Analyses of Evolving Legacy Software into Secure Service-Oriented Software using Scrum and a Visual Model

This chapter explores using service-oriented computing to reengineer non-secure legacy software applications to create new secure target applications. Two objectives of this chapter are: (1) to analyze the architectural changes required in order to adopt new web technologies and cope with resultant vulnerabilities in source code; and (2) to measure the level of effort required to modernize software by adopting new web technologies and adding security countermeasures. To meet these objectives, a modeldriven Scrum for Service-Oriented Software Reengineering (mScrum4SOSR) methodology was chosen and applied to a reengineering project. Scrum is employed to manage the reengineering project, as well as to measure implementation effort related to the modernization process. Further, a re-documentation technique called 5W1H Re-Doc is used to re-document the non-secure software application at a high level of abstraction in order to help project participants comprehend what is needed to identify candidate services for service-oriented reengineering. Case studies with and without security features are created for different types of applications a desktop graphical user interface, a web application, a web services application, a restful web services application, and an enterprise service bus application. Analyses of Evolving Legacy Software into Secure ServiceOriented Software using Scrum and a Visual Model Sam Chung Institute of Technology, University of Washington, USA Conrado Crompton Institute of Technology, University of Washington, USA Yan Bai Institute of Technology, University of Washington, USA Barbara Endicott-Popovsky University of Washington, USA Seung-Ho Baeg Korea Institute of Industrial Technology, Korea Sangdeok Park Korea Institute of Industrial Technology, Korea DOI: 10.4018/978-1-4666-4301-7.ch084

[1]  Sangdeok Park,et al.  A Model-Driven Scrum Process for Service-Oriented Software Reengineering: mScrum4SOSR , 2009, 2009 2nd International Conference on Computer Science and its Applications.

[2]  Philippe Kruchten,et al.  The 4+1 View Model of Architecture , 1995, IEEE Softw..

[3]  Mike P. Papazoglou,et al.  Service oriented architectures: approaches, technologies and research issues , 2007, The VLDB Journal.

[4]  Marcos Ruano-Mayoral,et al.  Partner Relationship Management: Semantic Extension of CRM Systems for the Partner Searching and Management in R&D Environments , 2012 .

[5]  Mauro Iacono,et al.  Theory and Application of Multi-Formalism Modeling , 2013 .

[6]  Petri Selonen,et al.  Towards a Model-Driven Process for Designing ReSTful Web Services , 2009, 2009 IEEE International Conference on Web Services.

[7]  Hassan Gomaa,et al.  Separating application and security concerns in use case models , 2009, EA '09.

[8]  Ruth Breu,et al.  Model-Driven Security Engineering of Service Oriented Systems , 2008, UNISCON.

[9]  Dean Sanders,et al.  Using Scrum to manage student projects , 2007 .

[10]  Sangdeok Park,et al.  Service-oriented reverse reengineering: 5W1H model-driven re-documentation and candidate services identification , 2009, 2009 IEEE International Conference on Service-Oriented Computing and Applications (SOCA).

[11]  Sam Chung,et al.  Legacy to web migration: service-oriented software reengineering methodology , 2008 .

[12]  James H. Cross,et al.  Reverse engineering and design recovery: a taxonomy , 1990, IEEE Software.

[13]  Michael Shin,et al.  Modeling of Evolution to Secure Application System: from Requirements Model to Software Architecture , 2006, Software Engineering Research and Practice.