software archeology
play

Software Archeology Mehdi Mirakhorli, Jane Cleland Huang DePaul - PowerPoint PPT Presentation

Mar 07, 2024 •423 likes •707 views

SATRUN 2014 Identifying and Protecting Architecturally Significant Code Software Archeology Mehdi Mirakhorli, Jane Cleland Huang DePaul University Contact me: mehdi@cs.DePaul.edu Architectural Failures One Illinois hospital jointly managed by

  1. SATRUN 2014 Identifying and Protecting Architecturally Significant Code Software Archeology Mehdi Mirakhorli, Jane Cleland ‐ Huang DePaul University Contact me: mehdi@cs.DePaul.edu

  2. Architectural Failures One Illinois hospital jointly managed by the Departments of Veterans Affairs (“VA”) and Defense (“DOD”) failed to achieve ‘interoperability’ between the Departments’ EHR systems, costing the hospital at least $700,000 annually. This is despite the fact that the DOD and VA have already spent $100 million to achieve this quality. 2

  3. Architectural Failures A few days after the launch of the federal government's Obamacare website, millions of Americans that were looking for information about new health insurance plans were locked out of the system even though the designers of HealthCare.gov endeavored to fix the problem and enhance the availability. Was it just availability issue? 3

  4. Architectural Failures “I identified a series of steps that could be easily automated to collect usernames, password reset codes, security questions, and email addresses from the system ‐‐ without any kind of authentication.” SEBELIUS: “ And we immediately corrected that problem , so there wasn't a ‐‐ it was a theoretical problem that was immediately fixed. I would tell you we are storing the minimum amount of data, because we think that's very important. The hub is not a data collector. It is actually using data centers at the IRS, at Homeland Security, at Social Security to verify information, but it stores none of that data, so we don't want to be.....” 4 http://www.questioningsoftware.com/

  5. Detailed Example: An architectural view Requirements# 1: Requirements# 2: highly fault ‐ tolerant, where high throughput access to hardware failure is the norm application data rather than the exception Decision # 1: Decision # 1: Use Master ‐ slave Architectural Use Master ‐ slave Architectural Style where slave processes are Style where slave processes are Decision # 2: Decision # 2: replicated replicated Master FIFO Checkpoint updated data, and Each of these decisions are driven by one or FAIR Scheduler bundle replicas (send every 2 more architectural concern. Decision # 3: Decision # 3: Capacity Scheduler: seconds) – in order to meet Use thread pooling to enhance the Use heartbeat tactic to monitor performance goals. prformance. availability of task trackers and data Decision # 4: Decision # 4: nodes. Heartbeat must beat every Task’s performance monitoring, Use proxy handles failure pattern to Unfortunately, many of them are lost in the More Decisions: HB .25 seconds to balance availability rescheduling and balancing shield clients from failures, and to A non ‐ trivial architecture is likely and performance. architectural design, low level design, and code. support fault tolerance (i.e. service to be composed of hundreds, if continues in the face of transient not thousands of architectural failure. decisions. Slave Apache Hadoop Architecture 5 5

  6. Detailed Example: Architectural Decay Master HB Slave A big ball of mud: Apache Hadoop architecture 6

  7. Architecture Breaker Detailed Example in Hadoop: Developer #1: DataNodes.java, should send several messages to the NameNode.java. Messages such as block reports, heartbeat, blocks to be deleted etc. Developer #2: So many messages, lets merge them by piggy-backing Design Decay & Compromising Availability: block reports are usually delayed, system detects the DataNode failure while it is alive and lunches the recovery process Developer #3: every 10 seconds DataNode reports data or send an empty message for heartbeat Developer #4: lets make it every 2 seconds Design Decay & Performance Tradeoff : Performance issues, tradeoff between availability and performance 7 Issues Reported: HADOOP-4584, HADOOP-178,…

  8. Change Cycle: Ideal World Change in code Environment Source Code Change Results in Influences IS ‐ A Architecture Align Change Reasoning Intended Architecture Ideal World: Architectural information is documented during the Architectural design phase and is updated regularly to reflect the current system architecture. 8

  9. Change Cycle: Real World Change in code Environment Source Code Change Results in Influences IS ‐ A Architecture Erodes the Drifts From architecture Intended Architecture Real World: Architectural information is outdated and does not reflect the current architecture of the system. 9

  10. Architectural Decay Eroded architecture becomes complex, difficult to understand and difficult to maintain. A big ball of mud: Apache Hadoop architecture 10

  11. Archie: A Smart IDE to Protect Architecture The vision initially presented at: Mehdi Mirakhorli, Cleland ‐ Huang, "Using Tactic Traceability Information Models to Reduce the Risk of Architectural Degradation during System Maintenance", ICSM 2011 . 11

  12. Archie: A Smart IDE to Protect Architecture Automatically Proactively keep Detect and trace external developers Perform change monitor code architecture informed of impact analysis snippets that specification underlying of architectural implement key documents to architectural concerns at both architectural the source code the code and decisions during decisions in the design level. or design maintenance source code . model. activities. 12

  13. Archie: A Smart IDE to Protect Architecture Decision Detector: A rigorously validated automated technique based on a combination of machine learning , structural analysis , and pattern matching techniques. Why it works? : Trained by Detect and sample source codes of monitor code hundreds open source projects . snippets that implement key architectural Code Snippets decisions in the Code Snippets source code . public boolean isAuditUserIdentifyPresent(){ public boolean isAuditUserIdentifyPresent(){ return(this.auditUserIdentify != null); return(this.auditUserIdentify != null); public BigDecimal getAuditSequenceNumber(){ public BigDecimal getAuditSequenceNumber(){ return(this.auditSequenceNumber; return(this.auditSequenceNumber; 13

  14. Archie: A Smart IDE to Protect Architecture Detect and monitor code snippets that implement key architectural decisions in the source code . 14

  15. Archie: A Smart IDE to Protect Architecture Detect and monitor code snippets that implement key architectural decisions in the source code . 15

  16. Archie: A Smart IDE to Protect Architecture  IDEs and Compilers do well on Syntactical issues, a little attention to Semantic but Design Rational is not covered. Proactively keep  Archie has features for communicating architectural developers knowledge. informed of  Visualization module to depict the seams of a software underlying design, the driving requirements, business goals and architectural decisions during rationale behind the source code. maintenance activities. 16

  17. Archie: A Smart IDE to Protect Architecture Proactively keep developers informed of underlying architectural decisions during maintenance activities. 17

  18. Archie: A Smart IDE to Protect Architecture An asynchronous Event ‐ Based monitoring and notification infrastructure has been designed to proactively inform developers of underlying architectural decisions. An initial proof of concept experiment has been conducted. Perform change impact analysis of architectural concerns at both the code and design level. 18

  19. Archie: A Smart IDE to Protect Architecture Perform change impact analysis of architectural concerns at both the code and design level. 19

  20. Archie: A Smart IDE to Protect Architecture Perform change impact analysis of architectural concerns at both the code and design level. 20

  21. Archie: A Smart IDE to Protect Architecture Perform change impact analysis of architectural concerns at both Design Warnings the code and design level. 21

  22. Archie: A Smart IDE to Protect Architecture Perform change impact analysis of architectural concerns at both the code and design level. 22

  23. Archie: A Smart IDE to Protect Architecture Perform change impact analysis of architectural concerns at both the code and design level. We utilized the Hadoop change logs for the past four releases, and simulated a change impact analysis scenarios. 23

  24. Archie: A Smart IDE to Protect Architecture Current Research Technology: A large body of industry level validated automated trace retrieval techniques, released and examined in Tracelab experimental environment. Automatically trace external architecture specification documents to the source code Supporting traceability of distributed heterogeneous or design software artifacts. model. 24

  25. The Software Assurance Marketplace  Archie is integrate into the pool of security tools at SWAMP.  Will be Integrated with vulnerability analysis tools. “We’re trying to do our job in protecting our nation’s critical infrastructure and providing capabilities to be more proactive instead of reactive to cyberthreats. Along with the technologies I’m developing, I think the SWAMP will definitely be a revolutionary force in the software assurance community. We anticipate advancing some breakthroughs in the SWAMP,” Kevin Greene declares. Kevin E. Greene Program Manager (SwA), DHS S&T Cyber Security Division (CSD) 25

  26. The Software Assurance Marketplace 26

  27. "All I'm saying is now is the time to develop the technology to deflect an asteroid." 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

REGULATORY ARCHEOLOGY: Service Area Disputes Arising from 1975 Certification

REGULATORY ARCHEOLOGY: Service Area Disputes Arising from 1975 Certification

REGULATORY ARCHEOLOGY: Service Area Disputes Arising from 1975 Certification Proceedings Cody Faulk Texas Public Power Association Lloyd Gosselink Rochelle & Townsend, 2019 Annual Meeting P .C.

676 views • 26 slides
CURRICULUM Since 1994 Kalat has promoted research and 20 International Archeology Summer Camps in

CURRICULUM Since 1994 Kalat has promoted research and 20 International Archeology Summer Camps in

CURRICULUM Since 1994 Kalat has promoted research and 20 International Archeology Summer Camps in the mu- development of Sicilian territory thanks to: nicipalities of Trapani, Erice, Paceco, Valderice, Alcamo, Naro, Campobello di Licata; the

484 views • 17 slides
Hot topics on Galaxy Formation and Evolution 3. Archeology and Size Evolution Roberto Saglia

Hot topics on Galaxy Formation and Evolution 3. Archeology and Size Evolution Roberto Saglia

Page 1 Hot topics on Galaxy Formation and Evolution 3. Archeology and Size Evolution Roberto Saglia Max-Planck Institut fr extraterrestrische Physik Garching, Germany Padova, March 2012

900 views • 41 slides
Welcome! Announcements: DiVE Archeology Open House this afternoon, 4-6pm Data & GIS

Welcome! Announcements: DiVE Archeology Open House this afternoon, 4-6pm Data & GIS

Visualization Friday Forum Fall 2013 Welcome! Announcements: DiVE Archeology Open House this afternoon, 4-6pm Data & GIS fall workshops Data & GIS student job opening D3 monthly study group Visualization for Teaching and

658 views • 34 slides
Buy Green Save Green! Utilizing Life Cycle Assessment and Waste Archeology Strategies to

Buy Green Save Green! Utilizing Life Cycle Assessment and Waste Archeology Strategies to

Buy Green Save Green! Utilizing Life Cycle Assessment and Waste Archeology Strategies to Integrate Environmental Criteria into Procurement and Supply Chain Processes at Rutgers, The State University of New Jersey Kevin Lyons, Ph.D. The

585 views • 33 slides
Sum Total of ISA Sum Total of ISA Knowledge Knowledge Analyzing Your Static Analysis Tools

Sum Total of ISA Sum Total of ISA Knowledge Knowledge Analyzing Your Static Analysis Tools

Sum Total of ISA Sum Total of ISA Knowledge Knowledge Analyzing Your Static Analysis Tools Analyzing Your Static Analysis Tools @alexkropivny Unsolicited Firmware Unsolicited Firmware Archeology and You Archeology and You "I bet I

726 views • 36 slides
CSE 2221 Software I: Software Components and CSE 2231 Software II: Software Development and

CSE 2221 Software I: Software Components and CSE 2231 Software II: Software Development and

CSE 2221 Software I: Software Components and CSE 2231 Software II: Software Development and Design 8 January 2019 OSU CSE 1 Restated Learning Outcomes Theme 1: software engineering concepts Be familiar with sound software engineering

535 views • 17 slides
Presentation Software Presentation Software Presentation Software Presentation Software An

Presentation Software Presentation Software Presentation Software Presentation Software An

Presentation Software Presentation Software Presentation Software Presentation Software An introduction to creating electronic presentations using Microsoft PowerPoint 2010 ABT COLLABORATIVE BCCAMPUS Except for third party materials and

1.7k views • 94 slides
ARM Software Suite Powered by GDM Why use ARM Software? ARM is the software solution to plan,

ARM Software Suite Powered by GDM Why use ARM Software? ARM is the software solution to plan,

ARM Software Suite Powered by GDM Why use ARM Software? ARM is the software solution to plan, create, manage, analyze and report agricultural experiments 2 ARM Software Overview Why use ARM Software? ARM provides: Resulting benefits

542 views • 9 slides
KAI Software YOUR IDEA.OUR SOFTWARE. Overview KAI SOFTWARE INC was founded in 1994 and today we

KAI Software YOUR IDEA.OUR SOFTWARE. Overview KAI SOFTWARE INC was founded in 1994 and today we

KAI Software YOUR IDEA.OUR SOFTWARE. Overview KAI SOFTWARE INC was founded in 1994 and today we create new software development solutions for projects with sizable data requirements. Having a background in mining industry, KAI Software have

267 views • 26 slides
CSE 2221 Software I: Software Components and CSE 2231 Software II: Software Development and

CSE 2221 Software I: Software Components and CSE 2231 Software II: Software Development and

CSE 2221 Software I: Software Components and CSE 2231 Software II: Software Development and Design 7 January 2020 OSU CSE 1 Welcome to CSE 2231! Class attendance is required . You will be allowed 4 lecture absences and 4 lab

863 views • 7 slides
Introducing Software Software Applications A.Y. 2020/2021 What is software? What is software?

Introducing Software Software Applications A.Y. 2020/2021 What is software? What is software?

Introducing Software Software Applications A.Y. 2020/2021 What is software? What is software? - Nave answer: anything that is not hardware - A collection of data or computer instructions that tell the computer how to work, in contrast to

1.72k views • 32 slides
B U Y I N G Q U A L .. I T Y SOFTWARE by HENRY OLDERS presented at SOFTWARE '77 -~ B U Y I

B U Y I N G Q U A L .. I T Y SOFTWARE by HENRY OLDERS presented at SOFTWARE '77 -~ B U Y I

B U Y I N G Q U A L .. I T Y SOFTWARE by HENRY OLDERS presented at SOFTWARE '77 -~ B U Y I N G QUALITY SOFTWARE The author describes his experiences in purchasing applications software for real time process control systems.

641 views • 4 slides
Software Engineering Topics Computer science v. software engineering Definition of

Software Engineering Topics Computer science v. software engineering Definition of

Software Engineering Topics Computer science v. software engineering Definition of software engineering Types of software The nature of software Software history and the software crisis Software quality Elements of

818 views • 67 slides
ClickPoint Software Lead Management Software ClickPoint Software Confidential ClickPoint

ClickPoint Software Lead Management Software ClickPoint Software Confidential ClickPoint

ClickPoint Software Lead Management Software ClickPoint Software Confidential ClickPoint Software was created because there was no software that was easy to implement for managing and distributing leads and phone calls. The process was

225 views • 11 slides
Software NFs The good: The fmexibility of software The software development cycle The bad: The

Software NFs The good: The fmexibility of software The software development cycle The bad: The

Automated Synthesis of Adversarial Workloads for Network Functions Luis Pedrosa, Rishabh Iyer, Arseniy Zaostrovnykh, Jonas Fietz, Katerina Argyraki N etwork A rchitecture L aboratory Software NFs The good: The fmexibility of software The

710 views • 54 slides
HAS ACCREDITATION AND APPROVAL CHANGED? National Council for Adoption Conference June 2019

HAS ACCREDITATION AND APPROVAL CHANGED? National Council for Adoption Conference June 2019

INTERCOUNTRY ADOPTION ACCREDITATION AND APPROVAL HAS ACCREDITATION AND APPROVAL CHANGED? National Council for Adoption Conference June 2019 IAAME PRESENTERS Stephen Pennypacker Chief Executive Officer Michael Reneke Chief

415 views • 27 slides
CALIFORNIA HEALTH FACILITIES FINANCING AUTHORITY COMMUNITY SERVICES INFRASTRUCTURE GRANT PROGRAM

CALIFORNIA HEALTH FACILITIES FINANCING AUTHORITY COMMUNITY SERVICES INFRASTRUCTURE GRANT PROGRAM

CALIFORNIA HEALTH FACILITIES FINANCING AUTHORITY COMMUNITY SERVICES INFRASTRUCTURE GRANT PROGRAM SECOND FUNDING ROUND APPLICATION TECHNICAL ASSISTANCE WEBINAR OCTOBER 30, 2019 WELCOME AND INTRODUCTIONS EXECUTIVE DIRECTOR FRANK MOORE DEPUTY

818 views • 45 slides
February 20, 2018 VIA ELECTRONIC FILING Ms. Marlene H. Dortch Secretary Federal Communications

February 20, 2018 VIA ELECTRONIC FILING Ms. Marlene H. Dortch Secretary Federal Communications

Mitchell F. Brecher (202) 331-3152 BrecherM@gtlaw.com February 20, 2018 VIA ELECTRONIC FILING Ms. Marlene H. Dortch Secretary Federal Communications Commission 445 12 th Street, SW Washington, DC 20554 Re: WC Docket No. 17-287, Bridging

280 views • 5 slides
Net Neutrality M I C H A E L R I P P E R G E R T E L E C O M M U N I C A T I O N S B U R E A U

Net Neutrality M I C H A E L R I P P E R G E R T E L E C O M M U N I C A T I O N S B U R E A U

Net Neutrality M I C H A E L R I P P E R G E R T E L E C O M M U N I C A T I O N S B U R E A U C H I E F N E W M E X I C O P U B L I C R E G U L A T I O N C O M M I S S I O N S C I E N C E , T E C H N O L O G Y , A N D T E L E C O M M

328 views • 14 slides
Whats it all about, Archie? also known as Weve got to get out of this place NYS

Whats it all about, Archie? also known as Weve got to get out of this place NYS

Whats it all about, Archie? also known as Weve got to get out of this place NYS Council for Community Behavioral Healthcare Annual Meeting December 6, 2016 Gerald J. Archibald, CPA Partner, Co-Practice Leader for

483 views • 31 slides
WHO AM I? C a n d o Inspiring Success WHAT DO I DO? C a n d o Inspiring Success C a n d o

WHO AM I? C a n d o Inspiring Success WHAT DO I DO? C a n d o Inspiring Success C a n d o

WHO AM I? C a n d o Inspiring Success WHAT DO I DO? C a n d o Inspiring Success C a n d o Inspiring Success C a n d o Inspiring Success B USINESS D ECISIONS IN B USINESS T IME C a n d o

318 views • 12 slides
and Misoperations Session 3: Management Involvement W E C C E S T E R N L E C T R

and Misoperations Session 3: Management Involvement W E C C E S T E R N L E C T R

Webinar Series: Reduction of Unknown Outages and Misoperations Session 3: Management Involvement W E C C E S T E R N L E C T R I C I T Y O O R D I N A T I N G O U N C I L 2 Welcome Webinar is being

566 views • 29 slides
Unmanned Air Systems Programmes Wg Cdr Dave Postlethwaite MBE MCGI BEd RAF Officer Commanding

Unmanned Air Systems Programmes Wg Cdr Dave Postlethwaite MBE MCGI BEd RAF Officer Commanding

UK Ministry of Defence Unmanned Air Systems Programmes Wg Cdr Dave Postlethwaite MBE MCGI BEd RAF Officer Commanding UAS Test & Evaluation Squadron Sqn Ldr Archie Brown HQ 1 Gp SO2 RPAS UNCLASSIFIED Overview UK Programmes

527 views • 25 slides

More recommend