DOCSLIB.ORG

Multi-Domain Engineering with Model-Driven Software Development Using Ontological Foundations

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Multi-Domain Engineering with Model-Driven Software Development Using Ontological Foundations HybridMDSD: Multi-Domain Engineering with Model-Driven Software Development using Ontological Foundations Dissertation zur Erlangung des akademischen Grades Doktoringenieur (Dr.-Ing.) vorgelegt an der Technischen Universität Dresden Fakultät Informatik eingereicht von Dipl.-Medien-Inf. Henrik Lochmann geboren am 4. Januar 1981 in Berlin Gutachter: Prof. Dr. rer. nat. habil. Uwe Aßmann, Technische Universität Dresden Associate Professor Kasper Østerbye, IT University of Copenhagen Tag der Verteidigung: 21.12.2009 Dresden, im Februar 2010 Confirmation I confirm that I independently prepared this thesis with the title HybridMDSD: Multi-Domain Engineering with Model-Driven Software Development using Ontological Foundations and that I used only the references and auxiliary means indicated in the thesis. Dresden, February 25, 2010 Dipl.-Medien-Inf. Henrik Lochmann vi Acknowledgments First and foremost a would like to thank my supervisor professor Uwe Aßmann for his motivation, constructive criticism, and his belief in my work. Once he was convinced by the topic, Uwe was a great sparring partner and excellent quality gate. Also, I would like to thank my second reviewer professor Kasper Østerbye, who proved to be very flexible in a tight schedule towards the submission deadline. I thank my employer the SAP AG, which even enabled me to write a PhD thesis in context its PhD programm. As research associate in the german research project feasiPLe and participant in company-internal projects, I got a valuable insight into professional practice and challenges of large scale software engineering. I owe a great debt to my colleagues at SAP, especially Falk Hartmann, Patrick Wustmann, Steffen Göbel, and Kay Kadner, who never let me down when a topic needed to be discussed. A very important source of criticism, constructive comments, and fruitful discussions were the irregular and regular meetings with the colleagues from the chair of software technology at TU Dresden. Their professional competence in diverse areas of technical and non-technical expertise helped a lot to create visions and reveal immature ideas. I thank all of you for your support. Vital parts of this thesis were contributed by the diploma thesis students Matthias Bräuer, Manuel Zabelt, and Christian Hermann, who worked under my supervision. I had a lot of fun in our joint work and publications. I especially thank Matthias for his exemplary accuracy, unrestricted commitment, and brilliant mind, which brought forward the project significantly. Thanks Florian Heidenreich, Björn Larsson, and Karin Fetzer for the invaluable comments on the written text. Your advices revealed logical inconsistencies, complicated verbalization, and inappropriate respresentations, and improved the quality of this thesis significantly. Last but not least, special thanks go to my brother and my parents, who did not get tired in supporting me and always formed an indispensable backbone for my enthusiasm and endurance. Henrik Lochmann Dresden, February 2010 viii Abstract Software development is a complex task. Executable applications comprise a mutlitude of diverse components that are developed with various frameworks, libraries, or communication platforms. The technical complexity in development retains resources, hampers efficient problem solving, and thus increases the overall cost of software production. Another significant challenge in market-driven software engineering is the variety of customer needs. It necessitates a maximum of flexibility in software implementations to facilitate the deployment of different products that are based on one single core. To reduce technical complexity, the paradigm of Model-Driven Software Development (MDSD) facilitates the abstract specification of software based on modeling languages. Corresponding models are used to generate actual programming code without the need for creating manually written, error-prone assets. Modeling languages that are tailored towards a particular domain are called domain-specific languages (DSLs). Domain-specific modeling (DSM) approximates technical solutions with intentional problems and fosters the unfolding of specialized expertise. To cope with feature diversity in applications, the Software Product Line Engineering (SPLE) community provides means for the management of variability in software products, such as feature models and appropriate tools for mapping features to implementation assets. Model-driven development, domain-specific modeling, and the dedicated management of vari- ability in SPLE are vital for the success of software enterprises. Yet, these paradigms exist in isolation and need to be integrated in order to exhaust the advantages of every single approach. In this thesis, we propose a way to do so. We introduce the paradigm of Multi-Domain Engineering (MDE) which means model-driven development with multiple domain-specific languages in variability-intensive scenarios. MDE strongly emphasize the advantages of MDSD with multiple DSLs as a neccessity for efficiency in software development and treats the paradigm of SPLE as indispensable means to achieve a maximum degree of reuse and flexibility. We present HybridMDSD as our solution approach to implement the MDE paradigm. The core idea of HybidMDSD is to capture the semantics of particular DSLs based on properly defined semantics for software models contained in a central upper ontology. Then, the result- ing semantic foundation can be used to establish references between arbitrary domain-specific models (DSMs) and sophisticated instance level reasoning ensures integrity and allows to handle partiucular change adaptation scenarios. Moreover, we present an approach to automatically generate composition code that integrates generated assets from separate DSLs. All necessary development tasks are arranged in a comprehensive development process. Finally, we validate the introduced approach with a profound prototypical implementation and an industrial-scale case study. x Contents 1 Introduction 1 1.1 Motivation ....................................... 1 1.2 Scope .......................................... 2 1.3 Contributions...................................... 3 1.3.1 Ontology for Software Models......................... 3 1.3.2 Composition Automation ........................... 3 1.3.3 Development Process for Multi-DSL Development ............. 3 1.3.4 Comprehensive Case Study .......................... 3 1.4 Organization ...................................... 3 1.4.1 Formatting Conventions............................ 4 1.4.2 Outline ..................................... 4 2 Background 5 2.1 Model-Driven Software Development......................... 5 2.1.1 Overview .................................... 5 2.1.2 Metamodeling.................................. 5 2.1.2.1 Models ................................ 6 2.1.2.2 Metamodels.............................. 6 2.1.2.3 MOF Metadata Architecture.................... 7 2.1.2.4 Model Transformations ....................... 8 2.1.2.5 Modeling Workbenches ....................... 11 2.1.3 Platform Abstraction and Model Application................ 12 2.1.3.1 What is a Platform?......................... 12 2.1.3.2 MDA Abstraction Layers...................... 13 2.1.3.3 Generation and Interpretation ................... 13 2.2 Domain-Specific Modeling............................... 15 2.2.1 Overview .................................... 15 2.2.2 Domain-Specific Languages .......................... 15 2.2.3 Development with Multiple DSLs....................... 16 2.2.3.1 Interpretive Systems......................... 17 2.2.3.2 Generative Systems ......................... 18 2.3 Software Product Line Enginering .......................... 19 2.3.1 Overview .................................... 19 2.3.2 Development Elements............................. 19 2.3.2.1 Problem Space............................ 19 xii 2.3.2.2 Solution Space............................ 21 2.3.3 Development Stages .............................. 21 2.3.3.1 Domain Engineering......................... 21 2.3.3.2 Application Engineering....................... 21 2.4 Ontologies and the Semantic Web........................... 22 2.4.1 Ontologies.................................... 22 2.4.1.1 Important Terms........................... 22 2.4.1.2 Ontology Hierarchy ......................... 24 2.4.2 Semantic Web.................................. 25 2.4.2.1 Formats and Languages....................... 25 2.4.2.2 Entities and Visualization...................... 26 2.4.3 Reasoning, Description Logics, and Rules .................. 27 2.4.3.1 Description Logics Reasoning.................... 28 2.4.3.2 Rule Reasoning............................ 28 3 Problem Analysis and Vision Outline 31 3.1 Motivational Example ................................. 31 3.2 Efficiency in Software Production........................... 34 3.2.1 Complexity and Knowledge Representation ................. 34 3.2.1.1 Complex Software Development .................. 34 3.2.1.2 Deficient Knowledge Representation................ 35 3.2.2 Variety of Customer Needs .......................... 35 3.2.2.1 Restricted Requirement Formalization............... 35 3.2.2.2 Restricted Product Customization................. 36 3.2.3 Summary .................................... 36 3.3 Vision Outline ..................................... 37 3.3.1 Goals and Technologies ............................ 37 3.3.2 Multi-Domain Engineering........................... 38 3.4 Essential Requirements................................. 41 3.4.1 Language Design...............................
Load more

Recommended publications
  • IPS Signature Release Note V9.17.79
    SOPHOS IPS Signature Update Release Notes Version : 9.17.79 Release Date : 19th January 2020 IPS Signature Update Release Information Upgrade Applicable on IPS Signature Release Version 9.17.78 CR250i, CR300i, CR500i-4P, CR500i-6P, CR500i-8P, CR500ia, CR500ia-RP, CR500ia1F, CR500ia10F, CR750ia, CR750ia1F, CR750ia10F, CR1000i-11P, CR1000i-12P, CR1000ia, CR1000ia10F, CR1500i-11P, CR1500i-12P, CR1500ia, CR1500ia10F Sophos Appliance Models CR25iNG, CR25iNG-6P, CR35iNG, CR50iNG, CR100iNG, CR200iNG/XP, CR300iNG/XP, CR500iNG- XP, CR750iNG-XP, CR2500iNG, CR25wiNG, CR25wiNG-6P, CR35wiNG, CRiV1C, CRiV2C, CRiV4C, CRiV8C, CRiV12C, XG85 to XG450, SG105 to SG650 Upgrade Information Upgrade type: Automatic Compatibility Annotations: None Introduction The Release Note document for IPS Signature Database Version 9.17.79 includes support for the new signatures. The following sections describe the release in detail. New IPS Signatures The Sophos Intrusion Prevention System shields the network from known attacks by matching the network traffic against the signatures in the IPS Signature Database. These signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at [email protected], along with the application details. January 2020 Page 2 of 245 IPS Signature Update This IPS Release includes Two Thousand, Seven Hundred and Sixty Two(2762) signatures to address One Thousand, Nine Hundred and Thirty Eight(1938) vulnerabilities. New signatures are added for the following vulnerabilities: Name CVE–ID
    [Show full text]
  • Ofbiz an Insider View
    OFBiz An Insider View Prepared By: Basil Argasosy Senior Computer Engineering Student King Fahd University of Petroleum & Minerals (K.F.U.P.M) September 01, 2005 Contact Information [email protected] [email protected] or through my personal webpage 1 OFBiz : An Insider View Introduction: The OFBiz framework utilizes the common Three-Tier “Layers” Architecture model in all its applications. It has the Data Layer, the Business “logic” layer, and the Presentation “user interface” layer. The Data Layer and the Service layer have their own engines that are responsible for interaction with the layer. 1) Data Model Layer: It represents the database. There is an Entity Engine that is responsible of this layer that includes database connection, data retrieval, data storage…etc. It used the java Generic Delegator class to connect with the database, and it uses the java Generic Value to represent an entity row to be inserted in the database. 2) Business Logic Layer: It represents the logic, or the services provided to the user and performed on the data layer "database”. There can be services of many types like java, SOAP, simple, workflow, etc. and each type of service has its own handler. There is a Service Engine that is responsible for dealing with services, calling the service, etc. 3) Presentation Layer: OFBiz has moved to use "Screens" to represent the OFBiz pages. So, each page should normally be represented as a screen. An OFBiz page consists of many components like headers, footer, appheader,..etc, so when rendering the page, these are all combined in the order they were placed, or included, in the screen.
    [Show full text]
  • ALEXANDER HSU [email protected]
    ALEXANDER HSU [email protected] EDUCATION UNIVERSITY OF CALIFORNIA, SANTA BARBARA Bachelor of Science Degree in Computer Science and Minor in Japanese July 2008 – Present Cumulative GPA: 3.89/4.0 (212 units); Expected Date of Graduation: June 2012 HONORS/AWARDS 2011 UCSB EACS Dept. Outstanding Service Award 2010 Boeing Corporation Scholarship 2011 National Engineering Week Scholarship Engineering Honors Program since Spring 2009 2011 Yardi Systems Scholarship 2009 Starting Line Cover Photography Award SKILLS Programming Languages: Proficient: C/C++, HTML/CSS, Java, JavaScript/JQuery, Matlab Familiar: Apache HBase, Apache OFBiz, Groovy, MySQL, OpenGL, Perl, Python, Qt Software: Photoshop, Eclipse, Netbeans General: Fluent in English and Chinese; 4th year college level Japanese WORK EXPERIENCE UCSB RESEARCH CENTER FOR VIRTUAL ENVIRONMENTS AND BEHAVIOR Position: Research Assistant Sept 2011 – Present Learning how to design and develop virtual environments through the use of 3DSMax Learning how to program immersive environments through the use of Python scripts to allow for experiments. UCSB DISTRIBUTED SYSTEM LAB Position: Research Assistant June 2011 – Present Implemented the Transaction management layer of G-Store, a scalable data store with transactional multi-key access functionality, using Strict Two Phase Locking (S2PL) to control concurrency. Implemented an independent working system following a regular Apache HBase key-value store implementation and using the Two Phase Commit protocol (2PC) to coordinate the participating nodes. WARP9INC Position: Web Development Intern March 2011 – Present Implement and manage dynamic ecommerce websites with MVC interaction pattern, through Apache OFBiz. Manage both front-end (HTML/CSS/JavaScript) and back-end (Java/Groovy/OFBiz/MySQL). UCSB ACCOUNTING SERVICES AND CONTROLS Position: Systems Administrator August 2010 – June 2011 Troubleshoot and remove viruses; set up/connect various computers onto the domain; and manage the department website.
    [Show full text]
  • Return of Organization Exempt from Income
    OMB No. 1545-0047 Return of Organization Exempt From Income Tax Form 990 Under section 501(c), 527, or 4947(a)(1) of the Internal Revenue Code (except black lung benefit trust or private foundation) Open to Public Department of the Treasury Internal Revenue Service The organization may have to use a copy of this return to satisfy state reporting requirements. Inspection A For the 2011 calendar year, or tax year beginning 5/1/2011 , and ending 4/30/2012 B Check if applicable: C Name of organization The Apache Software Foundation D Employer identification number Address change Doing Business As 47-0825376 Name change Number and street (or P.O. box if mail is not delivered to street address) Room/suite E Telephone number Initial return 1901 Munsey Drive (909) 374-9776 Terminated City or town, state or country, and ZIP + 4 Amended return Forest Hill MD 21050-2747 G Gross receipts $ 554,439 Application pending F Name and address of principal officer: H(a) Is this a group return for affiliates? Yes X No Jim Jagielski 1901 Munsey Drive, Forest Hill, MD 21050-2747 H(b) Are all affiliates included? Yes No I Tax-exempt status: X 501(c)(3) 501(c) ( ) (insert no.) 4947(a)(1) or 527 If "No," attach a list. (see instructions) J Website: http://www.apache.org/ H(c) Group exemption number K Form of organization: X Corporation Trust Association Other L Year of formation: 1999 M State of legal domicile: MD Part I Summary 1 Briefly describe the organization's mission or most significant activities: to provide open source software to the public that we sponsor free of charge 2 Check this box if the organization discontinued its operations or disposed of more than 25% of its net assets.
    [Show full text]
  • Apache Ofbiz Advanced Framework Training Video Transcription
    Page 1 of 208 Apache OFBiz Advanced Framework Training Video Transcription Written and Recorded by David E. Jones Transcription and Editing by Nathan A. Jones Brought to you by Undersun Consulting Based on: The Apache Open For Business OFBiz.org Project Copyright 2006 Undersun Consulting LLC - All Rights Reserved Page 2 of 208 Copyright 2006 Undersun Consulting LLC Copyright 2006 David E. Jones Some content from The Apache Open For Business Project and is Copyright 2001-2006 Apache Software Foundation Copyright 2006 Undersun Consulting LLC - All Rights Reserved Page 3 of 208 Biz is running inside an application server, this infra- Advanced Framework structure still applies. The Containers and Compo- nents, they're just used in a slightly different way. The Overview easiest way to run OFBiz is out of the box, using the Introducing the Series OFBiz start executable jar file, which uses the con- tainer and component infrastructure to load everything Starting screen site/training/AdvancedFramework.html up, get all the tools started when the application server Hello my name is David Jones, and this is the Ad- shuts down, and to stop all of the tools and such as vanced Framework Training Video from Undersun Con- well. And also to configure each of the framework and sulting. I'll be recording and narrating this. I'm one of applications components that make up the open for the administrators of the Open for Business Project, business project. and offer various services including things like these So we'll talk about those, how they're configured, the training videos through a company that is run by myself different things to do plus some conventions for the and Andy Zeneski called Undersun Consulting.
    [Show full text]
  • Ofbench: an Enterprise Application Benchmark for Cloud Resource Management Studies
    OFBench: an Enterprise Application Benchmark for Cloud Resource Management Studies Jean Moschetta Giuliano Casale Imperial College London Imperial College London Department of Computing Department of Computing [email protected] [email protected] Abstract—We introduce OFBench, a new research benchmark To deal with this requirement, we propose OFBench, a for enterprise applications. OFBench is a load generator for realistic research benchmark for the demo e-commerce store the demo e-commerce component of the Apache OFBiz enter- distributed with the Apache Open For Business (OFBiz) ERP prise resource planning (ERP) framework. ERP applications are increasingly important in the cloud market due to the framework. OFBiz is a framework deployed in production growing popularity of Software-as-a-Service (SaaS) solutions, environments, hence our benchmark allows to experiment with hence OFBench is useful to explore the resource consumption a software architecture and a technology stack that are repre- patterns arising in these applications. On client-side, OFBench sentative of real business applications. For these applications, features randomized customer surfing patterns, workload gener- OFBench can stress a range of performance indicators such ation based on automation of real web browsers, reproducible burstiness in inter-request and inter-session think times, non- as response times, CPU utilization, memory consumption, stationary workload generation. On server-side, it features JMX number of active sessions over time, multi-threading levels, performance monitoring, business logic instrumentation, and data caching. JMX measurement beans and code instrumen- synchronization with client-side monitoring via TCP sockets. We tation are used on server-side to perform monitoring.
    [Show full text]
  • Code Smell Prediction Employing Machine Learning Meets Emerging Java Language Constructs"
    Appendix to the paper "Code smell prediction employing machine learning meets emerging Java language constructs" Hanna Grodzicka, Michał Kawa, Zofia Łakomiak, Arkadiusz Ziobrowski, Lech Madeyski (B) The Appendix includes two tables containing the dataset used in the paper "Code smell prediction employing machine learning meets emerging Java lan- guage constructs". The first table contains information about 792 projects selected for R package reproducer [Madeyski and Kitchenham(2019)]. Projects were the base dataset for cre- ating the dataset used in the study (Table I). The second table contains information about 281 projects filtered by Java version from build tool Maven (Table II) which were directly used in the paper. TABLE I: Base projects used to create the new dataset # Orgasation Project name GitHub link Commit hash Build tool Java version 1 adobe aem-core-wcm- www.github.com/adobe/ 1d1f1d70844c9e07cd694f028e87f85d926aba94 other or lack of unknown components aem-core-wcm-components 2 adobe S3Mock www.github.com/adobe/ 5aa299c2b6d0f0fd00f8d03fda560502270afb82 MAVEN 8 S3Mock 3 alexa alexa-skills- www.github.com/alexa/ bf1e9ccc50d1f3f8408f887f70197ee288fd4bd9 MAVEN 8 kit-sdk-for- alexa-skills-kit-sdk- java for-java 4 alibaba ARouter www.github.com/alibaba/ 93b328569bbdbf75e4aa87f0ecf48c69600591b2 GRADLE unknown ARouter 5 alibaba atlas www.github.com/alibaba/ e8c7b3f1ff14b2a1df64321c6992b796cae7d732 GRADLE unknown atlas 6 alibaba canal www.github.com/alibaba/ 08167c95c767fd3c9879584c0230820a8476a7a7 MAVEN 7 canal 7 alibaba cobar www.github.com/alibaba/
    [Show full text]
  • 2007 Javaonesm Conference Word “BENEFIT” Is in Green Instead of Orange
    there are 3 cover versions: Prospect 1 (Java) It should say “... Save $200!” on the front and back cover. The first early bird pricing on the IFC and IBC should be “$2,495”, and the word “BENEFIT” is in orange. ADVANCE CONFERENCE GUIDE Prospect 2 (Non-Java) The front cover photo and text is different from Prospect 1. The text of the introduction Last Chance to Save $200! Register by April 4, 2007, at java.sun.com/javaone paragraphs on the IFC is also different, the 2007 JavaOneSM Conference word “BENEFIT” is in green instead of orange. Features Java Technology, Open Source, Web 2.0, Emerging Technologies, and More Don’t miss this year’s newly expanded content. Advance your development skills with hundreds of expert-led, in-depth technical sessions in nine tracks over four days: The back cover and the IBC are the same as Consumer Technologies | Java™ SE | Desktop | Java EE | Java ME Prospect 1. The Next-Generation Web | Open Source | Services and Integration | Tools and Languages How to navigate this brochure and easily find what you need... Alumni For other information for Home Conference Overview JavaOnePavilion this year’s Conference, visit java.sun.com/javaone. It should say “... Save $300!” on the front Registration Conference-at-a-Glance Special Programs and back cover. The first early bird pricing on Hyperlinks Bookmark Buttons Search Click on any of the underlined Use the bookmark tab to Click on the buttons at the top Pull down from the Edit menu and the IFC and IBC should be “$2,395”, and the links to visit specific web sites.
    [Show full text]
  • Guide De L'open Source
    GUIDE DE L'OPEN SOURCE I .T IS OPE N PREAMBULE SMILE Smile est une société d’ingénieurs experts dans la mise en œuvre de solutions open source et l’intégration de systèmes appuyés sur l’open source. Smile est membre de l’APRIL, l’association pour la promotion et la défense du logiciel libre, du PLOSS – le réseau des entreprises du Logiciel Libre en Ile-de-France et du CNLL – le conseil national du logiciel libre. Smile compte plus de 1200 collaborateurs dans le monde ce qui en fait le premier intégrateur français et européen de solutions open source. Depuis 2000, environ, Smile mène une action active de veille technologique qui lui permet de découvrir les produits les plus prometteurs de l’open source, de les qualifier et de les évaluer, de manière à proposer à ses clients les produits les plus aboutis, les plus robustes et les plus pérennes. Cette démarche a donné lieu à toute une gamme de livres blancs couvrant différents domaines d’application. La gestion de contenus (2004), les portails (2005), la business intelligence (2006), la virtualisation (2007), la gestion électronique de documents (2008), les PGIs/ERPs (2008), les VPN open source (2009), les Firewall et Contrôle de flux (2009), les Middleware orientés messages (2009), l’ecommerce et les Réseaux Sociaux d'Entreprise (2010), le Guide de l’open source et NoSQL (2011), Mobile et Recensement et audit (2012), et plus récemment Big Data et ERP open source pour l’e-commerce (2014). Chacun de ces ouvrages présente une sélection des meilleures solutions open source dans le domaine considéré, leurs qualités respectives, ainsi que des retours d’expérience opérationnels.
    [Show full text]
  • Testsmelldescriber Enabling Developers’ Awareness on Test Quality with Test Smell Summaries
    Bachelor Thesis January 31, 2018 TestSmellDescriber Enabling Developers’ Awareness on Test Quality with Test Smell Summaries Ivan Taraca of Pfullendorf, Germany (13-751-896) supervised by Prof. Dr. Harald C. Gall Dr. Sebastiano Panichella software evolution & architecture lab Bachelor Thesis TestSmellDescriber Enabling Developers’ Awareness on Test Quality with Test Smell Summaries Ivan Taraca software evolution & architecture lab Bachelor Thesis Author: Ivan Taraca, [email protected] URL: http://bit.ly/2DUiZrC Project period: 20.10.2018 - 31.01.2018 Software Evolution & Architecture Lab Department of Informatics, University of Zurich Acknowledgements First of all, I like to thank Dr. Harald Gall for giving me the opportunity to write this thesis at the Software Evolution & Architecture Lab. Special thanks goes out to Dr. Sebastiano Panichella for his instructions, guidance and help during the making of this thesis, without whom this would not have been possible. I would also like to express my gratitude to Dr. Fabio Polomba, Dr. Yann-Gaël Guéhéneuc and Dr. Nikolaos Tsantalis for providing me access to their research and always being available for questions. Last, but not least, do I want to thank my parents, sisters and nephews for the support and love they’ve given all those years. Abstract With the importance of software in today’s society, malfunctioning software can not only lead to disrupting our day-to-day lives, but also large monetary damages. A lot of time and effort goes into the development of test suites to ensure the quality and accuracy of software. But how do we elevate the quality of test code? This thesis presents TestSmellDescriber, a tool with the ability to generate descriptions detailing potential problems in test cases, which are collected by conducting a Test Smell analysis.
    [Show full text]
  • Deployment-Grade Tools and Methodologies for Software Security
    From Theory to Practice: Deployment-grade Tools and Methodologies for Software Security Sazzadur Rahaman Dissertation submitted to the Faculty of the Virginia Polytechnic Institute and State University in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science and Applications Danfeng (Daphne) Yao, Chair Naren Ramakrishnan Patrick R. Schaumont Gang Wang David Evans July 20, 2020 Blacksburg, Virginia Keywords: Program Analysis, Static Analysis, Cryptographic Program Analysis, Taint Analysis, Program Slicing, Payment Card Industry, Data Security Standard, Internet Measurement, Website Scanning, Data Breach, Web Security Copyright 2020, Sazzadur Rahaman From Theory to Practice: Deployment-grade Tools and Methodologies for Software Security Sazzadur Rahaman (ABSTRACT) Following proper guidelines and recommendations are crucial in software security, which is mostly obstructed by accidental human errors. Automatic screening tools have great potentials to reduce the gap between the theory and the practice. However, the goal of scalable automated code screen- ing is largely hindered by the practical difficulty of reducing false positives without compromising analysis quality. To enable compile-time security checking of cryptographic vulnerabilities, I de- veloped highly precise static analysis tools (CRYPTOGUARD and TAINTCRYPT) that developers can use routinely. The main technical enabler for CRYPTOGUARD is a set of detection algorithms that refine program slices by leveraging language-specific insights, where TAINTCRYPT relies on symbolic execution-based path-sensitive analysis to reduce false positives. Both CRYPTOGUARD and TAINTCRYPT uncovered numerous vulnerabilities in real-world software, which proves the effectiveness. Oracle has implemented our cryptographic code screening algorithms for Java in its internal code analysis platform, Parfait, and detected numerous vulnerabilities that were pre- viously unknown.
    [Show full text]
  • Apache Ofbiz™
    Getting Started with Apache OFBiz™ In 5 Easy Steps Ruth Hoffman Last Updated June 2010 Title: Getting Started with Apache OFBiz® In 5 Easy Steps Author: Ruth Hoffman ©2009-2010 Ruth Hoffman, All Rights Reserved ISBN 978-0-9842907-2-7 About the Author: Ruth Hoffman has over 25 years of computer industry experience. She began her career designing and writing real-time command & control systems. From there, she moved into software engineering and technical marketing where she was responsible for operating systems, database and infrastructure product management, marketing and sales support. She has held roles in project management, training and software sales. Over the last several years, she has moved back to her roots designing and implementing complex enterprise software systems using state-of-the-art open source tech- nologies. As an advocate of OFBiz, she has been using the OFBiz project software since early 2000 for a variety of successful enterprise projects including numerous e-commerce and ERP implementations. Her most recent project, myOFBiz.com, is an endeavor to use OFBiz exclusively to develop, market and distribute the highest quality learning resources for and about OFBiz. Please visit the website at: http://www.myofbiz.com ©2010 Ruth Hoffman, All Rights Reserved Page 2 Getting Started with Apache OFBiz® in 5 Easy Steps Table of Contents Introduction ............................................................................................................................................................4 Purpose ...............................................................................................................................................................4
    [Show full text]