STATISTICAL ANALYSIS FOR OBJECT
ORIENTED DESIGN SOFTWARE
SECURITY METRICS
Amjan Shaik, Dr.C.R.K.Reddy, Dr.A.Damodaran
Abstract
In the last decade, empirical studies on object-oriented design metrics have shown some of them to be useful for predicting the fault-proneness of classes in object-oriented software systems. In the era of Computerization Object Oriented Paradigm is becoming more and more pronounced. This has provoked the need of high quality object oriented software, as the traditional metrics cannot be applied on the object-oriented systems. This paper gives the evaluation of CK suit of metrics. There are quite a few sets of proposed metrics for object-oriented software in the literature and research papers. The definition of six different metrics is presented in this document. The presented metrics are also validated by couple of M.Tech. students projects that use object-oriented language in their projects. Metrics data provides quick feedback for software designers and managers. Analyzing and collecting the data can predict design quality. If appropriately used, it can lead to a significant reduction in costs of the overall implementation and improvements in quality of the final product.
Keywords: CK Metric, Measurement, ODMA4J Tool, Object-Orientation, Design, Empirical Analysis.
1.0 INTRODUCTION
The software industry lacks standard metric and measurement practices. Almost every software metric has multiple definitions and ambiguous counting rules. Object oriented design is becoming more popular in software development environment and object oriented design metrics is an essential part of software environment. This study focus on a set of object oriented metrics that can be used to measure the quality of an object oriented design. The metrics for object oriented design focus on measurements that are applied to the class and design characteristics. These measurements permit designers to access the software early in process, making changes that will reduce complexity and improve the continuing capability of the design. The goal of this work is to empirically explore the relationship between oriented design metrics and fault proneness of object-oriented system classes.
The study used data collected from Java applications is containing more than 200 classes. We used a good number of design metrics in our work. Result of this study shows that many metrics are based on comparable ideas and provide redundant information. It is shown that by using a subset of metrics in the prediction models can be built to identify the faulty classes. The proposed model predicts faulty classes with more than 80% accuracy.
2.0 PURPOSE OF SOFTWARE METRICS
For the purpose of quality software, it is a measure of some property of a piece of software or its specifications. Software metrics are measures of the attributes of the software products and processes. Software metrics are quantifiable measures that could be used to measure different characteristics of a software system or software development process. For effective project monitoring, the information coming from the development process to management process should be objective and quantitative data about the project. The need for quantitative data from the process requires that software metrics be used. Because the software has no physical attributes, conventional metrics are not much helpful in designing metrics for software. Number of metrics has been proposed to quantify things like size, complexity, and reliability of software product. Metrics provides the scale for quantifying the qualities, actual measurement must be performed on a given software system in order to reuse metrics for quantifying characteristics for a given software.
The metrics of coupling, cohesion, inheritance, and size are independent variables used in this study.
Our focus is on object oriented metrics that are used as independent variables in a prediction model that is usable at early stages of software development. [2]
3.1 Weighted Methods per class (WMC):
WMC is a sum of complexities of methods of a class. Consider a class C, with methods M1…. Mn that are
defined in the class. Let c1…cn be the complexity of the methods Then
WMC measures size as well as the logical structure of the software. The number of methods and the complexity of the involved methods are predictors of how much time and effort is required to develop and maintain the class. The larger the number of methods in a class, the greater the potential impact on inheriting classes. Consequently, more effort and time are needed for maintenance and testing. Furthermore, classes with large number of complex methods are likely to be more application specific, limiting the possibility of reuse. Thus WMC can also be used to estimate the usability and reusability of the class. If all methods complexities are considered to be unity, then WMC equals to Number if Methods (NMC) metric.
In Figure 1, class Book has two functions getdata and display which call methods Publication::getdata(), Sales::getdata(), Publication::display(), Sales::display().
5.0 Depth of Inheritance(DIT)
3.2 Depth of Inheritance (DIT)
The depth of a class within the inheritance hierarchy is maximum number of steps from the class node to the root of the tree and is measured by number of ancestor class. The deeper a class is in the hierarchy, the greater the number of methods it is likely to inherit, making it more complex to predict its behavior. Deeper trees constitute greater design complexity, since more methods and classes are involved. The deeper a particular class is in the hierarchy, the greater potential reuse of inherited methods. For languages that allow multiple inheritances, the longest path is usually taken. [4]
Fig 2: Depth of Inheritance
The Depth of Inheritance of this tree is 4.
3.3 Number of Children (NOC)
The NOC metric equals to number of immediate subclasses subordinated to a class in the class hierarchy. Greater the number of children, greater the reuse, since inheritance is a form of reuse. Greater the number of children, the greater the likelihood of improper abstraction of the parent class. If a class has a large number of children, it may be a case of misuse of sub classing .The number of children gives an idea of the potential influence a class has on the design. If a class has a large number of children, it may require more testing of the methods in that class.
Fig 3: Number of Children
In the preceding example the NOC for C3 is 3 i.e. C31, C32, C33.
3.4 Response for a class (RFC)
The response set of a class is defined as set of methods that can be potentially executed in response to a message received by an object of that class.
where Mi = set of all methods in a class (total n) and Ri = {Rij} = set of methods called by Mi.
3.5 Source lines of code (SLOC)
Source lines of code (SLOC) is a software metric used to measure the size of a software program by counting the number of lines in the text of the program's source code. SLOC is typically used to predict the amount of effort that will be required to develop a program, as well as to estimate programming productivity or effort once the software is produced.
4.0 EMPIRICAL DATA COLLECTION
Collected different major projects of students and we have calculated the above metrics. The development process used waterfall model. Documents were produced at each phase of software development. Faults were reported to the developers. A separate group of students having prior knowledge of system testing under the guidance of senior faculty were assigned the task of testing according to test plans. The design and source code of the java projects from B.Tech .& M.Tech. [5]
5.0 WHERE THE OO METRICS APPLIED?
If we are using metrics without OO concepts, then they involve only data flouring from process-to-process. But, if we build the metrics with interest OO concept, you will end up with an metric whose focus is centered around a set of classes and the patterns of interaction that direct how those classes work together[3].
The OO metrics is superior in crafting resilient architectures, even for the systems that might have a large database or computational element.
6.0 NEED FOR PREDICTABILITY
Predictability of a process determines how accurately the outcome of a following process in a project can be predicted before the project is completed. It is a fundamental property of any process .If process is not predictable, it is of limited use.
1. Optimality – Process should be able produce high quality software at low-cost. 2. Scalability – It should be applicable for large software projects.[2]
7.0 Design Overview
Fig 5:UseCase Diagram For OOD Metrics Analyzer for Java
Fig 7: Activity Diagram of ODMA4J
8.0 Case study: Based on Students Project
Dataset: Quantum Key Distribution Protocol (M.Tech Project )
Fig 8: Running ODMA4J tool.
Fig 8: XML File contains Metric values for different classes for the given input project
Table 1: Metric Values for QKDP
Metric values for QKDP
Metric Name Metric Value
QKDP
WMC 152 DIT 58 NOC 10 CBO 66 RFC 709 LCOM 495
Fig 9: Line graph For (QKDP)
METRIC FOR QKDP
152 58
10 66
709
495
0 100 200 300 400 500 600 700 800
WMC DIT NOC CBO RFC LCOM
METRIC NAMES
M
E
T
RI
C
RANG
E
Table 2: Description for QKDP
Metric Name
Description
WMC The Larger WMC of a this project, there is a chance that the classes are fault prone
DIT The Deeper Trees of this project makes higher design complexity NOC The Lesser NOC of this Project makes there is no reusability
LCOM The Lack of Cohesion of this project is higher so the lower similarities between the methods in the class
CBO The Coupling between object of this project is low, it is desired
RFC The RFC of this project is higher there is a probability that the classes are fault prone.
9.0 CONCLUSION
This ODMA4J Tool has used the data collected from java applications which contains more than 200 classes. We have generated the values of Object-Oriented metrics in our work is shown in Table 2. The results obtained from the use of this tool were accurate when verified with manual testing.
This study focus on a set of object-oriented metrics that can be used to measure the quality of an Object-Oriented Design. Object-Object-Oriented Metrics lead to a number of inherent benefits that provides advantages at both the management and technical level
10.0. REFERENCES
[1] Yuming Zhou, Hareton Leung, "Empirical Analysis of Object-Oriented Design Metrics for Predicting High and Low Severity Faults," IEEE Transactions on Software Engineering, Vol. 32, No. 10, pp. 771-789, Oct. 2006, doi:10.1109/TSE.2006.102.
[2] Hector M. Olague, Letha H. Etzkorn, Sampson Gholston, Stephen Quattlebaum, "Empirical Validation of Three Software Metrics Suites to Predict Fault-Proneness of Object-Oriented Classes Developed Using Highly Iterative or Agile Software Development Processes," IEEE Transactions on Software Engineering, vol. 33, no. 6, pp. 402-419, June 2007, doi:10.1109/TSE.2007.1015 [3] Steve Counsell, Stephen Swift, Jason Crampton “The interpretation and Utility of Three Cohesion Metrics for Object – Oriented
Design” (ACM Transactions on SE & Methodology, Vol. 15, No. 2, April 2006).
[4] Mohamed El-Wakil , Ali Fahmy “Object – Oriented Design Quality Models : A Survey and Comparison” (IEEE Transactions on SE). [5] Kirsopp, K., Shepperd, M. and Webster, S. “An Empirical Study into the use of Measurement to support Object – Oriented Design
Evaluation” (ESERG TR99-01).
[6] T.Gyimothy, R. Ference, and L. Siket, “Empirical Validation of Object-Oriented Metrics on Open Source Software for Fault Prediction”, IEEE Trans. Software Eng. Vol.31, No. 10, PP. 897-910, Oct, 2005”.
[7] R. Subramanyan and M.S. Krisnan, “Empirical Analysis of CK Metrics for Object-Oriented Design Complexity : Implications for Software Defects,” IEEE Trans. Software Eng., Vol. 29, No. 4, PP 297-310, Apr. 2003”.
[8] S.R. Chidamber and C.F. Kemerer, “A Metrics Suite for Object-Oriented Design”, IEEE Trans. Software Eng., Vol. 20, No. 6, PP. 476-493, June 1994
[9] L.C. Briand and J. Wust, “Empirical Studies of Quality Models in Object-Oriented Systems”, Advances in Computers, D.M. Zelkowitz, ed., PP. 97-166, Vol. 56, Academic, 2002.
[10] L. Rosenberg and L. Hyatt, “Software Quality Metrics for Object-Oriented System Environments”, NASA Technical Report SATCTR-95-1001, 1995.
[11] G. Denaro, M. Pezze, and S. Morasca,“Towards Industrially Relevant Fault-Proneness Models”, Int’l J. Software Eng. And Knowledge Eng., Vol. 13, No. 4, PP. 395-417, 2003.
