Nariman Ammar

Empirical Evaluation of Diagrams of the Run-time Structure for Coding Tasks

With object-oriented design, it is at least as important-possibly more important-to understand the runtime structure, in terms of objects and their relations, as to understand the code structure dealing with source files, classes and packages. Today, many tools and diagrams help developers understand the code structure. Diagrams of the runtime structure, however, are much less mature. One diagram of the run-time structure is a statically extracted, global, hierarchical Ownership Object Graph (OOG). The OOG conveys architectural abstraction by ownership hierarchy by showing architecturally significant objects near the top of the hierarchy and data structures further down. In an OOG, objects are also organized into named, conceptual groups called domains. We evaluate, in a controlled experiment, whether an OOG, as a diagram of the run-time structure, improves comprehension by giving developers the ability to distinguish the role that an object plays, not only by type, but also by named groups (domains) or by position in the run-time structure (ownership). We observed 10 participants, for 3 hours each, perform three feature implementation tasks on a framework application. Our results indicate that, on average, the OOG had a positive effect of varying extents on comprehension that reduced the time spent by 22%-60% and irrelevant code explored by 10%-60%. The difference was significant (p <; 0.05) for two of the tasks.

Questions about object structure during coding activities

Recent tools have been designed to help developers understand the potential runtime structure of objects in a system at compile time. Such tools let developers interactively explore diagrams of object structure. But do developers ask questions about object structure? If so, when? We conducted a small pilot study of developers working on coding tasks designed to require thinking about relationships between objects. Developers did indeed ask a number of questions about various types of relationships such as containment, ownership, object identities and aliasing. Finally, some of our results revealed usability challenges tools should address to more effectively answer these questions.

A case study in evaluating the usefulness of the run-time structure during coding tasks

Diagrams can help with program understanding and code modification tasks. Today, many tools extract diagrams of packages, classes, associations and dependencies. However, during coding activities, developers often ask questions about objects and relations between objects, i.e., the runtime structure. Most tools that display the run-time structure show only partial views based on running the system. In previous work, we proposed extracting diagrams of the run-time structure using static analysis. In this paper, we investigate whether developers who have access to such diagrams of the run-time structure can perform a code modification task more effectively than developers who have access to diagrams of only the code structure.

K-Anonymity Based Approach for Privacy-Preserving Web Service Selection

To guarantee privacy in service oriented environments, it is essential to check for compatibility between a clients privacy requirements and a Web service privacy policies before invoking the Web service operation. In this paper, we focus on privacy at the Web service operation level. We present an approach that integrates k-Anonymity into a privacy management framework using Web Services Conversation Language (WSCL) definitions. In particular, we use the notion of k-Anonymity to determine the extent to which the invocation of an operation can be inferred if one knows that a downstream operation was invoked. We provide both a formal definition as well as an implementation of the proposed approach.

XACML Policy Evaluation with Dynamic Context Handling

Some fairly recent research has focused on providing XACML-based solutions for dynamic privacy policy management. In this regard, a number of works have provided enhancements to the performance of XACML policy enforcement point (PEP) component, but very few have focused on enhancing the accuracy of that component. This paper improves the accuracy of an XACML PEP by filling some gaps in the existing works. In particular, dynamically incorporating user access context into the privacy policy decision, and its enforcement. We provide an XACML-based implementation of a dynamic privacy policy management framework and an evaluation of the applicability of our system in comparison to some of the existing approaches.

MobiDyC: Private Mobile-Based Health Data Sharing Through Dynamic Context Handling

Abstract With the adoption of mobile healthcare applications and the success of cloud service models, we propose a privacy management framework for mobile health care applications with support for dynamic privacy management of health data sharing. Our solution extends the XACML policy language by incorporating user access context into the privacy policy rule enforcement. We provide an implementation of our approach that builds on top of the Google App Engine cloud platform. We also provide a preliminary evaluation that indicates that the overhead incurred by our approach is minimal.

Metrics to identify where object-oriented program comprehension benefits from the runtime structure

To evolve object-oriented code, developers often need to understand both the code structure in terms of classes and packages, as well as the runtime structure in terms of abstractions of objects. Recent empirical studies have shown that for some code modifications tasks, developers do benefit from having access to information about the runtime structure. However, there is no good sense of when object-oriented program comprehension clearly depends on information about the runtime structure. We propose using metrics to identify cases in object-oriented program comprehension that benefit from information about the runtime structure. The metrics relate properties observed on a statically extracted hierarchical object graph to the type structures declared in the code and highlight key differences between the runtime structure and the code structure.

Dynamic Privacy Policy Management in Services-Based Interactions

Technology advancements have enabled the distribution and sharing of patient personal health data over several data sources. Each data source is potentially managed by a different organization, which expose its data as a Web service. Using such Web services, dynamic composition of atomic data type properties coupled with the context in which the data is accessed may breach sensitive data that may not comply with the users preference at the time of data collection. Thus, providing uniform access policies to such data can lead to privacy problems. Some fairly recent research has focused on providing solutions for dynamic privacy policy management. This paper advances these techniques, and fills some gaps in the existing works. In particular, dynamically incorporating user access context into the privacy policy decision, and its enforcement. We provide a formal model definition of the proposed approach and a preliminary evaluation of the model.

XACML policy evaluation with dynamic context handling

Some fairly recent research has focused on providing XACML-based solutions for dynamic privacy policy management. In this regard, a number of works have provided enhancements to the performance of XACML policy enforcement point (PEP) component, but very few have focused on enhancing the accuracy of that component. This paper improves the accuracy of an XACML PEP by filling some gaps in the existing works. In particular, dynamically incorporating user access context into the privacy policy decision, and its enforcement. We provide an XACML-based implementation of a dynamic privacy policy management framework and an evaluation of the applicability of our system in comparison to some of the existing approaches.

Sentiment Analysis for intelligent ratings management

This paper investigates the problem of rating propagation in composite systems. We propose a method for reputation distribution among component services in Web service composition environments. The main idea lies in providing component services with the appropriate amount of share received for the overall rating. The amount should be proportional to the contribution and performance of the component service. The method ensures that any component service is neither over rated at the expense of a higher performing component nor penalized due to a low performing component. We make use of the textual information present in the service reviews to extract different aspects and their individual sentiments to provide a better rating distribution mechanism. The proposed method attempts to accurately distribute the rating so that it closely reflects the performance of each component in the system. The experimental results show the applicability of our approach and the improved ranking distribution.