introduction and literature reviewshodhganga.inflibnet.ac.in/bitstream/10603/14005/10/10_chapter...

Design and Develop an Environment to Analyse Object-Oriented Software and Quality Assurance Introduction with Literature Review

1

CHAPTER – 1

INTRODUCTION AND LITERATURE REVIEW

1.1 Foundation for Related System

Generally, software development is an activity incorporating close

amalgamation of various stages and interlinked processes which play an

important role at every stage of development. Due to these problems, involving

various issues, occur invariantly at different level, stifle and affect the

development work. This leads to degradation of software quality and lowering

of system performance. The issues dealing with software artifacts,

Reengineering, System Design and software metrics play an important role in all

these matters. In light of this, to overcome these difficulties at different stages,

there is need of automated environment which will assess generated design

artifacts from natural language as forward engineering and from source code as

reengineering and finally suggest and validates alternate designs options for

better quality assurance.

Before getting into the crux of the research, it is mandatory to get a first hand

brushing of the basic theory of the research work for creating a good base for

understanding the various aspects, so as to able to probe the work in a planned

and systematic manner for the desired outcomes.

1.1.1. The Fine Art of Analysis - Object Oriented Analysis (OOA)

Analysis is concerned with devising a precise, concise, understandable model of

the real world business. Object oriented analysis consist of identifying,

extracting the needs of business and what system must do to satisfy the business

requirements. This analysis is to understand the responsibilities of system and

the interaction of user with the system. The immediate task is that the artifacts or

elements (use cases, classes, relationships) that make up the system must be

Design and Develop an Environment to Analyse Object-Oriented Software and Quality Assurance

identified and their responsibilities and relationships among them. OOA

concentrate on the describing what system does? Rather than the how it does it?

This is accomplished by constructing the several models of the system from

fuzzy set of system description such as use case model and class model as

depicted in fig 1.1. The use case model describes the

or user’s needs. Another activity in the

subparts such as attributes, methods and relationships among them in the system

as stated by Ali ( 1999

1.1.2 The UML Use Case Model

According to Ali ( 1999

in a system whose task is to yield to result of measureable value to an individual

actor of the system”

set of use cases and the communication relationships between

cases. Generally, the model defines outside (Actor) and inside (Use Case) of

system’s behavior. The use case depicts a systemat

system. The actor, who is generally a user, plays a role in regards to the system.

The actor holds the key to findings the correct use cases. Actor carries out the

use cases. In the model an actor can be performing many use ca

versa. It must enable

The basic principle of use case diagram is that it enables us in capturing the

dynamic aspect of the system. This is a generic definition, which is not enough

to describe its basic purpose. The other drawings in the UML mainly activity,

sequence, collaboration and State chart moreover have the similar purpose. As a

to Analyse Oriented Software and Quality Assurance Introduction with Literature



plished by constructing the several models of the system from


1.1. The use case model describes the user’s view of the system

or user’s needs. Another activity in the OOA is to identify the classes and


1999).

Fig. 1.1 Software Analysis Process

The UML Use Case Model

1999) “Use case model is nothing but a sequence of transition


actor of the system”. It is a graph or diagram representing actors along with a

set of use cases and the communication relationships between the units


system’s behavior. The use case depicts a systematic flow of events within the



use cases. In the model an actor can be performing many use ca

must enable it to perform its task having some identifiable value.



ibe its basic purpose. The other drawings in the UML mainly activity,


Introduction with Literature Review

2



plished by constructing the several models of the system from


user’s view of the system

OOA is to identify the classes and


nothing but a sequence of transition


graph or diagram representing actors along with a

the units and the


ic flow of events within the



use cases. In the model an actor can be performing many use cases or vice-

to perform its task having some identifiable value.



ibe its basic purpose. The other drawings in the UML mainly activity,



3

matter of fact, it needs to give some very specific targeted purpose, which will

enable us to distinguish it from the remaining diagrams. The use case diagrams,

generally gather the requirements of the system taking into account the inside

and outside control. The general requirements are more specifically design

requirements. Whenever the system is critically analyzed for gathering its

functionalities, the use cases are generated and actors identified.

The next task is modeling use case diagrams for presenting the outside view.

Hence, the use case diagrams can be used for the following purpose:

• For collecting requirements of the system.

• To get a snapshot of outside and inside view of the system.

• Helping in identifying factors both external and internal, which

influence the system.

• For depicting the interaction between the requirements and the end

user of the system.

The use case diagrams never demonstrate how they can be put into training. Use

case diagrams might be anticipated as a black box where only the input signal,

output and the use of the black box is known. These diagrams are utilized at an

elevated stage of design. This improved stage design is superior again and again

to acquire a reasonable and total picture of the system. The pre condition is also

described by a well planned use case, post state, exception conditions. When

executing, the screening of these additional fundamentals are used to produce

test cases. Exactly the same is accurate for reverse engineering. Still use case

diagram is employed otherwise to help it become a candidate for reverse

engineering.

In the field of forward engineering, the use case diagrams serve the purpose of

making test cases, while in reverse engineering it plays the role in preparing the

requirement details from an existing application. The use case diagrams are

mainly applicable in the following areas:

• For the purpose of getting the Requirement Analysis and elevated

stage design.


4

• Help in modeling the system background.

• For the purpose of performing Reverse Engineering.

• Development using Forward Engineering.

1.1.3 Analysis Model : UML Class Model

It is considered as the main static analysis model. This model shows the static

structure of the system to be analyzed, as depicted in Ali Bahrami (1999). A

class model is nothing but the collection of the static modeling artifacts such as

classes and their relationships, and multiplicity among them connected as graph

to each other and to their contents. The class model core and mandatory element

is the classes and relationships among them. Among the other features, a class

can also constitute of sub artifacts as attributes, and methods. Such model

represents the mapping of objects in the real world to actual objects to be used in

computer program.

Usually, the class diagram represents a static diagram, consisting of the static

view of the system. Its purpose is not only for thinking about, recitation and

documenting of the diverse features of a system but it can also serve the purpose

of constructing executable code of the system. It mainly tells about the features

or attributes and operations performed by a class, but also the restrictions

imposed by it on the system. They are generally used for representation of

object oriented systems, as they are the specific UML diagrams which can be

directly decoded with the object oriented languages. The diagram depicts a

collected works of classes, interfaces, associations, collaborations and

constraints. With all the features discussed, this diagram is also represented as a

structural diagram of system at analysis and design level. The basic purpose of

the class diagram is representation of the stationary view of the system or the

object oriented applications. Because of this, they are the only diagrams which

serve the purpose of being very easily translated with the object oriented

languages. Due to this, they are extensively used during creation of object

oriented systems or applications.


5

Thus, it is possible to summarize underlying principles behind the construction

of the class diagram:

• It helps in analysis and design of the still view of a system or an

application.

• It distinguishes responsibilities relating to all business entities in the

system.

• It lends support for the other diagrams, mainly the component and

deployment diagrams.

• In the process of Forward and reverse engineering.

Mainly, it is a static diagram used to model static view of the system being

developed. The purpose of the static view is to describe the use of vocabulary of

the system. They are considered as the major foundation for the component and

deployment diagrams. They help in visualizing the static view of the system. It

also plays a major role in constructing the executable code for forward and

reverse engineering of any system.

There has been a major drawback, basically the UML diagrams are not openly

translated with several existing object oriented programming languages. But

there is an exception in the form of the class diagram. The diagram showcases

the ability to translate with the existing object oriented languages like Java,

C++, Ada, small talk or .NET platform etc. Hence, it can be concluded that from

sensible knowledge class diagram can help and are generally used for erection

of system purpose. The diagrams are used for:

• Creating and understanding and also unfolding the static view of the

system or object oriented applications.

• Showing the association among the business elements within the system

of the static view.

• Showing and depicting the various functionalities performed by the

system.

• Generating Models of software applications using object oriented

languages.


6

1.1.4 Understanding the Semantic Business Vocabulary and Rules (SBVR)

The OMG created SBVR in a bid to reduce the gap between Business analyst

and IT persons as mentioned in OMG, Semantics of Business vocabulary and

Rules (2008). This is an contemporary and better way of capturing the business

requirements in natural language like structure which is very simple,

understandable for human beings and easy to give machine for processing as it

is important order of basic foundation. One can generate a business model of the

system using the SBVR with the same communicative influence of standard

natural language. For this purpose, all specific expressions and definition of

facts are considered to be its main and useful vocabulary. In this a formal

presentation under the business influence are considered as rules which are used

in a way for expressing the operations performed of a particular business entity

under certain given conditions.

The main method of its principles is through the use of textual specifications

instead of some diagrams. One has to observe business concepts are they are

related, it perhaps good design for expressing rules and explaining language.

This theory may be shortened as follows: "Company guidelines are centered on

facts, and details are based on terms".

Following rules or “mantra”, it can define different fundamental elements like:

� A noun concept;

� A fact type;

� A business rule.

Business knowledge is organized by SBVR into lexical units. It has two models

defined within the lexical units and specs:

� Vocabulary for Describing Business Vocabularies, This lexical

part is defined to comprise "all the specific terms and meanings of

ideas that a specified firm or community uses in their speaking and

writing within the program of performing business"

� Vocabulary for Describing Business Rules, mainly it deals with

the lexical aspect for describing domain lexical unit and handles the

specs of the significance of domain rules.


7

1.1.5 The Real SBVR – Unfolding the Myth

� It's about as well as for the company and never for information

program (IS). SBVR acknowledges specific knowledge that may be

used in developing methods for the system;

� It is company viewpoint, seldom the IS viewpoint;

� It utilizes terminology used by company people; it does not have a

research to any IS units and is sovereign of other IS design ;

� It is managed by people who are not IT folks. If needed but, IT

individuals can understand SBVR specifications too, consequently,

they might handle SBVR business vocabularies and business

guidelines.

1.1.6 The Role of Software Reverse Engineering (SRE)

Since it has a significant impact on the research work, it can be understood as

the procedure involving analyzing on the software system in a way to reveal or

identify the different system entities, components, feature, characteristics,

behavior and properties and their interrelationships and also construct the

representation of software system into an additional form or for the purpose of

higher level abstraction i.e. for creating design view of software system. Design

view contain information such as UML class diagram, source code information,

documentation etc. this design view information is mainly extracted from the

system source code and any existing documentation. In this process of

recovering a program`s design is rightly called as design recovery, which forms

an important element of software reverse engineering. The design is created by

information, documents and individual outcomes with the system and the area of

work knowledge.

Overall Software Reverse Engineering comprises activity that is performed to

find product behavior and to invent ideas and technology useful for product.

Software Reverse Engineering executes at many levels. SRE is an activity of

maintenance. SRE mainly deals with findings from the system system, complete

or in pieces and taking out design and execution details. For purpose of


8

understanding, Software Reverse Engineering situation would generally be

Reverse engineering skills mainly identify and remove viruses and malware.

It has the abilities which were not common in programmer. It has been

performed to make established just what kinds of steps fall into its group an the

capabilities could possible to be trained to programmer and tester.

To aid deal with the scarce resource of SRE learning, several editorial and

articles on SRE, reengineering, reuse, care, advancement, and protection were

collected with the object of creating useful, workable exercises for teaching

purposes. The study exposed that SRE is quite nicely explained and the majority

of-the related measures fall into one of two groups: software development

related and security related. Practical reverse engineering exercises were made

with the aim of providing a standard education in treating Java byte code and

both Wintel machine code and Java byte code.

Fig. 1.2 Structure of Software Reverse Engineering

To have in-depth understanding, the following example of Software Reverse

Engineering can be considered

Requirements

Design

Source code

Behavior


9

A class called Box defines three instant variables: width, height and depth.

The Box contains instant method: volume. Class Box represents as follows

Class Box

{

private double width;

public double height;

protected double depth;

public double volume;

}

After the class is reverse engineered, the class should be represented into design

view i.e. above class represents into UML class as follows

: Box

Attributes

� Width : Double

+ height : Double

# depth : Double

Method

+ volume() : Double

Therefore, extraction of design view from source code and existing

documentation of software system is called as software reverse engineering. It is

the primary or initial step of Software Reengineering which shows into fig. 1.3:

Structure of Software Reverse Engineering. It is main element of this thesis

which will explain into further chapter of this thesis. The basic purpose for using

Software Reverse Engineering is for:

� Getting the lost information and proper software documentation.

� Performing maintenance and identification of negative aspect.

� Shifting to another hardware or software platform.

� Making software reusable.


10

The far reaching benefits of Software Reverse Engineering can be given as

� Maintenance cost savings

� Fewer efforts are required to reengineer the existing software system

with help of SRE because it is the first step or pre-step of Software

Reengineering process.

� SRE gives major improvements

� Getting ahead of Competition

� Making Software reusable

Limitations of Software Reverse Engineering

� There is void between the affected area and solution.

� Also void between firm and casual.

� void between coherency and disintegration

� void between hierarchical and associational

1.1.7 Moving Ahead with Forward Engineering

Forward Engineering is defined as the procedure of analyzing on the design

view of software system to reveal or identify or generate the source code of

software system along with entities, components, feature, characteristics,

behavior and properties of source code of software system and their

interrelationships and also build the representation of design view of software

system into another form or at a specification level i.e. generate source code of

software system directly.

This source code is generated from the design view of the software system and

any existing documentation. Hence it becomes mandatory to have an

understanding of the stages involved in this process.


11

Fig. 1.3 Structure of Forward Engineering

Forward Engineering is opposite process of the Software Reverse Engineering

i.e. it will generate source code from the design view of software system which

shows into above fig 1.3: Structure of Forward Engineering.

The same example for Forward Engineering can be discussed for Software

Reverse Engineering..

Consider the UML class with an example. A UML class called Box that defines

three instant variables: width, height and depth along with their symbol. The

Box contains instant method: volume with symbol. Class Box represents as

follows

: Box

Attributes

� width : Double

+ height : Double

# depth : Double

Method

+ volume() : Double

Requirements

Design

Source code

Behavior


12

After the Forward engineered of this above UML class, this class should be

represented into source code i.e. above class represents into source code as

simple java class as follows

Class Box

{

private double width;

public double height;

protected double depth;

public double volume;

}

Therefore generation of source code from design view and existing

documentation of software system is called as software Forward engineering. It

is next or subsequently step of Software Reengineering which shows into

fig.1.4: Basic structure of Software Reengineering. It is also main element of

Software Reengineering which will start after the completion of SRE step.

Fig. 1.4 Basic structure of Software Reengineering

Abstraction system

Old system New system

Software Reverse Engineering Abstraction

Forward Engineering Re-Implementation


13

1.1.8 The Concept of Software Reengineering

Software Reengineering is not just requires including new performance or

creating a totally new system according to an initial system's specification using

forwards engineering methods. Software Reengineering appears from the needs

as

� Corrective reengineering needs (for fixing defects)

� Perfective reengineering needs – It must alter the software to enrich its

general functionality.

� Preventative reengineering needs – It need to alter the applications to

avoid possible failures.

� Adaptive reengineering needs – It need to accommodate the software

to changing equipment o-r software environment or software

environment.

Software Reengineering has some common objectives as follows:

� Software Reengineering is very helpful to improve the software

program or software maintainability.

� It can be used to convert one program to another program, database or

language.

Due to this reason software reengineering extends the life of a system that has

become unusable.

Phases of Software Reengineering

� Primary phase business and IS (Information system) planning

� Plan the Reengineering

� Building and framing the software reusability

� Reusability framework management facilities


14

Fig. 1.5 Structure of Software Reengineering

1) Preliminary phase business and IS planning

It can define requirements of target systems, good architectural framework for

software development and reengineering purpose. It can be done on an enterprise-

wide basis and can occur before starting the reengineering.

2) Reengineering planning

Reengineering involves analysis of cost that will leads to acknowledge the

candidate software systems for reengineering.

3) Building Reusability framework

It facilitates reusability of design and code across the similar system.

4) Finally reengineering of software systems three levels.

• Domain level- it concerns with modelling and identify data which may be

reusable across methods in a given domain.

• System level-it defines logical specification for the major system.

• The system is slowly reengineered part by part.

Preliminary phase business and IS planning

Reengineering planning

Building reusability framework

Software Reengineering

Reusability framework management facilities

Domain models

Existing systems Requirement for target systems

System selected for reengineering




15

1.1.9 The Ultimate Goal of Development: Software Quality

According to Ronan Fitzpatrick, et al. (2004), software quality means

1) The amount to which a system, component or process meets specified

requirements or

2) The amount to which a system, component or procedure meets

customer needs or expectations.

In last few year’s software package has increased with big size, complexity, behaviour

etc. So that it must concentrate in the quality of such software item in similar with

development of software engineering techniques. Therefore in-the software

engineering subject, software quality is important because it focus on-the customer or

user requirements satisfaction. Quality inside the software engineering area has

hierarchical versions of quality with higher level idea like utility, maintainability and

performance then lower level features structuredness, truth and self containedness.

Really it is the adherence to expressly state practical and outcome conditions, well

made document development standards and inherent characteristics of all

professionals. Hence in simultaneous software quality is essential when development

procedure of software product.

There are several factors on which software quality of software product is

dependent. Software quality factors are as follows:

� Correctness -precision and completeness of required output.

� Reliability-concerns with maximum down time.

� Efficiency – The material needed to execute software function

� Integrity- it relates with software program security and also right

access.

� Usability – Educate and perform the given required task.

� Maintainability – Rigors to identify and fix software failures.

� Flexibility – level of adaptability.

� Testability –support for testing.

� Portability –Getting used to other environments

(hardware/software)

� Reusability – sharing of software modules for other softwares.

� Interoperability


16

Therefore, in this thesis software quality of software product should be focused

through extraction of software quality metrics and design view of system. This

is carried out through software reverse engineering and forward engineering of

software reengineering.

1.1.10 Measuring the Performance through Software Quality Metrics

They can be classified into three sorted as: product metrics, process metrics, and

task metrics. The first metrics explain the attributes of the product including

dimensions, complexity, design functions, operation, and quality level. The

second metrics may be utilized to upgrade software development and care. They

may include the layout of testing defect arrival, the usefulness of defect

elimination during improvement, and the reaction time required in the process.

The third metrics describe implementation and the system originality. For

example the amount of software developers, the employment pattern over the

lifestyle of the software, cost, plan, and output.

The in process metrics of a system are both process metrics and task metrics.

They are a part of software metrics that concentrate on the quality characteristic

of-the development of the process, setup, and undertaking. Generally, they are

more closely linked with product and procedure metrics with measurements.

Nevertheless, the project constraint like the number of the strategy and their

ability levels, developers, the dimension, and the association organization

definitely influence the excellence of the product. Software quality

measurements could be split further into in process quality measurements and

end product quality metrics.

The presence of computer quality business would be to examine the interactions

among in-process metrics, undertaking individuality, and final product quality,

in line with the findings, to professional improvements in both method and

product quality. Furthermore, any one should prognosis quality and, in this

aspect; it should include measurements that assess the quality level of the

maintenance procedure as another type of software quality metrics. Basically


17

they are subsets of software metrics which are emphasizing the quality sides of

the software project i.e. they are close and associated with software project.

Software metrics are very helpful into the measurements of quality of software

product with their evaluation criteria and area. According to S.Arun Kumar, et

al. (2010), the software quality metrics are evaluated within the following areas

of software for greater software quality.

� Efficiency of the implementation of the design

� Complexity- decrease complexity as possible as

� Understandability/usability

� Reusability

� Testability/maintenance

In this thesis, software quality metrics should be selected for the object-oriented

programming language. Therefore, few chosen object-oriented metrics are

utilised to the concepts of classes, coupling, complexity and inheritance. The

Basic terms related in OO programming language should be understood as they

shall be used in different context and purpose.

1) Class

A class can be a format from which items might be created. Three class metrics

explained here measure the difficulty of the class using the class’s methods,

messages and cohesion.

• Method: A method is an operation upon an object

• Message: It asks an object of another object to perform an operation.

The procedure done as a result of receiving a concept is known as a

method.

• Cohesion: Cohesion is the amount to which methods inside a category

are linked to one another and interact for bounded behaviour. Because it

promotes encapsulation, it maximizes object oriented designs cohesion.

2) Inheritance

Another design abstraction in object-oriented systems is the use of inheritance.

Inheritance is a type of connection among classes that enables programmers to

reuse previously defined objects.


18

1.1.11 Understanding the connection between Software Quality and Security

The essence of software is evaluated by several characteristics. These

characteristics could be divided into internal and outside quality requirements.

Exterior quality is the thing that a person experiences when operating the

applications in its functional mode. Inner quality identifies aspects which are

code dependent, and which are not observable for the end user. While internal

quality is significant for the programmer simply, exterior quality is crucial for

the person. These Quality characteristics are classified into two characteristics:

External attributes: It could be applications functionality associated properties

and could be the issues or variables where each of the stakeholders (e.g.

customers, clients, developers, etc) is fascinated. Dependability, maintainability,

compatibility, efficiency and protection are just some of-the external variables.

Internal attributes: These are the concealed software qualities which are of

interest largely to software designers and experts (e.g. developers, testers,

maintainers, etc.). Readability, intricacy, coupling and communication are a few

of the internal variables as stated in Goertzel, et al. (2008).

External software quality attributes are chiefly is dependent upon the internal

attributes, and also to enhance software quality inner attributes must be altered.

Inner attributes are uncomplicated to collect but difficult to comprehend while

outside attributes are uncomplicated to understand but hard to collect. Security

is system's non-functional requirements. Such additional software quality

characteristics are functionality, maintainability, reusability, and dependability.

The Majority of the studies shown work on these attributes. Protection can be

evaluating at the machine level as well as the degree of execution signal. This

method makes it costly and challenging to detect and repair vulnerabilities

brought on by design mistakes. In this function, concentrate on the protection

model of program and determine numerous security metrics. These analytics

enable developers to detect and repair protection vulnerabilities at an earlier

period.


19

1.1.12 The Final Frontier - Software Security

It is vital to identify what makes it so simple for enemies to target software is

the living of vulnerabilities. According to CERT, most productive strikes result

from using and targeting known, non-patched software weaknesses and

vulnerable software designs, many of which are introduced during design and

code.

Fig 1.6 Security -related software vulnerabilities reported to CERT

Software development is not a research which a demanding subject and the

development procedure by and large is not managed to minimize the weaknesses

that attackers use. Like cancer, these damaging processes may be invisible to the

lay man even though experts recognize their risk is growing. And as in cancer,

both investigation and preventive steps are vital, the former to decrease the latter

and harm today to create a basis of understanding and capabilities that will help

the cyber security experts of tomorrow reduce threat and minimize damage for

your long haul. The security of software is exposed at different times, both by

unintended and deliberate choices and steps obtained by "insiders" persons


20

associated with the business which is generating, deploying, operating, or

keeping the software, and trustable and by "outsiders" are not associated with

the business. The software protection can be threatened.

• During its development: A developer may corrupt the application by

choice or unintentionally compromising the software dependence and

reliability when it is truly working.

• During its deployment (distribution and installation): If those

responsible for distributing the software fail to tamperproof the

software before shipping or posting, or broadcast it over easily

intercepted communications channels, they leave the software

vulnerable to deliberate or unintentional problem. Likewise, if the

software's installer fails to "lock down" the sponsor platform, or

configures the software insecurely, the software is left exposed to

access by attackers.

• During its operation: Normally software vulnerabilities exposed

when it runs on a connected network. The network level of exposure

depends on different factors like whether it is public or private, on the

net or not, and whether configuration of the software’s is done. But

even in highly managed networks and “locked down” environments,

the software may be threatened by malicious insiders.

• During its sustainment: If the organization fails in addressing

discovered weaknesses in released software in timely manner, or do

not figure out as well as eliminate the main causes of the weaknesses.

Then these vulnerabilities may multiply in their future releases of-the

software, the program will become progressively exposed to risks over

time.

Both research and real-world experience reveal that fixing weaknesses and

vulnerabilities as early as possible in the software's life cycle is far more cost

effective over-the lifetime of-the software than building and releasing regular

security patches for deployed software.


21

1.1.13 Measuring the Defense by Security Metrics

Computer software is crucial for the functioning of-the Country's critical

infrastructure. Weaknesses in applications may place in risk intellectual

property, customer trust, and solutions and company operations. It's foreseeable

that 90% of documented security occurrences are thanks to the flaws in the look

or code of applications. Consequently, ensuring the truthfulness of applications

is demanding to lessen total danger to online attacks, and shield from risks and

weaknesses. To be able to ensure ethics, program dependability, and safety, it is

required to expose security at first period. Metrics are experimental

measurement and supply quantitative indications of details system technologies.

Analytics helps us to-understand quality and uniformity. To enhance protection

there is must measure it. However, measuring safety is challenging because this

place it self is still under study. And yet another reason is description of

protection differs for different organization. Moreover different problems are

there like insufficient tool support and approval of defined security analytics.

Necessity is implied by this challenge to streamline the procedure of protection

department to get it even more effective and non vulnerable.

1.1.14 Object Oriented Designs (OOD) - Internal Quality and Security

Designer uses OOD since it's a quicker development process, module based

structure, comprises high reusable attributes and raises design quality. There are

many crucial styles in object-oriented design.

Internal Quality of OOD

Cohesion

It is really a gauge of how strongly - associated or concentrated the duties of a

sole unit are. As utilized to object oriented development, if the approaches that

offer the specified class be willing to be equally in aspect, then the class is

believed to possess high coherence. In a system, the chance of recycling and

code legibility is raised, while intricacy is kept workable. Communication refers

to the inner stability within the areas of-the layout. Communication is focused

on how approaches communicate with data to supply well bounded behaviour


22

and on data that's exemplified within an item. A category is natural when its

components are very correlated. It must be hard to carve a category.

Communication may be utilized to recognize the badly constructed classes.

“Cohesion measures the degree of connectivity among the elements of a single

class or object”.

Coupling

It indicates the association or interaction between modules. Coupling is a

measure of interconnecting among modules in a software structure.

Inheritance

It is just a mechanism wherein an object gets features from one, or more

additional items. Inheritance happens in all ranges of a class structure.

Inheritance is the revealing of characteristics and procedures among groups

depending on the hierarchical connection. In basic, this characteristic does not

be supported by conventional software since its many object oriented metrics

concentrate in addition to a characteristic in several object oriented methods.

Encapsulation

It is a system to comprehend information hiding and information abstraction. It

hides internal standards of an item and display just external interface. It is also

the procedure of confining the aspects of an thought that comprises its

construction and behaviour. Metrics are influenced by it by shifting the focus of

dimension from an individual part to the putting together of data.

Information Hiding

It is the procedure of not showing the hidden parts of an item leading to the

fundamental features. Item has a interface which is public along with a personal

identification; these two components are held unique. Information hiding acts a

immediate part in such measurements as object coupling and the amount of

information hiding. Unless it's expressly declared public all info of a component

should be personal to the module.


23

Localization

In the strategy of localization it is dependant on objects. If there are some

changes in-the localization strategy, the complete program will be broke,

because one function might entail several items, and one item may supply many

capabilities. It is the method of collecting and putting stuff in near physical

distance to one another as given in Tsui, F. and Karam O. (2010).

1.1.15 Understanding the relation between Coupling and Security

Coupling forms an important internal software quality attribute that influences

entire software quality and indirectly security. It really is linked to "sharing" or

conversation among software segments or parts. They can be outlined in the

sequence of seriousness level in an incremental manner, where the greatest

severity level, is regarded as hard coupling and it is the worst as per the SE

concepts as stated by Alshammari Bandar, et al. (2009). Every software

program is developed with the different modules so 1 or more of these types of

coupling may be viewed in these modules.

1.1.16 Use of Genetic Algorithm in Object Oriented Design

They were devised by Steve Holland some where in 1960s. Aim of algorithm is

to study the different means of nature evolution and adaptation and create ways

to transfer them into information technology and officially analyze the ways of

variation and development in character. In order to study use of GA, some

genetically used terminology needs to be understood so that it can be easily to

relate with the computer science terms. GA is utilized to discover a great option

from the very big solution set based on the fitness state.

To use genetic algorithm in computer science it is essential to interpret the

medical terms into computer understandable format i.e. 0's and1's. It can

perform different operations such as initial population, mutation and crossover

operators, a fitness function and a selection operator for choosing the survivors.


24

1. Encoding

It is the foundation of genetics is a chromosome and in computer science a

chain of ones and zeros. It has the advantages of being quite simple to

translate another typical manner of developing a chromosome is really to have

a chain of natural numbers.

By variations the locations of the nodes could be changed, thereby changing

the course. A sequence of bits is truly the most conventional manner of coding

a chromosome, and a few resources call just such remedies pure genetic

algorithms as mentioned in Michalewicz (1992).

2. Mutations

They are a method of making new people from the neighbourhood at hands by

giving a modest change to among the present individuals by altering a random

locus. A fundamental mutation would be to alter one bit from zero to 1 or

vice-versa, once the chromosome is represented with a bit vector. But the

restraint is whatever the strains are; the defined problem should be solved by

the result as stated in Mitchell (1996).

When the mutation probability is so reduced, then the people remain quite

comparable from one era to another.

3. Crossover

The operator is put on two chromosomes, the parents, to be able to produce

two new chromosomes, their children, which join the qualities of the parents.

Like strains, the cross-over operator is put on a particular arbitrarily chosen

locus in-the chromosome. Like strains, the crossover operator even offers a

cross-over probability which decides how likely it is for that crossover

operator to be utilized to a chromosome. The cross-over probability, there are

just two variations to the likelihood of the strains. The cross-over probability

is with regards to the fitness of-the chromosome. Therefore, the chance of a

cross-over improves in some relationship with all the fitness value of the

chromosome as discussed in Mitchell (1996). The issue is where and how a

crossover operator is utilized change depending on the use and programmer.


25

4. Fitness function

To be able to assess how great the distinct persons in the neighbourhood are, it

must be described. It assigns a value to every chromosome that signifies how

nicely that they clear the specified issue as discussed by Mitchell (1996). A

typical use of genetic algorithms is perfecting a function.

5. Selection operator

Because the amount of persons in-a population usually grows with the effect

of crossovers, a selection operator is required to handle the dimension of the

populace. The choice operator will establish the persons that will survive to

another generation, and ought to therefore be described so the ones with the

top fitness are far more prone to endure in purchase to raise the typical fitness

of the inhabitants. The easiest way of determining a choice operator would be

to utilize an only exceptional choice. This selects just the "elites", i.e., the

persons with the maximum fitness.

Fig 1.7 The Basic Genetic Algorithm Operations

1.1.17 Applications of Genetic Algorithm (GA)

The GA representation and significant fitness assessment get the success in GA

programs. Because of its simplicity and sophistication as solid search algorithms


26

and their ability to detect good options rapidly for challenging high dimensional

issues as discussed in Thomas Panas, et al. (2010).

GAs is helpful when

� The lookup space is substantial, intricate or badly understood

� The concerned area information is scarce

� There is unavailabity of good mathematical analysis

� Traditional methods do not perform

Its major advantage is the ease of handling arbitrary types of constraints and

objectives; these issues can be taken as weighted components of the fitness

function, accommodating the GA scheduler for specific askings of an incredibly

big set of overall objectives.

1.2 Literature Review

Every research is undertaken by doing a thorough review of the development

and research work undertaken in the specific area/ domain of the given research

work. In a to do justice for proposed work to be get a better insight, the

following literature is carried out for the analysis of existing systems working

and also critically evaluating, to find if there are any shortcomings. For the

purpose of the research, following features are considered essential: Software

Quality Assurance, Quality Control, Software Reverse Engineering, Forward

Engineering, Software Reengineering and Genetic Algorithms.

A substantial research is carried out in these fields by researchers. This part of

study enlightens briefly on some of work done by those researchers. The work

from various books, papers, articles, journals has been referred for this purpose.

It is humble approach to thank those researchers whose work done will be

referred in this research. Some of them are mentioned in this article.


27

� Alshammari Bandar et al. (2009)

These literature show that

� The security metric is perhaps not considered the maximum amount of as

other quality characteristics for example complexity metrics. In Addition,

most security studies pay attention to the each of the program statements.

Such kind of approach causes it to be costly and challenging to detect and fix

problems brought by errors in design in the present system.

� It should be on focus design of security of an existing OO application and

create security metrics. These metrics enable the user to get out and fix

security problems at an earlier period of the reengineering process as it

will help to designer review the security metrics to create special decision

security in to reengineering strategy..

� In particular, to put forth security metrics to quantify Data Encapsulation

and Cohesion of a specified OO class from the viewpoint of prospective

information such as the source code. It also defines another security

metrics which will encompass all the source code in the present software

which will include coupling and inheritance.

� Alshammari B, et al. (2009)

This paper describes

� This paper describes different approaches which aim to describes different

strategies which plan to assess the quality of numerous object OOD

characteristics namely reusability, flexibility, and functionality accordingly

in the relevance to particular quality design.

� But there is little attention on security of software. Most of the studies

focus on security at system level or at the code level. But to measure a

security at code level is quite expensive. Paper also provides alternate

designs by applying refactoring. It uses UMLsec for representing input

artifacts i.e. class diagram.


28

� The main idea extracted from this paper for proposed tool is to generate

more than one design which gives different level of security based on the

requirements .Again different features of OO Design can be utilized in the

process to find out the security aspects from design artifacts.

� Anandha Mala, et al. (2006)

This paper presents

� NL-OOML presents a strategy to pull the mandatory aspects of the system by

submitting its issue statement to object-oriented analysis. This strategy begins

with setting the areas of speech labels to each term in the specified input file.

� The text thus tagged is restructured into a normalized subject-verb -object

form. Further, to work out the vagueness presented in pronouns, the answers

are done in advance of normalizing the text. The text hence labelled is

restructured into a normalized subject verb -object type.

� About 12.4% of extra groups and 7.4% of extra approaches are recognized in

all of the examples obtained each of around 500 words. These additionally

identified candidates are those that will usually be removed by human by

intuition. Coverage accuracy is 82%.

� Ashwin B. Tomar and Dr.Vilas. M. Thakare (2011)

This paper provides information about

� Quality of software is very important into the computer science because

quality is nothing but future requirements characteristics of end user or

customer that is in measurable form. Basically, quality can be those product

characteristics which meet end users requirements and thereby, provide

product satisfaction. Hence, it is concluded that quality should be contain

all properties (or characteristics or features) and vital attributes of a product

which should satisfy the given requirements.

� Therefore this paper approaches and significantly provides a basis for a

research model on software quality.


29

� Ayanam (2009)

This paper gives the clear idea about

� This thesis gives the clear idea how external software properties like

cohesion, coupling and the external properties like performance and

security are associated and correlated.

� It defines different security metrics to measure external property by using

internal property like coupling. This thesis also implies that testing and

future design review should give attention to coupling properties when

security is specified as an essential variable within the requirements

specification.

� This gives idea about how external properties and internal properties are

correlated .And clear direction regarding use of coupling feature for

measuring security.

� Bela Ujhazi1, et al. (2008)

This paper presents

� It has two new conceptual metrics which measure coupling and cohesion in

software systems. The initial metric is Conceptual Coupling between

Object classes (CCBO), an CBO coupling metric and the second one is

Conceptual Lack of Cohesion on Methods (CLCOM) which is a LCOM

cohesion metric.

� One edge of these metrics is that they could be computed in a easier manner

in comparison to other structural metrics.

� The study of CCBO and CLCOM the way of finding fault-proneness of

classes in a big system and systematically comparing them with a large

number of present other metrics for performing the similar task.


30

� Chowdhury, et al. (2008)

This paper have conducted

� This paper has undertaken an in-depth study of the commonly used

security metrics. It discusses and systematically proposes three metrics

namely: stall ratio, coupling corruption propagation, and critical element

ratio.

� It has been shown the systematic use of proposed metrics for different and

effective measurements. The interesting observation is the consistent

patterns of correlations among the metrics. It is to propose updated and

new code-level metrics.

� This paper helps to understand the effect of coupling and how corruption

in coupling can propagate in different modules within software package

.Important part that can be used from this paper is security or the metrics

are mostly depends on data collection methodology used for that software.

So, while collecting data appropriate methodology should be used this can

reduce most of the security issues.

� Harmain H. M. and Gaizauskas R. (2000)

In this paper the authors state

� It is a based on a natural language CASE -CM-Builder, it is aimed to support

the Evaluation period of growth in an OO construction. It uses strong NLP

methods to assemble an integral discussion model of the text and examine

software prerequisites texts composed in British, symbolized in-a Semantic

System. This Semantic System is subsequently employed to mechanically

build an initial UML Class Design. The first design is immediately taken as

input to a visual CASE tool to carry additional improvements by a learned

person.

� CM- Builder analyzes the requirements text and build initial class diagram

only. This model can be visualized in graphical case tool by converting it into

standard data interchange format where human analyst can make further


31

refinements to generate final class model. Also CM-builder makes the

extensive use of NLP techniques

� Hector G perez-Gonzalez and Jugal K. Kalita (2002)

� "GOOAL" (Graphic Object Oriented Analysis Laboratory) generates a normal

language (NL) explanation of problem and creates the object models taking

decisions word by word. The user recognizes the outcomes of the evaluation of

each phrase in real time. Distinctive characteristics of the device are the

fundamental methodology as well as the creation of powerful object models.

GOOAL produces the class diagram by considering the validation threshold of

50% and its coverage accuracy (Precision matrices) is minimum that is 78%.

� Istehad Chowdhury and Mohammad Zulkernine (2010)

Paper gives brief description

� Paper gives brief description about metrics that are frequently used to

evaluate the performance of software to reach a pre-defined target. Metric

measure some property in software. Complexity, coupling, and coherence

(CCC) associated metrics may calculated throughout the computer

software development.

� Introduction of vulnerabilities in the software mainly due to complexity,

coupling and cohesion, it becomes difficult to understand, develop, test,

and maintain the software. It provides enough empirical proof to say that

a complex, coupled and non-cohesive software entities is unsafe through

a comprehensive study on the history of Mozilla Firefox.

� This review helps to provide basis for finding security of software by

considering Coupling as one of the major OO design feature. Because

coupling is nothing but the connection between different modules in a

software package.


32

� Ju An Wang, et al. (2009)

Proposed paper provides

� Proposed paper provides quantitative measurement for the amount of

creditability in a software system. The metrics are based on

vulnerabilities contained within the software systems along with their

effect on software quality. It attempts to correlate internal weakness i.e.

vulnerabilities and outside attacks with the security metrics..

� It has used the Common Vulnerabilities and Exposures (CVE), for

identifying vulnerability and exposure names and used the Common

Vulnerability Scoring System (CVSS). It tries to correlate internal

weakness i.e. vulnerabilities and external attacks with the security

metrics.

� Contribution of this paper in proposed tool is it suggests the need of

identifying vulnerabilities and accordingly priorities it based on their

severity .Because most of the vulnerabilities exist in software is due to

defects and shortcomings in design, coding, testing, and maintenance of

the given software.

� Li Tan, et al. ( 2010)

This paper critically examines

� UML lacks prescribed meaning for its graphical representation. It provide in-

depth meaning of UML, the OCL is mainly and often employed for this

purpose.

� These constraints are created manually, which might cause additional overhead

and incorrectness. Therefore, creating these constraints template for UML

designs is really a superior option. These constraints template automatically

created could be utilized as a research for computer software designers..


33

� A lexical analysis of extracting target objects in UML models in place of OCL

constraints were used to build an algorithm of extraction. Therefore, the

efficacy and total quality of computer software design is improved.

� Martin Beck, et al. (2011)

� This paper presents new visual tool to support software architecture during

reengineering process within a given design and planning for quality

improving changes to its design.

� This visual analysis and design tool is put on investigation on present

system and alters its representation by not altering its behaviour. It is also

applied to an existing software system to alter its representation and at the

same time not changing its behavior.

� The main thing related this paper is the new concept for visual analysis

and design which will act as a support to evaluation of design and also for

identification of transformation.

� Mich (1996)

The author discusses about

� A Natural Language Object Oriented Production System (NL- OOPS) creates

object oriented analysis model from SemNet obtained by parsing NL SRS

document. It considers noun as objects and identifies the relationships among

objects using links. This approach lacks in accuracy in selecting the objects for

large systems and cannot differentiate between class nouns and attribute

nouns.

� Overmyer, et al. (2001)

The authors suggest and discuss about

� This literature describes strategy and a prototype device called Linguistic helper

for Site Analysis (LIDA), which supply linguistic aid in-the model improvement


34

process. It provides a strategy to conceptual modeling through language

investigation. Then provides review of LIDA's functionality and its existing

practical layout and the functionality of its parts. Lastly, it provides an instance

of how LIDA is utilized in-a conceptual modeling job.

� This tool identifies model elements through assisted text analysis and validates

by refining the text descriptions of the developing model. LIDA needs extensive

user interaction while creating models since it recognizes just a listing of

nominee nouns, verbs and adjectives, which need to be categorized into classes,

attributes or operations based on user’s domain knowledge.

�� S. Zhou, et al. (2010)

The authors have suggested

� Software metrics are quite of good use in a forward engineering of

reengineering procedure for existing software system. In Addition, they're

absolutely crucial. They reveal exactness, clear image and comprehension

of the present computer software system. It ought to be step one in

transferring successful reengineering process.

� The proposing of choosing the most practical and powerful metrics from

existing metrics for developing and generating new metrics which will add

to the new complexity and security categories.

� Arun Kumar .S, et al. (2010)

The authors introduce

� There are various standard definition of quality-1) Quality engulfs all

features and important features of the product and also an action which

relates to the fulfilling of given necessities, 2) Quality is nothing but

totality of features and unique features of commodity or even a service

that bears on its skill in meeting the given demand, 3) conformation to

requirements, 4) meeting user requirements etc.


35

� The important role of software process improvement is evaluating the

current status of the software and decides the improvement proprieties.

� Therefore, it should the focus on the software process improvement that

requires the need of software measure i.e. measurement of software

quality metrics.

� Sandeep K. Singh, et al. ( 2009)

This paper discuss about

� Extract a tool based on Event Portioning Approach presents, making of a

automatic process for various Events from Textual Requirements which are put

in English, a Natural Language. The tool helps the experts in additional

refining identified activities and also for additional events manually in the

application site.

� Tool has been tested on several instance has given the recall and precision

values as 92% and 85%.

� SBVR , v1.0 OMG Document Number: formal/2008-01-02 (2008)

� It defines the lexical and rules for creating documents in the semantics of

business lexicals, business facts, and business rules; also XMI schema for the

interchange of business lexicals and business rules between organizations and

tools.

� In software modeling, it is refined way of taking need specifications in NLs

which is easy to read for human beings but simplifies machine process. SBVR

organization guidelines are straightforward to device procedure because of the

proper logic basis.

� Using SBVR, a shared domain model can be generated by one (based on

company vocabularies and rules). Both components of the standardized SBVR

portrayal are described under:


36

SBVR Business Vocabulary

SBVR Business Vocabulary is the collection of business entities, their instances

and relationships between them, which can be used by any organization in their

writing and talking during the course of their business.

� Terms: These are the noun or group of words which can be collectively

used for the designation of a business entity. For example: “bank” or

“investment bank”

� Name: These are the words which are used to represent the instance of

a particular term. For Example: “SBI” which is an instance of bank.

� Fact Type: These are the sentences which represent the relationship

between terms.

The template term-verb-term is used to establish the relation between two terms,

as it is very obvious that a mutual relationship between 3 entities can be easily

broken down to maximum of 3 binary relations.

For example, the fact type “customer owns account is member” states that a

customer is related with account and account is related with member and a

person who owns an account will be a member. This relationship can be

breakdown to two relations as described by the two fact type like” customer

owns account” and “customer is member”.

There are five types of SBVR vocabulary:

� Object Type

� Individual Noun

� Verb Concept

� Characteristic: An abstraction of a property of an object.

� Fact Type

SBVR Business Rules

These are the sentences under business jurisdiction which guide the structure

and behavior of an organization. The rules guiding the structure are known as

Structural Rules and the rules guiding behavior are known as Operative Rules.


37

The conventional rendering of the business entities construction or conduct

under a business authority is known as a SBVR business rule. It is commonly

shows the arrangement or functioning of a special business entity in-a given

business site. Each of the guideline relies on one or more fact kind.

The rules could be of two kinds:

� SBVR Structural Rule: These guidelines define an organizational setup

� SBVR Behavioral Rule: These guidelines are applied to conveying of

conduct

Major font styles are used for revealing business terms, fact types and business

rules Structured English:

Table 1.1 Font styling for the SBVR Structured English Keywords and Phrases for Logical Formulations

Font Description

term

The “term” font is used to represent object types (general concepts) and roles. Terms are defined in singular form using lower case letters. Examples: car, driver, loan, modal formulation, fact type etc.

Name

The “Name” font is used to represent individual concepts that usually are proper nouns. The first letter of a name is capitalized. One of the exceptions to the latter is the presentation of numerical values that are also shown in this style (e.g. 25).

verb

The “verb” font is used to represent a verb, a preposition, or a combination of these two. Verbs are used in singular active or passive forms – these two are used as synonymous forms. For example, for the active form of an associative fact type “driver drives car” there is a synonymous passive form “car is driven by driver”. Fact types, representing characteristics, are always used in passive form, e.g. “car is damaged”.

keyword

The “keyword” font represents linguistic symbols that are used to construct statements and definitions. Examples: each, It is obligatory that, greater than, “ ” etc.

Keywords and phrases are used to express logical formulations. The letters “n”

and “m” represent integers, and “p” and “q” – expressions of propositions.

Table 1.2 Keywords and Phrases for Logical Formulations

Quantification each at least one at least n at most one

universal quantification existential quantification at-least-n quantification at-most-one quantification


38

at most n exactly one exactly n at least n and at most m

at-most-n quantification exactly-one quantification exactly-n quantification numeric range quantification

Logical Operations not p p and q p or q

logical negation conjunction disjunction

Modal Operations it is obligatory that p it is necessary that p it is possible that p it is permitted that p

obligation formulation necessity formulation possibility formulation permissibility formulation

Other keywords

Table 1.3 Keywords in SBVR

Keyword Description

the

1. Used with a general concept to make a reference to a previous use of the same concept; 2. Introduction of the name of an individual thing or of a definite description.

a, an Universal or existential quantification

that When used after a noun concept and before a fact type symbol, this keyword introduces some restriction on that noun concept.

not Used within an expression to introduce a logical negation.

� Seema Sharma, et al. (2011)

� Given Literature explains the drawbacks of JSD,SA/SD approaches. It

describes how GA can be used to optimize the Object Oriented Designs .It

also explains actual working of crossover operator.

� The extracted from this paper is how to generate initial population of

different string. It also guides to identify fitness function.


39

� Stan Jarzabek (1993)

� Due to the paucity in the existing maintenance methods, previous programmes

fail in meeting the current strategic needs. It raises the one question can

developer reengineer program? or it re-implement from start point.

� Main objective of software reengineering is to enhance maintainability of

programmes and then upgrade to existing technology into a newer computer,

database or language.

� Thomas Panas, et al. (2010)

� VizzAnalyzer : The tool is a framework or environment that analyses and

visualizations a software system. It helps in coordinating engineering

activities like re-engineering.

�� Timothy M. Meyers and David Binkley (2007)

� Software reengineering can be a costly process because of the vagueness of

where one can concentrate reengineering effort. Cohesion and coupling

metrics are sophistication metrics out of which especially cohesion metrics

possess the possibility to measure improvement and to aid in identification.

The absolute expansive work on such metrics has been coherence metrics. It

uses information which makes them a great option for cohesion valuation.

� In future study, it ought to be raise the problem such as does a computer expert

might be able to access intricacy metric values related to program and do a

much better job of rewriting the program.

� Tom V. Mathew (2009)

� This paper gives details regarding Genetic Algorithm .It explains working

of GA by applying Its different operator such as selection, crossover,

mutation. It gives direction to use GA in computer science.


40

� The concept in this paper helps a lot in proposed system, because it gives

basis to encode different classes in bit streams. And how different GA

operators can be used for to generate alternate designs.

1.3 Thesis Organization

The Thesis contains six chapters

Chapter 1 – This section gives overall idea and introduction about the research

work and title and also deals with the basics concepts need to understand the

thesis. It also covers the literature review.

Chapter 2 - This section discusses about the observations based on the literature

review, motivation, objectives, goals, principals and the propose framework to

be developed for the research work.

Chapter 3 – This section explain the various aspect of system analysis and

System modeling and design with the help of Unified Modeling Language

diagrams along with the planning and scheduling for the research work.

Chapter 4 – This section deals with the Step wise detail implementation of the

system along with the possible test cases is described in this section.

Chapter 5 – This section mainly deals with the integration of the three modules

in the proposed framework along with their execution details.

Chapter 6 – This section describes the results and observations of system to be

developed as well as results are compared with the existing system

Finally this thesis report based on the proposed research work ends with the

conclusion.

introduction and literature reviewshodhganga.inflibnet.ac.in/bitstream/10603/14005/10/10_chapter...

Documents