Semi-formal transformation of secure business processes into analysis class and use case models: An MDA approach

ContextModel-Driven Development (MDD) is an alternative approach for information systems development. The basic underlying concept of this approach is the definition of abstract models that can be transformed to obtain models near implementation. One fairly widespread proposal in this sphere is that of Model Driven Architecture (MDA). Business process models are abstract models which additionally contain key information about the tasks that are being carried out to achieve the company’s goals, and two notations currently exist for modelling business processes: the Unified Modelling Language (UML), through activity diagrams, and the Business Process Modelling Notation (BPMN).ObjectiveOur research is particularly focused on security requirements, in such a way that security is modelled along with the other aspects that are included in a business process. To this end, in earlier works we have defined a metamodel called secure business process (SBP), which may assist in the process of developing software as a source of highly valuable requirements (including very abstract security requirements), which are transformed into models with a lower abstraction level, such as analysis class diagrams and use case diagrams through the approach presented in this paper.MethodWe have defined all the transformation rules necessary to obtain analysis class diagrams and use case diagrams from SBP, and refined them through the characteristic iterative process of the action-research method.ResultsWe have obtained a set of rules and a checklist that make it possible to automatically obtain a set of UML analysis classes and use cases, starting from SBP models. Our approach has additionally been applied in a real environment in the area of the payment of electrical energy consumption.ConclusionsThe application of our proposal shows that our semi-automatic process can be used to obtain a set of useful artifacts for software development processes.     

Assessment methodology for software process improvement in small organizations

ContextDiagnosing processes in a small company requires process assessment practices which give qualitative and quantitative results; these should offer an overall view of the process capability. The purpose is to obtain relevant information about the running of processes, for use in their control and improvement. However, small organizations have some problems in running process assessment, due to their specific characteristics and limitations.ObjectiveThis paper presents a methodology for assessing software processes which assist the activity of software process diagnosis in small organizations. There is an attempt to address issues such as the fact that: (i) process assessment is expensive and typically requires major company resources and (ii) many light assessment methods do not provide information that is detailed enough for diagnosing and improving processes.MethodTo achieve all this, the METvalCOMPETISOFT assessment methodology was developed. This methodology: (i) incorporates the strategy of internal assessments known as rapid assessment, meaning that these assessments do not take up too much time or use an excessive quantity of resources, nor are they too rigorous and (ii) meets all the requirements described in the literature for an assessment proposal which is customized to the typical features of small companies.ResultsThis paper also describes the experience of the application of this methodology in eight small software organizations that took part in the COMPETISOFT project. The results obtained show that this approach allows us to obtain reliable information about the strengths and weaknesses of software processes, along with information to companies on opportunities for improvement.ConclusionThe assessment methodology proposed sets out the elements needed to assist with diagnosing the process in small organizations step-by-step while seeking to make its application economically feasible in terms of resources and time. From the initial application it may be seen that this assessment methodology can be useful, practical and suitable for diagnosing processes in this type of organizations.     

Graphical versus textual software measurement modelling: an empirical study

Model-driven Engineering (MDE) has attained great importance in both the Software Engineering industry and the research community, where it is now widely used to provide a suitable approach with which to improve productivity when developing software artefacts. In this scenario, measurement models (software artefacts) have become a fundamental point in improvement of productivity, where MDE and Software Measurement can reap mutual benefits. MDE principles and techniques can be used in software measurement to build more automatic and generic solutions, and to achieve this, it is fundamental to be able to develop software measurement models. To facilitate this task, a domain-specific language named “Software Measurement Modelling Language” (SMML) has been developed. This paper tackles the question of whether the use of SMML can assist in the definition of software measurement models. An empirical study was conducted, with the aim of verifying whether SMML makes it easier to construct measurement models which are more usable and maintainable as regards textual notation. The results show that models which do not use the language are more difficult—in terms of effort, correctness and efficiency—to understand and modify than those represented with SMML. Additional feedback was also obtained, to verify the suitability of the graphical representation of each symbol (element or relationship) of SMML.     

A case study about the improvement of business process models driven by indicators

Organizations are increasingly concerned about business process model improvement in their efforts to guarantee improved operational efficiency. Quality assurance of business process models should be addressed in the most objective manner, e.g., through the application of measures, but the assessment of measurement results is not a straightforward task and it requires the identification of relevant indicators and threshold values, which are able to distinguish different levels of process model quality. Furthermore, indicators must support the improvements of the models by using suitable guidelines. In this paper, we present a case study to evaluate the BPMIMA framework for BP model improvement. This framework is composed of empirically validated measures related to quality characteristics of the models, a set of indicators with validated thresholds associated with modeling guidelines and a prototype supporting tool. The obtained data suggest that the redesign by applying guidelines driven by the indicator results was successful, as the understandability and modifiability of the models were improved. In addition, the changes in the models according to guidelines were perceived as acceptable by the practitioners who participated in the case study.     

Empirical validation of referential integrity metrics

Databases are the core of Information Systems (IS). It is, therefore, necessary to ensure the quality of the databases in order to ensure the quality of the IS. Metrics are useful mechanisms for controlling database quality. This paper presents two metrics related to referential integrity, number of foreign keys (NFK) and depth of the referential tree (DRT) for controlling the quality of a relational database. However, to ascertain the practical utility of the metrics, experimental validation is necessary. This validation can be carried out through controlled experiments or through case studies. The controlled experiments must also be replicated in order to obtain firm conclusions. With this objective in mind, we have undertaken different empirical work with metrics for relational databases. As a part of this empirical work, we have conducted a case study with some metrics for relational databases and a controlled experiment with two metrics presented in this paper. The detailed experiment described in this paper is a replication of the later one. The experiment was replicated in order to confirm the results obtained from the first experiment.

As a result of all the experimental works, we can conclude that the NFK metric is a good indicator of relational database complexity. However, we cannot draw such firm conclusions regarding the DRT metric.     

A case study on business process recovery using an e‐government system

Business processes have become one of the key assets of organization, since these processes allow them to discover and control what occurs in their environments, with information systems automating most of an organization's processes. Unfortunately, and as a result of uncontrolled maintenance, information systems age over time until it is necessary to replace them with new and modernized systems. However, while systems are aging, meaningful business knowledge that is not present in any of the organization's other assets gradually becomes embedded in them. The preservation of this knowledge through the recovery of the underlying business processes is, therefore, a critical problem. This paper provides, as a solution to the aforementioned problem, a model‐driven procedure for recovering business processes from legacy information systems. The procedure proposes a set of models at different abstraction levels, along with the model transformations between them. The paper also provides a supporting tool, which facilitates its adoption. Moreover, a real‐life case study concerning an e‐government system applies the proposed recovery procedure to validate its effectiveness and efficiency. The case study was carried out by following a formal protocol to improve its rigor and replicability. Copyright © 2011 John Wiley & Sons, Ltd.     

Integrating Outsourcing in the Maintenance Process

Outsourcing of software life cycle activities is a growing business area in many sectors influenced by Information Technologies. This fact, coupled with the usual lack of planning and high costs of software maintenance, may invite many organizations to outsource this important process of the software life cycle. Such outsourcing should be relied to a technological associate who can carry out this process using an adequate methodological foundation. In this paper we present the outsourcing strategy that we have integrated in MANTEMA, a methodology for software maintenance developed by our university and Atos ODS, a multinational organization which provides software maintenance services to third-party organizations.     

Decreasing the cost of mutation testing with second‐order mutants

Although powerful, mutation is a computationally very expensive testing technique. In fact, its three main stages (mutant generation, mutant execution and result analysis) require many resources to be successfully accomplished. Thus, researchers have made important efforts to reduce its costs. This paper represents an additional effort in this sense. It describes the results of two experiments in which, by means of combining the original set of mutants and therefore obtaining a new set of mutants—each one with two faults—the number of mutants used is reduced to half. Results lead to believe that mutant combination does not decrease the quality of the test suite, whereas it supposes important savings in mutant execution and result analysis. Copyright © 2008 John Wiley & Sons, Ltd.     

A framework to improve communication during the requirements elicitation process in GSD projects

Achieving a shared understanding of requirements is difficult in any situation, even more so in global software development projects. In such environments, people must deal not only with the lack of face to face communication, but also with other issues such as time difference, cultural diversity and a large amount of information originating from different sources throughout the world. Obtaining the right requirements therefore implies extra effort. In order to minimize such problems, we propose a framework that focuses on analyzing the factors that may be problematic in global software development and which suggests a set of strategies to improve the requirements elicitation process in such environments. In this paper, we describe the different phases of our framework and present the results of an experiment that test part of this framework. The results indicate that applying some of the strategies proposed in the framework seems to positively affect the stakeholders’ satisfaction with regard to communication. Moreover, the quality of the written software requirements specifications seems to be better as well when using those strategies.     

Analysis of Secure Mobile Grid Systems: A systematic approach

Developing software through systematic processes is becoming more and more important due to the growing complexity of software development. It is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. Systems which are based on Grid Computing are a kind of systems that have clear differentiating features in which security is a highly important aspect. The Mobile Grid, which is relevant to both Grid and Mobile Computing, is a full inheritor of the Grid with the additional feature that it supports mobile users and resources. A development methodology for Secure Mobile Grid Systems is proposed in which the security aspects are considered from the first stages of the life-cycle and in which the mobile Grid technological environment is always present in each activity. This paper presents the analysis activity, in which the requirements (focusing on the grid, mobile and security requirements) of the system are specified and which is driven by reusable use cases through which the requirements and needs of these systems can be defined. These use cases have been defined through a UML-extension for security use cases and Grid use cases which capture the behaviour of this kind of systems. The analysis activity has been applied to a real case.