Model-based risk assessment

In this research effort, we focus on model-based risk assessment. Risk assessment is essential in any plan intended to manage software development or maintenance process. Subjective techniques are human intensive and error-prone. Risk assessment should be based on architectural attributes that we can quantitatively measure using architectural level metrics. Software architectures are emerging as an important concept in the study and practice of software engineering nowadays, due to their emphasis on large-scale composition of software product, and to their support for emerging software engineering paradigms, such as product line engineering, component based software engineering, and software evolution. In this dissertation, we generalize our earlier work on reliability-based risk assessment. We introduce error propagation probability in the assessment methodology to account for the dependency among the system components. Also, we generalize the reliability-based risk assessment to account for inherent functional dependencies. Furthermore, we develop a generic framework for maintainability-based risk assessment which can accommodate different types of software maintenance. First, we introduce and define maintainability-based risk assessment for software architecture. Within our assessment framework, we investigate the maintainability-based risk for the components of the system, and the effect of performing the maintenance tasks on these components. We propose a methodology for estimating the maintainability-based risk when considering different types of maintenance. As a proof of concept, we apply the proposed methodology on several case studies. Moreover, we automate the estimation of the maintainability-based risk assessment methodology.

[1]  Stuart Anderson,et al.  Quantitative aspects of requirements evolution , 2002, Proceedings 26th Annual International Computer Software and Applications.

[2]  Hany H. Ammar,et al.  Dynamic metrics for object oriented designs , 1999, Proceedings Sixth International Software Metrics Symposium (Cat. No.PR00403).

[3]  Robert B. Grady,et al.  Successfully applying software metrics , 1994, Computer.

[4]  Ward Cunningham The CHECKS pattern language of information integrity , 1995 .

[5]  Alexander Chatzigeorgiou,et al.  Predicting the probability of change in object-oriented systems , 2005, IEEE Transactions on Software Engineering.

[6]  Václav Rajlich,et al.  A case study of unanticipated incremental change , 2002, International Conference on Software Maintenance, 2002. Proceedings..

[7]  Norman E. Fenton,et al.  Quantitative Analysis of Faults and Failures in a Complex Software System , 2000, IEEE Trans. Software Eng..

[8]  Hany H. Ammar,et al.  Error propagation in software architectures , 2004, 10th International Symposium on Software Metrics, 2004. Proceedings..

[9]  Shamkant B. Navathe,et al.  C-FAR, change favorable representation , 2000, Comput. Aided Des..

[10]  Václav Rajlich,et al.  Reengineering object-oriented code , 1998, Proceedings. International Conference on Software Maintenance (Cat. No. 98CB36272).

[11]  H. J. Arnold Introduction to the Practice of Statistics , 1990 .

[12]  Yong Tan,et al.  Comparing uniform and flexible policies for software maintenance and replacement , 2005, IEEE Transactions on Software Engineering.

[13]  Edward D. Lazowska,et al.  Quantitative system performance - computer system analysis using queueing network models , 1983, Int. CMG Conference.

[14]  M A Branch,et al.  Software maintenance management , 1986 .

[15]  Hany H. Ammar,et al.  A fault model for fault injection analysis of dynamic UML specifications , 2001, Proceedings 12th International Symposium on Software Reliability Engineering.

[16]  Robert S. Arnold,et al.  Software Change Impact Analysis , 1996 .

[17]  Paul W. Oman,et al.  Construction and testing of polynomials predicting software maintainability , 1994, J. Syst. Softw..

[18]  Christopher Alexander,et al.  The Timeless Way of Building , 1979 .

[19]  Lionel C. Briand,et al.  Using coupling measurement for impact analysis in object-oriented systems , 1999, Proceedings IEEE International Conference on Software Maintenance - 1999 (ICSM'99). 'Software Maintenance for Business Change' (Cat. No.99CB36360).

[20]  Ivar Jacobson,et al.  Object-Oriented Software Engineering , 1991, TOOLS.

[21]  Hany H. Ammar,et al.  Software architectures change propagation tool (SACPT) , 2004, 20th IEEE International Conference on Software Maintenance, 2004. Proceedings..

[22]  Connie U. Smith,et al.  Performance Engineering of Software Systems , 1990, SIGMETRICS Perform. Evaluation Rev..

[23]  Roger C. Cheung,et al.  A User-Oriented Software Reliability Model , 1978, IEEE Transactions on Software Engineering.

[24]  Mary Shaw,et al.  Architectural issues in software reuse: it's not just the functionality, it's the packaging , 1995, SSR '95.

[25]  Giovanni Cantone,et al.  Applying function point to unified modeling language: conversion model and pilot study , 2004, 10th International Symposium on Software Metrics, 2004. Proceedings..

[26]  R. D. Hawkins Performing Hazard and Safety Analysis of Object Oriented Systems , 2002 .

[27]  Bojan Cukic,et al.  Error propagation in the reliability analysis of component based systems , 2005, 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05).

[28]  Radek Pelánek,et al.  Typical Structural Properties of State Spaces , 2004, SPIN.

[29]  Robert P. Smith,et al.  A model-based method for organizing tasks in product development , 1994 .

[30]  K. Goseva-Popstojanova,et al.  Maintainability Based Risk Assessment in Adaptive Maintenance Context , 2006 .

[31]  Standard Glossary of Software Engineering Terminology , 1990 .

[32]  Peter T. Breuer,et al.  A software maintenance management model based on queueing networks , 1994, J. Softw. Maintenance Res. Pract..

[33]  Ned Chapin,et al.  Do we know what preventive maintenance is? , 2000, Proceedings 2000 International Conference on Software Maintenance.

[34]  K. Goseva-Popstojanova,et al.  Software Architecture Risk Assessment ( SARA ) Tool 1 , 2007 .

[35]  Mira Kajko-Mattsson,et al.  Can we learn anything from hardware preventive maintenance? , 2001, Proceedings Seventh IEEE International Conference on Engineering of Complex Computer Systems.

[36]  P. Clarkson,et al.  Predicting change propagation in complex design , 2004 .

[37]  J. Voas,et al.  Error propagation analysis for COTS systems , 1997 .

[38]  Chris F. Kemerer,et al.  A Metrics Suite for Object Oriented Design , 2015, IEEE Trans. Software Eng..

[39]  Hany H. Ammar,et al.  Quantifying software architectures: an analysis of change propagation probabilities , 2005, The 3rd ACS/IEEE International Conference onComputer Systems and Applications, 2005..

[40]  Hany H. Ammar,et al.  Architectural level risk assessment tool based on UML specifications , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[41]  Stephen R. Schach,et al.  A maintenance-oriented approach to software construction , 2000, J. Softw. Maintenance Res. Pract..

[42]  Bojan Cukic,et al.  Maintaining Maintainability = Recognizing Reachability , 2000 .

[43]  Joshua Kerievsky,et al.  Refactoring to Patterns , 2004, XP/Agile Universe.

[44]  Anas N. Al-Rabadi,et al.  A comparison of modified reconstructability analysis and Ashenhurst‐Curtis decomposition of Boolean functions , 2004 .

[45]  Hany H. Ammar,et al.  A Methodology for Architecture-Level Reliability Risk Analysis , 2002, IEEE Trans. Software Eng..

[46]  Bojan Cukic,et al.  A Bayesian approach to reliability prediction and assessment of component based systems , 2001, Proceedings 12th International Symposium on Software Reliability Engineering.

[47]  Hany H. Ammar,et al.  Architectural level maintainability based risk assessment , 2005 .

[48]  D. V. Steward,et al.  The design structure system: A method for managing the design of complex systems , 1981, IEEE Transactions on Engineering Management.

[49]  Jan Bosch,et al.  Assessing optimal software architecture maintainability , 2001, Proceedings Fifth European Conference on Software Maintenance and Reengineering.

[50]  Lionel C. Briand,et al.  Investigating quality factors in object-oriented designs: an industrial case study , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[51]  James Coplien,et al.  Industrial experience with design patterns , 1996, Proceedings of IEEE 18th International Conference on Software Engineering.

[52]  Neeraj Suri,et al.  An approach for analysing the propagation of data errors in software , 2001, 2001 International Conference on Dependable Systems and Networks.

[53]  Katerina Goseva-Popstojanova,et al.  Architecture-based approach to reliability assessment of software systems , 2001, Perform. Evaluation.

[54]  Martin Fowler. Refactoring Improving the Design of Existing Code , 1999 .

[55]  Thomas M. Pigoski Practical Software Maintenance: Best Practices for Managing Your Software Investment , 1996 .

[56]  Jessica Keyes,et al.  IEEE Standard Dictionary of Measures to Produce Reliable Software , 2002 .

[57]  E. Burton Swanson,et al.  The dimensions of maintenance , 1976, ICSE '76.

[58]  Hany H. Ammar,et al.  Using Change Propagation Probabilities to Assess Quality Attributes of Software Architectures 1 , 2006, IEEE International Conference on Computer Systems and Applications, 2006..

[59]  Luke D. Postema,et al.  The Institute of Electrical and Electronics Engineers , 1963, Nature.

[60]  Tuomas Ihme,et al.  Evolution of the use and risks of commercial software components , 2002, Proceedings. 28th Euromicro Conference.

[61]  Václav Rajlich,et al.  Modeling software evolution by evolving interoperation graphs , 2000, Ann. Softw. Eng..

[62]  Ivar Jacobson,et al.  The Unified Modeling Language User Guide , 1998, J. Database Manag..

[63]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[64]  Robert B. Grady,et al.  Software Metrics: Establishing a Company-Wide Program , 1987 .

[65]  Maurice H. Halstead,et al.  Elements of software science , 1977 .

[66]  Hany H. Ammar,et al.  Architectural-Level Risk Analysis Using UML , 2003, IEEE Trans. Software Eng..

[67]  Václav Rajlich,et al.  Incremental change in object-oriented programming , 2004, IEEE Software.

[68]  Claudia Eckert,et al.  Change propagation in the design of complex products , 2000 .

[69]  S. Mohan,et al.  Performance Solutions: A Practical Guide to Creating Responsive, Scalable Software [Book Review] , 2003, IEEE Software.

[70]  Dennis G. Kafura,et al.  The Use of Software Complexity Metrics in Software Maintenance , 1987, IEEE Transactions on Software Engineering.

[71]  Susan A. Sherer Using risk analysis to manage software maintenance , 1997, J. Softw. Maintenance Res. Pract..

[72]  Jing Xu,et al.  Performance Analysis of a Software Design Using the UML Profile for Schedulability, Performance, and Time , 2003, Computer Performance Evaluation / TOOLS.

[73]  W BoyerKenneth Advanced use case modeling , 2002 .

[74]  K. Goseva-Popstojanova,et al.  Methodology for maintainability-based risk assessment , 2006, RAMS '06. Annual Reliability and Maintainability Symposium, 2006..

[75]  Robert L. Glass,et al.  Measuring software design quality , 1990 .

[76]  Hany H. Ammar,et al.  Using Maintainability Based Risk Assessment and Severity Analysis in Prioritizing Corrective Maintenance Tasks , 2007, 2007 IEEE/ACS International Conference on Computer Systems and Applications.

[77]  Ivar Jacobson,et al.  The unified modeling language reference manual , 2010 .

[78]  Keith H. Bennett,et al.  The staged model of the software lifecycle: A new perspective on software evolution , 2000 .

[79]  Richard C. Holt,et al.  Predicting change propagation in software systems , 2004, 20th IEEE International Conference on Software Maintenance, 2004. Proceedings..

[80]  Jan Torin,et al.  Hazard analysis in object oriented design of dependable systems , 2001, 2001 International Conference on Dependable Systems and Networks.

[81]  Bruce Powel Douglass Real-time UML - developing efficient objects for embedded systems , 1997, Addison-Wesley object technology series.

[82]  John A. McDermid,et al.  Hierarchically Performed Hazard Origin and Propagation Studies , 1999, SAFECOMP.

[83]  Hany H. Ammar,et al.  Pattern-oriented analysis and design (poad): a methodology for software development , 1999 .

[84]  Lionel C. Briand,et al.  Impact analysis and change management of UML models , 2003, International Conference on Software Maintenance, 2003. ICSM 2003. Proceedings..

[85]  H. Dieter Rombach,et al.  A Controlled Expeniment on the Impact of Software Structure on Maintainability , 1987, IEEE Transactions on Software Engineering.

[86]  David Gefen,et al.  The non-homogeneous maintenance periods: a case study of software modifications , 1996, 1996 Proceedings of International Conference on Software Maintenance.

[87]  C. Sundararajan,et al.  Guide to Reliability Engineering: Data, Analysis, Applications, Implementation, and Management , 1991 .

[88]  E. Burch,et al.  Modeling software maintenance requests: a case study , 1997, 1997 Proceedings International Conference on Software Maintenance.

[89]  Baowen Xu,et al.  Software maintainability improvement: integrating standards and models , 2002, Proceedings 26th Annual International Computer Software and Applications.

[90]  David John Pumfrey,et al.  The principled design of computer system safety analyses , 1999 .

[91]  George E. Stark,et al.  A software metric set for program maintenance management , 1994, J. Syst. Softw..