Return to Technical Report System

USC-CSE-2006-615 (pdf)

A Framework for the Assessment and Selection on Software Compononents and Connectors in COTS-based Architectures

Jesal Bhuta, Chris A. Mattmann, Nenad Medvidovic, Barry Boehm

Abstract: Software systems today are composed from prefabricated commercial components and connectors that provide complex functionality and engage in complex interactions. Unfortunately, because of the distinct assumptions made by developers of these products, successfully integrating them into a software system can be complicated, often causing budget and schedule overruns. A number of integration risks can often be resolved by selecting the .right. set of COTS components and connectors that can be integrated with minimal effort. In this paper we describe a framework for selecting COTS software components and connectors ensuring their interoperability in software-intensive systems. Our framework is built upon standard definitions of both COTS components and connectors and is intended for use by architects and developers during the design phase of a software system. We highlight the utility of our framework using a challenging example from the data-intensive systems domain. Our preliminary experience in using the framework indicates an increase in interoperability assessment productivity by 50% and accuracy by 20%.

Source: Sixth Working IEEE/IFIP Conference on Software Architecture, Mumbai, India.

Added 09/19/2006

---

USC-CSE-2006-614 (pdf)

System-of-Systems Cost Estimation: Analysis of Lead System Integrator Engineering Activities

Jo Ann Lane and Dr. Barry Boehm

Abstract: As organizations strive to expand system capabilities through the development of system-of-systems (SoS) architectures, they want to know "how much effort" and "how long" to implement the SoS. In order to answer these questions, it is important to first understand the types of activities performed in SoS architecture development and integration and how these vary across different SoS implementations. This paper provides results of research conducted to determine types of SoS Lead System Integrator (LSI) activities and how these differ from the more traditional system engineering activities described in Electronic Industries Alliance (EIA) 632 (“Processes for Engineering a System”). This research further analyzed effort and schedule issues on “very large” SoS programs to more clearly identify and profile the types of activities performed by the typical LSI and to determine organizational characteristics that significantly impact overall success and productivity of the LSI effort. The results of this effort have been captured in a reduced-parameter version of the Constructive SoS Integration Cost Model (COSOSIMO) that estimates LSI SoS Engineering (SoSE) effort.Keywords: System of Systems, System of Systems Engineering, Lead System Integrator, Cost Model.

Source: Inter-Symposium 2006, The International Institute for Advanced Studies in Systems Research and Cybernetics

Added 09/19/2006

---

USC-CSE-2006-613 (pdf)

21st Century Processes for Acquiring 21st Century Software-Intensive Systems of Systems

Dr. Barry Boehm and Jo Ann Lane

Abstract: Our experiences in helping to define, acquire, develop, and assess 21st century software-intensive system of systems (SISOS ) have taught us that traditional 20th century acquisition and development processes do not work well on such systems. This article summarizes the characteristics of such systems, and indicates the major problem areas in using traditional processes on them. We also present new processes that we and others have been developing, applying, and evolving to address 21st century SISOS. These include extensions to the risk-driven spiral model to cover broad (many systems), deep (many supplier levels), and long (many increments) acquisitions needing rapid fielding, high assurance, adaptability to high change traffic, and complex interactions with evolving Commercial Off-the-Shelf (COTS) products, legacy systems, and external systems.

Published in CrossTalk, May 2006

Added 09/19/2006

---

---

---

USC-CSE-2006-610 (pdf)

Synthesizing SoS Concepts for Use in Cost Estimation

Authors: Jo Ann Lane and Ricardo Valerdi

Abstract - Today’s need for more complex, capable systems in a short timeframe is leading many organizations towards the integration of existing systems into network-centric, knowledge-based system-of-systems (SoS). Software and system cost model tools to date have focused on the software and system development activities of a single system. When viewing the new SoS architectures, one finds that the effort associated with the design and integration of these SoSs is not handled well, if at all, in current cost models. This paper includes (1) a comparison of various SoS definitions and concepts with respect to cost models, (2) a classification of these definitions in terms of product, process, and personnel focus, and (3) the definition of a set of discriminators for defining model boundaries and potential drivers for an SoS cost estimation model. Eleven SoS definitions are synthesized to provide reasonable coverage for different properties of SoS and illustrated in two examples.

Keyworkds: System of Systems definitions, cost estimation, cost modeling, FCS, GEOSS

Source: Proceedings of IEEE 2005 International Conference on Systems, Man, and Cybernetics

Added: 09/19/2006

---

 

USC-CSE-2006-609 (pdf)

 

Measuring Security Investment Benefit for COTS Based Systems - A Stakeholder Value Driven Approach

Yue Chen, Barry Boehm, Luke Sheppard

This paper presents the improved version of the Threat Modeling method based on Attacking Path Analysis (T-MAP) which quantifies security threats by calculating the total severity weights of relevant attacking paths for Commercial Off The Shelf (COTS) based systems.

* Manuscript submitted for exclusive review by the 29 th International Conference on Software Engineering, September 8, 2006.

© All rights are reserved by co-authors.

Added: September 9th, 2006

---

USC-CSE-2006-608 (pdf)

 

A Framework for Intelligent Assessment and Resolution of Commercial Off-The-Shelf (COTS) Product Incompatibilities

Jesal Bhuta

Added: May 11, 2006, Updated June 16, 2006

 

---

 

USC-CSE-2006-607 (pdf)

 

Value Driven Security Threat Modeling Based on Attacking Path Analysis*

Yue Chen, Barry Boehm, Luke Sheppard

Security threat modeling has been an important but difficult topic. This paper presents a novel quantitative threat modeling method, the Threat Modeling method based on Attacking Path Analysis (T-MAP), which quantifies security threats by calculating the total severity weights of relevant attacking paths for Commercial Off The Shelf (COTS) systems. Compared to existing approaches, T-MAP is sensitive to an organization's business value priorities and IT environment. It distills the technical details of thousands of software vulnerabilities into management-friendly numbers at a high-level. T-MAP can help system designers evaluate the security performance of COTS systems and analyze the effectiveness of security practices. In the case study, we demonstrate the steps of using T-MAP to analyze the cost-effectiveness of how IT system patching and upgrades can improve security. In addition, we introduce a software tool that automates the T-MAP framework.

. All rights are reserved (c) by co-authors.

*Accepted at the 40th Hawaii International Conference on System Sciences, June 15, 2006 .

Added: May 11, 2006, Updated June 16, 2006

---

 

USC-CSE-2006-606 (pdf)

 

COSOSIMO Parameter Definitions

Jo Ann Lane

The Constructive System-of-Systems (SoS) Integration Cost Model (COSOSIMO) is designed to estimate the effort associated with the Lead System Integrator (LSI) activities to define the SoS architecture, identify sources to either supply or develop the required SoS component systems, and eventually integrate and test these high level component systems. This technical report is an update to the COSOSIMO parameter definitions dated March 2006 and describes the parameters for each of the COSOSIMO sub-models. The parameters include a set of size drivers that are used to calculate a nominal effort for the sets of activities associated with the sub-model and a set of cost drivers that are used to adjust the nominal effort based on related SoS architecture, process, and personnel characteristics..

. All rights are reserved (c) by the authors.

Added: May 11, 2006, Updated June 16, 2006

 

  USC-CSE-2006-605 (pdf)

Towards An Approach for Security Risk Analysis in COTS Based Development

Dan Wu, Ye Yang

Abstract:

More and more companies tend to use secure products as COTS to develop their secure systems due to resource limitations. The security concerns add more complexity as well as potential risks to COTS selection process, and it is always a great challenge for developers to make the selection decisions. In this paper, we provide a method for security risk analysis in COTS based de-velopment (CBD) based on Common Criteria and our previous work in identi-fying general risk items for CBD. The research result provides useful insights for developers in identifying security risks, so that it can be used to aid for the COTS selection decision.

Proceedings of Software Process Workshop/Workshop on Software Process Simulation 2006

(SPW/ProSim 2006)

Shanghai, China, 05/2006

added: May 10, 2006

---

  USC-CSE-2006-604 (pdf)

An Energy Consumption Framework for Distributed Java-Based Software Systems

Chiyoung Seo, Sam Malek, Nenad Medvidovic

Abstract:

In this paper we define and evaluate a framework for estimating the energy consumption of Java-based software systems. Our primary objective in devising the framework is to enable an engineer to make informed decisions when adapting a system's architecture, such that the energy consumption on hardware devices with a finite battery life is reduced, and the lifetime of the system's key software services increases. Our framework explicitly takes a component-based perspective, which renders it well suited for a large class of today's distributed, dynamic, and mobile applications. The framework allows the engineer to estimate the software system's energy consumption at construction time and refine it at runtime. In a large number of distributed application scenarios, the framework showed very good precision on the whole, giving results that were within 5% (and often less) of the actually measured power losses incurred by executing the software. While our empirical evidence suggests that the framework is broadly applicable as-is, our work to date has highlighted a number of future enhancements..

added: May 10, 2006

---

 

Some Future Trends And Implications for Systems And Software Engineering Processes

Barry Boehm

Abstract: In response to the increasing criticality of software within systems and the increasing demands being put onto 21st century systems, systems and software engineering processes will evolve significantly over the next two decades. This paper identifies eight relatively surprise-free trends - the increasing interaction of software engineering and systems engineering; increased emphasis on users and end value; increased emphasis on systems and software dependability; increasingly rapid change; increasing global connectivity and need for systems to interoperate; increasingly complex systems of systems; increasing needs for COTS, reuse, and legacy systems and software integration; and computational plenty. It also identifies two wild card trends: increasing software autonomy and combinations of biology and computing. It then discusses the likely influences of these trends on systems and software engineering processes between now and 2025, and presents an emerging scalable spiral process model for coping with the resulting challenges and opportunities of developing 21st century software-intensive systems and systems of systems.

Systems Engineering
Volume 9, Issue 1, 2006. Pages 1-19
Copyright © 2006 Wiley Periodicals, Inc.

added: May 08, 2006

---

 

Cost Estimation for Secure Software & Systems

Ed Colbert, Dan Wu, Yue Chen, Dr. Barry Boehm

Overview: The Center for Software Engineering (CSE) at the University of Southern California
(USC) is extending the widely–used Constructive Cost Model version 2 (COCOMO II)
[Boehm, Abts, et al. 2000] to account for developing secure software. CSE is also
developing a model for estimating the cost to acquire secure systems, and is evaluating
the effect of security goals on other models in the COCOMO family. We will present the work to date.

Accepted at ISPA 2006

All right reserved (c) by authors.

added: Jan 16, 2006