M(Mobile)-commerce is a new area arising from the marriage of electronic commerce with emerging mobile and pervasive computing technology. The newness of this area and the rapidness with which it is emerging makes it difficult to analyze the technological problems that mcommerce introduces and, in particular, the security and privacy issues. This situation is not good, since history has shown that security is very difficult to retro-fit into deployed technology, and pervasive m-commerce promises to permeate and transform even more aspects of life than e-commerce and the Internet has. One of them is an XML (eXtensible Markup Language). This is used in various applications as the document standard for electronic commerce system. The XML security has become very important topic. In this paper, we propose the XML security model for mobile commerce services based electronic commerce system to guarantee the secure exchange of trading information. To accomplish the security of XML, the differences of XML signature, XML encryption and XML key management scheme respect to the conventional system should be provided. The new architecture is proposed based on unique characteristics of mobile commerce on XML. Especially the method to integrate the process management system need to the electronic commerce is proposed.

Grid computing is a global-computing paradigm focusing on the effective sharing and coordination of heterogeneous services and resources in dynamic, multi-institutional Virtual Organisations (VOs). This paper presents a formal model of VOs using the Event-B specification language.We have followed a refinement approach to develop goal-oriented VOs by incrementally adding their main elements: goals, organisations and services. Our main interest is in the problem of policy refinement in VOs, so policies are represented as invariants that should be maintained throughout the refinement process. As an illustration, we show how a VO resourceusage policy is represented at different levels of abstraction.

Implementing UML attributes directly in an object-oriented language may not appear to be complex, since such languages already support member variables. The distinction arises when considering the differences between modelling a class and implementing it. In addition to representing attributes, member variables can also represent association ends and internal data including counters, caching, or sharing of local data. Attributes in models also support additional characteristics such as being unique, immutable, or subject to lazy instantiation. In this paper we present modeling characteristics of attributes from first principles and investigate how attributes are handled in several open-source systems. We look code-generation of attributes by various UML tools. Finally, we present our own Umple language along with its code generation patterns for attributes, using Java as the target language.

In software projects, final products aim to meet customer needs and concurrently to have the least number of defects. Defect identification and removal processes offer valuable insights regarding all stages of software development. Therefore, defects are recorded during the software development process with the intentions of not only fixing them before the product is delivered to the customer, but also accumulating data that can be researched upon. That data can later be used for software process improvement. One of the techniques for analyzing defects is the root cause analysis (RCA). A case study is conducted in one of the leading, medium sized software companies of Turkey by utilizing the RCA method. The collected defect data has been analyzed with Pareto charts and the root causes for outstanding defect categories have been identified with the use of fishbone diagrams and expert grading, demonstrating that these techniques can be effectively used in RCA. The main root causes of the investigated defect items have been identified as lack of knowledge and extenuation of the undertaken task, and corrective actions have been proposed to upper management. The case study is formulated in a way to provide a basis for software development organizations that aim to conduct defect analysis and obtain meaningful results. All stages of the research and the case study are explained in detail and the efforts spent are given.

There is a growing interest in modeling Real-Time Embedded Systems (RTES) using high-level approaches. The recent extension of Unified Modeling Language (UML) profile for Modeling and Analysis of Real-Time Embedded systems (MARTE) is enclosing a lot of stereotypes and sub-profiles providing support for designers to beat the shortcomings of complex systems development. In particular, the MARTE/GRM (Generic Resource Modeling) package offers stereotypes for annotating class diagrams with the needed information which will be extracted to fulfill a scheduling phase. However, GRM does not allow designers to specify data to be used neither in half-partitioned nor in global scheduling approaches; indeed, it does not support the modeling of task migration concept. Thus, we propose through this paper an extension of MARTE/GRM sub-profile to consider the modeling of information needed for the half-partitioned and global scheduling step.

We sketch some first steps towards the definition of a protocol algebra based on the framework of behavioural algebraic specification. Following the tradition of representing protocols as state machines, we use the notion of Observational Transition System to express them in an executable algebraic specification language such as CafeOBJ. This abstract approach allows defining several useful operators for protocol reasoning and proving properties of them using theorem proving techniques and CafeOBJ term rewriting machine. The proposed protocol algebra is inspired by the module algebra and the hierarchical object composition technique.

This paper proposes a model-based testing approach which combines two monitoring methods, runtime verification and passive testing. Starting from ioSTS (input output Symbolic Transition System) models, this approach generates monitors to check whether an implementation is conforming to its specification and meets safety properties. This paper also tackles the trace extraction problem by reusing the notion of proxy to collect traces from environments whose access rights are restricted. Instead of using a classical proxy to collect traces, we propose to generate a formal model from the specification, called Proxy-monitor, which acts as a proxy and which can directly detect implementation errors. We apply and specialise this approach on Web service compositions deployed in PaaS environments.

In This paper, we have investigated how user characteristics affect quality factors for an effective Shopping mall websites implementation. User characteristics consist of gender, age, school year, department, experience, and purchasing experience during a specified period. We also selected a total of 14 quality factors from the literature review such as design, customer satisfaction, etc. As a proof of our hypothesis to investigate how those user characteristics and quality factors are interrelated, we have used 6 hypotheses. To verify them, the results have analyzed the SAS 9.2 statistic package tool and we have asked 519 participants to fill out a questionnaire for 5 Chinese and 8 Korean websites.

UML classes involve three key elements: attributes, associations, and methods. Current object-oriented languages, like Java, do not provide a distinction between attributes and associations. Tools that generate code from associations currently provide little support for the rich semantics available to modellers such as enforcing multiplicity constraints or maintaining referential integrity. In this paper, we introduce a syntax for describing associations using a model-oriented language called Umple. We show source code from existing code-generation tools and highlight how the issues above are not adequately addressed. We outline code generation patterns currently available in Umple that resolve these difficulties and address the issues of multiplicity constraints and referential integrity.

The quality of a software product is highly influenced by the software process used to develop it. However, abstract and dynamic nature of the software process makes its measurement difficult, and this difficulty has supported the assessment insight of indirectly measuring the performance of software process by using the characteristics of the developed product. In fact, enactment of the software process might have a significant effect on product characteristics and data, and therefore, on the use of measurement and analysis results. In this article, we report a case study that aimed to investigate the effect of process enactment data on product defectiveness in a small software organization. We carried out the study by defining and following a methodology that included the application of Goal-Question-Metric (GQM) approach to direct analysis, the utilization of a questionnaire to assess usability of metrics, and the application of machine learning methods to predict product defectiveness. The results of the case study showed that the accuracy of predictions varied according to the machine learning method used, but in the overall, about 3% accuracy improvement was achieved by including process enactment data in the analysis.

In analysis of the business and the system requirements, the identified elements are modeled using notations that fully describe their characteristics. Nevertheless, implicit relationships often exist between different types of elements that subsequently have to be identified and explicitly represented during the design of the system. This requires an in-depth analysis of the generated models on behalf of the architect in order to interpret their content. Misunderstandings that take place during this stage can lead to an incorrect design and difficult compliance with the business goals. Here we present a series of profiles that explicitly represent these relationships during the initial development phases, and which are derived to the system design. They are reusable by the architect, thereby decreasing the risk of their misinterpretation.

Software and its development processes are changing continuously pervading our daily life, new and diverse techniques and approaches are being proposed and the software industry is eager to adopt the ones that will provide competitive advantage. The diversity of these new techniques and approaches and the diversity of clients and contexts in the software industry, requires software developers to have the ability to judge correctly and to discriminate successfully among these. These skills need to be taught to software developers in the course of their formal undergraduate education. However, traditional approaches in software engineering education (SEEd) are mostly inadequate in equipping students with these unusual and diverse skills. This study, as part of a larger study aiming to develop a model for assessing organizational learning capabilities of software development organizations and teams, proposes and implements a novel educational approach to SEEd combining different methodologies, namely lecturing, project development and critical thinking. The theoretical background and studies on each approach employed in this study are provided, together with the rationales of applying them in SEEd. Student opinions and instructor observations demonstrate that the proposed course structure is a positive step towards the aforementioned goals.

Designing and analyzing business processes is the starting point of the development of enterprise applications, especially when following the SOA (Service Oriented Architecture) paradigm. UML activity diagrams are often used to model business processes. Unfortunately, their rich syntax favors mistakes by designers; furthermore, their informal semantics prevents the use of automated verification techniques. In this paper, (i) we propose activity diagram patterns for modeling business processes, (ii) we devise a modular mechanism to compose diagram fragments into a UML activity diagram, and (iii) we propose a semantics for the produced activity diagrams, formalized by colored Petri nets. Our approach guides the modeler task (helping to avoid common mistakes), and allows for automated verification.

Prescriptive process-based safety standards (e.g. EN 50128, DO-178B, etc.) incorporate best practices to be adopted to develop safety-critical systems or software. In some domains, compliance with the standards is required to get the certificate from the certification authorities. Thus, a well-defined interpretation of the processes to be adopted is essential for certification purposes. Currently, no satisfying means allows process engineers and safety managers to model and exchange safety-oriented processes. To overcome this limitation, this paper proposes S-TunExSPEM, an extension of Software & Systems Process Engineering Meta- Model 2.0 (SPEM 2.0) to allow users to specify safety-oriented processes for the development of safety-critical systems in the context of safety standards according to the required safety level. Moreover, to enable exchange for simulation, monitoring, execution purposes, S-TunExSPEM concepts are mapped onto XML Process Definition Language 2.2 (XPDL 2.2) concepts. Finally, a case-study from the avionics domain illustrates the usage and effectiveness of the proposed extension.

An SMT-solving procedure can be implemented by using a SAT solver to find a satisfying assignment of the propositional skeleton of the predicate formula and then deciding the feasibility of the assignment using a particular decision procedure. The complexity of the decision procedure depends on the size of the assignment. In case that the runtime of the solving is dominated by the decision procedure it is convenient to find short satisfying assignments in the SAT solving phase. Unfortunately most of the modern state-of-the-art SAT solvers always output a complete assignment of variables for satisfiable formulas even if they can be satisfied by assigning truth values to only a fraction of the variables. In this paper,we first describe an application in the code performance modeling domain, which requires SMT-solving with a costly decision procedure. Then we focus on the problem of finding minimum-size satisfying partial truth assignments. We describe and experimentally evaluate several methods how to solve this problem. These include reduction to partial maximum satisfiability - PMaxSAT, PMinSAT, pseudo-Boolean optimization and iterated SAT solving. We examine the methods experimentally on existing benchmark formulas as well as on a new benchmark set based on the performance modeling scenario.

Repositories of modeling artefacts have gained more attention recently to enforce reuse in software engineering. In fact, repository-centric development processes are more adopted in software/system development, such as architecture-centric or pattern-centric development processes.

In our work, we deal with a specification language for development methodologies centered around a model-based repository, by defining both a metamodel enabling process engineers to represent repository management and interaction and an architecture for development tools.

The modeling language we propose, has been successfully evaluated by the TERESA project for specifying development processes for trusted applications centered around a model-based repository of security and dependability (S&D) patterns.

Mobile service applications must be developed following component based and object oriented principles of encapsulation, abstraction and code reusability. Future changes to a particular functionality developed in this context will be paid only as per the individual instance of change according to its single-instance complexity. This has to be taken into account from the very beginning in the mobile service applications design. For development of mobile service applications, the use of appropriate existing tools is generally supported. Specifically, open source software should be used where possible. The set of tools in use must be kept to a minimum. The tools / external libraries / external dependencies that have to remain available to the software after development is completed must be approved in writing.

In this paper, we discuss some of the problems of the current mobile service applications development and show how the introduction of CBD (Component Based Development) provides flexible and extensible solutions to it. Mobile service applications resources become encapsulated as components, with welldefined interfaces through which all interactions occur. Builders of components can inherit the interfaces and their implementations, and methods (operations) can be redefined to better suit the component. New characteristics, such as concurrency control and persistence, can be obtained by inheriting from suitable base classes, without necessarily requiring any changes to users of these resources. We describe the MSA (Mobile Service Applications) component model, which we have developed, based upon these ideas, and show, through a prototype implementation, how we have used the model to address the problems of referential integrity and transparent component (resource) migration. We also give indications of future work.