Theses and Dissertations at Montana State University (MSU)
Permanent URI for this collectionhttps://scholarworks.montana.edu/handle/1/733
Browse
4 results
Search Results
Item Design pattern decay: a study of design pattern grime and its impact on quality and technical debt(Montana State University - Bozeman, College of Engineering, 2021) Griffith, Isaac Daniel; Chairperson, Graduate Committee: Clemente IzurietaTechnical debt is a financial metaphor describing the trade-off between the short-term benefits gained and long-term consequences of design and implementation shortcuts taken over the evolution of a software product. These shortcuts typically manifest as design disharmonies such as code smells, anti-patterns, or design pattern grime. Design pattern grime, which manifests as the accumulation of unnecessary or unrelated software artifacts within design pattern instance classes is of serious concern. Design patterns represent agreed upon methods to solve common problems and are based upon sound principles of good design; thus, these pattern instances' decay implies an evolution away from good design. Currently, little is known about the causal nature of design pattern grime on technical debt and quality or how these three issues interrelate. What is the nature of the relationships between structural design pattern grime, software maintainability, and technical debt measurement? To better understand design pattern grime, we have extended the structural grime taxonomy. We developed an approach to generate design pattern grime instances and inject them with design pattern grime. Using this approach, we conducted 7 experiments evaluating the effects of 26 forms of grime, at 6 severity levels within 16 design pattern types, on software maintainability and technical debt. The results showed that depending upon grime type, grime severity, and pattern type, grime does significantly affect both maintainability and technical debt. We also conducted a verification study on pairs of pattern instances from open-source software systems to evaluate how well the injection process represents the real effects of grime and to verify the results of the experiments. The results of this study showed that there is a disconnect between the injection process and reality, indicating that refinements are still needed. However, the verification study worked as expected in indicating where issues may exist in the process.Item The analysis of binary file security using a hierarchical quality model(Montana State University - Bozeman, College of Engineering, 2022) Johnson, Andrew Lucas; Chairperson, Graduate Committee: Clemente IzurietaSoftware security is commanding significant attention from practitioners. In many organizations, security assessment has been integrated into the software development lifecycle, which allows for continuous monitoring of software weaknesses and vulnerabilities throughout the development process. One often overlooked aspect of the software development lifecycle is the end of the lifecycle. Prior to delivering software to customers, many vendors digitally sign and compile source code into a binary. In binary form, analysis may be done to reveal security flaws that were not present in the original code or that were injected at some point between the code being written and the code being compiled. Our research goal is to improve our ability to assess the security quality of a binary from different stakeholders' perspectives. While many analysis tools exist that identify security flaws, there is little work done to enable the use of multiple tools, which is necessary to identify different types of security flaws. To accomplish our goal, we approach the problem from the perspective of quality modeling. We have designed and developed a software quality model for assessing security quality in binaries (PIQUE-Bin) and operationalized the model by using PIQUE, the Platform for Investigative software Quality Understanding and Evaluation. The design of our model is based on the Microsoft STRIDE model and the software development view of the Common Weakness Enumeration (CWE). The model produces a relative and subjective security score for a binary file. An informal literature review reveals a lack of model-based security metrics targeting binary files, which helped motivate this research. To enhance the validity of this work, a sensitivity analysis assessment based on a benchmark repository of 700 binary files was performed. Model output is validated by measuring tool output sensitivity and calibrated against the presence of injected vulnerabilities. We find that our model is able to measure the security quality of binaries relative to the benchmark repository.Item Tools for rule-based program development(Montana State University - Bozeman, College of Engineering, 1988) Turner, Michael DavidItem An autonomic software architecture for distributed applications(Montana State University - Bozeman, College of Engineering, 2007) Fuad, Mohammad Muztaba; Chairperson, Graduate Committee: Michael J. OudshoornAutonomic computing is a grand challenge in computing that aims to produce software that has the properties of self-configuration, self-healing, self-optimization and self-protection. Adding such autonomic properties into existing applications is immensely useful for redeploying them in an environment other than they were developed for. Such transformed applications can be redeployed in different dynamic environments without the user making changes to the application. However, creating such autonomic software entities is a significant challenge not only because of the amount of code transformation required but also for the additional programming needed for such conversion. This thesis presents techniques for injecting autonomic primitives into existing user code by statically analyzing the code and partitioning it to manageable autonomic components. Experiments show that such code transformations are challenging, however they are worthwhile in order to provide transparent autonomic behavior. Software architecture to provide such autonomic computing support is presented and evaluated to determine its suitability for a fully fledged autonomic computing system. The presented architecture is a novel peer-to-peer distributed object-based management automation architecture.