Hironori Washizaki, Yann-Gael Gueheneuc, Foutse Khomh, “A Taxonomy for Program Metamodels in Program Reverse Engineering,” 32nd IEEE International Conference on Software Maintenance and Evolution (ICSME), October 2-10, Raleigh, North Carolina, USA. (to appear)

Metamodels are frequently used during program reverse engineering activities to describe and analyze constituents and relations between the constituents of a program for supporting program comprehension, maintenance, and extension. Reverse engineering tools often define their own metamodels according to their own purposes and intended features. These metamodels have all advantages, and limitations that might have been solved by others. Although there are some existing works on the evaluation and comparison of these metamodels and tools, none of them consider all the possible characteristics and limitations to provide a comprehensive guidance for classification, comparison, reuse and extension of program metamodels. To guide practitioners and researchers to classify, compare, reuse, and extend program metamodels and their corresponding reverse engineering tools according to their goals, we first establish a conceptual framework with definitions of program metamodels and related concepts. Based on this framework, we provide a comprehensive taxonomy named Program Metamodel TAxonomy (ProMeTA), which incorporates characteristics that are newly identified into those that have already been stated in previous works identified by a systematic literature survey on program metamodels, while keeping the orthogonality of the entire taxonomy. We validate the taxonomy in terms of its orthogonality and usefulness through the classification of popular metamodels.

Masatoshi Yoshizawa, Hironori Washizaki, Yoshiaki Fukazawa, Takao Okubo, Haruhiko Kaiya and Nobukazu Yoshioka, “Implementation Support of Security Design Patterns Using Test Templates,” Information, Special Issue on Evaluating the Security of Complex Systems (DBLP Indexed), 2016. (to appear)

Security patterns are intended to support software developers as the patterns encapsulate security expert knowledge. However, these patterns may be inappropriately applied because most developers are not security experts, leading to threats and vulnerabilities. Here we propose a support method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, consisting of an “aspect test template” to observe the internal processing and a “test case template”. Providing design information creates a test from the test template with a tool. Because our test template is reusable, it can easily perform a test to validate a security design pattern. In an experiment involving four students majoring in information sciences, we confirm that our method can realize an effective test, verify pattern applications, and support pattern implementation.

情報科学国際交流財団 SSR 産学戦略的研究フォーラムにおいて前年度のクラウドセキュリティ＆プライバシメタモデル研究に続き、研究課題「複雑なネットワークソフトウェアシステムにおけるセキュリティ＆プライバシ・エコシステムの調査研究」（代表: 鷲崎弘宜・早稲田大学）が採択されました。期間は1年間です。

国内外の研究組織、ならびに、協賛企業の方々と共同で、前年度の成果を発展応用しつつ、ネットワークソフトウェアシステムの企画から開発、運用に到るライフサイクル中のセキュリティ＆プライバシに関わる様々な成果物や知識等を統合再利用して新たなソフトウェアシステムを進化的に生み出し、またその運用における新たなリスクや攻撃・対策を、当該および他のソフトウェアシステムの企画・開発・運用へ役立てる共存・循環・進化型の「ソフトウェアシステム・セキュリティ＆プライバシ・エコシステム（生態系）」を実現します。

Pablo Alejandro QUEZADA SARMIENTO from GRUPO DE INVESTIGACIÒN : GITE -UTPL joined our lab to proceed with his Ph.D. thesis until middle of August 2016. Welcome!

鷲崎弘宜, “クラウドサービスの開発運用においてセキュリティとプライバシを扱うためのメタモデルと応用”, SSR平成27年度成果報告会, 2016年6月1日

Kiyoshi Honda, Nobuhiro Nakamuray, Hironori Washizaki and Yoshiaki Fukazawa, “Case Study: Project Management Using Cross Project Software Reliability Growth Model,” IEEE International Workshop on Trustworthy Computing, collocated with QRS 2016, Vienna, Austria, August 1-3, 2016 (to appear)

We propose a method to compare software products developed by the same company in the same domain. Our method, which measures the time series of the number of detected faults, employs software reliability growth models (SRGMs). SRGMs describe the relations between faults and the time necessary to detect them. Although several researchers have studied cross project defect predictions to determine defect locations using the features of previous software product’s code such as lines of codes and complexities, past works on SRGMs did not compare products or develop comparison methods. Herein we propose a method to compare SRGMs across products. To provide managers and developers insight on advances of its products, our method is applied to the datasets for nine projects developed by Sumitomo Electric Industries, Ltd. SRGMs based on person hours are between 13% and 97% more precise than those based on calendar time.

Kiyoshi Honda, Nobuhiro Nakamuray, Hironori Washizaki and Yoshiaki Fukazawa, “Case Study: Project Management Using Cross Project Software Reliability Growth Model,” Poster, The 2016 IEEE International Conference on Software Quality, Reliability & Security (QRS 2016)(CORE Rank B), Vienna, Austria, August 1-3, 2016 (to appear)

We propose a method to compare software products developed by the same company in the same domain. Our method, which measures the time series of the number of detected faults, employs software reliability growth models (SRGMs). SRGMs describe the relations between faults and the time necessary to detect them. Although several researchers have studied cross project defect predictions to determine defect locations using the features of previous software product’s code such as lines of codes and complexities, past works on SRGMs did not compare products or develop comparison methods. Herein we propose a method to compare SRGMs across products. To provide managers and developers insight on advances of its products, our method is applied to the datasets for nine projects developed by Sumitomo Electric Industries, Ltd. SRGMs based on person hours are between 13% and 97% more precise than those based on calendar time.

Hidenori Nakai, Naohiko Tsuda, Kiyoshi Honda, Hironori Washizaki, and Yoshiaki Fukazawa, “Initial Framework for a Software Quality Evaluation based on ISO/IEC 25022 and ISO/IEC 25023,” Poster, The 2016 IEEE International Conference on Software Quality, Reliability & Security (QRS 2016)(CORE Rank B), Vienna, Austria, August 1-3, 2016 (to appear)

Although the high quality of software is important for software stakeholders, quality of software products is not effectively defined. Some quality models have been proposed, but they cannot measure and evaluate software product quality comprehensively. Additionally, some companies define their own quality models. However, the quality measured and evaluated based on company-specified quality models cannot be compared to the quality of other software products. To alleviate this problem, ISO/IEC tried to define an international standard for comprehensive quality measurement and evaluation, but this standard includes ambiguous measurements, making it difficult to apply. Herein an initial comprehensive quality measurement framework, which includes a clear measurement plan based on ISO/IEC, is proposed. A case study confirms the usefulness of this framework. However, this framework should be revised to increase its effectiveness.

Chihiro Uchida, Kiyoshi Honda, Hironori Washizaki, Yoshiaki Fukazawa, Kentaro Ogawa, Tomoaki Yagi, Mikako Ishigaki, Masashi Nakagawa, “GO-MUC: A Strategy Design Method Considering Requirements of User and Business by Goal-Oriented Measurement,” 9th International Workshop on Cooperative and Human Aspects of Software Engineering (CHASE 2016), short paper, collocated with ICSE 2016, Autin, Texas, USA, May 16, 2016.

Hironori Washizaki, Sota Fukumoto, Misato Yamamoto, Masatoshi Yoshizawa, Yoshiaki Fukazawa, Shinpei Ogata, Eduardo B. Fernandez, Nobukazu Yoshioka, Takehisa Kato, Haruhiko Kaiya, Hideyuki Kanuka, Yuki Kondo, Takao Okubo, Atsuo Hazeyama, “A Metamodel for Security and Privacy Knowledge in Cloud Services,” 12th IEEE World Congress on Services (IEEE SERVICES 2016), Poster Paper, June 27 – July 2, 2016, San Francisco, USA. (to appear)

It is important to ensure security and privacy in cloud services. Although there are many security and privacy patterns and much non-pattern-based knowledge such as practices and principles in cloud services, it is difficult to select and combine the right ones due to the large number of those items and the nature of the layered cloud stack. In this paper, we propose a metamodel for handling security and privacy in cloud service development and operation. The metamodel is expected to be utilized for building a knowledge base to accumulate, classify and reuse existing cloud security and privacy patterns and practices in a consistent and uniform way. Moreover the metamodel and knowledge base are expected to be utilized for designing and maintaining architectures for cloud service systems incorporating security and privacy.