Hironori Washizaki

A metrics suite for measuring reusability of software components

In component-based software development, it is necessary to measure the reusability of components in order to realize the reuse of components effectively. There are some product metrics for measuring the reusability of object-oriented software. However, in application development with reuse, it is difficult to use conventional metrics because the source codes of components cannot be obtained, and these metrics require analysis of source codes. We propose a metrics suite for measuring the reusability of such black-box components based on limited information that can be obtained from the outside of components without any source codes. We define five metrics for measuring a components understandability, adaptability, and portability, with confidence intervals that were set by statistical analysis of a number of JavaBeans components. Moreover, we provide a reusability metric by combining these metrics based on a reusability model. As a result of evaluation experiments, it is found that our metrics can effectively identify black-box components with high reusability.

Building software process line architectures from bottom up

In this paper, we propose a technique for establishing process lines, which are sets of common processes in particular problem domains, and process line architectures that incorporate commonality and variability. Process line architectures are used as a basis for deriving process lines from the perspective of overall optimization. The proposed technique includes some extensions to the Software Process Engineering Metamodel for clearly expressing the commonality and variability in the process workflows described as UML activity diagrams. As a result of applying the proposed technique to hardware/software co-design processes in an embedded system domain, it is found that the proposed technique is useful for defining consistent and project-specific processes efficiently.

Classifying security patterns

Patterns combine experience and good practices to develop basic models that can be used for new designs. Security patterns join the extensive knowledge accumulated about security with the structure provided by patterns to provide guidelines for secure system design and evaluation. In addition to their value for new system design, security patterns are useful to evaluate existing systems. They are also useful to compare security standards and to verify that products comply with some standard. A variety of security patterns has been developed for the construction of secure systems and catalogs of them are appearing. However, catalogs of patterns are not enough because the designer does not know when and where to apply them, especially in a large complex system. We discuss here several ways to classify patterns. We show a way to use these classifications through pattern diagrams where a designer can navigate to perform her pattern selection.

Improving the Classification of Security Patterns

There are a large number of security patterns encapsulating reusable solutions to recurrent security problems. However, catalogs of security patterns are not enough because the designer does not know when and where to apply them, especially in a large complex system. There is a need to conduct more precise classifications of security patterns. We analyze here ways to represent security patterns using specialized models for their precise classification. We define two new types of models, one that describes how a security pattern relates to several classification dimensions (Dimension Graph), and another that describes how security patterns relate to each other (Pattern Graphs). We show these ideas with examples from security patterns.

Modeling Misuse Patterns

Security patterns are now starting to be accepted by industry. Security patterns are useful to guide the security design of systems by providing generic solutions that can stop a variety of attacks but it is not clear to an inexperienced designer what pattern should be applied to stop a specific attack. They are not useful either for forensics because they do not emphasize the modus operandi of the attack. To complement security patterns, we have proposed a new type of pattern, the misuse pattern. This pattern describes, from the point of view of the attacker, how a type of attack is performed (what units it uses and how), defines precisely the context of the attack, analyzes the ways of stopping the attack by enumerating possible security patterns that can be applied for this purpose, and describes how to trace the attack once it has happened by appropriate collection and observation of forensics data. We present here a model that characterizes the precise structure of this type of pattern.

Top SE: Educating Superarchitects Who Can Apply Software Engineering Tools to Practical Development in Japan

This paper discusses the Top SE program established to bridge the industry-academia gap. The program features extensive use of software engineering tools, not only to introduce students to the tools, but also as a conduit for learning the techniques and guidelines needed to apply the tools to practical software development situations. The curriculum is organized around practical problems mainly from the area of digital home appliances and focuses on upper stream software development processes. The Top SE program is developed and operated by a close collaboration between industry and academia. We illustrate our discussion with examples from one of the courses, verification of design models, which takes up model checking technologies, including three specific tools: SPIN, SMV, and LTSA.

Enforcing a security pattern in stakeholder goal models

Patterns are useful knowledge about recurring problems and solutions. Detecting a security problem using patterns in requirements models may lead to its early solution. In order to facilitate early detection and resolution of security problems, in this paper, we formally describe a role-based access control (RBAC) as a pattern that may occur in stakeholder requirements models. We also implemented in our goal-oriented modeling tool the formally described pattern using model-driven queries and transformations. Applied to a number of requirements models published in literature, the tool automates the detection and resolution of the security pattern in several goal-oriented stakeholder requirements.

A framework for measuring and evaluating program source code quality

The effect of the quality of program source code on the cost of development and maintenance as well as on final system performance has resulted in a demand for technology that can measure and evaluate the quality with high precision. Many metrics have been proposed for measuring quality, but none have been able to provide a comprehensive evaluation, nor have they been used widely. We propose a practical framework which achieves effective measurement and evaluation of source code quality, solves many of the problems of earlier frameworks, and applies to programs in the C programming language. The framework consists of a comprehensive quality metrics suite, a technique for normalization of measured values, an aggregation tool which allows evaluation in arbitrary module units from the component level up to whole systems, a visualization tool for the evaluation of results, a tool for deriving rating levels, and a set of derived standard rating levels. By applying this framework to a collection of embedded programs experimentally, we verified that the framework can be used effectively to give quantitative evaluations of reliability, maintainability, reusability and portability of source code.

A Generalized Software Reliability Model Considering Uncertainty and Dynamics in Development

Development environments have changed drastically in recent years. The development periods are shorter than ever and the number of team has increased. These changes have led to difficulties in controlling the development activities and predicting the end of developments. In order to assess recent software developments, we propose a generalized software reliability model based on a stochastic process, and simulate developments that include uncertainties and dynamics, such as unpredictable requirements changes, shortening of the development period, and decrease in the number of members. We also compare our simulation results to those of other software reliability models. Using the values of uncertainties and dynamics obtained from our model, we can evaluate the developments in a quantitative manner.

A Coupling-based Complexity Metric for Remote Component-based Software Systems Toward Maintainability Estimation

Remote-component-based software systems (CBS) must provide high maintainability to support operation over long periods of time and correspond to changes in enterprise requirements/environments. Measurements of the degree of complexity of a system are one technique for evaluating maintainability. However, conventional complexity metrics are unable to reflect the overall complexity of the system, because they do not incorporate a procedure to account for characteristics of CBS. To help maintenance work proceed smoothly, we propose a new metric that measures the coupling-based complexity of CBS by abstracting the target systems structure through a step-wise process and taking into consideration the characteristics of remote components. Our metric can be applied to CBS based on the Enterprise JavaBeans component architecture. As a result of experimental evaluations, it is found that our metric better reflects the maintainability than conventional metrics. It is also found that our metric is nonredundant with existing metrics such as coupling factor.