Thomas Ruhroth

A Platform for Empirical Research on Information System Evolution

Software-intensive systems are subject to continuous change due to modification of the systems themselves and their environment. Methods for supporting evolution are a competitive edge in software engineering as software is operated over decades. Empirical research is useful to validate the effectiveness of these methods. However, empirical studies on software evolution are rarely comprehensive and hardly replicable. Collaboration in empirical studies may prevent these shortcomings. We analyzed the support for such collaboration and examined existing studies in a literature review. Based on our findings, we designed CoCoMEP‐ a platform for supporting collaboration in empirical research on software evolution by shared knowledge. We report lessons learned from the application of the platform in a large research programme.

Maintaining Requirements for Long-Living Software Systems by Incorporating Security Knowledge

Security is an increasingly important quality facet in modern information systems and needs to be retained. Due to a constantly changing environment, long-living software systems “age” not by wearing out, but by failing to keep up-to-date with their environment. The problem is that requirements engineers usually do not have a complete overview of the security-related knowledge necessary to retain security of long-living software systems. This includes security standards, principles and guidelines as well as reported security incidents. In this paper, we focus on the identification of known vulnerabilities (and their variations) in natural-language requirements by leveraging security knowledge. For this purpose, we present an integrative security knowledge model and a heuristic method to detect vulnerabilities in requirements based on reported security incidents. To support knowledge evolution, we further propose a method based on natural language analysis to refine and to adapt security knowledge. Our evaluation indicates that the proposed assessment approach detects vulnerable requirements more reliable than other methods (Bayes, SVM, k-NN). Thus, requirements engineers can react faster and more effectively to a changing environment that has an impact on the desired security level of the information system.

Refactoring object-oriented specifications with data and processes

Refactoring is a method for improving the structure of programs/ specifications as to enhance readability, modularity and reusability. Refactorings are required to be behaviour-preserving in that - to an external observer - no difference between the program before and after refactoring is visible. In this paper, we develop refactorings for an object-oriented specification formalism combining a state-based language (Object-Z) with a process algebra (CSP). In contrast to OO-programming languages, refactorings moving methods or attributes up and down the class hierarchy, in addition, need to change CSP processes. We formally prove behaviour preservation with respect to the failures-divergences model of CSP.

Measure, Diagnose, Refactor: A Formal Quality Cycle for Software Models

Software metrics measure the quality of code according to criteria like reusability, understandability and well-structuredness. Refactorings change code as to improve the quality while preserving overall behaviour. Measuring and refactoring go hand in hand as particular results of measurements indicate specific design problems which suggest certain refactorings. As a consequence, we get a quality cycle of repeated steps of measuring, diagnosing and refactoring.In this paper, we transfer such a quality cycle to the area of software models. Contrary to code, models - especially UML models - usually do not consist of a single entity but out of several diagrams. Our measures and refactorings jointly treat these diagrams. Contrary to code refactorings, we furthermore base the refactorings on a formal semantics for models and only employ refactorings which provably preserve the behaviour. The approach has been implemented in the tool RMC, supporting the definition as well as execution of quality measurements and refactorings.

Supporting Security Assurance in the Context of Evolution: Modular Modeling and Analysis with UMLsec

Developing security-critical software correctly and securely is difficult. To address this problem, there has been a significant amount of work over the last 10 years on providing model-based development approaches based on the Unified Modeling Language which aim to raise the trustworthiness of security-critical systems. However, the fact that software continues to evolve on an ongoing basis, even after the implementation has been shipped to the customer, increases the challenge since in principle, the software has to be reverified after each modification, requiring significant efforts. In particular, as part of the system evolution, the threat model can change against which the design has to be verified. This requires a modular approach to security assurance, since the threat model has to be substituted independently from the design model. In this paper, we present such an approach based on the extension mechanisms available for the Unified Modeling Language (UML), in particular using so-called profiles. This modular approach allows us to define analysis models which can be exchanged easily whenever the threat model changes due to system evolution. We demonstrate the approach in the face of a specific security requirement, namely secure information flow.

Model evolution and refinement

Software changes during its lifetime. Likewise, software models change during their design time, e.g. by removing, adding or changing operations and classes. This is referred to as model evolution. In a refinement-based approach to software design, we moreover do not deal with a single but with a chain of models (viz. formal specifications), related via refinement. Changes thus need to be consistently made to all specifications in the chain so as to keep the refinement structure. In this paper, we develop co-evolutions of models in the context of the formal method Object-Z. More specifically, given a particular evolution of a specification we show how to construct a corresponding evolution for its refinements such that the refinement relationship is kept. A chain of models can thus be systematically and consistently evolved, while maintaining the given refinement structure.

Restoring Security of Long-Living Systems by Co-evolution

Security is an important quality aspect for modern information systems. Security properties may however be violated if the information system operates in an evolving environment. Environmental changes then trigger reactions which lead to co-evolution of the security design and the corresponding system model. However, updating the security design manually is time-consuming and error-prone. We present an approach to support semi-automatic system co-evolution which responds to environmental knowledge evolution, using the UML security extension UMLsec and graph transformation. The aim is to enable software engineers to react more reliably and effectively to environmental changes and to ensure lifelong compliance of information systems. To evaluate our approach, we conducted a case study on the open-source project iTrust.

Refinement-Preserving Co-evolution

Software changes during its lifetime. Likewise, specifications change during their design time, e.g. by removing, adding or changing operations. In a refinement-based approach to software design, we moreover do not deal with a single but with a chain of specifications, related via refinement. Changes thus need to be consistently made to all specifications in the chain so as to keep the refinement structure. In this paper, we describe such co-evolutions of specifications in the context of the formal method Object-Z. More specifically, given a particular evolution of a specification we show how to construct a corresponding evolution for its refinements. We furthermore formally prove our co-evolutions to maintain refinement, thus giving rise to a notion of refinement-preserving co-evolution .

Modelchecking Correctness of Refactorings - Some Experiments

Refactorings are changes made to programs, models or specifications with the intention of improving their structure and thus making them clearer, more readable and re-usable. Refactorings are required to be behaviour-preserving in that the external behaviour of the program/model/specification remains unchanged. In this paper we show how a simple type of refactorings on object-oriented specifications (written in Object-Z) can be formally shown to be behaviour-preserving using a modelchecker (SAL). The class of refactorings treated covers those operating on a single method only.

Towards Adaptation and Evolution of Domain-Specific Knowledge for Maintaining Secure Systems

Creating and maintaining secure software require a good understanding of the system and its environment. Knowledge management is therefore one of the key factors to maintain secure software successfully. However, acquiring and modeling knowledge is a labor-intensive and time-consuming task. Thus, knowledge ought to be shared among different projects and must be adapted to their specific needs. In this paper, we present an approach allowing the stepwise adaptation from domain- to project-specific knowledge based on OWL ontologies. For this purpose, we define a basic set of adaptation operators which allows effective and frugal changes. Moreover, we discuss how our approach can be integrated into common software process models in order to adapt knowledge required for maintenance. Since domain- and project-specific knowledge changes over time, we show how our approach copes with changes efficiently, so that the affected knowledge remains consistent. The shared use of knowledge significantly reduces the complexity and effort to model required knowledge in various projects. Our case study and tool implementation shows the benefits for maintaining secure systems.