08:55 - 09:55
Evolving Knowledge about COTS - Opening Keynote
Author:
V. Basili
Presentation (pdf)
The talk offers a set of experiences in trying to formalize and update our knowledge about COTS Based Development. The experience ranges from observations of several COTS-based developments at NASA/GSFC via structured interviews with project personnel to the elicitation of tacit knowledge form experience personnel in the form of e-Workshops to the development of a lessons learned experience base to the evolution of a set of hypotheses.
Based upon these experiences we will propose a refinement of the definition of COTS to distinguish "easy" from "hard" COTS products, introduces the concept of COTS pattern, and analyzes the effect of COTS products on the software development process, and suggest some experience-based guidelines for projects using COTS products.
10:15 - 11:15
A Model for Recording Early-Stage Proposals and Decisions on Using COTS Components in Architecture
Author:
T. Ihme
Presentation (pdf)
Large networked systems can include the whole technological spectrum of embedded systems from deeply embedded application-specific systems to software intensive applications including COTS component intensive subsystems. Significant up-front and early-stage architectural design is required for COTS component acquisition and evaluation. COTS related architectural decisions, constraints and knowledge must be communicated from design processes to component acquisition and business processes and vice versa. This paper describes a model for identifying and recording constraints, possibilities and needs for COTS components in architecture. The decision model associates COTS component needs with elements in the first part of the software architecture to be designed. Decisions related to a specific architectural model are listed in a table form. A decision includes a reference to the related architectural model element or to a separate variation point model that describes relationships between architectural elements and the results of the decision.
BiCom: An Evaluation Framework for COTS Components
Authors:
F. Sudaman
& C. Mingins
Presentation (pdf)
The evaluation and selection of COTS components is a critical process that directly affects the cost, quality and robustness of the target systems. However, in the evaluation phase of the purchasing process, component vendors and purchasers have potentially conflicting interests. In this paper we introduce an approach that enables vendors to allow access to their components for evaluation purposes, while restricting access to and retaining control over the implementation. At the same time purchasers are able to exercise the components as if they had complete access to it, perform extensive evaluation and integration testing and even extend the component's functionality without having direct access to the original implementation.
COTS-Based Development: Taking the Pulse of a Project
Authors: E. Morris,
C. Albert & L. Brownsword
Presentation (pdf)
Commercial-off-the-shelf- (COTS)-based systems demand new indicators for determining a project's progress and it's potential for success. Research by the COTS-based system (CBS) Initiative at the Software Engineering Institute (SEI) has shown that organizations building, acquiring, or supporting systems that rely on COTS products experience a consistent set, or pattern, of problems. These patterns provide the foundation for SEI seminars and workshops that present high-level keys to success along with activities or artifacts to look for in successful CBS projects. These same patterns underlie the SEI COTS usage risk evaluation (CURE) technique for conducting a detailed risk analysis of the use of COTS products within an ongoing project. This paper reports on work that expands these efforts to provide an easily used mechanism to help organizations avoid inadequate practices and employ improved ones - in effect, to allow program managers to take the pulse of their COTS-based projects.
11:05 - 11:50 AM
Designing Secure Integration Architectures
Authors: G. Jonsdottir, L. Davis &
R. Gamble
Presentation (pdf)
Security has become a paramount concern due to dramatic advances of network technologies and a wide variety of new business opportunities. These advances have also brought the need for integration of software systems to the surface, mainly for real-time, information sharing. Because these systems are network-based, COTS products are predominantly used in this type of integration effort. Security is still a relatively new concern. It is often addressed as an afterthought in software development. Unfortunately, to ensure a high degree of security, it is imperative to examine the concerns in a principled manner. Software architecture provides a unique opportunity to assess and structure security issues in concert with the integration solution design. In this paper, we describe an approach to constructing secure integration architectures - architectural solutions to component interoperability to satisfy certain functional security policies.
Coordination in COTS-Based Development
Authors:
M. Krieger, M. Vigder, J.C. Dean & M. Siddiqui
Presentation (pdf)
This paper introduces the basic concepts of coordination based design and addresses three important issues of COTS-based systems: meeting user needs, selection of proper COTS software and meeting non-functional requirements. It shows that established engineering practices that deal with these issues may be imposed during the development cycle by separating coordination from execution. By integrating COTS software using a coordinator, designers can address these issues up front.
Tools for Successful COTS Software Implementation and Integration
Authors: G.M. Talbott & J.M. Dobson
Presentation (pdf)
Government and commercial industries are relying more and more on the successful integration of Commercial-Off-The-Shelf (COTS) software to reduce systems development and maintenance costs and keep pace with technological advances. The use of COTS software in systems development introduces the need for unique software engineering approach and expertise. COTS products integration combined with expertise in the research, analysis, and selection of technologies for a particular market is essential to the successful implementation of COTS-based systems. This presentation is based on the experience of Lockheed Martin (LM) Asset Solution Integration (ASI) services as a solution integrator in the Enterprise Asset Management (EAM) arena, and will explore valuable lessons learned when faced with the challenge of successfully architecting, implementing, and delivering COTS-based systems.
13:00 - 13:45
Evaluating COTS Based Architectures
Authors: M. Vigder, T. McClean & F. Bordeleau
Presentation (pdf)
The criteria for evaluating the architecture of COTS based software systems is different from the criteria used for custom-built software systems. These differences arise due to the different development and maintenance scenarios that are the business drivers for COTS based software systems. Current architecture evaluation methods must be adapted to take these differences into account. One approach is to use the Architecture Tradeoff Analysis MethodSM (ATAMSM) as a basis for the evaluation. This can be done by identifying the Scenarios and Utility Trees that are applicable to COTS based software systems.
Integrating COTS in Safety Critical Systems Using RTCA/DO-178B Guidelines
Author: B. Maxey
Presentation (pdf)
This paper examines the usage of commercial off the shelf (COTS) software embedded in sensor products for avionics applications. Usage of the guidelines of RTCA/DO-178B including consideration of independence, software criticality level and structural coverage are addressed. A comparison is made between development considerations for implementation of different software safety criticality levels.
Not All CBS Are Created Equally: COTS Intensive Project Types
Authors: D. Port, J. Bhuta, Y. Yang & B. Boehm
Presentation (pdf)
COTS products affect development strategies and tactics, but not all CBS development efforts are equal. Based on our experiences with 20 large government and industry CBS projects assessed during our development of the COCOTS estimation model, and our hands-on experience with 52 small e-services CBS projects within USC's graduate level software engineering course, we have identified four distinct CBS activity areas: assessment intensive, tailoring intensive, glue-code intensive, and non-COTS intensive. The CBS activity type fundamentally affects the COTS related activity effort and project risks. In this work we define the three COTS activity intensive CBS types and discuss their strategic comparisons based on an empirical study of the spectrum of large and small CBS projects.
13:50 - 14:35
Assessment of Reusable COTS Attributes
Authors: M. Torchiano & L. Jaccheri
Presentation (pdf)
Among the main activities involved in COTS-based development there are identification, evaluation, and selection of COTS products. Several techniques have been developed for these activities; all of them are based on measurement of attributes. The effort devoted to these activities is more valuable if the attributes can be reused. Since the evaluation of COTS is a very project-specific activity, the definition of reusable attributes is difficult. Several studies show that it is possible and convenient to develop a reusable attribute framework. We propose a set of simple and generic criteria can be used to validate the set of attributes and improve them.
Techniques for Embedding Executable Specifications
Authors: R. McKegney & T. Shepard
Presentation (pdf)
In this paper, we consider interface contracts as a possible mechanism for improving semantic integrity in component-based systems. A contract is essentially a formal specification interleaved with code and allowing a component or object to unambiguously specify its behaviour. The existing techniques that we survey are predominantly designed for object-oriented systems; we therefore investigate the extent to which they can be scaled up to the level of components, and embedded in interface specifications rather than code. We conclude that interleaved specifications are viable and useful at the level of components, but that future work is required to develop languages that can express the constraints that are important at this level of granularity.
Implications of using the Capability Maturity Model Integration (CMMI) for COTS-Based Systems
Authors: L. Brownsword, C. Albert & B. Tyson
Presentation (pdf)
Using commercial off-the-shelf (COTS) products to meet the needs of business or operational applications is an increasing trend. Practical experience is showing that building systems using COTS products requires new skills and different processes. Practitioners are finding that building and supporting COTS-based systems demands more, not less, management and engineering discipline. Many organizations have derived substantial benefits through process improvement using Capability Maturity Models (CMMs) and want to leverage previous investments in process improvement to build COTS-based systems. In addition, organizations building COTS-based systems want to begin applying the CMMI. This leads to the question, "How should the CMMI be interpreted for organizations building, fielding, and supporting a COTS-based system?" This paper provides high-level guidance on interpreting and using CMMI practices in a way that facilitates the development and definition of appropriate processes for COTS-based systems.
08:55 - 09:55
Living With COTS - Closing Keynote
Author:
B. Balzer
Presentation (pdf)
Computer usage has evolved from small special purpose applications to
large Commercial Off The Shelf Software (COTS) products that dominate
the landscape. These COTS products present major challenges for our
traditional forms of extension and integration.
This talk will explore those challenges and suggest a new integration
architecture for COTS tools which provides access and visibility into
the document/design information contained within a COTS tool and
shares that information with external tools so that they can track
user actions and provide analysis and automation services for the user
within the COTS tool.
The talk will illustrate the utility and breath of this architecture
through COTS integrations that put a semantics behind PowerPoint
diagrams, recreate corrupted Word documents from an automatically
recorded application-level change history, integrate external
analysis tools with Rationale Rose, add semantic markup to
PowerPoint and Word, and protect PCs from malicious active content
in a wide variety of COTS products.
10:15 - 11:15 AM
COTS Software Quality Evaluation
Authors:
L. Beus-Dukic & J. Boegh
Presentation (pdf)
Assessment and evaluation of COTS software products has become a compulsory and crucial part of any COTS-based software system life-cycle. A risk of selecting a product with unknown quality properties is no longer accept-able. This paper presents a framework for quality evaluation process of COTS software products. Our approach, based on the latest international standards for software product quality and evaluation, provides acquirers of COTS software with a method to select software products with identified and measured quality characteristics.
Classifying Interoperability Conflicts
Authors: L. Davis, D. Flagg ,
R. Gamble, C. Karata
Presentation (pdf)
A common path for integrated application development is to pick COTS or legacy products, choose a middleware product, and determine what additional functionality is needed to make it all work. While this may seem the most expedient and least costly way to develop an integrated application, unexpected interoperability conflicts can surface after implementation, deployment and/or evolution of any of the participating components. An interoperability conflict is the result of inhibited communication of control or data among components. Current research has shown that interoperability conflicts can be traced to the software architecture of the components and integrated application, making this level of abstraction a suitable domain for conflict description. In this paper, we describe and substantiate a set of architecture-based conflicts that embody the predominant interoperability problems found in software integrations.
Estimating the Cost of Security for COTS Software
Authors:
D.J. Reifer , B.W. Boehm & M. Gangadharan
Presentation (pdf)
This paper describes enhancements being made to the University of Southern California's COnstructive COTS (COCOTS) integration cost model to address security concerns. The paper starts by summarizing the actions we have taken to enhance COCOMO II to model the impact of security on development effort and duration. It then relates the COCOMO II approach to the COCOTS estimating framework so that the enhancements proposed can be incorporated into the COCOTS model. After summarizing the team's progress in developing counterpart COCOTS security cost drivers and expert-consensus cost driver parameter values, the paper points to the steps that will be taken to validate the findings and calibrate the model.
11:05 - 11:50
Defining a Quality Model for Mail Servers
Authors: J.P. Carvallo,
X. Franch & C. Quer
Presentation (pdf)
One of the factors that influence the success of a COTS procurement process is a deep knowledge of the COTS market. The existence of exhaustive and structured COTS descriptions of components belonging to concrete COTS domains may be used as a framework in which particular COTS could be evaluated and compared to user requirements during the procurement process. Because of its specific characteristics, mail-related COTS is a domain that may benefit from these kind of descriptions. This paper presents an ISO/IEC-based quality model for the mail servers COTS domain applying a precise methodology. A general overview of this methodology is presented and its application to the domain is detailed. The use of the mail server quality model is illustrated in some particular procurement contexts.
Protective Wrapper Development: A Case Study
Authors: T. Anderson,
M. Feng, S. Riddle & A. Romanovsky
Presentation (pdf)
We have recently proposed a general approach to engineering protective wrappers as a means of detecting errors or unwanted behaviour in systems employing an OTS (Off-The-Shelf) item, and launching appropriate recovery actions. This paper presents results of a case study in protective wrapper development, using a Simulink model of a steam boiler system together with an OTS PID (Proportional, Integral and Derivative) controller. The protective wrappers are developed for the model of the system in such a way that they allow detection and tolerance of typical errors caused by unavailability of signals, violations of limitations, and oscillations.
e-COTS Portal and Platform: An Inter-Industrial Initiative for COTS-Related Information Sharing
Authors:
J.-C. Mielnik, B. Lang, J.-G. Schlosser, V. Bouthors
Presentation (pdf)
The goal of the eCots project is to setup an open portal for collecting, improving and sharing accurate information on software COTS products and producers. The core information will be freely available on the Internet, with secure replication mechanisms available under subscription, allowing enterprises to synchronize their private intranet information with the portal data. The eCots project is based on the in-depth formalization and standardization of COTS related data, as well as innovative business and legal approaches related to this kind of open information sharing and content collaborative production, inspired by the open source initiative.
13:00 - 13:45
Establishing Trust in COTS Components
Authors:
A. Bader, C. Mingins, D. Bennett & S. Ramakrishnan
Presentation (pdf)
Increased use of COTS software components means increased demand for trust in these artifacts. The problem lies in the fact that trust is mainly a philosophical concept. We all deal with trust issues in our daily life yet it is hard for us to identify the attributes of trust. In the context of software components certain aspects and features can be classified as trust attributes. In this paper we attempt to identify these attributes and describe a mechanism to effectively use these in the selection and integration of COTS components. We also emphasize the important connection between the production and procurement processes and discuss how it can help us establish better trust in software components.
UML-based Integration Testing for Component-Based Software
Authors:
Y. Wu, M.-H. Chen & J. Offutt
Presentation (pdf)
Component-based software engineering is increasingly
being adopted for software development. Currently, components
delivered by component providers only include specifications of
the interfaces. This imposes significant difficulties on adequate
testing of an integrated component-based system. Without source
code, many testing techniques will not be applicable. UML, a
modeling language, has been widely adopted in component-based
software development process. Many of its useful tools, such as
interaction diagrams, statechart diagrams, and component diagrams,
characterize the behavior of a component in various aspect, and
thus can be used in testing component-based systems. In this
paper, we first analyze different test elements that are critical
to test component-based software, Then we propose a group of
UML-based test elements, test adequacy criteria, and an
infrastructure to test component-based software. The most novel
aspect of this research is that these UML-based test elements that
are defined in this paper will not only be able to used in the
verification of component-based software, but can also be used in
many other component-based engineering activities such as
component identification, selection, customization, maintenance
and etc, which has the potential to greatly improve the quality of
component-base software.
Bringing COTS Information Technology into Small Manufacturing Enterprises
Authors:
J. Robert, S. Garcia , C. Buhman & D. Allinder
Presentation (pdf)
Due to increasing competitive pressure, many small manufacturing enterprises (SMEs) are considering COTS software technology improvements to increase productivity. However, SMEs are generally not as prepared to bring COTS software technology into their company as compared to medium and large organizations. SMEs face unique COTS issues due to organizational constraints, limited interaction with vendors and a passive role (in terms of technology and business process) in the manufacturing supply chain. This report describes these unique SME COTS software challenges as observed in several hands on technology demonstrations conducted over a two-year period as part of the SEI Technology Insertion Demonstration & Evaluation (TIDE) program.
13:50 - 14:35
COTS Acquisition Evaluation Process: The Preacher's Practice
Author: V. Sai
Presentation (pdf)
This paper reflects an effort to apply commercial off-the-shelf (COTS) software evaluation principles to a software acquisition by the Financial and Business Services (FABS) & Information Technology (IT) departments at the Software Engineering Institute. The team responsible for the execution of the project was guided by the principles taught in the "COTS-Based Systems for Program Managers"* and "COTS Software Evaluation for Practitioners"* training programs conducted by the COTS-Based Systems (CBS) Engineering Initiative at the Software Engineering Institute. Some of the major expectations set and realized included precise comprehension of requirements and preferences, ability to identify weak links in the proposed solutions, support for the "buy vs. build" decision and the product recommendation; the promise of a shorter implementation phase; and brimming confidence based on a well-informed project approach.
Incorporation of Test Functionality into Software Components
Authors:
F. Barbier, N. Belloir & J.-M. Bruel
Presentation (pdf)
COTS components trustworthiness is a key issue to be addressed within the field of component-based software engineering. This problem relies on the duality between development and deployment. COTS components vendors may prove varied properties for their components but purchasers may want to validate these properties in different execution environments. Built-In Test is thus the ability to endow components with extra functionality in order to develop in-situ tests. This paper rather stresses a Java library that supports Built-In Contract Testing. Complex component behaviors are ruled and observed based on their states and reactivity to client requests. A large component consisting in a Programmable Thermostat illustrates the Built-In Contract Testing technology and the offered Java library.
The Space Shuttle and GPS: A Safety-Critical Navigation Upgrade
Author:
J.L. Goodman
Presentation (pdf)
In 1993, the Space Shuttle Program selected an off-the-shelf Global Positioning System (GPS) receiver to eventually replace the three Tactical Air Navigation units on each space shuttle orbiter. A proven, large production base GPS receiver was believed to be the key to reducing integration, certification, and maintenance costs. More GPS firmware changes, shuttle flight software changes, and flight and ground testing were required than anticipated. This re-sulted in a 3-year slip in the shuttle GPS certification date. A close relationship with the GPS vendor, open communication among team members, Independent Verification and Validation of source code, and GPS receiver design insight were keys to successful certification of GPS for operational use by the space shuttle.
