Supporting Software Evolution in Agent Systems

Dam, Khanh Hoa, s3007289@student.rmit.edu.au

January 2009

Software maintenance and evolution is arguably a lengthy and expensive phase in the life cycle of a software system. A critical issue at this phase is change propagation: given a set of primary changes that have been made to software, what additional secondary changes are needed to maintain consistency between software artefacts? Although many approaches have been proposed, automated change propagation is still a significant technical challenge in software maintenance and evolution. Our objective is to provide tool support for assisting designers in propagating changes during the process of maintaining and evolving models. We propose a novel, agent-oriented, approach that works by repairing violations of desired consistency rules in a design model. Such consistency constraints are specified using the Object Constraint Language (OCL) and the Unified Modelling Language (UML) metamodel, which form the key inputs to our change propagation framework. The underlying change propagation mechanism of our framework is based on the well-known Belief-Desire-Intention (BDI) agent architecture. Our approach represents change options for repairing inconsistencies using event-triggered plans, as is done in BDI agent platforms. This naturally reflects the cascading nature of change propagation, where each change (primary or secondary) can require further changes to be made. We also propose a new method for generating repair plans from OCL consistency constraints. Furthermore, a given inconsistency will typically have a number of repair plans that could be used to restore consistency, and we propose a mechanism for semi-automatically selecting between alternative repair plans. This mechanism, which is based on a notion of cost, takes into account cascades (where fixing the violation of a constraint breaks another constraint), and synergies between constraints (where fixing the violation of a constraint also fixes another violated constraint). Finally, we report on an evaluation of the approach, covering both effectiveness and efficiency.

agent-oriented software engineering

software maintenance and evolution

inconsistency management

change propagation

A Verification Framework for Access Control in Dynamic Web Applications

Alalfi, Manar

30 April 2010

Current technologies such as anti-virus software programs and network firewalls provide reasonably secure protection at the host and network levels, but not at the application level. When network and host-level entry points are comparatively secure, public interfaces of web applications become the focus of malicious software attacks. In this thesis, we focus on one of most serious web application vulnerabilities, broken access control. Attackers often try to access unauthorized objects and resources other than URL pages in an indirect way; for instance, using indirect access to back-end resources such as databases. The consequences of these attacks can be very destructive, especially when the web application allows administrators to remotely manage users and contents over the web. In such cases, the attackers are not only able to view unauthorized content,but also to take over site administration. To protect against these types of attacks, we have designed and implemented a security analysis framework for dynamic web applications. A reverse engineering process is performed on an existing dynamic web application to extract a role-based access-control security model. A formal analysis is applied on the recovered model to check access-control security properties. This framework can be used to verify that a dynamic web application conforms to access control polices specified by a security engineer. Our framework provides a set of novel techniques for the analysis and modeling of web applications for the purpose of security verification and validation. It is largely language independent, and based on adaptable model recovery which can support a wide range of security analysis tasks. / Thesis (Ph.D, Computing) -- Queen's University, 2010-04-30 14:30:53.018

Software Maintenance and Evolution

Security Modeling and Analysis

Testing and Verification

Model Driven Engineering

Source Transformation

Model Transformation and Composition

An automated approach to assign software change requests

CAVALCANTI, Yguaratã Cerqueira

31 January 2014

Submitted by Nayara Passos (nayara.passos@ufpe.br) on 2015-03-13T13:04:40Z No. of bitstreams: 2 TESE Yaguaratã Cerqueira Cavalcanti.pdf: 2989671 bytes, checksum: cdde3d6cea6de1cabb90748865421b78 (MD5) license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) / Made available in DSpace on 2015-03-13T13:04:40Z (GMT). No. of bitstreams: 2 TESE Yaguaratã Cerqueira Cavalcanti.pdf: 2989671 bytes, checksum: cdde3d6cea6de1cabb90748865421b78 (MD5) license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Previous issue date: 2014 / The efficient management of Change Requests (CRs) is fundamental for successful software maintenance; however the assignment of CRs to developers is an expensive aspect in this regard, due to the time and expertise demanded. To overcome this, researchers have proposed automated approaches for CR assignment. Although these proposals present advances to this topic, they do not consider many factors inherent to the assignments, such as: developers’ workload, CRs severity, interpersonal relationships, and developers know-how. Actually, as we demonstrate in this work, CR assignment is a complex activity and automated approaches cannot rely on simplistic solutions. Ideally, it is necessary to consider and reason over contextual information in order to provide an effective automation. In this regarding, this work proposes, implements, and validates a context-aware architecture to automate CR assignment. The architecture emphasizes the need for considering the different information available at the organization to provide a more context-aware solution to automated CR assignment. The development of such architecture is supported by evidence synthesized from two empirical studies: a survey with practitioners and a systematic mapping study. The survey provided us with a set of requirements that automated approaches should satisfy. In the mapping study, in turn, we figured out how state-of-the-art approaches are implemented in regarding to these requirements, concluding that many of them are not satisfied. In addition, new requirements were identified in this mapping study. For the implementation of the proposed architecture, we developed a strategy to automate CR assignments which is based on two main components: a Rule-Based Expert System (RBES) and an Information Retrieval (IR) model. The strategy coordinately applies these two components in different steps to find the potential developer to a CR. The RBES takes care of the simple and complex rules necessary to consider contextual information in the assignments, e.g., to prevent assigning a CR to a busy or unavailable developer. Since these rules vary from one organization/project to another, the RBES facilitates their modification for different contexts. On the other hand, the IR model is useful to make use of the historical information of CR assignments to match CRs and developers. Results from the validation study showed that our solution is promising. It is, by comparing the solution with an approach that uses only a machine learning algorithm, such as the Support Vector Machine (SVM), we could improve the accuracy of assignments by almost 50%. The analysis of the solution’s payoff also pointed that such an accuracy is able to pay for the efforts necessary to deploy the solution.-------------------------------------O gerenciamento eficiente de solicitações de mudança (SM) é fundamental para o sucesso das atividades de manutenção e evolução de software. Entretanto, a atribuição de SMs a desenvolvedores é um aspecto custoso desse gerenciamento, pois demanda tempo e conhecimento apropriado do projeto de software. Várias pesquisas já propuseram métodos de atribuição automática de SMs. Embora representem avanços na área, existem fatores inerentes a atribuição de SMs que não são considerados nessas pesquisas e são essenciais para a automação. Como demonstrado nesse trabalho, a atribuição automática deve, por exemplo, considerar a carga de trabalho, a experiência e o conhecimento dos desenvolvedores, a prioridade e a severidade das SMs, a afinidade dos desenvolvedores com os problemas descritos nas SMs, e até mesmo os relacionamentos interpessoais. Para tornar esse cenário ainda mais complexo, esses fatos podem variar de acordo com o projeto de software que está sendo desenvolvido. Assim, uma solução para o problema de atribuição de SMs depende de informações contextuais. Assim, esse trabalho propõe, implementa e valida uma solução arquitetural sensível ao contexto para atribuição automática de SMs. Dado o aspecto contextual da solução, a arquitetura considera diversas fontes de informações presentes na organização, assim como a necessidade de se desenvolver algorítimos que implementem diferentes estratégias de atribuição. Nossa proposta de solução é embasada em resultados de duas pesquisas quantitativas: um estudo de mapeamento sistemático da literatura, e uma pesquisa de questionário com desenvolvedores de software. Esse último forneceu um conjunto de requisitos que a solução automatizada deve satisfazer para que as estratégias de atribuição sejam atendidas, enquanto o mapeamento da literatura identificou técnicas, algoritmos, e outros requisitos necessários a automação. A implementação da arquitetura segue uma estratégia de automação, definida nesse trabalho, que possui dois componentes principais: um sistema especialista baseado em regras (SEBR); e um modelo de recuperação de informação (MRI) com técnicas de aprendizagem. Em nossa estratégia, esses dois componentes são executados alternadamente em momentos diferentes a fim de atribuir uma SM automaticamente. O SEBR processa regras, considerando informações contextuais do projeto de software e da organização que o desenvolve. O MRI é utilizado para fazer o casamento entre SMs e desenvolvedores de acordo com o histórico de atribuições. Os resultados do estudo de validação apontaram que a solução é promissora. Isto é, ao compararmos nossa solução com uma abordagem que utiliza apenas um algoritmo de aprendizado de máquina, como o Support Vector Machine (SVM), pudemos melhorar em quase 50% a acurácia de atribuição. Já a análise de custo de implantação apontou que a acurácia atingida pela solução possui um bom custo benefício.

Software engineering

Software maintenance and evolution

Change request management

Automatic change request assignment

Engenharia de software

Manutenção e evolução de software