Learning solutions for decreasing the Software Complexity to improve Software Security

International Journal of Emerging Technology and Advanced Engineering

318

Learning solutions for decreasing the Software

Complexity to improve Software Security

Masoud Rafighi 1, Masoume Alidoust2

1 _{M.SC. Department of Computer Science Taali University}

2_{B.SC. Department of Computer Sciences Payam Noor University}

1_{[email protected]}

2_{[email protected]}

Abstract— this article argues the expansion and development of software and studies the problems of production and maintenance of it such as software complexity. Then we talk about the issue of security in software and we express the relation between software security and its complexity. Finally we will review the requirements engineering and we try to show solutions for decreasing the complexity and increasing the security of software

Keywords— layers of software engineering, software quality, software security, requirements engineering, software complexity

I. INTRODUCTION

Engineering is learning the rules, principles, standards and discipline in a way that is usable. Engineering consists of methods, styles, procedures, phase's recognition, different factors and how they are used. The process of making high quality software in the expected period of time and with the estimated budget which satisfy the needs of the user is called ―software engineering‖. Software engineering is a technique, style and philosophy in producing and monitoring the software products and it includes various parts of analysis, design, implementation, testing and maintaining. These parts follow a certain order. Software engineering is not also dependant on time, place, investment, language or desire but is a standard method which will be declared by relevant documents and it has made the product independent toward other products and the personal desire has no place in it.

II. LAYERS OF SOFTWARE ENGINEERING

According to IEEE, software engineering is ―a systematic, ordered and quantifiable development tocreate, expandand secure software.‖ software engineering is a multi-layer technology. (Figure I)

FIGURE I

LAYERS OF SOFTWARE ENGINEERING

International Journal of Emerging Technology and Advanced Engineering

319

These methods encompass a range of various assignments whichare analysis of requirements, designing, programming, testing and maintenance. Methods of software engineering are based on a range of basic principles that manage contexts of technology and include modelling activities and other descriptive techniques which will ultimately lead to a more evolved than before approach to software engineering. Tools of software engineering provide an automatic or semi-auto support to facilitate the process and methods in a way that tools are integrated. So the information that is being used by a certain tool can be used by other tools. In this state the computer (CASE) can be used for aiding support, design and creation of software.

CASE in fact is a combination of software, hardware and the database of software engineering. The database is a storage consisting important information about analysis, design, programming and testing. CASE creates a software engineering environment for simulating CAD\CAE2 or designing\engineering with the aid of computer for hardware. [1]

III. SOFTWARE QUALITY

Quality is a clear and easy to understand concept. Anyone wants to produce a high quality product or offer high quality services. But it is difficult to give an exact definition of quality for everyone. Quality is usually defined by certain features that should exist in a product. One of well-known definitions is that quality is the consistency of software with operational and practical needs that have been clearly stated. It is also vital to consider the standards of production and expansion of software which are precisely documented and the existence of tacit attributes which is expected for all professional software is necessary

A. Famous Models for Software Quality

- McCall Model: This method expresses the quality of software based on three aspects: operational features, capable of correction and able to transform. Privilege of this model is the relation between quality attributes and patterns.

- Boehm Model: This model divides features into three parts. There are common factors in principal features. This model gave some explanations about evaluating the software according to the usage of it and added relative attributes about hardware. Major disadvantage of this model is the lack of a solution for evaluating and measuring the quality attributes.

- ISO\IEC Model: This international standard divides major features of software quality into six main qualitative features that each of them is composed of several sub-features. These categories include functional ability, reliability, usability, performance, ability to store and portability. The most important advantage of this model is that internal and external quality features of a software are segregated.

- Dromey Model: This model studies the effect of software product’s features on quantitative traits.

- Kazman Model: This group hasn’t in fact presented a

quality model. Users of this method should define their quality model according to their needs.

- IEEE Model: This institution uses Tree Structure for quality model and emphasizes on how to create methods for measurement of quality factors.

- Star-Hierarchical Quality Model: Star model of software quality is a conceptual method for showing different viewpoints.

- FURPS Model: This model is used for identifying the most important features of a product and describing them in measurable concepts. [2]

IV. SOFTWARE SECURITY

Since software is a wide range of various factors, we just review some brief basic concepts of security. Main points of security include:

- Confidentiality: revelation of data is not allowed in system.

- Integrity: there should be no minor and imperfect changes to information.

- Availability: authorized users should have access to data.

Fundamental challenges of security are divided into most three important areas:

- Security Policy: What principles should be applied in designing and operating the system and what are the goals to reach.

- Security Model: This is a displaying presentation of security policy.

International Journal of Emerging Technology and Advanced Engineering

320

V. SOFTWARE COMPLEXITY

When we talk about complexity of software, the first question that must be answered is: What is Complexity?

There is no general agreement on how to define software and the general belief is that the software complexity cannot be defined by using only one dimension. Software complexity is a general non-standard issue and is a dependent term that describes the composition of system. It is dependent because no absolute amount can be referred to it. A system with high software complexity can be less complex in compare to other systems.

In general, software complexity shows the intellectual thinking that needs to be done for understanding the software. IEEE defines complexity: difficultness of understanding or reviewing a system or factor that is designed or implemented. By difficultness of understanding, we mean that the complexity isn’t necessarily an absolute scale for measurement but is a relative scale. Measuring software complexity is one of the fields in software engineering which studies facts of measurement effect on maintenance and expansion costs. [3]

VI. PROCESS OF SOFTWARE MAINTENANCE

Maintenance is the process of correction, debugging, supporting, expansion and upgrading the software after release and usage. This process begins with change requests from management or users.

Maintenance is a management issue, not technical. Unfortunately, software engineers know just a little about maintenance. They think doing maintenance needs less skill than expansion process and they hire less experienced individuals for the maintenance.

Given that software productions involves maintenance too, it should be considered that the fastest method for production is not always the best one because it can cause problems in maintenance that waste a lot of money and time.

B. Types of Maintenance

Maintenance is divided into the following four types: - Corrective Maintenance: not discovered errors during the development of system will be discovered and corrected. Code errors are easily corrected but the errors which are caused by false understanding of requirements are so expensive to correct because a new plan is needed.

- Preventative Maintenance: All the corrections that make a segment of software changeable. It is the same as corrective maintenance and is used to keep the system running but it’s unscheduled.

- Adaptive Maintenance: When some changes are done to system environment, the adaptive maintenance is needed.

- Perfective Maintenance: Developed system is changed in a way that the duties which were defined for system at the beginning remain uninterrupted. (Figure II)

FIGURE II

DISTRIBUTION OF MAINTENANCE TYPES

VII. REQUIREMENTS ENGINEERING

So many models have been introduced for RE process in the past two decades. Each model focuses on different aspects of RE: (Table I)

- Requirements’ Elicitation - Requirements’ Negotiation - Requirements’ Specification - Requirements’ Validation - Requirements’ Management

TABLE I

STEPS OF REQUIREMENTS ENGINEERING

Elicitation Negotiati on

Document ation

Validation Managem ent

Require ments of users

Simple Requirem ents

Filtered Require ments

Documentat ion of Requiremen ts, system description

Requireme nts agreement

International Journal of Emerging Technology and Advanced Engineering

321

There should be some criterions for measuring the success or failure of a project because the software can’t be measured by real world tools for measuring. The project’s success or failure depends largely on requirements. A requirements error is responsible for 70 to 85 percent of the cost of reproducing software projects. Studies show that if the errors caused by requirements are not found before the release, cost of correcting them will increase sometimes over 100 times and this means wasting the resources which lead to project’s failure. According to researches and industrial experiments, RE is an essential process that ensure the quality of software. Among other factors which are shown in table II, more than 42% of project’s success depends on RE technique

TABLE II

FACTORS OF PROJECT’S SUCCESS

Factors of project’s success % of Effectiveness Associated with RE

User Involvement : 15.9% *

Supporting executive management : 13.9% *

Clear descriptions of requirements : 13% *

Proper Planning : 9.6% Realistic expectations : 8.2% Shorter stages in project : 7.7% Individual competence : 7.2% Ownership : 5.3% Aims and right attitude : 2.9%

Similarly, RE is responsible for 43% of delays or budget overruns. (Table III)

TABLE III

FACTORS OF PROJECT’S FAILURE

Factors of project’s success % of Effectiveness Associated with RE

Incomplete requirements : 13.1% *

Lack of communication with user : 12.4% *

Lack of resources 10.6% Lack of proper planning : 8.1% Unrealistic expectations: 9.9%

Change in requirements and descriptions : 8.7% *

Lack of supporting executive management: 9.3% *

Lack of IT management: 6.2% Unawareness of technology : 4.3% Other reasons : 9.9%

VIII. TYPES OF SOFTWARE COMPLEXITY TABLEI There are four types of software complexity. (Figure III) - Domain Complexity: This type of complexity is caused directly by domain or range of usage and it is unavoidable, it makes the communication between team members with problems which will lead to errors in product, increasing the expected budget and delays.

- Scale Complexity: It’s the result of size or other tools of scaling. Most parts of performance is a special shape of scale complexity. Software complexity will be decreased by abstract layering.

- Artificial Complexity: Artificial product which is used for software development causes artificial complexity.

- Functional Complexity: This type of complexity is like a descriptive variant for learning the needed work to expand the software functionality which includes decomposition, designation of functional processes and designing each functional process to satisfy the needs of users. [4]

FIGURE III

TYPES OF SOFTWARE COMPLEXITY

IX. CRITERIONS OF SOFTWARE COMPLEXITY

International Journal of Emerging Technology and Advanced Engineering

322

- estimating the cost and scheduling (often inaccurate) - Low quality of software

- Low rate of efficiency (there is a slower growth of demand for software.)

Software crisis should be investigated and resolved when it is possible. For doing that, we need more accurate estimation of costs and scheduling high quality products and high efficiency. All of these tasks can be achieved with an impressive software management. Management can be facilitated by better usage of software criterions. Improvement of process management depends on improving the recognition ability, scaling and controlling the essential parameters of expansion process. Recognition and scaling the essential parameters is the aim of software criterions. Operating and proper usage of software criterions programs will lead to better results of management. Here are the criterions for software complexity. (Figure IV)

FIGURE IV

CRITERIONS FOR SOFTWARE COMPLEXITY

X. CONCLUSION

Results from studies and researches show that complexity is an innate characteristic of software. Software complexity is involved with satisfying the functional requirements of software and can’t be simpler or less than a certain threshold amount. We can decrease software complexity by proper use of requirements engineering. The more we can decrease complexity, the more we can increase security. High levels of complexity lead to a large amount of errors and the need for more testing and debugging and more cost of expansion and maintenance.

So software complexity plays an important role in estimation of expansion and maintenance costs and also in software quality. So it is not rational to ignore it.

REFERENCES

[1] Adam West,'' NASA Study on Flight Software Complexity '', final report, 3/5/2009

[2] List of Cognitive Biases, Available at http://en.wikipedia.org/wiki/List_of_congnitive_ biases, Accessed February 26, 2008

[3] Fraser, Steven and Mancl, Dennis. ''No Silver Bullet: Software Engineering Reloaded,'' IEEE Software (IEEE), January/ February 2008: 91-94

[4] Hermann Kaindl, Patrick Wanger – A Unification of the Essence of Goal-oriented Requirements Engineering – May 23, 201o – University of Technology Vienna, Austria

AUTHORS PROFILE

Masoud rafighi was born in Tehran,

Iran on 1983/08/10. He receives M.Sc degree in computer engineering software from Azad University North Tehran Branch, Tehran, IRAN. He has recently been active in software engineering and has developed and taught various software related courses for the Institute and university for Advanced Technology, the University of Iran. His research interests are in software measurement, software complexity, requirement engineering, maintenance software, software security and formal methods of software development. He has written a book on software complexity engineering and published many papers.

Masoume Alidoust was born in Tehran, Iran on 1982/09/17.

She receives B.Sc. degree in computer engineering software from Payam Noor University. She has recently been active in software engineering and has developed

Riterions for Software Complexity

t e r i o n s f o r S o f t w a r e C o m p l e x i t y

Complexity of Data Structure

Complexity of information flow

Attachment Stickiness Lexical Complexity