prof. dr. abad ali shahprr.hec.gov.pk/jspui/bitstream/123456789/816/1/1870s.pdfdoctor of philosophy...
TRANSCRIPT
Software Design Quality Metrics for Web Based Systems
Ph.D. Dissertation (Session 2004)
Supervised By
Prof. Dr. Abad Ali Shah
Submitted By
Ms. Shazia Arshad
2004-Ph.D-CS-01
Department of Computer Science and Engineering University of Engineering and Technology
Lahore – Pakistan
2010
ii
In the Name of Allah,
The Most Beneficent, The Most Merciful
Our Lord! Forgive us our sins and the lack of moderation in our
doings, and make firm our steps and succor us against those who
deny the truth.
Al-Quran
iii
Software Design Quality Metrics for Web Based Systems
Shazia Arshad
2004-Ph.D-CS-01
Supervisor
Prof. Dr. Abad Ali Shah
A dissertation submitted for the degree of
Doctor of Philosophy in Computer Science
Internal Examiner External Examiner
Dr. Abad Ali Shah Dr Rahat Hussain Bukhari Professor – Department of Computer Director Computer Center Science and Engineering, University of Quaid-e-Azam University Engineering & Technology, Lahore Islamabad
CHAIRMAN Dean Department of Computer Science Faculty of Electrical Engineering, and Engineering, University of Engineering University of Engineering & & Technology, Lahore. Technology, Lahore.
iv
Dedicated to:
My Father, Muhammad Arshad Chaudhry,
Mother, Brother, Sisters
And
My Husband
for their prayers and unbounded love.
v
Declaration:
None of the material contained in this thesis has been submitted in support of an
application for another degree or qualification of this or any other university or
the institution of learning.
vi
Acknowledgment
Undertaking the writing of a Ph. D. Dissertation is both a painful and enjoyable experience. It
brought back memories of the era when I learnt how to drive for the first time. Once again I
experienced the same frustration, encouragement, bitterness, trust and hardship all over again.
Only this time the teacher who was guiding me was my supervisor, instead of the driving-
instructor. And now that I have completed my dissertation and flip through its chapters so
lovingly, I do realize that I have a lot of people on my list to pay my gratitude to.
Firstly, I would like to thank Allah Almighty who gave me courage and patience to complete
this magnanimous task. This piece of work could never be accomplished without His
Blessings and His Power that works within me. And also without the people behind my life
for inspiring, guiding and accompanying me through thick and thin.
I would like to express my deep and sincere gratitude to my supervisor, Professor Dr. Abad
Ali Shah, University of Engineering and Technology. His wide knowledge and logical way of
thinking have been of great value for me. His understanding, encouraging and personal
guidance have provided a good basis for the present ddissertation. He offered me so much
advice, patiently supervising me, and always guiding me in the right direction. I’ve learned a
lot from him.
I am deeply grateful to my husband, Dr. Muhammad Shoaib, for his detailed and constructive
comments, and for his important support throughout this work. Dear Husband, without your
encouraging smile this thesis wouldn’t have been possible. Thanks for always being there
when I need your help and company, thanks for being there when I need someone to talk to.
You know me more than others. You form the backbone and origin of my happiness. I will
never forget the way you laugh and just continue being simple and humble. I owe this
achievement to you.
vii
My deepest gratitude goes out to Chairman, Department of Computer Science and
Engineering, Prof. Dr. M. A. Maud. Throughout this research he has been of the utmost help.
His guidance and suggestions have been invaluable.
I wish to express my warm and sincere thanks to my support system, my father. He is not
with me in person right now, but I know high above the heavens he can see his dream being
fulfilled. His prayers and motivation all along have helped me complete this work. He always
gave worth to me at the first place and supported me spiritually throughout my life.
I owe my most sincere gratitude to my mother, Saeeda Khanum. Her understanding nature
and her love encouraged me to work hard to complete my Ph. D. dissertation. Her firm and
kind-hearted personality has affected me to be steadfast and never bend to difficulty. She
always lets me know that she is proud of me, which motivates me to work harder and do my
best.
I would like to express my appreciation and sincere thanks to my brother, Dr.Sharjeel; my
sisters, Samina, Dr.Tehmina, Nabeela, Dr.Saima and Aisha ,who gave me indispensable
support and appreciation to complete this dissertation successfully.
Special thanks to my in-laws, who gave me untiring help during my difficult moments,
especially my mother-in-law, Nazeera Bibi, who constantly prayed and cared for me. I have
many wonderful memories attached with her.
I would like to extend my heart-felt gratitude to my respected brother in-laws Major Ashfaq
Azhar, Ehsan ,Dr.Adnan and my bhabi Dr.saima.
Next come my dear nieces and nephews: Arsalan, Milhan, Hassan, Hasan, Mustafa, Fatima,
Gul, Danial, Mifzal, Mahnoor, Abdullah, Zoha and Zainab. Their laughter turned every bleak
moment into a bright, memorable one. I thank Allah for bestowing such joy on me.
viii
I am indebted to my many student colleagues for providing a stimulating and fun
environment in which to learn and grow. I am especially grateful to Iqra, Aysha, Kanwal,
Javeriya, Saba and Fasiha.
I warmly thank the honourable Vice Chancellor Lt.Gen.(R) Muhammad Akram Khan and
Mrs. Akram for their valuable advice and help. Their extensive discussions around my work
and interesting explorations in operations have been very helpful for this study.
During this work I have collaborated with many colleagues, friends and the non-teaching
staff at UET, for whom I have great regard, and I wish to extend my warmest thanks to all
those who have helped me with my work
Shazia Shoaib
ix
Abstract
Today, the internet and the World Wide Web are the most amazing and dynamically
growing computer technologies. With the growth of World Wide Web (WWW) the number
of Web Based Hypermedia Applications (WBHAs) has also increased at a tremendous rate.
A quality application can be produced only through a quality design. For a quality design it
is necessary that all its aspects should be measured at the design phase. . The existing
metrics only cater the aspects of software applications after implementation phase.
Many methodologies have been proposed for the web applications design and development.
These methodologies do not cover the issues related to security. OODM was also proposed
with the objectives of web application development but the security issues were also not
covered in this methodology.
Furthermore there are no measurements for the design schema and its different models in
OODM. Other methodologies are also without this feature.
A methodology for the design of a web application has been proposed in this dissertation.
Secure Object oriented design methodology (S-OODM) is an extension of the OODM in
which security issue has been incorporated in the analysis and design. Metrics for overall
design schema and all its models have been proposed and validated through a case study of
university web site. The case study shows that application with security constraints can be
developed by using this methodology and validation of one design or comparison of
different design can be carried out through these metrics. The designer can design a quality
x
design through these metrics and can improve its quality without going on the next phase.
Using these metrics the complexity of the design can be reduced. The performance of the
design can be measured and hence can be increased. The valuable resources like cost, time
and space can be measured and thus can be saved by using the proposed metrics.
Navigational time is another feature of the web applications that can be measured and thus
the easiest navigational path can be computed by using these metrics. User interaction is
important in the web applications and this is also achieved by using the proposed metrics.
The metrics provides valuable information about the vital components from the security
point of view which help the designer to give a care full attention to the vital components.
The methodology, OODM/S-OODM, is believed one of first web application development
methodologies. It provides a complete, detailed and step-wise development process.
Therefore, it needs to be automated. Work in this direction can be done. There can be
another future direction of this work can be to upgrade this methodology (S-OODM) for the
development of semantic web applications.
It can further be extended for the sub domains as at present it deals with the domains only.
xii
Table of Contents
Declaration: ................................................................................................................................ v
Acknowledgment ...................................................................................................................... vi
Abstract ..................................................................................................................................... ix
List of Figures ....................................................................................................................... xviv
List of Tables ..................................................................................................................... xviivi
Chapter 1 .................................................................................................................................... 1
Introduction ................................................................................................................................ 1
Chapter 2 .................................................................................................................................... 5
Literature Survey ....................................................................................................................... 5
2.1 Measurement Theory ....................................................................................................... 5
2.1.1 The Waterfall Model ............................................................................................... 7
2.1.2 Software metrics: ...................................................................................................... 8
2.2 Paradigm for software development and Metrics .......................................................... 10
2.2.1 Structural Approach ................................................................................................ 10
2.2.1.3.1 McCabe ............................................................................................................. 12
2.2.1.3.2 Halstead ............................................................................................................. 15
2.2.2 Object Oriented Approach ...................................................................................... 16
2.3 Web based software ....................................................................................................... 27
2.3.1 Web application Design .......................................................................................... 28
2.3.2 Difference between Web base and non web base application .............................. 29
xiii
2.3.3 Metrics for Web based Systems .............................................................................. 31
2.4 The Hypermedia Design Methodologies ....................................................................... 35
2.4.1 Hypermedia Design Model (HDM) ........................................................................ 35
2.4.2 Relationship Management Methodology (RMM) .................................................. 36
2.4.3 Object-Oriented Hypermedia Design Model (OOHDM) ....................................... 37
2.4.4 Drawbacks of Hypermedia Methodologies ............................................................ 38
2.4.5 Object Oriented Design Methodology (OODM) .................................................. 38
2.5 Summary ........................................................................................................................ 39
Chapter 3 .................................................................................................................................. 40
S-OODM: A Secure Object Oriented Design Methodology ................................................... 40
3.1 Inclusion of Security Model ........................................................................................... 42
3.2 Modified architecture “S-OODM” ................................................................................ 43
3.3 Building Security Model ................................................................................................ 43
3.3.1 Building Component Model ................................................................................... 44
3.3.2 Building Navigation Model .................................................................................... 45
3.3.3 Building Operation Partitioning Model .................................................................. 45
3.3.4 Building User Interface .......................................................................................... 45
3.3.5 Building Security Model ......................................................................................... 46
Chapter 4 .................................................................................................................................. 48
DESIGN METRICS FOR WEB APPLICATIONS ................................................................ 48
4.1 Schema Metrics .............................................................................................................. 50
xiv
4.2 Component Model ......................................................................................................... 53
4.2.1Reusability Metric .................................................................................................... 54
4.3 Navigational Model ....................................................................................................... 56
4.3.1 Navigational Accessing Time Metric ..................................................................... 58
4.4 Operation Partitioning Model ........................................................................................ 58
4.4.1 Operation Performance Metric ............................................................................... 59
4.5 User Interface Model ..................................................................................................... 62
4.5.1 Interface Coherence Metric ..................................................................................... 62
4.6 Security Model ............................................................................................................... 64
4.6.1 Security Metric ........................................................................................................ 65
Chapter 5 .................................................................................................................................. 68
Case Study of a University Web Application .......................................................................... 68
5.1 Introduction .................................................................................................................... 68
5.2 Problem Statement ......................................................................................................... 70
5.3 Analysis Phase ............................................................................................................... 72
5.3.1 Security Realization ................................................................................................ 72
5.4 Design Phase .................................................................................................................. 78
5.4.1 Building Component Model ................................................................................... 80
5.4.2 Building Navigational Model ................................................................................. 83
5.4.3 Building Operation-partitioning Model ................................................................ 89
5.4.4 Building User Interface Model ............................................................................... 92
xv
Chapter 6 .................................................................................................................................. 95
Evaluation of Results and Discussion ...................................................................................... 95
6.1 Schema Metric Evaluation ............................................................................................. 95
6.2 Space Complexity Metric Evaluation. ........................................................................... 96
6.3 Component Model Evaluation ....................................................................................... 97
6.3.1 Reusability Metric ................................................................................................... 97
6.4 Navigational Model Evaluation ..................................................................................... 99
6.4.1 Navigational Accessing Time Metric ..................................................................... 99
6.5 Operation-Partitioning Model Evaluation .................................................................... 101
6.5.1 Operation Performance Metric ............................................................................. 101
6.6 User Interface Model Evaluation ................................................................................. 103
6.6.1 Interface Coherence Metric ................................................................................... 103
6.7 Security Model Metrics Evaluation ............................................................................. 106
6.7.1 Security Risk Metric ............................................................................................. 106
Chapter 7 ................................................................................................................................ 109
Conclusion and Future Directions ......................................................................................... 109
7.1 Conclusion ................................................................................................................... 109
7.2 Future Directions ......................................................................................................... 111
Processing Steps of S-OODM in the Form of Algorithms ................................................ 112
References .............................................................................................................................. 120
xvi
List of Figures
2.1 Simple form of Water fall life cycle model …………………………………………07
2.2 McCabe Cyclomatic Complexities [Jacobson, 1992]………………………………..13
2.3 Examples showing Cyclomatic Complexity for four basic programming languages..14
2.4 The shows 4 different regions in a flow graph……………………………………....15
3.1 OODM [Shah, A., 2003]………………………………………...…….......................41
3.2 The modified architecture of the OODM with security model……………………....42
3.3 Modified architecture “S-OODM”…………………………………………………..43
3.4 Web users with their roles............................................................................................44
3.5 Role of security in different models.............................................................................46
4.1 Design of a Web application-Link Tree.......................................................................48
4.2 Logical layout of a web application.............................................................................54
4.3 Uni-directional & Bi- directional Links……………………………………………...55
4.4 Navigational Model with Local, Instance and Global navigation…………………...57
4.5 Shows the height of two operations………………………………………….………60
5.1 Overall Design Schema of University Website……………………………………...70
5.2 Login verification using security....………………………………………………….79
5.3 A graphical representation for navigating department page class…………………...86
5.4 A graphical representation of navigating college page………………………………88
5.5 Complete navigational model for the UNIVERSITY WA………………………….89
5.6 The registration operation detailed using both OIG…………………………………90
5.7 Algorithmic descriptions of the OIG for the registration operation………………....91
5.8 Five frame based user interface……………………………………………………...94
6.1 Figure shows different access sequences of a link tree………………………………95
6.2 Figure shows the reusability of an independent path……………………………......98
6.3 Figure shows different access sequence of a Link tree………………………….…..99
6.4 Different cases for Operation Performance………………………………………...101
6.5 Interface that shows navigation between attributes of the same component…….…103
6.6 Interface that shows navigation between attributes of different components……....104
6.7 Interface that shows navigation between components of different page-classes…...105
6.8 Faculty page-class showing 9 Multimedia attributes……………………………….107
xvii
List of Tables
2.1 Halstead Scalar Numbers and Measures (Halstead 1977)…………………………...16
2.2 Differences between Object Oriented paradigm and Traditional Structure Metrics...26
2.3 Difference between Web base and non web base application……………………….31
5.1 Building information model with security consideration table....................................73
5.2 Building Navigational Model………………………………………………………..75
5.3 Potential Student………………………………………………………………..……76
5.4 Existing User…………………………………………………………………………77
5.5 Components of the department page class…………………………………………...81
5.6 Components of the faculty page class………………………………………………..82
6.1 Multimedia attributes & their type of Department page-class……………………….96
1
Chapter 1
Introduction
World Wide Web (WWW) is rapidly progressing and its users are increasing in millions. Due
to much increase in the web users, the World Wide Web based applications are also
increasing. The sources of information on the WWW are heterogeneous in nature. The
systems provide the capability of navigation. The WWW systems architecture is client-
server. In order to design the Web based applications hypertext or hypermedia paradigm is
provided.
The web applications are different in nature as compared to the traditional applications [1].
The Structured Analysis and Design (SADT) and Object oriented techniques do not provide a
good solution for web based applications. As observed in [2], these techniques are unable to
analyze, design, implement and test the web based applications.
Design and measurement are two important activities that can effects the performance of any
system.
“Measurement is a process by which numbers or symbols are assigned to attributes of entities
in the real world in such a way as to describe them according to clearly defined rules”[3].
Measurement is everywhere. Medical system measurements help doctors to diagnose specific
illness. Measurements for a car enable us to have looked for the performance of the car.
Measurement can help us to predict weather in future.
Software measurements help us to understand, control, and improve the software products.
There are many entities in the software like length of program, structure, and correctness. A
good measurement can clearly distinguish the characteristics of one entity from another by
analysis and drawing the conclusion. Software Metrics are used to measure the attributes of
2
an entity. It is generally accepted that quality of a system or software product is strongly
dependent on the quality of its design [1]. The usability factor, the ease of use of systems, the
efficiency and the cost effectiveness are the issues those depend upon how good is design [1].
For Web based applications the quality factor is of great concern as these applications are
evaluated by number of users. Therefore, good design and techniques are used to measure it
in an early stage can help to produce an efficient design. Many Methodologies for the Web
Based Applications are proposed for the design of hypermedia applications for the
development of Web Applications (OODM) are Hypermedia Design Model (HDM),
Relational Management Methodology (RMM), Hypermedia Design Model (OOHDM) and
An Object-Oriented Design Methodology [4].
Design is that phase in software development where ideas of the experts are given the form of
blueprints. Architect in the language of the web is the prominent image of the design . From
the professional’s experience we deduce that on web development there are significant
differences between traditional software applications and web applications. Normally the web
application are dynamic in nature and their appearance and content keeps on changing so the
deployment of the traditional software technology on the web is not the appropriate action but
for using the traditional software technology on the web we must make some basic
amendments in the functionality, working and design of the software so that we may get the
desired output from the software.
The most expensive and time consuming phase during the development of the software is the
design phase. During this phase the definitions of its high and low level structures are
discussed and a large number of resources are utilized during this phase. That is why it is
known that performing the design phase successfully means that most of the laborious job is
done and there would be less usage of the resources as was required during the design phase.
3
So the successful completion of the design phase guarantees the précised software which
fulfills the user requirements.
Due to standardization for the communications on the World Wide Web, a wide range of
applications, which include business to business services i.e. commerce oriented, customer
support, and entertainment have been enabled. Performance has always been a major area of
concern in the field of web based applications. Due to this reason, the design and
development of web applications have been made faster, the implementation of the
performance metrics was not taken care of properly and so the web based applications
remained failed to fulfill the motive they were created for. Further the other major problems
like scalability and multiple accesses of sites caused the difficulties in the operation of the
web based applications and the methodologies developed for this purpose don’t care for such
issues. OODM [4] methodology addressed some of the problems but it was without the
measurements and does not address the security issues.
The purpose behind this research is to present a methodology that can take care of security
issues at the design level and measurement at the design level in the form of metrics can be
introduced at each design phase of the proposed methodology.
The design and measurement processes of a web based application are complex in nature. It
is always concerned that a web based application should be a good hypermedia application as
well as good WWW application.
The design phase enables a system architect to choose right platforms, considering the
security issues, notions of linking, the size, and complexity of the web based applications.
In this dissertation, we explore the number of issues related to design and its measurements.
We have presented a design methodology (i.e S-OODM) while considering the security. All
the phases have been quantified by proposing the metrics. Among many other metrics, design
complexity measurement metrics have been presented.
4
This dissertation has the following contributions:
i). The study of different metrics for the measurement of non-web based and web based
applications has been carried out.
ii). Different methodologies for the development of hypermedia applications have been
analyzed.
iii). A methodology for the web based systems with security considerations has been imposed
and presented.
iv). The proposed methodology has quantified by proposing metrics for each phase.
v). Proposed metrics have been validated by taking a real web application as a case study.
The rest of the dissertation is organized as, the chapter 2, discusses the software metrics for
three generations classical, object oriented and web based applications. Then special focus is
given to the hypermedia applications developments methodologies. A detail analysis of these
methodologies is presented.
In Chapter 3 the proposed methodology for the web based applications with security issues
has been presented. In chapter 4 design quality metrics for web application and models are
given with full illustrations in this chapter. In chapter 5 a case study to illustrate the proposed
methodology is discussed. In chapter 6 evaluations of results and discussion are presented
and in chapter 7 conclusion of the research work and some future recommendations has been
presented. At the end we provide list of references.
5
Chapter 2
Literature Survey
2.1 Measurement Theory
Measurement is a multidimensional term which is used according to specific scenarios, for
instance somewhere it is employed to get the size of things and at other places, find the
amount and quantity of things for the purpose of making comparative analysis and getting the
final results. There are certain set of rules which are employed to get the final output and this
output is totally dependent upon these standards [1]. Measurement has now achieved the key
position in our daily life, e.g. while purchasing our routine stuff we measure prices; while
solving arithmetic equations, we measure its variables; while traveling, we measure distances
etc. Similarly, software is needed to be measured in order to validate reliability, stability,
usability, quality and its applicability etc. Each and every type of software is measured
according to some strategy. [1]
Why do we need measurement?
Importance of measurement is evident from the fact that almost each and every system linked
with human beings makes the use of measurement. Medically measurement is applied for
diagnosis of diseases, in economic systems it is used for checking price compatibility,
weather reports are generated by the weather broadcast stations while using measurement as
the basic tool. Fenton declares that workability of any technology is impossible without the
application of measurement [2]. So, the applicability of measurement in every field of life is
almost inevitable. In every field, measurement has its prominent role. In case of software, the
role of measurement is very much clear and should be clearly understood so that it may not
6
create any suspicions for the user. Measurement in terms of software development is of very
much concern to the technical personnel like engineers, managers and system analysts. The
use of measurement by these professionals is as follows:
They calculate that how much time and expertise are involved for the development of
software. At each phase in the development cycle of the software, the tool of measurement
has its key role. When the software is developed and is ready for its operation, the role of
measurement is again comes in place. According to user requirements, the software is
customized with the help of the measurement tool. The comparative analysis of the software
after its installation is made possible with the help of the measurement tool. This analysis
makes the proper working of the software possible. From the very initial stages of the
software development, the system engineers calculate the user needs and analyze that
whether the required software is possible to be developed and can it be testified after its
development. Likewise, the causes of the failure and inefficient working of the software can
be found with the help of the measurement mechanism. Final results of the software after its
installation can be testified and the possibility of timely achievement of the final goals is
possible with the help of the measuring tools [3, 5, 6]. Fenton & Pfleeger stated that
measurement is helpful to improve, understand and control our software. Software
engineering employs measurement at every stage during the development of the software [7].
Following stages are included in the software development.
Analysis
Design
Cost
Planning
Implementation
Testing
7
For development of software these stages must be performed according to the requirements
and only then the successful software can be implemented [1].
2.1.1 The Waterfall Model
Different models are proposed for the development of software and one of the famous models
is Water Fall Process Model. The software life-cycle is simply the entire existence of a
software product. Another way of looking at the life cycle is to consider it as the process
model; i.e. a model for the development and use of software. The waterfall life-cycle model
views the development process as series of discrete phases. In its simplest form (see Figure
2.1) each phase is completed and 'signed-off' before commencing the next stage. The stages
that are typically used are to analyze and specify the system, then to design the system, then
to implement the software, test the final system, and finally to operate and maintain the
software[8,9].
Figure 2.1: Simple form of Water fall life cycle model
Although this form is useful from the point of project management, in practice the various
stages typically overlap, and feedback is usually provided from each stage to the previous [9].
However, there are a number of criticisms of the waterfall model. These include: First, it
freezes the specification at too early a stage of the development, and that it makes iterations
Analysis
Design
Implementation
Testing
Maintenance
Requirements Document
8
difficult. Second, A working version of the program will not be available until late in the
project time span. Finally, it suits a specific class of software applications [9].
Consequently, a number of other models attempt to resolve these problems such as prototype
model and spiral model. Shazia and Shah, A., in 2006 also attempts and modified the water
fall method for the web based software development [10].
2.1.2 Software metrics:
Metrics is derived from the Greek word “metron” which means measure. Metric system owes
its origin to the measurements and calculation in different fields of life. French were the first
ones who adopted the metric system by law 1970s. Later on this system was used for weights
and measures by many countries. After its employment in these fields scientists used this
system. Likewise computer scientists utilized the metric system for the development of the
software and the various systems and given it the name of software metrics [1]. For better
understanding of the term software metrics we need to get the knowledge of the term
“software crisis”. Statistics declare that by 1990, the computer automation occupied almost
one half of the American work [14]. As the trend shifted towards the software based
simulation from the hardware, the need for its maintenance also increased. The lack of
scientists and experts related to the field of computer sciences provided the basis for
maintenance and development of the software [14]. Software development with some flaws
can be as:
Inaccurate scheduling and cost estimates.
Poor quality software.
Less productive rate of software than the demands [14].
This situation has been referred to as “Software Crisis” [14]. The problem of software crisis
must be solved first to get better and efficient results by the computer applications. Proper
estimation related with cost and time of the system, quality and performance are the main
9
points which come under the heading of the software metrics. This management needs better
measures to improve performance of software. Decision making is the job of managers.
Timely decision making is very fruitful in case of software development as it avoids many
serious risks to the life of the software. So in this way managers can use different measures
and parameters which are very helpful in ensuring the proper working and efficiency of the
system. This is the main motive of software metrics. The identification and measurement of
the essential parameters, which affect software development, is the main goal of software
metrics [15,16]. In fact, software metrics is a multidimensional term and is used to describe
very wide range of properties attached with measurement in software engineering. “Software
metrics deals with the measurement of the software product and the process by which it is
developed” [1,16]. Different models are included in the software metrics which play their
role in the enhancement of the working of the software. So, the proper description of the
software metrics is needed. Thus, ideal metrics should be:
Precision based defining of the software
Objective
Availability and cost effectiveness
Validation of the needs
Understanding the irrelevant information.[1,15,16]
Software metrics are related to the four important phases of software development [17].
Planning
Organizing
Controlling
Improving
Software development has become the key element in the evolution of computer-based
10
systems and products. Software development life-cycle is a discipline that integrates
methods, tools and procedures for the development of computer software. For software
development life-cycle, different paradigms have been proposed each exhibiting strengths
and weaknesses [18].
2.2 Paradigm for software development and Metrics
Structural Approach
Object Oriented Approach
Web Based Approach
2.2.1 Structural Approach
A famous paradigm for software development is Structural technique. Structured techniques
evolved from a coding methodology [20, 21]. As other engineering disciplines structured
analysis and design techniques have been introduced to establish acceptable practices in
software development.
In late 1960s academic community adopted structured techniques, and during the early 1970s
the structured techniques became well known in industry. By the late 1970s, structured
techniques had grown into a set of technologies covering the whole software life cycle. They
addressed both technical and management issues. They ranged from programming languages
constructions to problem solving procedures. The basic notational tool of Structural Analysis
(SA) is the Data Flow Diagram (DFD) [20, 21].
11
2.2.1.1 Structured/Function Oriented Design
By the mid 1970s the structured philosophy spread to the design phase [20,21]. During
program development problem solving process start that was a new idea. This had the effect
of applying organization and discipline into program design. Earlier system development
techniques concentrated on detailed instruction-level view of the program. In comparison to
this, structured design focused on a high-level view of the system and used the program
module as the basic building block. Concentrated effort in establishing a relationship between
the problem and its programmed solution gave assistance in developing a picture of the
proposed solution to solve the problem. The concept of modularization was refined by
standardizing the structure of a program module, restricting the interfaces between modules,
and defining a program quality metrics [20, 21].
2.2.1.2 Structural Design Metrics
Importance of the design metrics is evident from the fact that the validation of software
totally depends upon them which is based on certain specific standards. There are certain
possible standardized rules which if are violated, are better understandable with the help of
the design metrics. There are various types of design metrics which can be categorized as:
Basic Metrics: These are about the computer language which is used for implementing the
software. Quality Metrics: These are certain standardized metrics based on the principles of
software engineering. Stability Metrics: [22]. These constitute the stability of the packages.
Coupling
Cohesion
Understandability
Adaptability
The above four metrics are available in the literature for design phase of structural
12
approach. Quantification of the parameter, coupling, is only available in the form of Fan-in
and Fan-out [8].
i. The Fan-out of a module is the number of its immediately subordinate modules.
As a rule of thumb, the optimum fan-out is seven, plus or minus.
George Miller determined that the human mind has difficulty dealing with
more than seven things at once.
ii. The Fan-in of a module is the number of its immediately super-ordinate (i.e., parent or
boss) modules.
The designer should try to reduce redundant code and increase maintainability.
2.2.1.3 Metrics for Structural Approach
In Structural Approach/Function oriented approach functionality of the system is mainly
captured. The basic unit of a program is function or procedure. Functional requirements are
captured during development and they are analyzed and design. Halstead and McCabe
proposed the famous metrics in the seventies for the structural Systems [23, 24, 25, 26].
There are three methods [27] to measure cyclomatic complexity generally.
Firstly, it can be measured by making a flow graph and then using the formula
V(G)=E-N+2 .
Where, E= Edges, N= Nodes
Secondly, by measuring number of regions in the flow graph.
Thirdly, by knowing the number of predicate nodes (which has 2 edges emanating
from the node) the formula used then is V (G) =P+1.
Where P= Predicate Nodes
2.2.1.3.1 McCabe
McCabe proposed a complexity measure [24, 25, 26]. His major concentration was on the
complexity attribute. McCabe complexity metric is a program complexity metric [24,25].
13
McCabe tries to measure the quality and complexity of a program through a control flow
graph (or program graph) of a method or procedure [24,25]. Input to the flow graph is
program and program consists of:
Assignment statement,
Conditions
Loops.
In his work, a graph is drawn, depicting the program in the form of a sequence of paths it
adopts. McCabe made this assumption that cyclomatic numbers of a connected graph are
paths that are linearly independent paths in graph or the number of regions in the planner
graph.
Flow graph consist of nodes and edges. Nodes are conditions and edges are control flow of a
program. The complexity is calculated as:
Complexity = Edges – Nodes + 2
And the number obtained showing how complex the method is. This cyclomatic number
according to McCabe is the smallest number of paths in the graph. He suggested that program
complexity can be decided through the smallest no of paths. Following three graphs shows
the way cyclomatic complexity is measured [24].
Figure2.2: McCabe Cyclomatic Complexity [Jacobson, 1992] [56]
14
In algorithms of a method, cyclomatic complexity goes as counting the number of test cases
required to test the algorithm comprehensively. The formula is written as
Number of independent test paths = Edges – Nodes +2
If there is only one path exist, then there is no need of option and only one test case is
required. For more than one paths, an IF condition is run, if condition is true then one path is
selected else some other alternate path is selected.
Figure 2.3:- Examples show Cyclomatic Complexity for four basic programming
languages[26].
Software metrics that are static in nature use Cyclomatic complexity more than any other
measure. As it is concerned with the program module. It is also known as program
complexity or simply McCabe complexity. This is sometimes also being referred to as
soundness and confidence of a program. The Cyclomatic complexity is useful in following
ways:
It can be used to minimize any inherited risk by predicting it at an early stage of software
development. During coding, risk of the change can be minimized. It can be very helpful in
test planning. It tells the number of tests needed for each step. In this way a complex program
15
can be broken down to smaller modules/programs. However, due to static analysis of code,
these theories are not without their flaws. These are not changed when the program changes.
Contain high association with the program size. Many metrics contain no intuitive reason.
Ignore computing environment, algorithms and ability of programmers. Programmers can
introduce more obscure complexity [26].
2.2.1.3.2 Halstead
Complexity Metric is a program metric and it measures the quality and complexity of a
program. These metrics are program metrics, which means we are dealing with
implementation phase and development phase. After our product is ready then we use these
metrics[27].
Region:
In a flow graph there are some nodes and edges. Nodes are connected to other nodes through
edges. The area bounded by some edges and nodes is termed as region. In addition the area
surrounding these regions will also be called a region.
Figure2.4: Shows 4 different regions in a flow graph [Roger S Pressman 2001].
16
It was proposed that programmer time and effort may be stated as operator, operand working
and it can be measured by the program source [23]. Halstead complexity measurement was
developed to measure program modules complexity. He defines it as follow
n1= the number of distinct operators
n 2= the number of distinct operands
N1=the total number of operators
N2=the total number of operands
There are five measures [16]
Measure Symbol Formula
Program length N N=N1+N2
Program vocabulary n n= n1+n2
Volume V V=n*(LOG2n)
Difficulty D D= (n1/2) * (N2/m)
Effort E E=D*V
Table 2.1: Halstead Scalar Numbers and Measures (Halstead 1977)
In beginning both of these metrics were proposed to measure the complexity and
quality of a program.
It was just an academic exercise.
So after writing a program you can know only about quality of the program.
These metrics were not much helpful to reduce cost and time because they were
measured after implementation.
2.2.2 Object Oriented Approach
Today a new methodology is emerging for computer software development which is called
17
Object-Oriented Modeling and Design. The first version of Smalltalk was released in 1972
[28, 29, 30, 31]. It was also around 1970, that the term “object-oriented” came into
significant use. Some people credit Aln Kay as the first to use the term. He used it to describe
the thinking behind Smalltalk, and many people think of Smalltalk as the first and standard
object-oriented programming language [28, 29, 30, 31].
It is a new way of thinking about problem solving using models organized around real-world
concepts. The fundamental construction in this methodology is an object, which combines
both data structure and behavior into a single entity. Object-oriented models are useful for
understanding problems, communicating with application experts, modeling enterprises,
preparing documentation and designing programs. Although, the object-oriented models not
only affected the database field its effects and superiority can also be felt in other disciplines
of computer science [27, 32, 33,34].
2.2.2.1 Features of Object Oriented Approach
Following parameters are available to measure the quality of software [35]. Definition of all
parameters is available but how to measure is not given for all. Some of the parameters are
given below:
Understandability
All of the design and user documentation must be clearly written so that it is easily
understandable.
Completeness
Presence of all essential parts, with each part fully developed. All required input data
must also be available.
Conciseness
18
Minimization of too much or redundant information or processing. It can be improved
by replacing repeated functionality by one subroutine or function which achieves that
functionality. It also applies to documents.
Portability
Ability to be run well and easily on multiple computer configurations.
Consistency
Uniformity in notation, symbology, appearance, and terminology within itself.
Maintainability
Tendency to facilitate updates to satisfy new requirements.
Testability
Characteristic to support acceptance criteria and evaluation of performance.
Usability
Easiness and practicality of use. This is affected by such things as the human-
computer interface.
Reliability
Ability to be expected to perform its proposed functions satisfactorily.
Structuredness
Organisation of basic parts in a definite pattern.
Efficiency
Completion of purpose without waste of resources, such as memory, space and
processor utilization, network bandwidth, time, etc.
Security
Ability to protect data from unauthorized access and to resist unintentional
interference with its operations.
19
Which are not available in traditional methodologies. This methodology improves a
programmer's productivity by increasing extendibility of the core system. It assists in
managing and controlling software complexity and increases reliability by reusing software
components. Object-oriented methodology attributes to lowering the cost of software
maintenance [36].
The object-oriented approach uses concepts of reusability, polymorphism, encapsulation and
inheritance. These features are not generally used in traditional methodologies [37, 38, 39,40,
74].
2.2.2.2 Object-Oriented Design
Object-oriented design is the process by which software requirements are turned into a
detailed specification of objects. This specification includes a complete description of the
respective roles and responsibilities of objects and how they communicate with each other.
However, there are two points to be considered related to the process of design in general.
The result of design is not a final product. In a sense, no design is ever final. Even after the
software is implemented, tested, and delivered to the user, it may undergo revision after
revision. Certainly before it is implemented, designers reiterate, revisit old decisions and
rework portions of the application.
The designing process is not rigid. Although, designing requires rigor and discipline, but also
there is room for art. Designers should be left free to use their aesthetic sense as a guide. The
object-oriented design process initially consists of the following steps [37, 38, 39,40].
Identify the classes in your systems.
Determine the operations each class is responsible for performing.
Determine the manner in which objects collaborate with other objects in order to carry
out their responsibilities.
20
These steps produce:
a list of classes within your application
a description of the operations for which each class is responsible
a description of collaborations between classes
By focusing on objects, the object-oriented approach becomes very useful in understanding
problems when communicating with application experts whom are responsible for modeling
enterprises, preparing documentation and designing programs. The object-oriented approach
uses concepts of reusability, polymorphism, encapsulation and inheritance. These features are
not generally used in traditional approaches [37, 38, 39, 40, 74]. The object-oriented
methodology improves productivity, provides better control of software complexity and
decreases the cost on the long run [41, 42].
2.2.2.3 Metrics for Object Oriented Approach
For Object Oriented Technology, different metrics were proposed.
2.2.2.3.1 Coupling Metrics
According to Alesssandro, [43] coupling is “The level to which certain design metrics are
coupled in the design of the software”.
The coupling level has its effects on the working and quality of the whole system and it
affects the maintainability, understandability, reusability, testability and efficiency [43, 74].
Quality software can be obtained with accurate and efficient results only when we have lesser
coupling as describe below [43]. Coupling defines the level to which certain design metrics
are coupled in the design of the software [43].
Coupling Between Components (CBC): It is about the coupling with the other modules
either in the system or in the main module. It gives the connectivity count with other modules
21
or the system. For example, counting attribute declarations, or return types parameters [43].
Inheritance Tree depth (ITD): It calculates length of the tree from node to the root. It
notify with reference to the inheritance. If there is high ITD value then we may get the
enhanced module complexity and due to this reason it is difficult to understand test and
maintain it [43].
Number of Children (NOC): It tells about the sub-modules and how much children a
module have. More NOC helps to reduce reusability and testing [43, 74].
Coupling on Method call (CMC): The methods in a module can be called by the other
modules during the working of the program and CMC gives the number of times the methods
are called. It makes other modules highly dependent upon the specific module. CBC metric is
linked to CMC [43].
Coupling on filed access (CFA): Coupling on field access tells us how many times a field is
access by other modules. How much a module is dependent on other modules? The metric is
near to zero for Object Oriented system. High CFA mean high dependencies [43].
Response for a Module (RFM): When the messages cause certain methods to be executed
then the RFM counts it. It gives about the whole transfer of information between the different
modules. RFM counts module methods no and count no of time a method is called. When
RFM is high, it reduces understandability, reusability, testability and maintenance [43].
Number of Stub methods (NsM): It calculates the number of times a method is called. As
there are the methods of other modules. Stub method is in the testing phase of the other
module. High NsM reduce reusability and testability [43, 74].
In-Cyclical Dependencies (iCd): In-Cyclical dependencies of the software in a module are
measured by the iCd. If iCd is high then it reduces reusability, testability and maintenance.
Cyclical Dependencies (Cd): In a system it counts the cyclical dependencies. If Cd is high
then it reduces reusability, testability, maintenance and modularity [Aless04].
22
2.2.2.3.2 Cohesion Metrics
Cohesion is defined as “level to which different elements of that software are related with one
another and their operation is intertwined with each other for giving better performance and
output”. High cohesion is good and shows good module subdivision. Low cohesion
maximizes complexity. Lack of Cohesion in Methods is the cohesion metric and can be
elaborated as under:
Cohesiveness is important and it promotes Encapsulation and lake of Cohesion shows that
classes are different and we should split them into two or more classes. Cohesion metric can
be defined by finding and considering relationship between the methods of the class.
Co1
Connectivity (1)
Connectivity 1 can be explained with the help of undirected graph, where the class
methods are represented by vectors of the graph. Two vectors are connected with the help of
an edge. If the connected vertices use at least one common attribute or any of them invoke
other.
Then Connectivity1 is
(
2
Where V is the no of vertices of graph G and E is number of edges.
Above connectivity can be defined by another formula
2
Coh
Cohesion
Suppose we consider all the method of a class in a form of set like
23
accessing attributes set e.g.
Then we can say that
Represent a number of methods having attribute
then Cohesion is equal to Coh
1
( )a
j
j
A
m a
.
Where, m = methods, a = attributes
LCoh
Loose Class cohesion
This Metric will measure indirectly connected methods (vertices). Consider m1, m2 … mn, as
methods such that mj and mj+1 are connected where j=1 …n-1, then we can say that m1+mn
are indirectly connected means m1 and mn are indirectly connected. Basically this metric
represent the percentage of public method which are indirectly or directly connected within a
class [44].
24
LCOM
Lack of Cohesion in Methods (LCOM)
LCOM calculates the similarity level of methods in the modules. Analyzing the methods in
the modules forms the basis of the basic technique which calculates the LCOM. The total
number of disjoint sets and common attributes of the methods are also calculated by the
LCOM. This metric influence modularity, functionality, reusability and testability [43, 45,
74].
Following are the main six software metrics that are proposed by [45] to help developers to
reduce the cost, increase the quality, and decrease the amount of time spent on maintenance.
Weighted Methods per Class (WMC), Depth of Inheritance Tree (DIT), Number of Children
(NOC), Coupling between Object Classes (CBO), Response for a Class (RFC), and Lack of
Cohesion in Methods (LCOM) [45].
Weighted Methods per Class (WMC)
It counts the number of methods. It makes objects more application oriented and restricts
their reuse as they are specialized in their purpose. Inheritance property affects the children
because if we use the methods for greater number of times then its effect on children is
directly proportional to its usage.
Depth of Inheritance Tree (DIT)
The level of deepness in hierarchy affects the children and DIT is the number of ancestor
classes which has their affect on a class. This makes it more complex.
Number of Children (NOC)
Every class has a subclass and the metric NOC counts the subclasses which gets the methods
from their parent classes. In hierarchy, depth is always preferred to breadth because in this
25
way we can count a large number of children and it offers a weaker design as for every child
we need special tests [45].
Coupling between Object Classes (CBO)
As discussed earlier that coupling describes the relation of a class with the other classes
which are directly attached with that class, so, here the metric CBO counts the number of
other classes which are coupled with this specific class. CBO counts class to class
connectivity and it is not the inheritance. CBO is a measure of fan-out, which means that an
object is coupled to another if two objects act upon each other. So the higher makes the
design strict because we need more testing. It also makes the maintenance difficult.
Response for a Class (RFC)
Objects receive messages from different classes and in reply to these messages certain
methods of objects are called and the job of the RFC is to count the number of times methods
are called. It measures both external and internal communication.
Lack of Cohesion in Methods (LCOM)
Different parts of programs are also linked with each other within the same program and
cohesion counts this inter connectivity. The degree of similarity for two methods MI and M2
in class C is given by:
∂ ( ) = {I1} n {I2}
Where {I l} and {I 2} are the sets of instance variables used by MI and M.
The LCOM is a count of the number of method pairs whose similarity is zero (i.e., ( ) is a
null set) minus the count of method pairs whose similarity is not zero. Larger the number of
26
similar methods, more cohesive the class is. A high value of LCOM suggests that classes
should be split into two or more classes. If none of the methods in a class utilize instance
variables, they have no similarity and consequently the value of LCOM is equal to zero in
that class. LCOM is tied to the instance variables and methods of a class; therefore, it is a
measure of the attributes of an object class [45].
2.2.2.4: Differences between Object Oriented paradigm and Traditional Structure
Metrics:
Parameters Object Oriented
Metrics
Traditional Metrics
Implementation Less complex and easy to
implement
High complexity and
difficult to implement
Definition Well-defined and rigid Ill-defined and vague
Organization Organized around clusters
of
Correlated attributes
Organized by presence or absence of
attributes of objects
Construction strongly shaped by
responder’s goals and the
context in which the
reasoning occurs
Designers have to construct abstract
generic classes which
perform general operations
Psychological essentialism Once an object is created it
remains immutable.
Inheritance allows dramatic changes in
objects.
Family resemblance All objects have the same
attributes.
Objects can selectively inherit features.
Table 2.2: Differences between Object Oriented paradigm and Traditional Structure Metrics:
27
2.3 Web based software
OODM is the methodology which can used to develop web based software. While using this
technology to build this software we have to take care of many factors. The design
complexity of web based systems is the most prominent of them. To design web based
software we consider two main components i.e. Link Tree, Link Directory.
Logical view of a web based system is given by the Link tree. Pages of the tree are linked in
both uni-directional and bi-directional way by the arcs of the links trees, whereas the job of
link directory is to keep the record of complete information about links of the link trees.
Web based application consist of web pages that can be of two types i.e.
Static web pages
Dynamic web pages
Static Web Page
Static web pages are static in nature means that they do not change when they are loaded into
browser unless the owner of that website change them There content and appearance never
changes automatically and the only visible change is the jump to another page or the owner of
the site uploads a newer version of that page for the use of general clients.
Dynamic Web Page
The runtime change in the appearance and content of the web page is the main feature of the
dynamic web page. These changes occur every time a page is loaded and their contents are
changed based on the user’s liking. The most common type of the dynamic web page is the
database driven. Best example is of user’s email inbox because every time a new mail comes
that change is directly made into the back end database without human intervention. The
contents of mail inbox are loaded from the database automatically. Every addition, deletion
and updating of the mail box is handled automatically by the database server which is
working at the back end [46, 47].
28
2.3.1 Web application Design
Design is that phase in software development where ideas of the experts are given the form of
blueprints. Architect in the language of the web is the prominent image of the design [48].
From the professional’s experience we deduce that on web development there are significant
differences between traditional software applications and web applications. Normally the web
applications are dynamic in nature. Their appearance and content keeps on changing so the
deployment of the traditional software technology on the web is not appropriate action. For
using the traditional software technology on the web we must make some basic amendments
in the functionality, working and design of the software so that we may get the desired output
from the software.
The most expensive and time consuming phase during the development of software is the
design phase because during this phase the definitions of its high and low level structures are
discussed and a large number of resources are utilized during this phase. That is why it is
known that performing the design phase successfully means that most of the laborious job is
done and there would be less usage of resources as was required during the design phase [49,
50, 51, 52, 53]. So the successful completion of the design phase guarantees the précised
software which may fulfill the user requirements.
The World Wide Web has created a standardized communications infrastructure that has
enabled a wide range of applications, which include business to business services i.e.
commerce oriented, customer support, and entertainment. Performance has always been a
major area of concern in the field of web based applications but because of the rapid design
and deployment of web applications, implementation of the performance metrics was not
taken care of properly and so the web based application remained failed to fulfill the motive
they were created for [54]. Further the other major problems like scalability and multiple
accesses of sites caused the difficulties in the operation of the web based applications. These
29
problems included poor availability and long response times [54, 55].
The purpose behind this search is to improve the issues of low scalability, flexibility,
efficiency, and high maintenance cost for a web-based application. Web application is
advancement in technology and is a hot issue. They are different from the non web
applications from the following point of views as stated by Shah, A., [2003] in his lecture
series.
2.3.2 Difference between Web base and non web base application
Parameters Web based Applications Non Web based Applications
Availability Web based applications provide reliable
information at all sorts of platforms.
It’s not platforms independent
so can’t be accessed anywhere.
Accessibility Provide efficient access to relevant
information
Not accessible easily at more
than one location.
Multimedia Facilitating online media e.g. video,
sound, animation etc
Multimedia isn’t much efficient
here.
Economical Web based applications are normally
very economical to be stored, modified
and reproduced.
Modifications involve
complicated work requiring
high cost of manpower, tools
and management.
Accuracy These applications require short cycles
and so easily updated afterwards.
Long and complex cycles
involving heavy load for
updating.
Interaction Users and the system itself are directly
interacted with the system
simultaneously.
Users and system itself can’t
directly interact with the system
at the same time.
30
Networking Depends upon connection to the
network for its functionality.
Can work well even if there is
no network available.
Asynchronous These applications are mostly
asynchronous and little delay causes
long response times.
These are synchronous
applications. Delays don’t occur
here.
Security Multiple users accessing the network are
checked by giving log-in or passwords
etc. So, data can’t be copied. Users can
only use those features that are needed
by them.
Security lies here but not at a
level as to check users and their
authentication at every step.
Monitoring Developers can monitor their data easily
because application is running on a few
servers and they know where an error
could be. Predicted and correction of
errors is very quick and effective.
No such prediction available
rather developers have to rely
on the consumer feedback to get
awareness of the errors
occurring in their application.
Internet
Traffic
Heavy load of users creates decreasing
speed of service and even server shut
down.
No such traffic is created here.
User interface Because of Java it provides slow user
interface.
These use different tools like
Visual basic etc. and so
interface is not slow.
Customer
Oriented
Being providing services to users, these
have to take care of a lot of aspects as
protection against human errors,
hardware failures, hackers etc.
These applications are product
oriented and that’s why no such
issues here.
Administrative
costs
Online application doesn’t need to be
installed at every workstation where it is
These applications are needed to
be installed wherever to be
31
to be run. It saves time and money. used.
Portability Users can open/browse the same data at
office, home, work place etc not needing
to re-install that application at every
place.
Users have to re-install the
software needed to run the
application at more than one
place.
Slow
Response
Clicking on the button at browser
requires information sent to server and
then back to the user through the
internet and then back to the user.
No such transfer of service here,
rather clicking on the button at
desktop gives quick response,
Intensive and
Frequent Use
The use of Web based applications are
high
They are used Less intensive
and less frequently.
Investment of
time by user
More time has to spent by users to have
a hand on experience which decrease the
productivity
User can understand unlucky
and hence increase in
productivity
Attention Attention is not a serious limiting factor
for effective interactions in web based
applications.
It can be a serious problem for
effective interactions in
traditional applications.
Coupling Web based have more coupling than non
web based applications
Non web based have low
coupling
Occurrence of
defects
Web based can have more defects. Non-web based has fewer
defects.
Table 2.3: Difference between Web base and Non Web base Application:
2.3.3 Metrics for Web based Systems
The constitution element of the web based application is a web page. For a web page
32
different metrics have been proposed by researchers. Some of the metrics are hereby given as
under Emilia mendes [2001] proposed the Size metric for the web based applications which
counts the number of pages belonging to a particular site or domain which is under
consideration. We can ask different questions about the web such as "how large is the Web",
"how fast does the Web grow" etc. The web site metrics with respect to size can be defined
as:
i. Page Count
Page count is the no of html files used in the web application pages.
ii. Media Count
Media count means how many media files are used by the web application.
iii. Program Count
It is an application that use Java Script files, cgi script, Java applets
iv. Total Allocation
Pages like html or shtml are allocated space which is used in application.
v. Total Media Allocation
Media files that are used in the application are allocate space (Mbytes).
vi. Total Code Length:
Programs used by an application are calculated by counting its line of code.
2.3.3.1 Reusability Metrics
The reusability metrics for the measurement of web based components that can be used in
other web applications or within a same application. As describe below
i. Reused Media Count
Reused/modified media files are numbered
ii. Reused Program Count
Reused/modified programs are numbered
33
iii. Total Reused Media Allocation
Reused media files that are used in the application, we calculate their allocated space
(Mbytes).
iv. Total Reused Code Length
Programs reused by an application are calculated by Number of lines of code
2.3.3.2 Complexity Metrics
The complexity metrics is used to facilitate the measurement of the web application:-
i. Connectivity
Connectivity is not represented dynamically generated links but it present total inter links.
ii. Connectivity Density
It can be calculated as Connectivity divided by Page Count
iii. Total Page Complexity
It can be calculated with the help of this formula
Emilia Mendes [2001] [58]
iv. Cyclomatic Complexity
It can be calculated like this
(Connectivity - Page Count) + 2.
v. Structure
Application is sequence, organized by its main structure which is measured by sequence,
hierarchy and Network.
2.3.3.3 Effort Metrics
The factors involved in calculating the efforts used in developing web sites are[51]:
34
Total Effort
Total effort (TE) = structuring effort (SE) +interlinking effort (IE) + inter planning (IP)+inter
building (IB) + link testing effort (LTE) + media testing effort (MTE)
Structuring Effort (SE)
To Structure an Application estimate elapsed time (number of hours)
Interlinking Effort (IE)
To interlink the pages in order to build the application's structure estimated elapsed time
(number of hours)
Interface Planning (IP)
To plan the Application's interface estimated elapsed time (number of hours)
Interface Building (IB)
To implement the application's interface estimated elapsed time (number of hours)
Link Testing Effort (LTE)
To test all the links on an application estimated elapsed time (number of hours
Media Testing Effort (MTE)
To test all the media on an application estimated elapsed time (number of hours)
2.3.3.4 Confounding Factors
Experience
With the help of a scale from 0 (no experience) to 4 (very good experience) It measures the
authoring/design experience of a subject.
Type
It measures the type of tool used for authoring or designing the web pages [51]. All above
citied metrics are at application level and are unable to provide the details at systems level.
For the web based applications, there are no metrics available for the system level design.
However, different methodologies have been proposed for the systematic design of the web
35
based applications and some of them are given as under:-
2.4 The Hypermedia Design Methodologies
The most popular methodologies cited in the research for the hypermedia applications are the
following [56]:-
Hypermedia Design Model (HDM)
Relationship Management Methodology (RMM)
The Object-Oriented Hypermedia Design Model (OOHDM)
An Object-Oriented Design Methodology For the Web Applications Development
2.4.1 Hypermedia Design Model (HDM)
The HDM was defined by Franca Garzotto [1993] [57], the Hypermedia Design Model
(HDM), suggests a domain of application consists of entities which are shaped with the help
of sequence of components. In these hierarchies the entities belong to type. With the help of
links different entities or components are connected to structural or application links. The
hierarchical structure of entities is basically representing structural links of entities or
component connection with application links in order to represent the application domain
relations.
Units are one or more perspective and this is because of instantiated of components. A
reference context to information is provided by Units. HDM schema can be represented as an
application link type and entity set when we define entities and links by using some schema is
called a HDM schema instance. So after defining the schema instance it is easy to define the
requirement of specific browsing semantics and application behavior at run time. Consider an
example of Pakistan Law 1973; “Law 1973” is an entity and this entity is chosen as object for
a relevant application. A piece of information about this entity will be component e.g.
component is “Article 1” of Pakistan law 1973. Through different ways we can represent
36
hypermedia information. It means there are several ways to present the outlook of
information. Unit in HDM is defined as piece of information related to component. A unit is a
tiny piece of information. e.g. in “Pakistan law 1973” one unit has a body i.e. “official” text
another unit’s body is “Description”. Structural, Application and Perspective are the three
kinds of links which are differentiated by HDM. Components belonging to same hierarchy
are Structural links and application links exists between entities. Component has many units
& it is possible to move between them.
An HDM 98 focus on structural, navigational, dynamic, and user control ‘dimensions’ of
hypermedia. Specification of a web based application consists of a schema definition and a
set of instance definitions. Entity links are defined by schema definition and they are
connected by a set of application link types. Instances are allowed to be inserted in the
hypermedia application only if they obey the constraints specified by the schema.
Lack of design step and limited number of access primitives are two basic drawback of this
methodology [57, 58, 59, 60].
2.4.2 Relationship Management Methodology (RMM)
RMM (Isakowtis et al; 1995) is based on Relationship Management Design Methodologies
(RMDS) means how entity relationship can be managed. It is the primary full web based
application design methodology. In this methodology the information domain of the
application is captured by conventional Entity Relationship diagram. Slices are then defined
which means a meaningful group of an entity’s attribute. This step produce enriched diagram
related to relationships, ER diagram, slices from the entities relationship derived all
navigation paths. All above defined by entity belongings and relationship and they are
completed in navigational design
The result of this step is RMDM diagram, which is core in RMM, all RMDM can be
compared with the HDM in that it uses almost the same modeling primitives of HDM such as
37
entity types and entities, and it also distinguishes among three types of links. RMDM extends
the access primitives supported by HDM into four types of access primitives (conditional
indexed guided tour, grouping, conditional index and conditional guided tour). At last, it
ropes a set of laws to map an RMDM diagram into a hypermedia network consisting of nodes
and links [61, 62].
2.4.3 Object-Oriented Hypermedia Design Model (OOHDM)
OOHDM [71] (1995) presents an approach that defines four steps: conceptual design,
navigational design, abstract interface design, and implementation. The conceptual data
model is described by using OOHDM primitives, namely: classes, relationships and
subsystems. Navigation design is described in terms of navigation classes (nodes, links, and
access primitives). Nodes present valid views on conceptual classes in step one. Consequent
relationship makes the reason of links as described previously. Access primitives are used to
model movement in the hypermedia application. Many navigational models during this step
can be built for similar conceptual schema different for same area. Through interface design,
an interface helps the user to identify navigational objects; this specification is done at a
higher level that of the actual implementation environments. During this step, the designer
specifies what the perceptible objects are, that intends to make available to users, and how
they behave in terms of the actions originating from users. Perceptible objects are generally
built using primitive GUI objects such as buttons, text fields, graphics field etc. It gives the
interface for navigational objects. The implementation step concerns mapping the interface
objects into implementation objects. In this step the designer produces the actual hypermedia
application to be run. In particular, the models generated after performing step one to step
three are implemented on top of available hypermedia system platforms [63, 64, 65].
38
2.4.4 Drawbacks of Hypermedia Methodologies
In the previous hypermedia methodologies, design and implementation were merged
together. We cannot separate them.
Analysis was minimum
Those methodologies were not based on software engineering principles.
In Shah, A., [2003] proposed a methodology which is OODM (Object Oriented
Design Methodology) by following the principles of software engineering.
2.4.5 Object Oriented Design Methodology (OODM)
The OODM presented by Shah, A. in 2003 [4] describes two phases i.e. analysis and design
mainly. Analysis deals with problem statement of Web based Application, the information
and their structure, potential users and their goals, navigation paths, and operations supported
by the web application are identified.
The design phase addresses the issues like presentations of information to users, user
navigation paths, implementation of each operation, and user-interface elements and how to
design them.
The Analysis Phase captures mainly three aspects of the Web based applications and these
are information structure, the navigation paths to be followed by different user-classes during
access, and operations performed by the Web Application. The phase deals with three aspects
individually and develops corresponding three models. These three phases are Building
Operation Model, Building User Navigation Model and Building Information Model. These
items make three different models like Operation Model Information Model and User
Navigation Model.
The report generated by the analysis phase becomes the input of the design phase and it
works as four processing units as Building Component Model, Building Navigation Model,
39
Building Operation and Building User Interface[4].
2.5 Summary
All the above described methodologies suffer from some drawbacks e.g. RMM and OOHDM
consists of plain class model which is unable to handle special elements like narrative
structures. RMM depends upon the ER model in which individual objects are left out.
In HMM more sophisticated specifications techniques are required for handling complex
types like games. These techniques do not follow any recognized process model like Water
Fall Model for the development purpose.
The OODM do have covered some of the above defined flaws but still the following short
comings are noted in OODM.
Issues related to security are not considered.
Adaptive navigation, has not been considered, in which pages selection depends upon
user’s mode e.g. Faculty or student, or it depends upon user’s previous moves.
Passing of Input and output data through the public networks have not been
addressed.
Today’s processing on the web is also some time conscious and issue is not addressed
in this methodology.
No quantification in terms of measurements has been given.
The focus of this research is to present the extension of OODM approach which may cover
the above defined flaws and to define the measurements at each model of the proposed
methodology.
40
Chapter 3
S-OODM: A Secure Object Oriented Design Methodology
Many methodologies have been proposed for the web applications design and development.
These methodologies do not cover the issues related to security. OODM is also proposed with
the objectives of web application development but without the consideration of security
issues. S-OODM is an extension of the OODM in which security issue has been considered.
To accommodate the security issues, OODM is required to be updated. The OODM presented
by Shah, A. in 2003 [4] describe two phases i.e. analysis and design mainly. Analysis deals
with problem statement of Web based Application, the information and their structure,
potential users and their goals, navigation paths, and operations supported by the WA are
identified.
The design phase addresses the issues like presentations of information to users, user
navigation paths, implementation of each operation, and user-interface elements and how to
design them.
The Analysis Phase captures mainly three aspects of the Web based applications and these
are information structure, the navigation paths to be followed by different user-classes during
access, and operations performed by the Web Application. The phase deals with the three
aspects individually and develops corresponding three models. These three phases are
Building Operation Model, Building User Navigation Model and Building Information
Model. The three items make three different models like Operation Model Information Model
and User Navigation Model.
The report generated by the analysis phase becomes the input of the design phase and it
works with four processing units as Building Component Model, Building Navigation Model,
41
Building Operation and Building User Interface Shah, A., [2003].Over all structure of
OODM is as under:
Figure 3.1: OODM [Shah, A., 2003]
Introduction of a new security model is required. Each model of the OODM is required to be
secured by introduction of a level of security. An algorithm for the inclusion of security
model has been given.
42
3.1 Inclusion of Security Model
Figure 3.2: The modified architecture of the OODM with security model (S-OODM)
43
3.2 Modified architecture “S-OODM”
Information modelInput: problem statementOutput : page classes, multimedia attributes and associations among page classes
Component modelInput::information modelOutput: component and component access sequence, associations among componentsSecurity: roles, permissions, level of security
Navigational modelInput: component, user navigation models.Output: local , instance, global and menu navigations.Security: rules permissions, level of security
Navigation modelInput: problem statement, information modelOutput: user classes, user goals, user access scenarios, user navigation path
Identify Security modelInput: problem statement, information , navigation, operational models.Output: identify user role, user permission, level of security,
Operational modelInput: problem statement, information, user navigation models.Output: operation names, input, output and dynamic page classes
Operation partitioning modelInput: operation modelOutput: client and server operationsSecurity: security on authorized input, security on operations (delete, update etc )
Building Security modelRules, permissions, level of security
User interfacecomponent and component accessInput::information modelOutput: sequenceSecurity: login security
S - OODM
Analysis Phase
Design Phase
Figure 3.3: Modified architecture “S-OODM”
3.3 Building Security Model
The security is implemented in the S-OODM through a security model. Security model is
building though a Security Manger. It consists of methods/operations. Methods declare
permissions required to access the objects. When operation is called from sandbox context
(HTTP URL, Page template or site script) all calls going outside the sandbox are checked by
OODM Security Manger. After breaching out from the security sandbox, there are no further
44
automatic security manager call checks, since the security management gives heavy
performance overhead for each function call.
It is very important to define proper permissions for each operation which could manipulate
or export private information. There are several roles e.g., Administrator, Super user, user
which have set of permissions e.g. Update, Create, Edit, Delete roles are inherited - a
subfolder can have different permission set for the role as the parent folder.
Users and groups are given roles. Again, user can have different roles in the different part of
the site.
Figure 3.4: Web users with their roles
3.3.1 Building Component Model
This model has already been built for OODM by (Shah, A., 2003), now we have restructured
it for S-OODM. Building Component Model has the following functionalities:-
This unit identifies page-classes, their associations and their multimedia attributes
from problem statement.
The problem statement should be correct and taken from valid, authenticated and
authorized users.
To ensure validity, authentication and authorization of user’s secured logging should
be implemented.
45
3.3.2 Building Navigation Model
Navigation Model was first generated by (Shah, A., 2003) for OODM; it has to be
reconstructed accordingly for S-OODM. Building Navigation Model Contains the
functionalities mentioned below:
This unit designs the information structure of a WA. While navigating through web
pages.
During user navigation secure session management should be done to reduce user
disorientation and cognitive overhead.
To make user navigation most secure, strict criteria and constraint for anonymous users
are defined to avoid unwanted access from the web.
3.3.3 Building Operation Partitioning Model
Shah, A., (2003) has built up this model for OODM Model and we have reused it to in-
cooperate security in S-OODM. Building Operation Partitioning Model has the following
functionalities:-
This unit categorizes operations into client operations and server operations.
For completing and refining the operation-partitioning model valid and authorized cline
and server should be identified.
Secure message passing has been obtained by precisely selecting to which object level
(administrator, super user, user) data is to be sent.
What kind of information is accessible by which level of object or user?
3.3.4 Building User Interface
This model has already been developed for OODM by (Shah, A., 2003), now it is recreated
for S-OODM. Building User Interface works as follows:-
46
This processing unit deals with the designing of user’s perception and interaction with
WA. For designing the user interface. Information about user’s perception should be
gathered from valid users.
Figure 3.5: Role of security in different models
3.3.5 Building Security Model
The Security Model attempts to incorporate all of the features of OODM in addition to
security aspects, leading to what is called “S-OODM”. How security may be incorporated
into each of model mentioned above is given as under:
Firstly, we will see the Component Model. To build the Component Model, page-classes,
their associations and their multimedia attributes are identified from the problem statement.
This problem statement should be correct and taken from valid, authenticated and authorized
S-OODM (Secure Object Oriented Design Methodology)
Component Model
Input: Information Model
Output: Component and
Component access
Navigational Model
Input Component, user,
navigation models
Output: local, Instance
Operation partitioning Model Input: Operation Model Output: Client and Server operations Security: Security on authorized input, Security on operations (delete, update
User Interface
Component
&Component access
Input: Information model
Building Security
Model
47
users. Also to ensure validity, authentication and authorization of users, a secured log-in
should be implemented.
Secondly, we will see the Navigation Model. This unit designs the information source of a
Web Application while navigating through the web-pages. During user’s navigation, secure
session management should be done to reduce user-disorientation and cognitive overhead. To
make user-navigation more secure, strict criteria and constraints for anonymous users are
defined to avoid unwanted access from the web.
Thirdly, we will see the Operation Partitioning Model. This unit categorizes operations into
client operations and server operations. For completing and refining the operation-
partitioning model, valid and authorized client and server should be identified. Secure
message passing has to be obtained by precisely selecting which object level (administrator,
super user, and user) data is to be sent. Another question that needs to be answered is that
what kind of information is accessible by which level of objects or users. Also it is to be seen
what kind of operations need to be incorporated and how: insert, delete, update etc.
Lastly, we will see the User Interface Model. This processing unit deals with the designing of
user’s perception and interaction with the Web Application. For designing the user interface
information about users’ perception should be gathered from valid users. To incorporate
security, log-in security is to be considered too.
To implement all of the factors mentioned above we employ the Security Manager. It consists
of methods/operations. Methods declare permissions required to access the objects. When
operations are called from the sandbox context (HTTP URL, page template or site script) all
calls going outside the sandbox are checked by OODM Security Manger. After breaching
out from the security sandbox, there are no further automatic security manager call checks,
since the security management gives heavy performance overhead for each function call.
48
Chapter 4
DESIGN METRICS FOR WEB APPLICATIONS
In Object-Oriented Design Methodology (OODM) and Secure Object-Oriented Design
Methodology (S-OODM) (see Chapter 2 and Chapter 3), design of a web application is
represented using Abstract Data Type (ADT) undirected graph (see Figure 4.1). In the figure,
we have shown a general design of a web application. In the graph (see Figure 4.1), the root
node represents home page of the application and other nodes of the graph represent pages,
these can be either static pages or dynamic pages. Note that a page which does not take any
input from the user, is referred to as the static page, and a page that takes input from the user,
is referred to as dynamic page.
Figure 4.1 Design of a Web application-Link Tree
P5
Pn-3 Pn-2Pn-1
Pn
P1
P4
P3P2
P8P7P6
49
As mentioned earlier, both OODM and S-OODM are design schemas of a web application in
the form of an ADT graph/tree, which is referred to as the link-tree (see Figure 4.1). A web
application is a collection of pages (as shown in Figure 4.1), in which nodes represent the
pages of the application and edges/arcs represent links between the pages/nodes. The links
are of two types and they are listed below:
Uni-directional
Bi-directional
Through a uni-directional link, a user can only go from one page to the next page, whereas,
through a bi-directional link, a user can go from one page to the next page and also go back to
the previous page.
Now we formally define a link-tree (LT):
LT = {IN1, IN2,.……. INn} U {LN1, LN2,…….,LNm} --------------------- (1)
In Equation (1), LT is union of the two sets, as shown above. The first set {IN1, IN2.… INn}
of Equation (1) can also be written as {IN1, IN2,…INi….,INn}, where INi is the ith internal
node and it is defined as (Pi, αi). Pi is the ith page of the link tree and αi is the outgoing edge
of the page Pi and it is either uni-directional or bi-directional. If αi = 1, then it is a uni-
directional edge and if αi=2, then it is a bi-directional edge. Internal nodes are the ones which
have sibling nodes.
In the second set {LN1, LN2……………,LNm} of Equation (1), m is an integer. The set (LN) is
the set of leaf nodes of the link-tree LT and a leaf node LNj is the jth page Pj of the link-tree.
The leaf node LNi is defined as LNi= Pi because there is no outgoing arc/edge in LNi. This
feature is typical of external nodes only. In other words, an external node, as well as a leaf
node are one and the same thing and they do not have sibling nodes (Thomas et al 2003 ).
50
Since each internal node (page) is represented by two parameters, i.e. (Pi, αi), therefore, we
quantify each internal node by the weight wi, where |wi| = memory size/space that the pages is
carrying. Note that wi is the sum of memory space and multimedia information/data that the
page is carrying. Similarly, each leaf node/page is defined only by the wi because there is no
outgoing edge from any leaf node.
The methodology S-OODM designs schema of a web application in the form of a link-tree
along with five (5) models: Building Component Model, Building Navigational Model,
Building Operation Partitioning Model, Building User Interface Model and Security Model.
Now we quantify these models by defining and proposing their metrics, using the structure of
the schema, link-tree, given in Figure 3.1.
4.1 Schema Metrics
In this section, we propose design metrics of overall schema of a web application. The basis
of this metric is based on the fact that performance of a graph search is proportional to its
depth. It is worthy to mention here that performance of a graph search also shows the
performance of our web-application, as the no. of nodes actually represent no. of web pages.
Hence, performance of a web-application depends upon searching time of a web-application
(which can be extracted from the graph).
We rewrite Equation (1) as follows:
LT= {INi | 1 ≤ i ≤ n} U {LNj |1 ≤ j ≤ m} ------------------ (2)
In the terms of weight and edge of each node/page, the equation can also be written as
follows:
LT= {(wi , αi) | 1 ≤ i ≤ n} U {wj |1 ≤ j ≤ m} ---------------------- (3)
51
The space complexity (SC) of a web application can be computed as follows:
1 1
n m
i j
i j
SC w w
------------------------- (4)
From this metric (SC), we can estimate space requirements of a web application. In equation
(4), the part
1
n
i
i
w is the total sum of the space required by internal nodes of the application; and the part
of equation
1
m
j
j
w is the total sum of space occupied by leaf nodes/pages of the application.
Now we define the term an Access Sequence (AS) of a user in a web application as follows:
ASj = {Pi | 1 ≤ i≤ k} U Pl ----------------- (5)
The Access Sequence (AS) can be computed taking into account both the internal node/page
and the external node/page using the above given notation. The range 1 to k is for the internal
node, whereas, l is for the external page as it has no siblings.
In Equation (5), ASj is the jth access sequence of a web application and Pl is single element
set which is leaf page of the ASj. Further, ASj can also be written in the terms of weights of a
page and α edge weights as follows:
ASj = {(wi,αi) | 1≤ i≤ K} U {wl} ------------------ (6)
Now we define metric for length/depth of the access sequence ASj (LASj)
1
k
j i j
i
L A S
------------------ (7)
52
The metric that is defined in Equation (7) measures the length/depth of an Access Sequence
(AS) of a web application. As we have mentioned earlier, the performance of a web
application depends on its searching time which is designed using an Abstract Data Type
(ADT) graph (flow graph).
Now we first predict total number of access sequences in a web application, then we compute
the sum of lengths of all possible access sequences in the application. This gives the overall
design metric of the application. To predict total number of possible access sequences in a
web application, we use McCabe Chromatic Complexity (CC) of a program (McCabe, 1976).
This complexity has also been used in predicting total number of independent paths in a flow
graph in the defect testing technique (White-Box Testing) that is also referred to as the
path/branch testing [8,30] Note that in this defect testing technique, a source code of a
program is represented as a flow graph. Hence, we can conclude that total number of
independent paths in a flow graph is predicted by using the formula used for the chromatic
complexity metric.
Total number (N) of independent paths in graph/program (with GOTO statement in the
program) is predicted by using the formula given in Equation (8).
N = Number of edges - Number of nodes +2 ---------------------------- (8)
Or
N = e – n +2
Now we define the overall Design Complexity (DC) of a given web application by Equation
(9).
DC = 1
N
j
j
LAS ---------------------- (9)
1 1
N K
ij
j i
DC
------------------------------ (10)
53
In Equation (10), the index i represents ith page in the jth access sequence.
4.2 Component Model
Related multimedia attributes of a page-class are collectively known as Component Model.
Its objectives are described as follows:
Objective
To identify page-classes of web application.
To identify components of a page-class.
To identify multimedia attributes of a component of a page-class.
Contribution
Its main contribution to the design phase is that it provides a component model as an input for
Building Navigation Model and User Interface Model. It also gives an understanding of
components, relationships among them and their access sequences. A set of related
multimedia attribute of a page-class is called component [4]. In the Component Model we
model the following
Multimedia attributes of each page-class and their subdivision into meaningful and
logical components.
Component access sequences: Important First and least important at the end
Measurable Parameter
Page-class complexity of a Component Model is the most significant parameter of itself. It
can be measured by measuring fan-out of components. The components having low fan-out
are considered to be lesser in complexity. And the components having more fan-out indicate
54
Figure 4.2: Logical layout of a web application where fan-out is
Fan-out = 2+3+2=7
the fact that they share more components, which enhances reusability and complexity of these
components.
4.2.1Reusability Metric
As S-OODM is an object oriented design methodology, so we have to measure its features in
terms of features of the object oriented paradigm. Reusability is one of its important
characteristics. In this section we measure reusability of the design of a web application and it
is directly proportional to the depth of a link-tree (which is a logical view of web
applications). A web application is a collection of pages. In the tree, nodes represent the
pages of the application and edges/arcs represent links between the pages/nodes [75, 76].
Design process in the most engineering disciplines is based on reuse of different parts.
Page-class
Page Page Page
Component Component Component
Text Image Sound Video
55
Software should be considered as an asset and reuse of these properties is vital to increase
the return of investment.
Reusability and depth of the tree are directly proportional to each other and an inverse
relationship holds between the depth of a tree and its complexity [4]. However, this relation
holds true only till the depth (D) ≤ 5 and can be maximum 8 but not beyond that as after that
it becomes more complex [4, 74].
Reusability of jth Access Sequence(AS) is equal to the length of the Access Sequence
RASj = 1
n
i j
i
R
-------------------------- (11)
Where RASj =Reusability Access Sequence
i = Count from 1 to total no of links.
j = jth page of the link tree.
Assume there is N number of ASs in a web application then reusability metric for the web
application (RWA) is
RWA=1 1
N n
i j
j i
------------------------ (12)
where i j =1
will attain value 1 always because
α = β if α = 1
Figure 4.3: Uni-directional & Bi- directional Links
α=2 α=1
56
In reusability metric when αi = 1 then we represent α as β to take unique value of α. If it is
required to measure the depth of a tree, then always take β=1. This is the only method to
measure the depth of a tree; else it takes the form of a directed or cyclic graph which is not
within our scope. The links are of two types and they are listed as Uni –directional & Bi-
directional. Through a uni-directional link, user can only go from one page to the next page,
whereas, through a bi-directional link, user can go from one page to the next page and also go
back to the previous page. If αi = 1, then it is a uni-directional edge and if αi=2, then it is a bi-
directional edge.
Advantages
As a positive factor, if the link tree is deeper in hierarchy then greater the reuse. Moreover, it
decreases the cost and time of a project, in terms of space a page is occupying in memory.
Once again this factor holds true only till the depth goes up to 5 or 8, not beyond that.
Disadvantages
As a negative factor, a deeper tree than the one prescribed before, inherits more operations
and attributes that show greater design complexity. Hence more work is required for the
testing of large no. of nodes introduced.
4.3 Navigational Model
The navigational model is used to design the information structure of a web based
application. This information structure helps the user to navigate web pages. It provides
various levels of navigation such as local navigation, global navigation, instance navigation
and menu navigation [Shah, A., 2003].
57
Figure 4.4: Navigational Model with Local, Instance and Global navigation
Navigational model is constructed with the following objectives:
Objectives
To find and define various ways of navigating a web page or web pages.
Easy and efficient access of information from the web pages.
Contribution
Its major contribution is that it provides help in building User Interface Model. Because this
model defines various modes of navigating the web page(s), therefore without this model it is
very difficult to build a user interface model. It helps the user in visiting web pages through
various navigation constructs. It works as a map and guides the user to reach a specific
location in a web page or on another web page.
58
Measurable Parameter
Accessing Time
4.3.1 Navigational Accessing Time Metric
The main purpose of navigational accessing time metric is to help in calculating the total
navigational time to reach the goal. Designer can develop a design by using this metrics
which calculates the total time of navigation,
The time involved between two consecutive nodes is 1 i.e.,
T = 1
As we mention earlier that α = 1 so T = α.
The number of nodes involved are n, where (1 ≤ n ≤ i)
We can calculate the accessing time to reach the goal with the help of this formula:
T = ( n - 1) --------------------------(13)
As the number of nodes involved in a path to reach the goal is increased, then the total
accessing time to reach the specific node will also increase.
n T
The relationship holds true only till the depth of the tree ≤ 5 and can be maximum 8 but not
beyond that as after that it becomes more complex and for that reason consumes more time.
4.4 Operation Partitioning Model
This model is concerned with the following processing units:
The operations represent services that are provided by the web pages of a WA
Design the execution pattern of each operation
59
Design of Message passing pattern among the objects. Building an object-interaction
graph(OIG)
Completing and refining Operation Partitioning Model.
Objective
Its main objective is to identify objects and relationship among them.
Contribution
This model provides the implementation approach of the web application. All objects and
their relationship are defined in this model.
Measurable Parameter
Operations performance
4.4.1 Operation Performance Metric
We can calculate the complexity of an object by calculating the height of its operations’
parameters.
Objects which have a larger no. of operations are more complex.
Its Performance increases (advantage), while its readability decreases (disadvantage).
This implies, performance is inversely proportional to height and readability.
We can calculate the complexity of a component by measuring the total complexity of its
operations the complexity of an operation, then in turn, depends on the complexity of the
parameters it is comprised of. When compared, it is found out that the operations which have
a large no. of parameters are more complex than those which cater to lesser no. of
parameters.
60
Operation Performance metric
(a) (b)
Figure 4.5: Shows the height of two operations
There is a same page but we display it in two different ways. We say page have two
operations and there are two ways to display these operations. Firstly in Figure 4.5(a) two
operations are present in one component and in Figure 4.5(b) two operations are present in
two different components. In first case it is more cohesive. If the component is cohesive then
in this case as an advantage, its efficiency increases but as a disadvantage its readability
decreases. It means efficiency is inversely proportional to readability. Metrics can be defined
as
1
iPerformance
h (hi 0) --------------------------- (14)
i
Ph
The metric given above indicates that as the depth of the tree (value of hi ) increases,
performance (P) will decrease. Whereas, readability (R) increases.
Readability height
iR h
M1
M2
M1
M2
61
1Efficiency
readability
Coherenceheight
iCo
h
-------------------------- (15)
This metric (15) indicates that as the depth of the tree (value of hi ) decreases, coherence (Co)
increases. In contrast the lessening of the value of hi indicates that efficiency (E) increases,
whereas readability (R) decreases.
Efficiencyheight
iE
h
------------------------------ (16)
PerformanceEfficiency
PE
----------------------------- (17)
In web application there are N operations, and then operational complexity is
1 1
1N n
ijj i
Complexityh
------------------------- (18)
N represents total no of component in web application.
n represents total no of operations in component .
hij tell about how many heights have these operations .
According to the metric (15) as the depth of the tree (value of hi ) decreases, coupling (Co)
increases. Moreover, decrease in the value of hi leads to an increase in coupling, an increase
in readability(R) and a decrease in performance (P).
62
In the above equations the proportionality sign can be replaced by k where, k is the
proportionality constant. As we know that proportionality constant k=1.
4.5 User Interface Model
This processing unit deals with the designing of user’s perception and interaction with web
application. Then the user interface design produces a consistent and predictable appearance
of web application pages. The design process first determines user interface elements (for
example, pages, forms, frames, colors, command buttons, bars, check boxes) for the objects,
e.g., page-classes, components, navigation types, operations, and navigation primitives. The
user interface is designed using the frames, which are capable of dividing the window into
different regions, and they are displayed and scrolled separately.
Measurable Parameter
Interface coherence
4.5.1 Interface Coherence Metric
Here we are going to measure the cohesion in terms of relationship between data on one
screen. There are three modes of coherence:
High coherence
Medium coherence
Low coherence
63
4.5.1.1 High coherence
The cohesion is said to be high if data on interface is related to the attributes of the same
component of a page-class. High cohesion for one page can be calculated as follows:
Where -------------------------- (19)
Ps = Attributes of the same component
PWA = All page-classes of web application
4.5.1.2 Medium coherence
The cohesion is said to be medium if data on interface is related to two or more interrelated
components of the same page-class. Medium cohesion can be calculated as follows:
Where
Pr = related components of the same page-class
----------------------- (20)
4.5.1.3 Low coherence
The cohesion is said to be low if data on interface is related to the different page-classes. Low
cohesion can be calculated as following:
---------------------------- (21)
Pdr = related components of different page-classes
By summing all these cohesions, we can determine the overall cohesion of interface of a web
application. It can be calculated as:
h m lWA
WA
Co Co CoCo
P
----------------------------- (22)
sh
W A
PC o
P
rm
W A
PC o
P
drl
WA
PCo
P
drl
WA
PCo
P
d rl
W A
PC o
P
64
Advantages
Highly cohesive pages provide a balanced ratio of width to height.
The highly cohesive page provides unity, which helps to keep the user interest in the page
to get the related information from that same page.
4.6 Security Model
This model provides security at each step of the design phase. Security is implemented by a
security manager. The security is achieved by implementing security at various levels: such
as, at the user level by defining various roles like administrator, super user and user.
Similarly, security is also achieved by various levels of security such as secret, classified and
unclassified. Security is achieved at permission level by permitting a user to update, create,
edit and delete a record. Its objectives are as follows:
Objectives
This model attempts to introduce security at each phase of the S-OODM so that the
information of the application can be secured from unauthorized access.
Contribution
This model has contributed at each step of the design phase. For example in Component
Model it has contributed by securing components and in Navigational Model it has
contributed by securing navigation paths. For example, a user may not be allowed to access a
web page or particular link etc. Similarly it has also contributed in Operation Partitioning
Model because security is actually implanted in business logic and some code, method or
attributes may not be allowed to be accessed by other objects or users.
65
Measurable Parameters of Security Model
There may be several parameters this model which should be measured but following are the
significant parameters.
Security risk
Security check
4.6.1 Security Metric
Security issue in the web applications is critical due to many reasons. It avoids unauthorized
access consistently and protects malfunctioning of the components of the web application. A
page-class consists of pages and these pages consist of some multimedia information also
termed as attributes.
A modification in attributes of any web application can affect the web application as a whole.
To avoid the undesired access to these attributes security consideration is required. To ensure
that web application is free from these attacks, certain measurements are required to be
introduced at design level.
Moreover, in order to achieve consistency, accuracy and to protect critical data contained by
these components, certain security measurements are required. Imposing security is also
accompanied by some drawback in the web applications, like loss of flexibility. There is a
trade-off between flexibility and security. If we increase security then it decreases flexibility,
means flexibility is inversely proportional to security.
1F
S ----------------------------- (23)
Here F represents flexibility and S shows security. If we are imposing more security checks
then there will be low efficiency of the application as it has to perform security checks by
consuming more time. Then efficiency is inversely proportional to security
66
1E
S ------------------------------- (24)
E represents efficiency. Cost is directly proportional to security.
C S -------------------------------- (25)
In the above Equation C represents cost. Space is directly proportional to security.
Space S --------------------------------- (26)
4.6.1.1 Security Risk Metric
A security risk increases when some critical data changes, due to this reason the whole
process becomes destabilized. For that cause, components that contain critical data should be
put on higher security risk. This risk can be calculated as:
Vital Component Ratio =
1
n
i
in
ij
i j
PVCR
P
-------------------------- (27)
VCR represents Vital Component Ratio. Variable n defines the no of critical component in a
page and j defines the total no of components present in a page. Where Pi ≤ Pj.
4.6.1.2 Security Check Metric
Security check metric can be defined as the percentage of security checks in a page divided
by total no of security checks in a page-class.
67
SCM = 1 1
1
n m
ij
i j
n sc
ik
i sc k
C
C
-------------------------- (28)
SCM represents Security check metric Variable n defines the no. of pages in a page-class and
m defines the no of security checks applied in that particular page n. The variable Security
Check (SC) is the maximum number of possible security checks that could be included within
that page-class, where Cij ≤ Cik
68
Chapter 5
Case Study of a University Web Application
5.1 Introduction
The object-oriented design methodology (OODM) was proposed by Shah in 2003 (Shah, A.,
2003) to design web applications. The similar case study was also conducted for OODM by
(Shah, A., 2003). I have borrowed and modified it to accommodate security aspects. In the
chapter 3, we have first extended the methodology by including security element in the
methodology, and are referred to as the secure object-oriented design methodology (S-
OODM) for web applications. The original version of the methodology (OODM) did not
include security aspect of a web application while designing it. In the upgraded version of
OODM, i.e., S-OODM, this aspect has been taken care of. Then the design metrics of the
design elements of a web application which will be developed by using S-OODM were given
in chapter 3.
In this chapter, we show by an example how the proposed methodology take care of security
issues and then evaluation of the proposed metrics have been given in this chapter. The
example is applied by using A University web application as a case study.
In this chapter Section 1 defines the problem statement for a university. Section 2 describes,
using the University web application how the security issues can be handled at the design
phase. Section 3 describes the evaluation of the proposed metrics.
69
LMS SIS CIS TDS BS Exhibition Policy
The
University
Project Employment opportunity
Course
Program
Faculty
Dissertation
Research
center
Department Library
College
Magazine Book Paper
Publication
Student resume
Conference
CS,FC,VS,RS
CS,FC,VS,RS
CS
CS,VS
CS,FC
CS,PS,FC,PR,VS
CS,PS,FC,PR,VS
CS,FC,VS,RS,
Figure 5.1: Overall Design Schema of University Website
70
5.2 Problem Statement
A university web site is intended to host the University Home Page and well-integrated set of
Web pages containing information about University. Web pages on University web site are
intended to have a consistent look and feel user interface. This was given by Shah in 2003
(Shah, A., 2003) in his case study for OODM and we have modified it according to S-
OODM. According to (Shah, A., 2003), the information which contained in the web pages of
University website is as follows:
Departments, research centers, conferences, exhibitions, and colleges.
Courses, projects, libraries, policies, dissertations, and publications.
Degree programs, research papers, book, and magazines.
Employment opportunities, student resumes.
Faculties.
Furthermore, there are some existing information systems in the University Web site, which
are accessible to users. These systems are as follows:
Library Management System (LMS). LMS is used to Search for a publication in the
library.
Student Information System (SIS). SIS is used by users to print students transcripts.
Course Information System (CIS). CIS is used for registering a course and its
timetable for a student.
Telephone Directory System (TDS). TDS is used to search for contact numbers of
University staff.
Bookstore System (BS). BS is used for searching books in the bookstore of the
University.
There are different users who get information from the University website. Those
users include:
71
Faculties: These include those users who teach in University. The information in
which they are interested in accessing is, about: Departments, Research centers,
Conferences, Exhibitions, Colleges, Courses, Projects, Libraries, Policies,
Dissertations, Degree programs, Research papers, Books, Magazines, and Faculties.
They are also interested to use Library Management System (LMS), Course
Information System (CIS), Telephone Directory System (TDS), and Bookstore
System (BS) for searching.
Potential students: These include those students who are interested in studying a
degree program offered by University. The information of their interest is about:
Colleges and their Departments, Degree programs offered by a Department, Courses
offered by a Degree program, Faculties teaching in a college, and Policies of
University. They are also interested in using Telephone Directory System (TDS) for
searching.
Existing students: These include those students who are currently studying in
University. The information of their interest is about: Departments, Research centers,
Conferences, Exhibitions, Colleges, Courses, Projects, Libraries, Policies,
Dissertations, Degree programs, Research papers, Books, Magazines, Employment
opportunities, and Faculties. They may be interested in using LMS, CIS, TDS, and
BIS for searching. They are also interested in using CIS to register a course and its
timetable, and to use SIS to print their transcripts.
Guests: These include users who are from outside University. The information of
their interest is about: Departments, Conferences, Exhibitions, Colleges, Courses,
Degree programs, Research papers, Books, Magazines, and Faculties. They may also
be interested in using LMS, TDS, and BIS for searching.
72
Guardian/parents: These are guardian/parents of existing and potential students. The
information of their interest is about: Departments, Colleges, Courses, Policies,
Degree programs, and Faculties. They may also be interested in using TDS for
searching.
Researchers: These are users performing research. They are interested in accessing
information about the following: Departments, Research centers, Conferences,
Exhibitions, Colleges, Courses, Projects, Libraries, Dissertations, Degree programs,
Research papers, Books, Magazines, and Faculties. They may also be interested in
using LMS, TDS, and BIS for searching.
Companies’ representatives: These are the users who are representing outside
companies. The information of their interest is about: Student resumes, Student
dissertations, Student supervisors, Projects, Faculties involved in Projects,
Departments, Exhibitions, Courses, Degree programs, and Faculties. They may also
be interested in using TDS for searching.
5.3 Analysis Phase
5.3.1 Security Realization
The security model at Analysis phase will be implemented and realization of the security
needs at its different phases has been done as under. This was not given by Shah, A., [2003]
in his case study for OODM. We have borrowed OODM case study to incorporated security
in it and reproduce it as S-OODM. The analysis phase consists of four analysis steps:-
i. Building information model. This step is concerned with identifying multimedia
information that needs to be presented to users and associations among that
73
multimedia information. That information is represented using one diagram called
information model.
ii. Building user navigation model. This step is concerned with identifying potential
users of the hypermedia application, goals of each user class, and user navigation
paths. The information is represented using one diagram called user navigation
model.
iii. Building operation model. This step is concerned with identifying operations
performed by the hypermedia application.
iv. Security Model. This model basically suggest the realization of security in all the
above given models of the S-OODM whose realization will be done in the analysis
phase and will be implemented in the design phase.
For simplicity we have given below the modified models of case study of OODM. The
analysis phase using university hypermedia application will be as under. Next, we describe
each analysis step in more details using university hypermedia application as an example.
5.3.1.1 Building Information Model
Page-classes, their associations and their multimedia attributes are identified in the case study
of university. According to security model following consideration should be given to make it
secure. This was given by Shah [2003] in his case study for OODM and we have modified it
according to S-OODM.
Table 5.1: Building Information Model with security consideration
Page-class User Roles Permission Level of Security
Department User View Classified
Conference User View Classified
74
Course User View Classified
Library User View Classified
Student resume User View Classified
Employment
opportunity
User View Classified
Research Centre User View Classified
College User View Classified
Policy User View Classified
Degree program User View Classified
Paper User View Classified
Faculty User View Classified
Course Registration
System
Administrator Create, update,
delete, edit
Secret
Tel Directory
System
Super User Create, update Classified
Library
management
System
Administrator Create, update,
delete, edit
Secret
Student Academic
Record
Management
System
Administrator Create, update,
delete, edit
Secret
75
5.3.1.2 Building Navigational Model
Table 5.2: Building Navigational Model for Faculty page-class with security consideration
Seq Agent Action Web Resource Secure Session
management
1 Faculty Access university
home page
university
home page
Yes
2 Faculty Access CRS page CRS page Yes
3 Faculty Enter Search criteria CRS page Yes
4 WA Run search query Search output
is created
No.
5 WA Format Output New page is
created
No.
6 WA Display output New page No.
7 Faculty Read Output New page No.
76
Table 5.3: Building Navigational Model for Potential Student with security consideration
Seq Agent Action Web Resource Secure Session
management
1 Potential
student
Access UNIVERSITY
home page
UNIVERSITY
home page
No.
2 Potential
student
Find ‘Computer College’ College index No
3 Potential
student
Access ‘Computer
College’ page
‘Computer
college’ page
No
4 Potential
student
Find ‘CS’ Department
page
Department
index
No
5 Potential
student
Access ‘CS’ Department
page
‘CS
Department’
page
No
6 Potential
student
Find offered graduate
degree programs
Degree
programs
guided tour
No
7 Potential
student
Read degree program
page
Degree
programs page
No
77
Table 5.4: Building Navigational Model for Existing User with security consideration
Seq Agent Action Web Resource Secure Session
management
1 Existing
User
Access UNIVERSITY
home page
UNIVERSITY
home page
Yes
2 Existing
User
Access CRS page CRS page Yes
3 Existing
User
Access registration
form
Registration
Form
Yes
4 Existing
User
Enter course data Registration
Form
Yes
5 WA Validate course data Course data No
6 WA Check Course
conflicts
Course Data No
7 WA Adds the course New Course is
added
Yes
8 WA Acknowledge
Completion
Registration
form
No
9 Existing
User
Read Acknowledge
message
Registration
form
Yes
78
5.3.1.3 Building Operation Model
On the client side, secure socket layer should be enabled in the browser. The client should be
registered in administrative domain. User name and password should be provided in order to
make it authenticated access to the server. On the server side make sure that web application
is placed on the proper place according to need of session management.
This was given by Shah in 2003 (Shah, A., 2003) in his case study for OODM and we have
modified it according to S-OODM.
5.3.1.4 Building Security Model
Proper login page is provided before starting of web application.
IsActive (account No): Boolean
Validate (account No, password): Boolean
Setup_Deatils (accountNi): String
Check_role (account No): String
Figure 5.2: Login verification using security
5.4 Design Phase
Design of Models According to S-OODM
Component model
Login
79
Navigation model
Operation-partitioning model
User interface model
Security Model
This was given by Shah in 2003 (Shah, A., 2003) in his case study for OODM and we have
modified it according to S-OODM by incorporating the security issue. In chapter 4, we gave
a detailed description of the design phase of the proposed development method. In this
section, we discuss the design phase using UNIVERSITY hypermedia application as an
example to show how the design process works. Input to the design phase is the analysis
report containing information model, navigation model, operation model and security model.
The design phase is performed in five steps. First: building component model design step.
This design step is concerned with structuring and presenting multimedia information of each
page-class. Second: building navigation model design step. This design step is concerned
with designing navigation paths using navigation primitives. Third: building operation
partitioning model design step. This design step is concerned with detailing each
hypermedia application operation into sub-operations. These sub-operations are then
partitioned into client and server operations. Fourth: building user interface model design
step. This design step is concerned with describing interface elements for the following:
page-classes, multimedia information, hyperlinks, operations input and output, and
navigation primitives. Fifth: security model design step. This design step is concerned with
the security issues in the above described four models.
Next, we describe each design step in more details using UNIVERSITY hypermedia
application as an example for illustration.
80
5.4.1 Building Component Model
Related multimedia attributes of a page-class are collectively known as Component Model.
Its objectives are described as follows:
To identify classes of pages.
To identify components of a page-class.
To identify multimedia attributes of a component of a page-class.
Its main contribution to the design phase is that it provides a component model as an input to
Building Navigation Model and Building User Interface Model. It also gives an
understanding of components, relationships among them and their access sequences and
provides the security among the components. This was given by Shah [2003] [4] in his case
study for OODM and we have modified it according to S-OODM.
Component design step deals with structuring and presenting the multimedia information of a
page-class. Presenting multimedia information about an entity in one single page which
might be very long may causes difficulties in accessing information in that page and may
disorient users. Also, presenting multimedia information about an entity in different pages
causes difficulties in accessing the information since information are fragmented over
different pages and the long time required loading each page. Therefore, in this design step,
we divide each page-class into a set of meaningful components that can be accessed
individually by users, but can be presented to users in one single page.
In this design step, each page-class in the user model is subdivided into a set of components.
Each component contains a set of related multimedia attributes of the page-class. For
example, Table 5.5 shows the Department page-class subdivided into five components:
general information, objectives, statistics, location, and requirements. The general
information component contains the following multimedia attributes, name, creation date,
81
description, image, and video clip. The objective component contains a text description about
the objectives of establishing the Department. The statistics component contains two charts
showing both courses taught and students graduated per year. The location component
contains a map showing the location of the Department and a text description of the map. The
requirement component contains a text description about the requirements for joining the
Department. These five components are presented to users in the following order: general
information, objectives, requirements, statistics and then location.
Components Multimedia attributes Order of
access
General
information
Name, creation date, description, image,
video clip
1
Objectives Objectives 2
Requirements Requirements 3
Statistics Statistic one, statistic two 4
Location Location one, location two 5
Table 5.5: Components of the Department page-class OODM [Shah, A., 2003]
As another example, information about a Faculty page-class is presented to users using five
components as shown in Table 5.6. These components are: general information, specialty,
research interest, qualification, and job history. The general information component contains
the following multimedia attributes, name, description, image, sound, and video clip. The
specialty component contains a text description about the Faculty specialty. The research
interest component contains a text description about the research interest of the Faculty. The
82
qualification component contains a text description about the Faculty qualification. The job
history component contains a text description about the job history of the Faculty. The
components are presented to users in following sequence: general information, specialty,
research interest, qualification and then job history.
Components Multimedia attributes Order of
access
General information Name, description, image, video clip, sound 1
Specialty Specialty 2
Research interest Research interest 3
Qualification Qualification 4
Job history Job history 5
Table 5.6: Components of the Faculty page-class: OODM [Shah, A., 2003]
In Component model, by considering the Faculty page-class, we have five components:
General Information
Specialty
Research Interest
Qualification
Job History
We have to add security in some of its components, like general information so that nobody
can get access to it, except the authorized person. Similarly security is added to the
qualification component. Those components in which we add security is known as vital
components.
83
5.4.2 Building Navigational Model
The navigational model is used to design the information structure of a web based
application. This information structure helps the user to navigate web pages. It provides
various levels of navigation such as local navigation, global navigation, instance navigation
and menu navigation. Navigational model is constructed with the following objectives:
To find and define the various ways of navigating a web page or web pages.
Easy and efficient access of information from the web pages with security.
Its major contribution is that it provides help in building User Interface Model. Because this
model defines various modes of navigating the web page(s), therefore without this model it is
very difficult to build a user interface model. It helps the user in visiting web pages through
various navigation constructs. It works as a map and guides the user to reach a specific
location in a web page or on another web page. . This was given by Shah in 2003 [4] in his
case study for OODM and we have modified it according to S-OODM.
In the navigation design step, we design the navigational paths that enable hypermedia
navigation. The goals of this design step are as follows. First: to convey the information
structure contained in a hypermedia application to users. Therefore, users will be able to
understand the information structure easily. Second: to help users in accessing the desired
information easily. Third: to orient and guide users while navigating through web pages of a
hypermedia application. Fourth: to provide a single diagram describing how users navigate
through web pages. Therefore, maintaining the hypermedia application will be easier and the
reusability of the navigation components becomes high. Fifth: to provide a base for
implementation and testing phase. Therefore, implementation will be easier since
implementers need only to map navigation components to its corresponding implementation
components.
84
In this design step, navigation paths are categorized into three different types: First: local
navigation paths followed by users to access components of one page-class. For example
moving from the specialty component of a Faculty page to the qualification component of the
same Faculty page. Second: instance navigation paths followed by users to access Web pages
of the same page-class. For example moving from a page representing information about a
Faculty to another page representing information about another Faculty. Third: global
navigation paths followed by users to move from a page-class to another related page-class.
For example, moving from a page representing information about a Faculty to a page
representing information about the Department that the Faculty is working in.
During this design step, we use navigation primitives: uni-directional link, bi-directional link,
index, embedded index, guided tour, indexed guided tour, embedded indexed guided tour,
and menu. These navigation primitives are used to design the navigation paths defined in the
user model. For example, a graphical representation of how navigation primitives are used to
design local, instance, and global navigation for the Department page-class. The description
of the design of these three navigation path types for the Department page-class is given next.
i. Local navigation paths: Users can access different components containing information
about a Department using an index containing a list of hyperlinks pointing to those
components.
ii. Instance navigation paths:
From a college to its Department: Users can navigate through Department pages
belonging to a college using guided tour commands such as forward and backward
commands.
From a Faculty to his Department: One Department page is displayed since a
Faculty belongs only to one Department.
85
From a degree program to a Department: One Department page is displayed
since a degree program belongs only to one Department.
iii. Global navigation:
From a Department to its College: Users can access a Department of the College
by clicking on a hyperlink labeled with ‘Department College’.
From a Department to its Faculties: Users can access Faculties teaching in that
Department by clicking on a hyperlink labeled with ‘Department faculties’.
From a Department to its offered Degree programs: Users can access Faculties
teaching in that Department by clicking on a hyperlink labeled with ‘Department
faculties’.
Figure 5.3: A graphical representation for navigating Department page-class: [OODM:
Shah, A., 2003]
Figure 5.4 shows a graphical representation of how navigation primitives are used to design
local, instance, and global navigation for the College page-class. The description of the
design of these three navigation path types for the College page-class is given next.
C o lle g e
F a c u ltyP ro g ra mD e p a r te m e n t
86
i. Local navigation paths:
Users can access different components containing information about a College using an
index containing a list of hyperlinks pointing to those components.
ii. Instance navigation paths:
From UNIVERSITY to its Colleges. Users can navigate through Colleges belonging
to UNIVERSITY using an index containing hyperlinks pointing to Colleges.
From a Faculty to his College: One College page is displayed since a Faculty
belongs only to one College.
From a Department to its College: One College page is displayed since a
Department belongs only to one College.
From a Library to its College: One College page is displayed since a Library
belongs only to one College.
From a Research center to its College: One College page is displayed since a
Research center belongs only to one College.
iii. Global navigation paths:
From a College to its Departments: Users can access Departments of a College
using an index of hyperlinks pointing to the College Departments.
From a College to its Faculties: Users can access faculties teaching in the College
using an index of hyperlinks pointing to College faculties.
From a College to its Library: Users can access the Library of a College by
clicking on a hyperlink labeled with ‘College library’.
From a College to its Research center: Users can access the research center of a
College by clicking on a hyperlink labeled with ‘College research center’.
87
From a College to UNIVERSITY home page: Users can access UNIVERSITY
home page by clicking on a hyperlink labeled with ‘UNIVERSITY home page’.
Figure 5.4: A graphical representation of navigating College page-class [OODM: Shah, A.,
2003]
Figure 5.5 shows the complete navigation model for UNIVERSITY. All navigation paths in
the user model are designed using navigation primitives. Furthermore, abstract classes are
replaced with menu navigation primitive. For example, UNIVERSITY and Publication page-
classes are replaced with menu navigation primitive.
In Navigation Model, We have to add security in some navigation primitives. By
considering the Faculty page-class, we add security in its general information component. In
a case, when an unauthorized person wants to navigate from general information to next
page, it will not be provided the access, because factor of security is involved in the
navigation primitive.
88
Complete navigational model for the UNIVERSITY WA.
Figure 5.5: Complete navigational model for the UNIVERSITY WA:[OODM: Shah, A.,
2003]
89
5.4.3 Building Operation-partitioning Model
Building Operation-partitioning Model was first generated by (Shah, A., 2003) for OODM; it
has to be reconstructed accordingly for S-OODM. This model is concerned with the
following processing units:-
Building an object-interaction graph(OIG)
Completing and refining Operation Partitioning Model.
Its main objective is to identify objects and relationship among them. This model provides
implementation approach of the web application. All objects and their relationship are
defined in this model.
This design step is concerned with detailing each hypermedia application operation in the
operation model resulted from the analysis phase. To describe each operation in details we
use the Object Interaction Graph (OIG) of Fusion method. For example, Figure 5.7 shows the
registration operation detailed using OIG. The registration operation has been detailed into
three main operations: First, validation operation that validates the user input by insuring that
both user id and course name have values. Second, conflict operation that checks if the
course that need to be registered has either time conflict or a prerequisite conflict. Third, add
operation that adds the course to the list of registered courses for that student.
90
Figure 5.6: The registration operation detailed using both OIG:[OODM: Shah, A., 2003]
The next step is to give an algorithmic description of each sub-operation resulted from
detailing each hypermedia application operations. For example, Figure 5.7 shows algorithmic
descriptions of the Object Interaction Graph for the registration operation.
Operation CIS: Register(user id, course name): message
Operation CIS: Set-permissions(user, information class): message
Check to see if the input is valid (1)
if yes then
check if there is no conflict (2)
if yes then
add the record
else
return an conflict error message
else
return an invalid error message
method CIS: Validate(user id, course name): Boolean
if the user id is entered and course name is entered then
return true
else
A: CIMSRegister(user id, course name ):message
Validate():Bollean
Add(user id, course name )
Check_conflicts(user id, course name): Boolean
1
2
2.1
Check_Max(user id, course name):BooleanCheck_Pre(user id, course name): Boolean
2.2
3
91
return false
method CIS: check conflicts(user id, course name): Boolean
if the user is at maximum of hours then (2.1)
return false
else if the course requires a prerequisite then (2.2)
return false
else
return true
method CIS: Check_Max(user id, course name): Boolean
if the user is at maximum of hours then
return false
else
return true
method CIS: Permit(user , information class): Boolean
if the user has access permissions for the specific information class
then
return true
else
return false
method CIS: Check Pre(user id, course name): Boolean
if the course requires a prerequisite then return false
else
return true
Figure 5.7: Modified Algorithmic descriptions of the OIG for the registration operation:
[OODM: Shah, A., 2003]
92
The final step is to partition the operations into client and server operations. Client operations
are performed at the client side and can be implemented using Java script, VB script, Java
applet, etc. Server operations are performed at the server side and can be implemented using
different techniques such as: First: Common Gateway Interface (CGI) using Java, C++.
Second: Remote Methods Invocation (RMI) using Java. Third: Common Object Request
Broker (CORB) using C++, Java, etc. During this step designers build their decision whether
an operation need to be either a server or a client operation mainly on performance issue. For
example, when a user wants to register a course, the user input should be checked for bad
input. However, when the validation operation is designed to be a server operation, the user
will be informed about bad input only by sending an HTML page from the server back to the
browser.
In Operation Partitioning Model, some operations required to check the security. In the
case of Faculty page-class, the login operation requires security to check that whether the
user and its password are valid or invalid only. The valid user has only the right to add, delete
and modify the information.
5.4.4 Building User Interface Model
The designing of user’s perception and interaction with web application has been deal in this
processing unit. Then the user interface design produces a consistent and predictable
appearance of web application pages. Shah, A., (2003) has built up Interface Model for
OODM and we have reused it to in-cooperate security in S-OODM.
In this model, we have introduced the cohesion metric which helps to measure the cohesion
in terms of relationship between data on one Interface.
In user interface, there are number of components but this is not necessary that user can get
access to every component. Some components may involve security issues in it. Those
components which are critical or vital, they need security. Access is given to only authorize
93
person. In Faculty page-class, only Faculty members get access to all components, but other
users can only visit the components. Moreover they are not authorized to change those
components because we have added security to it.
Figure 5.8: five frame based user interface:[OODM: Shah, A., 2003]
5.4.5 Building Security Model
This model provides security at each step of the design phase. Security is implemented by a
security manager. The security is achieved by implementing security at various levels: such
as, at the user level by defining various roles like administrator, super user and user.
Similarly, security is also achieved by various levels of security such as secret, classified and
unclassified. Security is achieved at permission level by permitting a user to update, create,
edit and delete a record. Its sole purpose is to secure information from unauthorized access.
This model has contributed at each step of the design phase. For example in Component
Model it has contributed by securing components and in Navigational Model it has
contributed by securing navigation paths. For example, a user may not be allowed to access a
web page or particular link etc. Similarly it has also contributed in Operation Partitioning
94
Model because security is actually implanted in business logic and some code, method or
attributes may not be allowed to be accessed by other objects or users.
In Component model, by considering the Faculty page-class, we have five components:
General Information
Specialty
Research Interest
Qualification
Job History
We have to add security in some of its components, like general information so that nobody
can get access to it, except the authorized person. Similarly security is added to the
qualification component. Those components in which we add security is known as vital
components.
In Navigation Model, We have to add security in some navigation primitives. By
considering the Faculty page-class, we add security in its general information component. In
a case, when an unauthorized person wants to navigate from general information to next
page, it will not be provided the access, because factor of security is involved in the
navigation primitive.
In Operation Partitioning Model, some operations required to check the security. In the
case of Faculty page-class, the login operation requires security to check that whether the
user and its password is valid or invalid. Only valid user has the right to add, delete and
modify the information.
95
Chapter 6
Evaluation of Results and Discussion
6.1 Schema Metric Evaluation
Over All Design Complexity of Web Application. These are different access sequences of a
link tree.
Figure 6.1: Shows different access sequences of a link tree
This metric measures the depth of an access sequence of web application. And also calculate
performance of a web application in terms of searching time of a web application.
1
k
j i j
i
L A S
5jL A S
96
DC =1+1+1+1+1+1+1+3+1+6+2+3+3+3+3+3+2+5+3
By knowing the overall complexity of a web application, the designer can measure
complexity and reduce it at the time of design. Because performance of a web application
depends on searching time of a web application
6.2 Space Complexity Metric Evaluation.
We can quantify each internal node by the weight wi . Where wi is sum of the memory
space and multimedia information/data that the page is carrying.
Table 6.1: Multimedia attributes & their type of Department page-class
1 1
N k
ij
j i
D C
44DC
97
With the help of this metric we can calculate the space complexity of a web application.
We can quantify each internal node by the weight wi . Where wi is sum of the memory space
and multimedia information/data that the page is carrying. With the help of this metric we
can calculate the space complexity of a web application. Texts, images and videos have
different weights in terms of spaces in memory. These metrics developed by us help the
designer, at the time of design, to reduce the complexity and cost of the web-application. If
these values come out to be high, the designer can reduce space, cost or time requirements to
an optimum value.
6.3 Component Model Evaluation
6.3.1 Reusability Metric
Reusability metric helps to measure the depth of an independent path and overall complexity
of web application.
1 1
n m
i j
i j
SC w w
1 1
n m
i j
i j
S C w w
1 2 3 0S C K B
98
99
According to the figure the total no. of nodes involved in an independent path are 9.By
putting this value in equation
Page/node = 9
RASj = 9
It means depth of a tree is 9
where depth of the tree should be ≤ 5 and can be maximum 8.
Reusability decreases the space, cost and time of a project. By measuring the reusability at
the time of design the designer can save the valuable resources by keeping ( hi ≤ 5) of its
components and thus can save valuable resources like time , cost and space.( Chidamber,
Kemerer)
6.4 Navigational Model Evaluation
6.4.1 Navigational Accessing Time Metric
Calculate time involved between two consecutive nodes of an access sequence.
Figure 6.3: Shows different access sequence of a Link tree
1
j
j i j
i
R A S R
100
By putting the values of access sequences in metric
For the first case: home Faculty
n = 2
T = (2-1)
T = (1)
For the second case: home College Faculty
n = 3
T = (3-1)
T =(2)
For the third case: home College Department Faculty
n = 4
T = (4-1)
T =(3)
For the forth case:
home College Department program course Faculty
n = 6
T = (6-1)
T = (5)
For the fifth case:
home College Department program course Faculty dissertation
n = 7
T = (7-1)
T = (6)
As the number of nodes involved in a path to reach the goal is increased, then the total
accessing time to reach the specific node will also increase. From this metric we can calculate
101
how much time an operation takes to complete a task, so that complexity remains under
limits. The case was moving towards complexity as its value of nodes is 6.
6.5 Operation-Partitioning Model Evaluation
6.5.1 Operation Performance Metric
By taking two cases of Faculty page-class:
Case 1 Case 2
Figure 6.4: Different cases for Operation Performance
The Faculty page-class has five components and their height is 1 (hi = 1) and the height of
their attributes is 2. Putting these values in the proposed metric for the first case we get:
Here assume k=1 as k is the proportionality constant.
iP
h
i
P kh
(0 1)P
iP k
h
102
Putting k=1 in the metric, we get:
Now putting hi = 1
In this case, as value of P is 1 means efficiency has increased, readability has decreased.
This also indicates that our application is more cohesive.
Now putting hi = 2,
In this case, as performance has decreased, readability has increased. Application has become
less cohesive. As height is increasing, efficiency goes on decreasing.
In Operation performance metric, as value of P is 1 means efficiency has increased and
readability has decreased. This also indicates that our application is more cohesive. But as
value decreases, performance also decreases, whereas, readability increases. In this case, the
application becomes less cohesive. Also, as height increases, efficiency decreases. Basically
with the Operation Performance Metric we are able to calculate the overall performance and
efficiency of a web-application.
i
kP
h
iP
h
P
P (0 1)P
P
0 .5P
103
6.6 User Interface Model Evaluation
6.6.1 Interface Coherence Metric
6.6.1.1 High Cohesion
Figure 6.5: Interface that shows navigation between attributes of the same component
The cohesion is said to be high if data on one interface shows the navigation between
attributes of the same component.
High cohesion can be calculated as:
sh
W A
PC o
P
1
5hC o
0 . 2hC o
iP k
h
104
6.6.1.2 Medium Cohesion
Figure 6.6: Interface that shows navigation between attributes of different components
rm
W A
PC o
P
2
5mC o
0 .4mC o
iP k
h
105
6.6.1.3 Low Cohesion
106
Low cohesion of the given interface is given as under:
High, medium and low cohesion is
If coherence lies between (0 ≤ C ≤ 1) it shows, that if value is near to 1, it means coherence
is low and if far from 1 means high coherence.
If high coherence is achieved, the user can be restricted to one screen for accessing its
components. The interface coherence metrics enables the designer to measure the coherence
and then improve it, which was not possible in case of OODM or any other methodology.
The relevancy and time saving has been increased and navigational effort has been reduced
as more and more information from the same page can be obtained.
6.7 Security Model Metrics Evaluation
6.7.1 Security Risk Metric
By considering the Faculty page-class example, from the case study, we calculate Vital
Component Ratio as follows:
4
5lC o
0.8lCo
d rl
W A
PC o
P
0 .2hC o
0 .4mC o
0 . 8lC o
107
Figure 6.8: Faculty page-class showing 9 multimedia attributes
There are totally 9 attributes in Faculty page-class namely: Name, Description, Image, Video,
Sound, Specialty, Research, Qualification and Job History.
Five of these attributes are crucially vital making any changes to any of these 5 attributes
brings about a multi-fold effect on the rest of the attributes. Keeping this in view, we insert
these values into our metric.
The calculated value is 0.56 and if the value of VCR approximately 1, then it is said to be
more critical in terms of security so this component is critical.
1 50 . 5 6
9
n
i
in
i j
i j
PV C R
P
1V C R
iP k
h
108
The value of (approximately 1) then we can say it is more critical in terms of security. As the actual
value obtained was above 0.5 so it can be said that from security point of view this component is more
critical. This metrics thus provide valuable information to the designer related to the security concern
of each component.
109
Chapter 7
Conclusion and Future Directions
The object-oriented design methodology (OODM) was proposed by Shah in 2003 (Shah, A.,
2003) to design web applications. In this dissertation, we have first extended the
methodology by including security element in the methodology, and it is referred to as the
secure object-oriented design methodology (S-OODM) for web applications. Note that the
original version of the methodology (OODM) did not include security aspect of a web
application while designing it. In the upgraded version of OODM, i.e., S-OODM, this aspect
has been taken care of.
Another work that we have done in this dissertation is the proposals of the design metrics of
the design elements of a web application that has been design using S-OODM. In the next
two sections, we give concluding remarks of our both works in this dissertation, and give
future directions of both works.
7.1 Conclusion
As we have mentioned earlier that in this dissertation we have accomplished two tasks, the
first task is the up-gradation of the original version of OODM and enabling it to develop a
secure design of web applications. Note that in OODM the security aspect of web
applications was not addressed during designing web applications. To include security aspect
in designing web applications, we have included Security Model in OODM that makes
OODM as S-OODM. This model designs and includes security aspects in a design of a web
application. The security is implemented in the S-OODM through a security model. This
model consists of rules, permissions and level of security. Every model in the S-OODM calls
this model for security. The problem statement, information model and operation model are
110
its input, which are used for defining the securities policies, accessing roles and permissions.
There are several roles e.g., Administrator, Super user, user which have set of permissions
e.g. Update, Create, edit, delete Roles are inherited - a subfolder can have different
permission set for the role as the parent folder. Users and groups are given roles. Again, user
can have different roles in the different part of the site.
The second task of this dissertation that we have done is that we have taken the design and
different moles of S-OODM that are used in the design of a web application and proposed
design metrics to evaluate design quality of the web application.
The main design elements of the upgraded methodology (S-OODM) are: i) Link-Tree which
gives an overall logical view (schema) of a web application, ii) Link-Directory, iii)
Operational Model, iv) Navigational Model, v) Operation Partition Model, vi) Interface
Model, vii) Security Model. These models design different aspects of a web application. In
this dissertation, we have proposed design metrics to evaluate the overall quality of a design
by evaluating schema of a web application, which is represented by a link –tree (for details
see Chapter 4), and these models evaluate the different aspect of the web application.
Through these design metrics we can evaluate design quality of a web application and its
different design aspects and assess overall performance of a web application and performance
of its different modules before going to implantation. After the design, if we come to know
about the design quality of a web application, then we are in position to do some important
decisions about the development of the web application before going to implementation.
Hence, we can save the development cost and effort of web applications.
There is another use of these proposed design metrics. In the case, we have two different
designs of a same web application, and we have to decide that which design should be used in
further development of the web application. In this situation, we can decide this by evaluating
and comparing the proposed design quality metrics of both designs. Using these proposed
111
metrics we can tell which design is overall better than other. We can also compare different
aspects of both designs using the model evaluating metrics and can compare them aspect-
wise.
7.2 Future Directions
The methodology, OODM/S-OODM, is believed one of first web application development
methodologies. It provides a complete, detailed and step-wise development process.
Therefore, it needs to be automated. In future work in this direction may be done. There can be
another future direction of this work can be to upgrade this methodology (S-OODM) for the
development of semantic web applications. For handling sub-domains extension of the S-
OODM is required as it handled presently only domain.
112
APPENDIX I
Processing Steps of S-OODM in the Form of Algorithms
(Modified originally proposed for OODM)(A.Shah 2003)
Design Phase Algorithms
Building Component Model
INPUT: Building component Model
OUTPUT: Component Model with security
STEP1: /* Building secure components for page-classes
FOR each page-class in the information model DO
CREATE a set of components for the page-class
FOR each multimedia attribute of the page-class DO
ADD security to the vital multimedia attribute TO the
corresponding component
END {FOR}
END {FOR}
END {STEP 1}
STEP 2: /* Building secure access sequence for components
FOR each page-class in the information model DO
FOR each vital components of the page-class DO
ASSIGN the security and access sequence number
END {FOR}
END {FOR}
END {STEP 2}
113
Building Navigation Model
INPUT: component model and user navigation model
OUTPUT: navigation model with security
STEP 1: /* Building local navigation
FOR each page-class components DO
DEFINE either an index or guided tour navigation primitive to
security access components
END {FOR}
END {STEP 1}
STEP 2: /* Building instance and global navigation
FOR each page-class DO
FOR each incoming path to the page-class check security DO /*
instance navigation
IF the path represents a one-to-one relationship THEN
REPLACE the path WITH a bidirectional link
ELSE
REPLACE the path WITH an index, a guided tour, an indexed
guided tour, embedded index, or embedded indexed guided tour
END {IF}
END {FOR}
FOR each outgoing path from the page-class check security DO
/* global navigation
IF the path represents a one-to-one relationship THEN
REPLACE the path WITH a uni-directional link
114
ELSE
REPLACE the path WITH an index, a guided tour, an indexed
guided tour, embedded index, or embedded indexed guided tour
END {IF}
END {FOR}
END {FOR}
END {STEP 2}
STEP 3: /* replacing abstract classes with the menu primitive
FOR each abstract page-class in the user navigation model
check securities DO
REPLACE the abstract class WITH the menu navigation
primitive
END {FOR}
END {STEP 3}
STEP 4: /* Completing and refining navigation model with
security
FOR each navigation model of a page-class DO
INSERT the navigation model of the page-class INTO the
navigation model
END {FOR}
END {STEP 4}
END {ALGORITHM}
115
Building Operation Partitioning Model
INPUT: Operation Model
OUTPUT: operation-partitioning model with security
STEP 1: /* building object-interaction graph
FOR each dynamic class DO
FOR each operation in the dynamic class DO
DETAIL operation INTO sub-operations using object interaction
graph
END {FOR}
END {FOR}
END {STEP 1}
STEP 2: /* building an algorithmic form for operations by
incorporating security
FOR each object-interaction graph DO
FOR each operation in the object-interaction graph DO
BUILD an algorithmic form for the operation
END {FOR}
END {FOR}
END {STEP 2}
STEP 3: /* Completing and refining operation-partitioning
model with security
FOR each dynamic class DO
FOR each operation in the dynamic class DO
116
CHECK that an object-interaction graph has been built for the
operation
CHECK that what kind of operation is to be performed against a
query. The user might be of any level (Administrator, super
user, user)
CHECK that an algorithmic form has been built for
Operations in the object-interaction graph
END {FOR}
END {FOR}
END {STEP 4}
END {ALGORITHM}
Building User Interface Model
INPUT: component model, navigation model, operation
partitioning
model, and navigation model
OUTPUT: user interface model with security
STEP 1: /* building component user interface with security
FOR each page-class not abstract classes DO
FOR Each component DO
FOR each multimedia attribute in the component check
securities DO
DEFINE user interface elements for the multimedia attribute
END {FOR}
117
END {FOR}; MAP the page-class components TO data frame
END {FOR}
END {STEP 1}
STEP 2: /* Defining interface elements for navigation
primitives by checking security
FOR each page-class not abstract classes DO
DEFINE user interface element FOR the local navigation
primitive
MAP local navigation primitive TO local navigation frame
FOR each navigation primitive representing instance navigation
check security DO
DEFINE user interface elements for the instance navigation
primitive
CREATE a new five-frame user interface FOR the page-class
MAP the page-class components TO data frame
MAP local navigation primitive TO local navigation frame
MAP instance navigation primitive TO local navigation frame
END {FOR}
FOR each navigation primitive representing global navigation
check security DO
DEFINE user interface elements for the global navigation
primitive
END {FOR}
END {FOR}
END {STEP 2}
118
STEP 3: /* Building interface elements for operations with
security
FOR each dynamic page-class DO
DEFINE a form page
FOR each operation of the page-class check security DO
DEFINE interface element for the operation button; DEFINE
interface elements for the input
DEFINE interface elements for the output
END {FOR}
END {FOR}
END {STEP 3}
STEP 4: /* building interface elements for user navigation
model
DEFINE interface elements FOR the home page
FOR each user class DO
DEFINE a menu page FOR the user class containing page-classes
that can be accessed from the home page
FOR each page-class accessed by the user class check security
DO
IF the page-class is an abstract class THEN
DEFINE a menu page FOR the abstract page-class containing
page-classes that can be accessed by the user class
ELSE
119
DEFINE a new five-frame user interface FOR the page-class
MAP the page-class components TO data frame
MAP local navigation primitive TO local navigation frame
MAP instance navigation primitive TO local navigation frame
ADD global navigation primitive TO global navigation frame
END {IF}
END {FOR}
DEFINE connection between page-classes accessed by the user
class
END {FOR}
END {STEP 4}
END {ALGORITHM}
120
References
[1] Norman E. Fenton and Shari Lawrence Pfleeger., Software Metrics: “A Rigorous and
Practical Approach”, 2nd edition International Thomson Computer Press, 1997.
[2] Norman Fenton., Software Measurement: “A Necessary Scientific Basis”, IEEE
Transactions on Software Engineering, Vol 20, No. 3, March I994.
[3] Tom DeMarco., “Controlling software projects: management, measurement &
estimation”, foreword by Barry W.Boehm Publisher, New York, NY, Yourdon Press,
1982.
[4] Abad Shah., “OODM: An Object-Oriented Design Methodology for Development of
Web Applications”, King Saud University, Kingdom of Saudi Arabia ,P. 189-229,
Idea Group, Inc, Copyright © 2003.
[5] Karl.E. Wiegers., “ A Software Metrics Primer”, Copyright © 1999.
http://www.processimpact.com/articles/metrics_primer.pdf
[6] Horst Zuse., “History of Software Measurement”, 14th September, 1995.
http://irb.cs.tu-berlin.de/~zuse/metrics/3-hist.html
[7] Chidamber. S and Kemerer., “A metric suit for Object Oriented Design”, IEEE
transactions on Software Engineering, Vol 20, 1994.
(http://www.aivosto.com/project/help/pm-oo-ck.html)
[8] Roger S. Pressman., “Software Engineering A Practitioner’s Approach”, Fifth Edition
2001.
[9] Sommerville., “Software engineering by Sommerville”, Feb 2008.
121
[10] Shazia & Shah, A., “Proposed life cycle model for web based hypermedia application
development methodologies”, International conference on systems and software
engineering, U.S.A. 2006.
[14] Arthur,L,J., “Measuring programmer Productivity & Software quality”, Wiley, New
York, 1985.
[15] Everald E. Mills., “Metrics in the software engineering curriculum”, Pages: 181 – 200
Volume 6, Issue 1-4, ISSN: 1022-7091, April 1999.
[16] Everald E. Mills., “Metrics in the software engineering curriculum”, publish in journal
Annals of Software Engineering ISSN, 1022-7091 (Print) 1573-7489 (Online), Issue,
Volume 6, Numbers 1-4 / March, 1998, Pages, 181-200 Springer link date, Thursday,
October 28, 2004.
[17] Fernando Brito e Abreu., “Design Quality Metrics for Object-Oriented Software
Systems”. ERCIM news No. 23, Volume 6 Issue 4, October 1995.
[18] krell,Bruce E., “Ada software Development Methodology with case study”, Tutorials
of Tri-Ada 1990, Tri-Ada conference, Baltimore, Maryland, December, 1990.
[20] Firesmith Donald., “Structured Analysis and Object-Oriented Design are not
Compatible”, ACM Ada Letters, Volume XI, Number 9, 1991.
[21] Shumate Ken., "Structured Analysis and Object-Oriented Design are Compatible"
ACM Ada Letters, Volume XI, Number 4, 1991.
[22] Ivory, Rashmi R. Sinha, Marti A. Hearst., “Empirically validated Web page Design
Metrics”, Psychology Department/ EECS Department, UC Berkeley. Appearing in
ACM SIGCHI 01, Seattle, WA, USA , March 31- April 4, 2001.
[23] Halstead., “Elements of Software Science”, New York, Elsevier North-Holland, 1977.
122
[24] McCabe. T. J., A software Complexity Measure”, IEEE transaction of software
engineering vol. 2, pp.308-320, 1976.
[25] McCabe, T. J. and Butler, C.W., “Design complexity measurement and testing”
communications of the ACM, 32(12), pp.1415-25, 1989.
[26] McCabe & Associates., “McCabe Object Oriented Tool User” Instructions. 1994.
[27] Perssman R., “Software Engineering: A Practitioner's Approach”, McGraw Hill, New
York, 1992.
[28] Berard V. Edward., Essays on “Object-Oriented Software Engineering”, Volume I,
Prentice Hall, Englewood Cliffs, New Jersey, 1991.
[29] Cook Steve and Daniels John., “Designing Object Systems: Object-Oriented
Modeling with Syntropy”, Cambridge University, UK, 1994.
[30] Embley David, Kurtz Barry, and Woddfield Scott., “Object-Oriented Systems
Analysis: A Model-Driven Approach”, Prentice Hall, Englewood Cliffs, NJ, 1992.
[31] Halladay Steve and Wiebel Michael., “Object-Oriented Software Engineering”,
Prentice Hall, Kansas, 1993.
[32] Coad Peter and Yourdon Edward., “Object-Oriented Analysis”, Prentice Hall, Cliffs,
New Jersey, 1991.
[33] Coad Peter and Yourdon Edward., “Object-Oriented Design”, Prentice Hall,
Englewood Cliffs, New Jersey, 1991.
[34] Montgomery Stephen., “Object-Oriented Information Engineering”, Academic Press,
USA, 1994.
[35] http://en.wikipedia.org/wiki/Software_quality
123
[36] Civello Franco., “Roles for composite objects in object-oriented analysis and design”,
ACM SIGPLAN NOTICES, Volume 28, Number 10, October, 1993.
[37] Gilbert Philip., “Software Design and Development”, Science Research Associates,
USA, 1983.
[38] Gomaa H., “A Software Design Method for Real-Time Systems”, Communications of
the ACM, Volume 27, Number 9, September, 1984.
[39] Gomaa H., “A Software Design Method for Ada Based Real-Time Systems”,
Proceedings of the Sixth Washington Ada Symposium, June 26-29, 1989.
[40] Mange Geir, Guttorn., “On the purpose of Object-Oriented Analysis,” ACM
SIGPLAN NOTICES, Volume 28, Number 10, October, 1993.
[41] Nielsen, Kjell, and Shumate Ken., “Designing Large Real-Time Systems with Ada”,
McGraw-Hill, New York, 1988.
[42] Ward Paul., "How to Integrate Object-Oriented with Structured Analysis and Design”,
IEEE Software, 1989.
[43] Alessandro Marchetto., “A concerns-based metrics suite for web applications”,
Dipartimento di Informatica e Comunicazione Università degli Studi di Milano Via
Comelico 39, 20135 Milano, Italy, Accepted August 12, 2005.
[44] www.frontendart.com/monitor/help/node23.html - 11
[45] Dr. Linda H. Rosenberg., “Applying and Interpreting Object Oriented Metrics”,
October 1996.
[46] Ivory, R.R. Sinha, and M.A. Hearst., “Preliminary Findings on Quantitative Measures
for Distinguishing Highly Rated Information-Centric Web Pages,” Proc. 6th Conf.
Human Factors and the Web, June 2000.
124
[47] Ivory, R.R. Sinha, and M.A. Hearst., “Empirically Validated Web Page Design
Metrics”, Proc. Conf. Human Factors in Computing Systems, vol. 1, , pp. 53-60,
ACM Press, New York, Mar. 2001.
[48] http://docs.codecharge.com/studio3/html/index.html?http://docs.codecharge.com/
Studio3/html/ UserGuide/IntroWebProg/ArchitectureWebApps.html
[49] http://www.idi.ntnu.no/emner/dif8914/essays/Ziemer-essay2002.pdf
[50] Yourdon, E... JAVA., “The Web, And Software Development”, IEEE Internet
Journal, 25–32, 1996.
[51] Emilia Mendes, Nile Mosley, Steve Counsel., “ Web Metrics estimating design and
authoring effort ”, IEEE, January-March 2001.
[52] Rachel Fewster, Emilia Mendus, “Measurement, Prediction and Risk Analysis for
web Application”, Proceeding of the IEEE , 2002.
[53] Alessandro Marchetto, “A concerns-based metrics suite for web applications”, 2008.
[54] S. Hansen, S. Murugesan, Y. Deshpande and A. Ginge., “Web Engineering: A new
discipline for development of web-based systems”, In Proceedings of the First ICSE
Workshop en Web Engineering, 1999.
[55] Sven Ziemer., “An Architecture for Web Applications”, November 28th, 2002.
[56] Jacobson, I. Christerson, M. Jonsson, P. and Overgaard G., “Object-Oriented
Software Engineering: A Use-Case Driven Approach”, Addison-Wesley, 1992.
[57.a] Garzotto, F., Paolini, P., & Schwabe D. “Authoring-in-the-Large: Software
Engineering Techniques for Hypermedia Application Design”, Proceedings of 6th
IEEE International Workshop on Specification and Design, (193–201), 1991.
125
[57.b] Garzotto, F., Mainetti, L., Paolini, P., & Milano P., “Navigation Patterns in
Hypermedia Databases”, Proceedings of the 26th Annual Hawaii International
Conference on System Sciences, (269–379), 1993.
[58] Fernandes, H. “Online and Hypermedia Information Design”, Proceedings of the
IEEE Conference on Expanding Technologies for Technical Communication, pp 28-
32 1991.
[59] Garzotto, F., Paolini, P., & Schwabe D., “Authoring-in-the-Large: Software
Engineering Techniques for Hypermedia Application Design”, Proceedings of 6th
IEEE International Workshop on Specification and Design, pp 193-201, 1991.
[60] Garzotto, F., Mainetti, L., Paolini, P., & Milano P., “Navigation Patterns in
Hypermedia Databases”, Proceedings of the 26th Annual Hawaii International
Conference on System Sciences, pp 269-379, 1993.
[61] Balasubramaniam, P., Isakowitz, T., & Stohr E., “Designing Hypermedia
Applications”, Proceedings of the 27th Annual Hawaii International Conference on
System Sciences, pp 354–364, 1994.
[62] Isakowitz, D., Stohr, E., & Balasubramanian, P., “RMM: A Methodology for
structured hypermedia design”, Communication of the ACM, 38(8), 34–44, 1995.
[63] Herman, I. & Reynolds, G., “MADE: A Multimedia Application Development
Environment”, Proceedings of the 27th Annual Hawaii International Conference on
Systems Sciences, pp 184-194, 1994.
[64] Rumbaugh, J., Blaha, M., Premerlani, W., Eddy, F., & Lorensen, W., “Object
oriented modeling and design”, Englewood Cliffs, NJ: Prentice Hall, 1991.
[65] Schwabe D. & Rossi G., “Building Hypermedia Applications as Navigational Views
of Information Models”, Proceedings of the 28th Annual Hawaii International
Conference on System Sciences, (231–240), 1995.
126
[66] Gunnar Peterson., “Security Architecture Blueprint”. Arctec Group, LLC, 2006, 2007.
[67] Jehad Al Dallal., “A Design Based Cohesion Metric for Object-Oriented Classes”,
PWASET Volume 25 ISSN 1307-6884, November 2007.
[68] Sommerville, “Software engineering”, Feb 2008.
[69] Shazia & Shah, A., “Proposed life cycle model for web based hypermedia application
development methodologies”, International conference on systems and software
engineering, U.S.A. 2006.
[70] Shah, A., “A framework for life-cycle of the prototype-based software development
methodologies”, The Journal of King Saud University, 13(1): 105–124, 2001.
[71] Ghosheh, Emad and Black, Sue E. and Qaddour., Jihad (2007) “An introduction of
new UML design metrics for Web applicationns”, International Journal of Computer
and Information Science, 8 (4). ISSN 1525-9293, 11 Jan 2010.
[72] Edward B. Allen, Taghi M. Khoshgoftaar, Ye Chen., "Measuring Coupling and
Cohesion of Software Modules: An Information-Theory Approach”, London, England
April 04-April 2006.
[73] Emad Ghosheh, Sue Black, Jihad Qaddour., "Design metrics for web application
maintainability measurement", aiccsa, pp.778-784, IEEE/ACS, 2008.
[74] Judith Barnard, "A new reusability metric for object-oriented software", Software
Quality Journal 7, pp.35-50, 1998.
[75] Devpriya Soni, Ritu Shrivastava, M Kumar., “A framework for validation of object-
oriented design metrices", (IJCSIS) International Journal of Computer Science and
Information Security, Vol. 6, No. 3, 2009.
127
[76] Seyyed Mohsen Jamali., "Object oriented metrics (A Survey Approach)", Jan, 2006
http://ce.sharif.edu/~m_jamali/resources/ObjectOrientedMetrics.pdf