Grants


SPaCIoS-EEU: Secure Provision and Consumption in the Internet of Services
Enlarged EU FP7 Project, 2011-2013
Local Team: Dana Petcu, Marius Minea, Ioana Sora, Casandra Holotescu, Dan Cosma, Petru Florin Mihancea

Ensuring trust in the Internet of Services entails a major paradigm shift, as services are designed, implemented, deployed, composed, and finally consumed in a demand-driven and flexible way. Vulnerabilities and exploits severely affect the development of the IoS, yet state-of-the-art security validation technologies used in isolation are insufficient at this level of complexity. The ongoing SPaCIoS project will provide a set of methodologies and technologies to describe and validate security in the context of the Internet of Services. The approach uses models and security considerations (vulnerabilities, attack patterns) to derive test cases for the provision and consumption of services. It can handle incomplete or missing models by learning an approximate model using inference techniques. SPaCIoS works by developing and combining state-of-the-art technologies for penetration testing, security testing, model checking and automatic learning. SPaCIoS-EEU broadens the scope of SPaCIoS to service validation at implementation time, by providing the service developer with model extraction from source code in addition to black-box inference. The project reach is extended to several service platforms, by developing technology-specific front-ends for the model extractor. SPaCIoS-EEU will go a step further towards diagnosis and correction of vulnerabilities by localizing security faults in source code, and evaluating implementation fault patterns. These extensions will be implemented as part of the SPaCIoS tool. The project relevance will be strengthened by applying the technology and tool to a cloud services platform, exploiting synergies with another EU project. SPaCIoS-EEU has the potential to speed up the use of the SPaCIoS service validation technology. By expanding the project consortium it will contribute to reinforcing research integration across the enlarged EU.

Methods and Tools for Continuous Quality Assurance in Complex Software Systems
Romanian Education And Research Ministry, IDEI PN–II–ID–PCE–2007–1, Grant 357/01.10.2007, October 2007 - October 2010
Team: Marius Minea, Radu Marinescu, Cristina Marinescu, Mihai Balint, Petru Florin Mihancea

The ever increasing impact of software systems and the high degree of societal dependence with respect to them, especially for infrastructure make it extremely important for software to evolve, in order to adapt to the new social and economic needs. To make software evolution possible, a superior quality of its design and implementation process must be ensured. for this reason, existing software must be continuously supported by automated systems for analysis, diagnose and improvement of code and design. The project proposes an agile (continuous) approach to quality assurance for complex software systems, at the level of code (by means of static analysis and testing) and design (by means of metrics-based detection and correction of design flaws). the proposed approach aims to: (1) develop new demand-driven,fast local analyses for object-oriented code,and increase the precision of analyses by exploiting advances in decision procedures and invariant detection; (2) integrate automated test generation techniques with dynamic invariant generation and static checking into an iterative process which generates test suites together with expected correct results, while minimizing user input; (3) transform design assessment from a standalone activity in a continuous (agile) process, perfectly integrated in the development process; (4) bridge the gap between design flaw detection and complex restructurings by means of correction plans; (5) integrate techniques related to design and coding flaw detection;(6) support the analysis of industrial-size software systems implemented in the main currently used programming languages (c++, java, c#). Building such a system will allow the automation of analyses for large-scale software systems, the precise identification of functional and design flaws through the possibility of applying multiple analyses in a uniform fashion, and to obtain superior results by correlating various analysis types.

Reverse Engineering Techniques for Class Hierarchies
Romanian Education And Research Ministry, CNCSIS, Project Type TD, May 2007 - October 2008
Team: Petru Florin Mihancea

It is well known that more than 50% of a software product cost is generated by maintenance activities. To reduce this cost, a strong support for maintaining and reengineering software systems is a must. In this context, reverse engineering techniques to understand and assess the design quality of a software system have become vital concerns in today software industry. Much effort has been spent in the last decade to address different goals of reverse engineering object-oriented software systems. Although great contributions, they are insufficient in the context of class hierarchies because very few of them address and exploit a very important aspect of object-oriented systems: the usage of polymorphism. Moreover, this aspect is almost always addressed indirectly and in a very brief way with respect to its importance for the maintainability of an object-oriented design. Thus, from the perspective of design quality assurance, design recovery and designs problem detection, important design information remains hidden in the analyzed system. This year, we have presented at the IEEE International Conference on Program Comprehension (ICPC 2006) a bi-dimensional characterization of class hierarchies. By exploiting the usage of polymorphism in a system this characterization helps to understand the role of a class hierarchy in that system: it is a type hierarchy, an implementation hierarchy or both. The purpose of this program is concentrated around this characterization. First, we plan to extend it in order to eliminate some current limitations. Next, based on this characterization, we plan to create support for design recovery and design problem detection that addresses new or un-properly handled aspects when reverse engineering class hierarchies.

Distributed Environment for Controlling and Optimizing the Evolution of Software Systems
Romanian Education And Research Ministry, CEEX Project for Young Researchers, Grant 5880/18.09.2006, September 2006 - August 2008
Team: Radu Marinescu, Ioana Sora, Cristina Marinescu, Petru Florin Mihancea, Dan Cosma

In an information technology society that is increasingly relying on software, software productivity and quality continue to fall short of expectations:software systems suffer from signs of aging as they are adapted to changing requirements. The main reason for this problem is that the relevance of activities for the control and optimization of software maintenance and evolution are still under-evaluated in traditional software development processes. The only way to overcome or avoid the negative effects of aging in legacy software systems and to facilitate their smooth evolution is by providing engineers with a fully automated and integrated support for controlling the entire evolution process. Yet, controlling and optimizing the process of software evolution is a complex task which requires multiple techniques and models. Moreover, the past few years have shown that to come up with a working solution for industrial systems, single persons and even single groups are not enough to tackle all problems such as parsing, modeling, data mining, or visualization. In this context, the goal of this project is to provide a comprehensive and extensible support for complex, full-fledged software evolution activities applicable on real-world systems. Specifically, we want to address these issues by building a distributed environment for the control of software evolution which would support the collaboration of the various techniques and models defined in the past by different European research teams. Next, we want to use this environment to integrate different primary analysis techniques into more complex techniques for supporting evolution control. Eventually, we will validate based on large-scale experiments the feasibility of the approach. Thus, the project consists of the following tracks: 1. Creating a distributed environment for software evolution 2. Enabling complex (distributed) activities related to evolution 3. Performing large-scale experiments on controlling evolution.

NOREX - Network of Reengineering Expertise
Swiss National Science Foundation (SNF), SCOPES Project, November 2005 - October 2007
Team: Radu Marinescu, Cristina Marinescu, Petru Florin Mihancea, Dan Cosma, Mihai Balint, Michele Lanza, Mircea Lungu, Marco D'Ambros, Oscar Nierstrasz, Doru Girba, Orla Greevy

The goal of of this joint research project is to provide a comprehensive and extensible support for complex, full-fledged reengineering activities applicable on real-world systems. Specifically, we want to address these issues by building a distributed reengineering environment which is able to make all the techniques and models defined and implemented by each of the three research teams to complement each other. Then we want to use this environment to integrate different reengineering techniques to support complex reengineering techniques and validate based on large-scale experiments the feasibility of the approach.

Design Quality Assurance for Enterprise Software Systems
Romanian Education And Research Ministry, CEEX Project for Young Researchers, Grant 3147/2005, November 2005 - October 2007
Team: Radu Marinescu, Cristina Marinescu, Petru Florin Mihancea, Dan Pescaru, Calin Jebelean, Ioana Sora

Nowadays our society fundamentally depends on complex, enterprise software systems.Therefore, as society evolves, these systems must be able to evolve too, being prepared to face the imminent changes implied by new requirements. Unfortunately, the software industry is currently confronted with an increasing number of enterprise software systems, which have a poor quality of the design and implementation; therefore, the evolution of such systems is economically unfeasible and oftentimes technically impossible. In order to address this issue we need methodologies and tools to asses and improve the design and implementation quality of enterprise applications. The research efforts towards the assurance of design and implementation quality for large-scale object-oriented systems are not new. Yet, due to the intrinsic heterogeneity of enterprise software systems(e.g. various implementation languages and technologies, multiple programming paradigms) a novel layer of dedicate quality assurance techniques is needed in order to address properly the multiple aspects of heterogeneity. The goal of this project is to define methodologies and tools that address the issue of quality assurance in enterprise applications. In this context we plan to: --define a novel set of specialized analyses for detecting design flaws in enterprise systems, taking into account their particularities over object-oriented ones. --extend the set of object-oriented structural flaws currently detectable, by employing novel analysis techniques(e.g. data-flow analysis). --define a novel methodology for estimating the effort/cost impact of removing the various design flaws. The methodology aims to support an efficient quality improvement (recovery) process --automatize the defined techniques by means of a feasible tool support.

Integrated Evolutive Environment for Software Quality Assesment
CNCSIS, Project type A, Grant 27688/2005, CNCSIS Code 710
Team: Radu Marinescu, Marius Minea, Ioana Sora, Cristina Marinescu, Petru Florin Mihancea, Dan Pescaru, Richard Wettle

The ever increasing impact of software systems and the high degree of societal dependence with respect to them, especially for infrastructure make it extremely important for software to evolve, in order to adapt to the new socio-economic needs. To make software evolution possible, a superior quality of its design and implementation process must be ensured. For this reason, existing software must be supported by automated systems for analysis, diagnose and design improvement, at a high level as well as at a level close to design. The project proposes to build an integrated environment for quality analysis of software systems, with the following characteristics: - to ensure integrating a large number of structural and semantic analysis tools and methods, both existing and newly developed, allowing the combined application of analyses and the construction of new analyses, of higher complexity. - to allow the evolution of analyses and of the mechanisms to process and visualize the gathered experimental data. - to support the analysis of industrial-size software systems implemented in the main currently used programming languages (C++, Java, C), both from a structural and semantic point of view. Building such a system will allow the automation of analyses for large-scale software systems (> 500 kloc), the precise identification of functional and design flaws through the possibility of applying multiple analyses in a uniform fashion, and to obtain superior results by correlating various analysis types.

Error Detection in Telecommunication Software
Alcatel Romania, Industrial Research Project, , June 2004 - August 2004
Team: Marius Minea, Petru Florin Mihancea