Rabih Bashroush

CASE Tool Support for Variability Management in Software Product Lines

Software product lines (SPL) aim at reducing time-to-market and increasing software quality through extensive, planned reuse of artifacts. An essential activity in SPL is variability management, i.e., defining and managing commonality and variability among member products. Due to the large scale and complexity of todays software-intensive systems, variability management has become increasingly complex to conduct. Accordingly, tool support for variability management has been gathering increasing momentum over the last few years and can be considered a key success factor for developing and maintaining SPLs. While several studies have already been conducted on variability management, none of these analyzed the available tool support in detail. In this work, we report on a survey in which we analyzed 37 existing variability management tools identified using a systematic literature review to understand the tools’ characteristics, maturity, and the challenges in the field. We conclude that while most studies on variability management tools provide a good motivation and description of the research context and challenges, they often lack empirical data to support their claims and findings. It was also found that quality attributes important for the practical use of tools such as usability, integration, scalability, and performance were out of scope for most studies.

Towards Performance Related Decision Support for Model Driven Engineering of Enterprise SOA Applications

Model driven performance engineering (MDPE) enables early performance feedback in a MDE process, in order to avoid late identification of performance problems which could cause significant additional development costs. In our past work we argued that a synchronization mechanism between development and performance analysis models is required to adequately integrate analysis results into the development process enabling performance related decision support. In this paper we present a solution for this requirement. We present a new multi-view based approach and its implementation enabling systematic performance related decision support. We currently apply our research on the model driven engineering of process orchestrations on top of SAPs enterprise service oriented architecture (Enterprise SOA).

Towards more flexible architecture description languages for industrial applications

Architecture Description Languages (ADLs) have emerged in recent years as a tool for providing high-level descriptions of software systems in terms of their architectural elements and the relationships among them. Most of the current ADLs exhibit limitations which prevent their widespread use in industrial applications. In this paper, we discuss these limitations and introduce ALI, an ADL that has been developed to address such limitations. The ALI language provides a rich and flexible syntax for describing component interfaces, architectural patterns, and meta-information. Multiple graphical architectural views can then be derived from ALIs textual notation.

Feature-Guided Architecture Development for Embedded System Families

Software product-line engineering aims to maximize reuse by exploiting the commonality within families of related systems. Its success depend on capturing the commonality and variability, and using this to evolve a reference architecture for the product family. With embedded system families, the possibility of variability in hardware and operating system platforms is an added complication. In this paper we outline a strategy for evolving reference architectures from bi-directional feature models. The proposed strategy complements information provided by the feature model with scenarios that help to elaborate feature behavior.

Economic valuation for information security investment: a systematic literature review

Research on technological aspects of information security risk is a well-established area and familiar territory for most information security professionals. The same cannot be said about the economic value of information security investments in organisations. While there is an emerging research base investigating suitable approaches measuring the value of investments in information security, it remains difficult for practitioners to identify key approaches in current research. To address this issue, we conducted a systematic literature review on approaches used to evaluate investments in information security. Following a defined review protocol, we searched several databases for relevant primary studies and extracted key details from the identified studies to answer our research questions. The contributions of this work include: a comparison framework and a catalogue of existing approaches and trends that would help researchers and practitioners navigate existing work; categorisation and mapping of approaches according to their key elements and components; and a summary of key challenges and benefits of existing work, which should help focus future research efforts.

The impact of repeated data breach events on organisations’ market value

Purpose – This study aims to examine the influence of one or more information security breaches on an organisation’s stock market value as a way to benchmark the wider economic impact of such events. Design/methodology/approach – An event studies-based approach was used where a measure of the event’s economic impact can be constructed using security prices observed over a relatively short period of time. Findings – Based on the results, it is argued that, although no strong conclusions could be made given the current data constraints, there was enough evidence to show that such correlation exists, especially for recurring security breaches. Research limitations/implications – One of the main limitations of this study was the quantity and quality of published data on security breaches, as organisations tend not to share this information. Practical implications – One of the challenges in information security management is assessing the wider economic impact of security breaches. Subsequently, this helps dri...

Sufficiency of Windows Event log as Evidence in Digital Forensics

The prevalence of computer and the internet has brought forth the increasing spate of cybercrime activities; hence the need for evidence to attribute a crime to a suspect. The research therefore, centres on evidence, the legal standards applied to digital evidence presented in court and the main sources of evidence in the Windows OS, such as the Registry, slack space and the Windows event log. In order to achieve the main aim of this research, cybercrime activities such as automated password guessing attack and hacking was emulated on to a Windows OS within a virtual network environment set up using VMware workstation. After the attack the event logs on the victim system was analysed and assessed for its admissibility (evidence must conform to certain legal rules), and weight (evidence must convince the court that the accused committed the crime).

A NUI based multiple perspective variability modeling case tool

With current trends towards moving variability from hardware to software, and given the increasing desire to postpone design decisions as much as is economically feasible, managing the variability from requirements elicitation to implementation is becoming a primary business requirement in the product line engineering process. One of the main challenges in variability management is the visualization and management of industry size variability models. In this demonstration, we introduce our CASE tool, MUSA. MUSA is designed around our work on multiple perspective variability modeling and is implemented using the state-of-the-art in NUI, multi-touch interfaces, giving it the power and flexibility to create and manage large-scale variability models with relative ease.

Data Center Energy Demand: What Got Us Here Won't Get Us There

Given environmentalisms rising tide and increasing energy prices and IT workloads, architects must determine whether they can continue designing systems without considering energy and power efficiency.

ALI: An Extensible Architecture Description Language for Industrial Applications

While architecture description languages (ADLs) have gained wide acceptance in the research community as a means of describing system designs, the uptake in industry has been slower than might have been expected. A contributory cause may be the perceived lack of flexibility and, as yet, the limited tool support. This paper describes ALI, a new ADL that aims to address these deficiencies by providing a rich, extensible and flexible syntax for describing component interface types and the use of patterns and meta-information. These enhanced capabilities are intended to encourage more widespread industrial usage.