 |
 |
For further information on the conference program, please contact: Program Chairs: David Carney djc@sei.cmu.edu Jean-Christophe Mielnik jean-christophe.mielnik@thalesgroup.com |
 |
|
||||||||||||||||||
| WORKSHOPS | ||||||||||||||||||||||||||||||
| Tuesday, 8 February | ||||||||||||||||||||||||||||||
  |
||||||||||||||||||||||||||||||
The complexity and heterogeneity of COTS-based software products are increasing rapidly. In contrast to in-house software, COTS components and systems are close entities and, as such, hide many parts of their implementation. Even if this is safe with regard to the principles of encapsulation, high-cohesion and low-coupling, one expects to determine how these external entities may behave in user’s deployment environments which are often different from vendor’s development environments. “Assessment and prediction of behaviors and QoS attributes of COTS software components and systems” means here that if COTS components and systems are not built/prepared for the assessment and the prediction of their properties, they may not be qualified as high-confidence software entities. The proposed workshop mainly stresses the design of COTS software, in other words how to create trustworthy software in order to better instrument, support and organize a COTS software market. |
||||||||||||||||||||||||||||||
| Challenges of COTS IV&V (14:00– 18:30) Dan Port, University of Hawaii (USA) Haruka Nakao, Japan Manned Space Systems Corp (Japan) Masafumi Katahira, Japan Aerospace Exploration Agency (Japan) Christina Motes, NASA IV&V facility (USA) |
||||||||||||||||||||||||||||||
COTS can significantly complicate the independent verification and validation (IV&V) process. The necessarily pessimistic culture of IV&V has a perspective on COTS that greatly differs from a developer’s generally optimistic, success-oriented perspective. For example, there is no basis for assuming that the COTS assessments made by developers will ultimately be consistent or even compatible with those made by an IV&V group. This frequently results in higher project risk and uncertainty. This workshop seeks to illuminate these and other COTS and IV&V related challenges The workshops topics are: |
||||||||||||||||||||||||||||||
| Topics of interest include but are not limited to: | ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
| Call for Participation | ||||||||||||||||||||||||||||||
| We seek 1-3 page position statements that provide one of the following: | ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
| Position papers must be submitted in Adobe PDF format via email to dport@hawaii.edu Papers must conform to the ICCBSS 2005 proceedings publication format (see http://www.iccbss.org/2005/docum/ICCBSS_Paper_Template.zip) | ||||||||||||||||||||||||||||||
| Organizers | ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
| PAPERS | ||||||||||||||||||||||||||||||
| Wednesday, 9 February | ||||||||||||||||||||||||||||||
| Assets and Liabilities of Organizational Trust (11:15 – 12:00) Sally Baron, Management Consulting Services (USA) |
||||||||||||||||||||||||||||||
| Organizational theorists have long touted trust as a market asset for reducing transaction costs. But these theories have largely associated the benefits of trust as subjective rather than objective. That is, in some cases managers have learned to depend on social relationships of firms with whom they are familiar rather than judging products on merit. The trouble arises when trust is established with a firm, and superior products from other firms are not considered. The problem is exacerbated with software, as the product itself is intangible and often difficult to judge or understand. Smaller COTS software firms with superior products have had a difficult time entering the US government market. Government managers have traditionally turned to well-known contractors with whom they have had decade-old ties, rather than seeking newer and better COTS solutions that are lesser known. This paper examines some of the barriers to trusting lesser-known software products and suggests solutions to overcome such barriers. | ||||||||||||||||||||||||||||||
| Business Process Definition Languages Versus Traditional Methods Towards Interoperability (10:00 – 10:45) Leire Bastida, European Software Institute (Spain) Gorka Benguria, European Software Institute (Spain) |
||||||||||||||||||||||||||||||
| A business process is a collection of activities that are required to achieve a business goal and it is represented with an activity flow that specifies the orchestration of business transactions needed to complete the business goal. These business transactions are realized through the consumption of internal and external services. This activity flow can be implemented in two ways, using traditional methods or using a Business Process Definition Language (BPDL). Traditional methods encode the activity flow using state of the art programming languages such as Java, C#, etc. BPDLs describe the activity flow with a specific language that is directly interpreted by a BPDL engine. This paper analyses the use of BPDLs and traditional methods to develop solutions for services-based architectures. It presents a case study where the results obtained using a BPDL and a traditional method are compared. | ||||||||||||||||||||||||||||||
| COTS Acquisition: Getting a Good Contract (12:15 – 13:00) Shadia Elgazzar, National Research Council of Canada (Canada) Anatol Kark, National Research Council of Canada (Canada) Erik Putrycz, National Research Council of Canada (Canada) Mark Vigder, National Research Council of Canada (Canada) |
||||||||||||||||||||||||||||||
| This paper provides an experience report on an acquisition process with which we are currently involved and which is targeted towards a COTS-based acquisition. The activities described in this paper are those involved in developing the RFP. In particular, this paper will describe the overall strategy used to develop the RFP, including the requirements, and show the impact of targeting a COTS-based system. | ||||||||||||||||||||||||||||||
| COTS Components and DB Interoperability (12:15 – 13:00) Radmila Juric, University of Westminster (UK) Ljerka Beus-Dukic, University of Westminster (UK) |
||||||||||||||||||||||||||||||
| The paper addresses the specific issue of interoperability in heterogeneous databases (DBs) and the possible use of COTS components that may alleviate the DB interoperability problem. A component-based software architectural style for interoperable DBs has been used, and an example of its application given, to identify which role the COTS components may play when populating the architecture. We discuss the characteristics of such COTS components and advocate that such COTS components are developed with a specific component platform in mind, interoperate within a certain context, and adhere to con-straints of our architectural style. | ||||||||||||||||||||||||||||||
| Filtering COTS Components Through an Improvement-Based Process (12:15 – 13:00) Alejandra Cechich, University of Comahue Neuquen (Argentina) Mario Piattini, University of Castilla La Mancha, (Spain) |
||||||||||||||||||||||||||||||
| Typically, COTS evaluations embody a first stage intended to determine rapidly which products are suitable in a target context. This stage -- called "filtering" or "screening" -- chooses a set of alternatives to be considered for more detailed evaluation. For successful filtering processes, composers increasingly focus on closing the gap between required and offered functionality, hence reducing ambiguity of information for comparison. In this paper, we introduce a filtering process, which is based on early measurement of functional suitability of COTS candidates. Measures are immersed in a Six Sigma-based process aiming at improving the filtering process itself as well as its deliverables. | ||||||||||||||||||||||||||||||
| On Goal-Oriented COTS Taxonomies Construction (10:00 – 10:45) Claudia P. Ayala, Universitat Politècnica de Catalunya (Spain) Pere Botella, Universitat Politècnica de Catalunya (Spain) Xavier Franch, Universitat Politècnica de Catalunya (Spain) |
||||||||||||||||||||||||||||||
| This paper proposes the adoption of a goal-based method called GBRAM for facilitating the process of building taxonomies of COTS components. Since GBRAM was defined in a different setting, the main result of the paper is to adapt it to this new context. We show how the different activities and artefacts of GBRAM change, and we apply the proposal to obtain taxonomy for requirements engineering oriented tools. | ||||||||||||||||||||||||||||||
| Resolving COTS System Assessment Clashes (11:15 – 12:00) Dan Port, University of Hawaii (USA) |
||||||||||||||||||||||||||||||
| COTS have significantly complicated the IV&V process. The necessarily pessimistic culture of IV&V will have a perspective on which COTS assessment attributes and techniques are relevant that greatly differs from the developer’s generally optimistic, success-oriented perspective. There is no basis for assuming that the COTS assessments made by developers will ultimately be consistent with those made by an IV&V group. The result is typically a “lose-lose” situation where either large re-work costs are incurred to replace existing COTS with of IV&V approved COTS, or higher risk and uncertainty must be tolerated (from the IV&V perspective) to stick with the COTS the developers had chosen. This work seeks to remedy this “cultures clash” of COTS assessment perspectives by integrating IV&V and developers COTS system level assessments to provide a result that is both consistent and cost-effective. | ||||||||||||||||||||||||||||||
| Specifying Interaction Constraints of Software Components for Better Understandability and Interoperability (10:00 – 10:45) Yan Jin, Swinburne University of Technology (Australia) Jun Han, Swinburne University of Technology (Australia) |
||||||||||||||||||||||||||||||
| A vital issue in the correct use of commercial-off-the-shelf (COTS) components is the proper understanding of their functionality, quality attributes and ways of operation. Traditionally, COTS component vendors provide some of this information in accompanying documentation. However, the documentation is often informal and likely contains ambiguous and inconsistent statements. Even equipped with interface descriptions clearly defining the basic aspects of component use, such as operation signatures and operating platforms, this documentation does not provide a mathematically sound means for addressing the behavioural interoperability issues in component-based system design. In this paper, we propose a formal but user-friendly component specification approach which augments commercial IDLs with the capability of capturing component interoperability requirements. This approach uses unambiguous temporal operators to define sequencing and concurrency constraints between component operation invocations. Accordingly, it enables precise specifications of how a component provides its services and the correct way in which its services should be used. | ||||||||||||||||||||||||||||||
| The Necessary Legal Approach to COTS Safety and COTS Liability in the EU Market (11:15 – 12:00) Carlos Arias-Chausson, Martin & Lawson Law (Spain) |
||||||||||||||||||||||||||||||
| Nowadays, we can take the European single market for granted. With old barriers gone, people, goods, services and money move around Europe as freely as within one country. However, single market is not possible just sweeping away the technical, regulatory, legal, bureaucratic, idiomatic, cultural and protectionist barriers, but it has been essential to work hardly to defend fair competition as a simple and efficient means of guaranteeing consumers a level of excellence in terms of the quality and price of products and services, and to grant consumer protection to improve the quality of life of all European citizens. In this paper, we analyse the impact of these areas EU legislation on the COTS industry, how the COTS single market is forming and what safe COTS and COTS defective mean and imply. | ||||||||||||||||||||||||||||||
| Thursday, 10 February | ||||||||||||||||||||||||||||||
| A Method for Compatible COTS Component Selection (11:15 – 12:00) Jesal Bhuta, University of Southern California (USA) Barry Boehm, University of Southern California (USA) |
||||||||||||||||||||||||||||||
| Projects involving development using multiple components, both commercial and in-house, often confront interoperability risks. These risks, if not mitigated early in the project development cycle, can result in increased costs and schedule overruns. We have developed a component selection method using empirical data gathered from five years of developing e-services applications at USC-CSE. In this paper we describe the component selection method and present a real-world example showing how it operates within the Spiral process model generator. | ||||||||||||||||||||||||||||||
| An Automated Dependability Analysis Method for COTS-Based Systems (12:15 – 13:00) Lars Grunske, University of Potsdam (Germany) Bernhard Kaiser, University of Potsdam (Germany) |
||||||||||||||||||||||||||||||
| The increasing application of COTS-components and component-based software engineering has entailed the development of appropriate component specifications. In the embedded systems domain it would be desirable to benefit from these component specifications to integrate and automate safety and reliability analysis. For this reason, we propose in this paper a component-based dependability analysis technique that annotates components with failure mode assumptions. The probabilities and dependencies of these failure modes are specified by Component Fault Trees (CFT s). Based on these CFT s and the architectural model the propagation of failures throughout the system can be automatically determined and a quantitative analysis is possible. | ||||||||||||||||||||||||||||||
| Addressing Malicious Code in COTS : A Framework (10:00 – 10:45) Donald J. Reifer, Reifer Consultants, Inc. (USA) Prnajali Baxi, Reifer Consultants, Inc (USA) Fabio Hirata, Reifer Consultants, Inc. (USA) Jonathan Schifman, Reifer Consultants, Inc. (USA) Ricky Tsao, Reifer Consultants, Inc. (USA) |
||||||||||||||||||||||||||||||
| The potential for problems due to malicious code increases in direct proportion with the number of COTS packages used in a system. Because of this, many practitioners have used a variety of techniques to address potential threats. Yet, little guidance has been offered as to which techniques work best, when, and under what conditions. To rectify this problem, we have created a risk-based framework that can be used to help those interested in addressing vulnerabilities. | ||||||||||||||||||||||||||||||
| Analysing the Impact of Change in COTS-Based Systems (12:15 – 13:00) Gerald Kotonya, Lancaster University (UK) John Hutchinson, Lancaster University (UK) |
||||||||||||||||||||||||||||||
| Commercial off-the-shelf (COTS) software components promise benefits in terms of greater productivity, reduced time to market and reliability. However, the their black box nature poses significant challenges assessing and managing the impact of change. We propose an approach to help developers to understand the impact of change. It relies on the use of a COTS component-oriented development process and architecture description language (ADL) for documenting component system architectures; both elements contributing to create a combined approach to impact analysis in COTS-based system. | ||||||||||||||||||||||||||||||
| Enabling the Selection of COTS Components (10:00 – 10:45) Sudipto Ghosh, Colorado State University (USA) John Kelly, Colorado State University (USA) Roopashree Shankar, Colorado State University (USA) |
||||||||||||||||||||||||||||||
| Ensuring proper selection of COTS components is key to the success of component-based software development approaches. Although several approaches and criteria have been proposed for component selection, we lack techniques that can be used to systematically evaluate components against selection criteria for functionality, security, fault tolerance, and quality attributes. We propose a comprehensive approach for enabling the selection of COTS components by employing component understanding and fault injection testing techniques that aid in building an integrated comprehension model of the components. This model accumulates information regarding how each candidate component fared with respect to each criterion. This model can be used not only to aid in the final decision making process, but also serve as a guide during the component comprehension and evaluation stages. | ||||||||||||||||||||||||||||||
| Loose Integration of COTS Tools for the Development of Real-Time Distributed Control Systems (10:00 – 10:45) Javier Portillo, Escuela Superior de Ingenieros de Bilbao (Spain) Oskar Casquero, Escuela Superior de Ingenieros de Bilbao (Spain) Marga Marcos Escuela Superior de Ingenieros de Bilbao (Spain) |
||||||||||||||||||||||||||||||
| The development of Real Time Distributed Control Systems (RTDCS) is a very complex and multi-part issue where different specific tools are to be used. As these specialized tools are not designed to work together, it would be desirable to have a flexible tool framework where all the information were managed and stored following a predefined Model Driven Architecture. XML technologies and Web Applications (implemented as a component-based multi-tier application design defined by J2EE) have been selected to put into practice that kind of framework. It is proposed a model-based approach to develop software systems thanks to the collaboration of specific tools and it is described the design of a Tool Collaboration Engine based on XML and Web Applications. A prototype of the framework is built for RTDCS, but these concepts can be applied to any knowledge area and the work issues some general conclusions about the integration of COTS. | ||||||||||||||||||||||||||||||
| Managing Dependencies Between Software Products (11:15 – 12:00) Mark Northcott, Carleton University (Canada) Mark Vigder, National Research Council of Canada (Canada) |
||||||||||||||||||||||||||||||
| Systems constructed from diverse software products are often difficult to assemble and deploy correctly, particularly as the products evolve and the underlying platform changes over time. Many of these problems arise because of the many assumptions and dependencies, often implicit, that software products make about the context in which they are deployed. This paper describes an approach to managing the dependencies between the software elements of a system during assembly and deployment. A formal model of dependencies is developed, and it is shown how the model can be applied during the deployment process to verify the correct assembly of a system. The approach is designed to allow system developers, assemblers, and deployers to be part of the user group that collectively manages the dependencies that exist within an assembly. | ||||||||||||||||||||||||||||||
| One Global COTS-Based System to Replace 20+ Local Legacy Systems (12:15 – 13:00) Elisabeth Hansson, Volvo Information Technology (Sweden) Göran Grahn, Volvo Information Technology (Sweden) |
||||||||||||||||||||||||||||||
| Volvo Parts is a company within the Volvo Group handling supply chain management for the aftermarket. The company has been growing quickly through mergers and today has a diverse set of different IT systems to support similar or even identical functionalities. The business challenge was to implement one global process for materials management supported by one common IT system for all the warehouses. The presentation will focus on the technical challenges and lessons learned within the project, replacing 20+ different IT systems, both in-house developed and bought packages, with one COTS-based IT system. Since the new system is expected to have a long lifetime, we need to secure that the COTS based solution will be open, flexible and scalable over time. Integration to existing systems is another key part of the architecture needed in this solution. See file: Hansson Grahn 040709.doc | ||||||||||||||||||||||||||||||
| Protective Wrapping of Off-The-Shelf Components (11:15 – 12:00) Meine van der Meulen, City University London (UK) Steve Riddle, University of Newcastle upon Tyne (UK) Lorenzo Strigini, City University London (UK) Nigel Jefferson, University of Newcastle upon Tyne (UK) |
||||||||||||||||||||||||||||||
| System designers using off-the-shelf components (OTSCs), whose internals they cannot change, often use add-on ``wrappers'' to adapt the OTSCs' behaviour as required. In most cases, wrappers are used to change ``functional'' properties of the components they wrap. In this paper we discuss instead ``protective wrapping'', the use of wrappers to improve the dependability -- i.e., ``non-functional'' properties like availability, reliability, security, and/or safety -- of a component and thus of a system. Wrappers can improve dependability by adding fault tolerance, e.g. graceful degradation, or error recovery mechanisms. We discuss the rational specification of such protective wrappers in view of system dependability requirements, and highlight some of the design trade-offs and uncertainties affecting system design with OTSCs and wrappers, and differentiating it from other forms of fault-tolerant design. | ||||||||||||||||||||||||||||||
| Friday, 11 February | ||||||||||||||||||||||||||||||
| A State-of-Practice Survey on Risk Management in Off-The-Shelf Component-Based Development (12:15 – 13:00) Jingyue Li, Norwegian University of Science and Technology (Norway) Reidar Conradi, Norwegian University of Science and Technology (Norway) Odd Petter N. Slyngstad, Norwegian University of Science and Technology (Norway) Marco Torchiano, Politecnico di Torino (Italy) Maurizio Morisio, Politecnico di Torino (Italy) Christian Bunse, Fraunhofer IESE (Germany) |
||||||||||||||||||||||||||||||
| Commercial-Off-The-Shelf component and Open Source component are becoming more and more important in software evelopment. Although previous studies have proposed typical risks and related methods for risk management for this kind of OTS (Off-the-Shelf) component-based development, there are few efficient and well-proven guidelines to help project managers to discover and manage these risks. We have performed a state-of-the-practice survey to investigate the relative frequency of some typical risks, and to investigate the effect of the corresponding risk management strategies. Preliminary results of this study show that requirement changes and the ability of OTS components to follow these changes are the most frequent risks. Estimating effort in component selection and integration is the secondary frequent risk. Proper customer involvement may help to mitigate these risks. Risks relevant to OTS component quality are less frequent than other risks. Careful evaluation and incremental testing were used to manage OTS component’s negative impact on system reliability. | ||||||||||||||||||||||||||||||
| An Approach to Analysis and Design for COTS-Based Systems (11:15 – 12:00) Grace A. Lewis, Software Engineering Institute (USA) |
||||||||||||||||||||||||||||||
| From an analysis and design perspective, developers of COTS-based systems face many challenges driven by built-in product paradigms as well as the volatility of the marketplace. One way to deal with these challenges is to adopt a spiral development process that allows for concurrent discovery and negotiation of user needs and business processes, applicable technology and components, the target architecture, and organizational constraints. This paper outlines a workflow for Analysis and Design that can be used within spiral-based development processes for building systems from commercial components. | ||||||||||||||||||||||||||||||
| Considering Variability in a System Family's Architecture During COTS Evaluation (10:00 – 10:45) Nelufar Ulfat-Bunyadi, University of Duisburg-Essen, (Germany) Dr. Erik Kamsties, University of Duisburg-Essen, (Germany) Prof. Dr. Klaus Pohl, University of Duisburg-Essen, (Germany) |
||||||||||||||||||||||||||||||
| COTS (commercial off-the-shelf) component designers and developers often envision different usage contexts for their component and, therefore, provide it with adaptation possibilities. These adaptation possibilities are especially important when considering system families. System family engineering is currently an emerging discipline. Variability is a core property of system families which allows deriving different customer-specific applications from a core artefact base. A system family’s core artefact base may also be populated with COTS components. These COTS components then need to support the system family’s variability in order to be adaptable to the needs of derived applications. Through their adaptation possibilities COTS components are able to meet this requirement. During COTS evaluation, a system family’s requirements and architecture need to be taken into account. Variability is inherent in both. That is, the question is how to evaluate COTS with regard to variable features. In this paper, we describe variability in architecture in more detail and point out how it impacts COTS evaluation. The contribution is an extension of ‘traditional’ COTS evaluation criteria in order to consider a system family’s variability. | ||||||||||||||||||||||||||||||
| COTS and Open Source Software Components : Are They Really Different on the Battlefield ? (12:15 – 13:00) Piergiorgio Di Giacomo, European Software Institute (Spain) |
||||||||||||||||||||||||||||||
| When referring to Open Source Software (OSS) components, researchers, coders and managers do not feel comfortable in defining them as COTS. Many discussions have been aimed to decide whether or not OSS can be considered a COTS without reaching the unanimous consensus of the different international communities. This paper abandons any theoretical aspect of that question and focuses on the practical steps to follow when assembling component-based systems using also OSS components. All the activities normally performed when integrating COTS in an in-house built software are reviewed with the intention of underlining if the availability of the source code (and its possible exploitation) makes any difference. Moreover this dissertation analyzes all the activities to perform when using OSS in a component-based system that are not necessary when using COTS. The purpose of this paper is to provide a guideline for the correct use of OSS within component-based systems, and not to answer whether OSS are considered or not COTS, leaving this task to the reader. | ||||||||||||||||||||||||||||||
| Identifying Business Barriers and Enablers for the Adoption of Open Source Software (11:15 – 12:00) Jesper Holck, Copenhagen Business School (Denmark) Michael Holm Larsen, Copenhagen Business School (Denmark) Mogens Kühn Pedersen, Copenhagen Business School (Denmark) |
||||||||||||||||||||||||||||||
| The main research interest in Open Source Software (OSS) has been in answering the questions of why individuals and organizations without economic compensation contribute to OSS projects and how these projects are organized. In this paper we instead focus on managerial decisions for acquisition of OSS and discuss potential barriers for widespread use of OSS. Compared with commercial software products (COTS), OSS products seem to have several advantages, but based on existing literature and a small case study, we develop and discuss the hypothesis that a major barrier may be the “customer” organizations’ uncertainty and unfamiliarity with the relationships with OSS “vendors”. To develop viable models for these relationships is an important challenge, which we will deal with in a research project, of which this paper should be seen as a first step. | ||||||||||||||||||||||||||||||
| Resolving Architectural Mismatches of COTS Through Architectural Reconciliation (12:15 – 13:00) Paris Avgeriou, University of Luxembourg (Luxembourg) Nicolas Guelfi, University of Luxembourg (Luxembourg) |
||||||||||||||||||||||||||||||
| The integration of COTS components into a system under development entails architectural mismatches. These have been so far tackled at the component level, through component adaptation techniques, but they also must be tackled at an architectural level of abstraction. In this paper we propose an approach for resolving architectural mismatches, with the aid of architectural reconciliation. The approach consists of designing and subsequently reconciling two architectural models, one that is forward-engineered from the requirements and another that is reverse-engineered from the COTS-based implementation. The final reconciled model is optimally adapted both to the requirements and to the actual COTS-based implementation. The contribution of this paper lies in the application of architectural reconciliation in the context of COTS-based software development. The architectural modeling is based upon the UML 2.0 standard, while the reconciliation is performed by transforming the two models with the help of rules and design decisions. | ||||||||||||||||||||||||||||||
| Reuse of Existing Software in Space Projects (10:00 – 10:45) Manuel Rodríguez, Critical Software S.A. (Spain) João Gabriel Silva, Critical Software S.A. (Portugal) Patricia Rodríguez-Dapena, SoftWcare S.L. (Spain) Han van Loon, SynSpace AG (Switzerland) Fernando Aldea-Montero, ESA/ESTEC (The Netherlands) |
||||||||||||||||||||||||||||||
| Reuse has the potential to substantially decrease the skyrocketing costs of space missions. The European Space Agency sponsored a study on the product assurance aspects of reuse of previously developed software on space projects, called PA-PDS. Several recommendations emerged from this study, along with change proposals to the main standards of software engineering and software product assurance followed by the European space industry. This paper describes those recommendations, the scope of reuse in the existing standards, and provides a justification for the proposed changes to them. A working group has been formed to develop a standard specifically addressing product assurance aspects of reuse. | ||||||||||||||||||||||||||||||
| Ten Signs of a Good Reuse Management Plan (11:15 – 12:00) Edwin Morris, Software Engineering Institute (USA) Wm B. Anderson, Software Engineering Institute (USA) Mary Catherine Ward, Software Engineering Institute (USA) Dennis Smith, PhD, Software Engineering Institute (USA) |
||||||||||||||||||||||||||||||
| A Reuse Management Plan defines the strategy for selecting, approving and upgrading common reusable software components The SEI, in conjunction with the U.S. Army, the Boeing Company, and the Fraunhofer USA Center for Experimental Software Engineering, is developing a Reuse Management Plan for a large Army program. Ten critical features of quality Reuse Management Plans have been identified and are presented. | ||||||||||||||||||||||||||||||
| Using Earned Value Management for COTS-Based Systems: Issues and Recommendations (14:45 – 13:30) Lisa Brownsword, Software Engineering Institute (USA) Jim Smith, Software Engineering Institute (USA) |
||||||||||||||||||||||||||||||
| Earned value management (EVM) has long been used by organizations to plan, monitor, and control the development and evolution of custom developed systems. EVM was developed for managing such projects, and assumes a waterfall development model. COTS-based systems (CBS), on the other hand, are formed and evolved through the selection and composition of pre-existing, off-the-shelf packages or components with potentially some number of custom components. Experience indicates that a spiral or iterative development process is a key to success with CBS. While EVM has been applied to CBS projects, the results have not been uniformly satisfying. This paper explores the fundamental challenges in using EVM with CBS, and proposes adaptations to some of the principals of EVM to render it more suitable for CBS development. | ||||||||||||||||||||||||||||||
| Using Goals and Quality Models to Support the Matching Analysis during COTS Selection (10:00– 10:45) Carina Alves, University College London (UK) Xavier Franch, Universitat Politècnica de Catalunya (Spain) Juan P. Carvallo, Universitat Politècnica de Catalunya (Spain) Anthony Finkelstein, University College London (UK) |
||||||||||||||||||||||||||||||
| The selection process is a crucial activity of the development of COTS-based systems. A key step of the evaluation of COTS components carried out during selection is the matching between user requirements and COTS features. We propose a goal-based approach to guide the matching process, using quality models for leveraging goals and COTS features. The different mismatch situations that may arise are reasoned by means of exploratory scenarios. We demonstrate the approach with the mail server case study. |
||||||||||||||||||||||||||||||
| PANELS | ||||||||||||||||||||||||||||||
| Wednesday, 9 February | ||||||||||||||||||||||||||||||
| COTS Component-based Embedded Systems – a Dream or Reality? (14:45 – 16:30) Ivica Crnkovic, Mälardalen University (Sweden) Jakob Axelsson, Volvo Cars (Sweden) Susanne Graf, VERIMAG (France) Magnus Larsson, ABB Corporate Research (Sweden) Tim Trew, Philips Research Laboratories (The Netherlands) Kurt Wallnau, Software Engineering Institut (USA) |
||||||||||||||||||||||||||||||
Embedded systems cover a range of computer systems from ultra small computer-based devices to large, possibly distributed, systems monitoring and controlling complex processes. COTS-based development in embedded systems, with electronic and mechanical components has a long tradition. However component-based development (CBD) with software components, in particular COTS components, is utilized to a lesser degree. A major reason is the inability of component technologies to cope with specific requirements of embedded systems. In general, component-based technologies do not address timing issues, QoS, dependability, resource constraints, and other extra-functional properties of crucial importance for embedded systems. This raises the question whether Component-based and COTS-based approach is beneficial for development of embedded systems, and which are the specifics to be addressed to make such an approach feasible. The aim of this panel is to discuss the needs and problems with respect to a component based approach in the context of embedded systems and come to some conclusion about the feasibility of COTS and CBD approaches for embedded systems. The following questions will be in the focus of the discussion: |
||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
| The panelists are reputed researchers and experienced industrial experts in different application domains of embedded systems (automotive, consumer electronics, and automation industries) and component-based software engineering. The statements will include the following topics: | ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
| Free and Proprietary software in COTS-based software development (14:45 – 16:30) Bernard Lang, INRIA (France) Jean-Francois Abramatic, ILOG (France) Jesús M. González-Barahona, University Rey Juan Carlos Madrid (Spain) Fernando Piera Gómez, INDRA Sistemas (Spain) Mogens Kühn Pedersen, Copenhagen Business School (Denmark) |
||||||||||||||||||||||||||||||
| Free software, also known as Open-Source, is a new player in the software world. Though it is mostly popularized by the Linux operating system, it is not limited to it. More and more software applications, tools and libraries are available as free software, for free as well as proprietary platforms. In the COTS business, this raises a host of issues regarding both COTS producers and COTS users, issues that can be technical, economic or legal. From the point of view of producers, it is important to understand where the competition between free and proprietary production of COTS is heading, and what are the natural techno-economic niches for both. From the point of view of COTS-based development, one has to understand issues such as (this list is not limited in any way): | ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
| The panelists will address these issues from their own experiences, positions and points of view. | ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
| POSTERS | ||||||||||||||||||||||||||||||
| Wednesday, 9 February | ||||||||||||||||||||||||||||||
| A Contextualized Study of COTS-Based E-Service Projects (17:00– 19:00) Ye Yang, University of Southern California (USA) Barry Boehm, University of Southern California (USA) |
||||||||||||||||||||||||||||||
| Properly recording the context factors of empirical results is essential for comparison and integration of results from different studies and for assessing the relevance of a given result to one’s own environment. COTS-based application (CBA) developers need both empirical data and context data for choosing among current and newly-emerging candidate technologies based on solid evidence that they will work cost effectively under the conditions of their particular projects. Previous empirical research on COTS-based development (CBD) has produced various insights on the critical success factors of CBD. Such accumulations also produce various experience/knowledge bases on which the contextualized longitudinal analysis of CBA can be performed. This poster presents an initial contextualized longitudinal analysis of CBA’s by identifying a set of project context factors as contextualizing meta-data which represent the characteristics of the project, process, product, and personnel perspectives of the system being developed. It provides comparative contextualization analysis among different CBA types, and also presents a comparison of two CBA’s from different domains, and then shows how the different contexts lead to different CBA process, products, and economic decisions. | ||||||||||||||||||||||||||||||
| Decision on Replacing Components of Security Functions in COTS-based Information Systems (17:00– 19:00) Myeonggil Choi, National Security Research Institute (Korea) Hyunwoo Kim, Department of Industrial Engineering, KAIST(Korea) Eunhye Kim, Department of Industrial Engineering, KAIST (Korea) Sehun Kim, Department of Industrial Engineering, KAIST (Korea) |
||||||||||||||||||||||||||||||
As governments and enterprises adopt COTS-based information systems, COTS components must be selected that satisfy the security requirements of applied systems. However, the selection of security components is a trade-off between the confidence level in the components and the cost of replacing components. The higher confidence required of the security components leads to a higher cost in the selection process. Particularly, as governments take into account the confidence-level of COTS-based information systems, they must replace security functional components by their own developing components in high security environment. A decision method is needed to solve the trade-off between security and costs. This paper focuses on decision making to solve the problem of replacing the security functional components in COTS-based systems. This paper suggests an appropriate adaptation level and a cost-effective priority to replace security functional components in security environment. To make a cost effective decision on adapting security functional components, we develop a hierarchical model of information security technologies. Based on this, we determine the priority among security functional components using AHP (Analytic Hierarchy Process). Acknowledgements: This work was sponsored in part by the Korean Ministry of Information and Communication in the context of University IT Research Center Project. |
||||||||||||||||||||||||||||||
| Heterogeneous COTS Product Integration to Allow the Comprehensive Development of Image Processing Systems (17:00– 19:00) Cristina Vicente Chicote, Universidad Politécnica de Cartagena (Spain) Ana Toledo Moreo, Universidad Politécnica de Cartagena (Spain) Carlos Fernández Andrés, Universidad Politécnica de Cartagena (Spain) |
||||||||||||||||||||||||||||||
| Image processing techniques are applied in a wide range of products. Automated visual inspection of industrial products, medical imaging or biometric person authentication are only a few examples. In order to process the great amount of data contained in images highly complex and time-consuming algorithms are needed. Furthermore, many of these applications require real-time performance making specific hardware devices indispensable. Currently, there exist several Commercial Off-The-Shelf (COTS) component libraries that help implement these hybrid software/hardware systems. In addition, some powerful tools are available that allow prototyping and simulating image processing applications prior to their implementation. However, none of these tools allows to realistically coprototype and co-simulate both software and hardware simultaneously. This work presents a new approach to the development of image processing applications that tackles the question of how to fill the gap between design and implementation. A new graphical component-based tool has been implemented that develops image processing applications from functional and architectural prototyping stages to software/hardware co-simulation and final code generation. Building this tool has been possible thanks to the synergy that arises from the integration of several preexistent software and hardware COTS components and tools. | ||||||||||||||||||||||||||||||
| Quality of Service Profiles in Web Service Discovery (17:00– 19:00) Barry Norton, University of Sheffield (UK) |
||||||||||||||||||||||||||||||
| PStandardization of the description and delivery of XML-based web services has opened up a marke in ‘commercial off-the-shelf’ (COTS) software components. As a result, standardization efforts are being made towards the assembly of systems from web services where the coordination is defined by workflow languages. With several potential implementations for many of the tasks within such a system an automated discovery process is required. With many functional equivalents, it is necessary to discriminate between these on the basis of cost and performance. Cardoso and Sheth propose a useful set of Quality of Service measurements [1] and a framework to apply such considerations within web service discovery [2] [3]. Unfortunately the ‘fitness’ metric[2] contains mathematical flaws that have been propagated to other work[3]. In particular: |
||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
| In proposing corrections for these problems [4] we have found alternative solutions to the latter issue that accommodate different design strategies. We present the resulting system as an advance in the technique. | ||||||||||||||||||||||||||||||
| References | ||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||
| TUTORIALS | ||||||||||||||||||||||||||||||
| Thursday, 10 February | ||||||||||||||||||||||||||||||
| The COTS Product Market: An EU Legal Perspective (14:45 – 18:15) Ignacio Delgado González, Martin & Lawson Law (Spain) Carlos Arias-Chausson, Martin & Lawson Law (Spain) |
||||||||||||||||||||||||||||||
| This tutorial introduces the legal information that both software developers and cots purchasers have to consider when operating in the EU marketplace. After the 1 st. of may the EU has enlarged up to 25 member States, which means in principle one legal systems but recognizes different Member States rules and legal cultures, despite the efforts made to unify the regulations, still it is difficult to find one single market, and there is not yet a single European COTS product market. In order to clarify the legal situation in the EU, this tutorial will present the information with examples in a simple and clear language. The challenges in the EU legislation are how to protect the software developers, and their final results and at the same time how to protect the interest of the consumers and end users of the COTS software products. The current situation and future developments on the way such us the software patentability will be discussed during the tutorial with the participants. The tutorial aims to provide up-to-date legal information so if you are a business manager, software developer, COTS buyer or end user decision, or interested in legal issues concerning COTS software products then you should attend this tutorial. | ||||||||||||||||||||||||||||||
| Composable Spiral Processes for COTS-Based Application Development (14:45 – 18:15) Barry Boehm, University of Southern California (USA) Ye Yang, University of Southern California (USA) Jesal Bhuta, University of Southern California (USA) Dan Port, University of Hawaii (USA) |
||||||||||||||||||||||||||||||
| Empirical studies show that the activities conducted while developing COTS-Based Applications (CBA) differ greatly from those conducted while developing non-COTS. The challenges go beyond the need to acquire new expertise and managing uncertainty and volatile risk profiles and demand an entirely new development paradigm. This shift of development paradigm, if not appropriately planned and monitored, can lead an apparently simple CBA development project into disaster.
The objective of this tutorial is to provide prospective and existing managers, architects, and developers of CBA’s with a “composable” collection of spiral-based processes and techniques found to be useful for successfully developing a wide range of CBA’s and acquire some experience in using them in within a participatory exercise. The elements of the tutorial will be: Motivation. Why traditional waterfall, V-Model, or risk-insensitive development do not work for CBA development. The tutorial will begin with examining how these models fail to or only partially address the critical issues within CBA development by discussing problems within several representative projects, and then introduce briefly how spiral-based development anticipates and avoids potential problems. Approach. The tutorial will summarize the key aspects of the recursive, re-entrant Spiral-based Framework of primary activities and decisions within CBA development to guide the CBA developers through each development Spiral cycle. The composable process elements for this framework will be elaborated including COTS assessment and system definition, COTS tailoring, glue code development, custom code development and integration. It will show how these are dynamically composed within a Spiral development cycle according risk and context sensitive patterns in response to rapidly changing project circumstances. Techniques. Four categories of techniques will be addressed. First, the role of risk management in CBA development will be summarized and illustrated, including the use of risk analysis to determine how much is enough of activities such as COTS evaluation [Port]. Second, guidelines for executing the process elements, such as the COTS Assessment Background (CAB), COTS Assessment Plan (CAP), and COTS Assessment Report (CAR) for performing COTS assessment, are defined in a minimum-essential, tailoring-up fashion rather than in an exhaustive, tailoring-down fashion [Yang]. Third, cost and schedule estimation models, such as the COCOMO II and COCOTS, are used to scope projects and perform tradeoff analyses [Yang]. Fourth, examples of techniques for effective COTS tailoring, applications scoping and architecting, and glue code development and integration. Examples. Two non-trivial, real-project representative case studies will be included to illustrate the application of above techniques. One is from the multimedia archive domain, and the other is from the e-commerce domain. Participatory Exercise. The tutorial will also provide a project case study with points at which attendees will apply the techniques such as prioritizing objectives, filtering COTS candidates, identifying risk-driven assessment priorities, performing cost tradeoff analyses. Attendees will also gain experience determining and discussing strategies for smoothly navigating through the process framework, and early identification and avoidance of unnecessary go-backs which typically causes unnecessary rework, waste of resources, and schedule delays. |
||||||||||||||||||||||||||||||
Last update: 17 February, 2005
Technical comments to webmaster@esi.es© ESI 2004. All rights reserved.
Technical comments to webmaster@esi.es© ESI 2004. All rights reserved.
