Software Engineering Institute

The core book in SEI's influential architecture curriculum, this book introduces software architecture both for practicing software engineers and for students pursuing careers in software design or management. It combines the authority of SEI's pioneering curriculum with the proven pedagogical effectiveness of a book that's been used for many years in countless training and college courses. The authors provide a comprehensive overview of the field of software architecture in a single, easy-to-digest package. This book will help readers understand: * Why software architecture is critical to development projects and the organization as a whole * Which technical and organizational factors influence architecture, and are in turn influenced by it * How architecture drives quality attributes such as performance and reliability * How to master and choose among today's best architectural tactics

raditionally, the modeling of information systems has focused on analyzing data flows and transformations. This modeling accounted only for the organization's data and that portion of its processes that interacted with data. Newer uses of information technology extend computer use beyond transaction processing into communication and coordination. Successfully integrating these systems into the enterprise often requires modeling even the manual organizational processes into which these systems intervene. The following are three such applications:

The capability maturity model (CMM), developed to present sets of recommended practices in a number of key process areas that have been shown to enhance software-development and maintenance capability, is discussed. The CMM was designed to help developers select process-improvement strategies by determining their current process maturity and identifying the issues most critical to improving their software quality and process. The initial release of the CMM, version 1.0, was reviewed and used by the software community during 1991 and 1992. A workshop on CMM 1.0, held in April 1992, was attended by about 200 software professionals. The current version of the CMM is the result of the feedback from that workshop and ongoing feedback from the software community. The technical report that describes version 1.1. is summarised.< <ETX xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">&gt;</ETX>

A method for anomaly detection is introduced in which "normal" is defined by short-range correlations in a process' system calls. Initial experiments suggest that the definition is stable during normal behaviour for standard UNIX programs. Further; it is able to detect several common intrusions involving sendmail and 1pr. This work is part of a research program aimed at building computer security systems that incorporate the mechanisms and algorithms used by natural immune systems.

The metaphor of technical debt in software development was introduced two decades ago to explain to nontechnical stakeholders the need for what we call now "refactoring." As the term is being used to describe a wide range of phenomena, this paper proposes an organization of the technical debt landscape, and introduces the papers on technical debt contained in the issue.

A description is given of a software-process maturity framework that has been developed to provide the US Department of Defense with a means to characterize the capabilities of software-development organizations. This software-development process-maturity model reasonably represents the actual ways in which software-development organizations improve. It provides a framework for assessing these organizations and identifying the priority areas for immediate improvement. It also helps identify those places where advanced technology can be most valuable in improving the software-development process. The framework can be used by any software organization to assess its own capabilities and identify the most important areas for improvement.< <ETX xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">&gt;</ETX>

Designing a large software system is an extremely complicated undertaking that requires juggling differing perspectives and differing goals, and evaluating differing options. Applied Software Architecture is the best book yet that gives guidance as to how to sort out and organize the conflicting pressures and produce a successful -- Len Bass, author of Software Architecture in Practice. Quality software architecture design has always been important, but in today's fast-paced, rapidly changing, and complex development environment, it is essential. A solid, well-thought-out design helps to manage complexity, to resolve trade-offs among conflicting requirements, and, in general, to bring quality software to market in a more timely fashion. Applied Software Architecture provides practical guidelines and techniques for producing quality software designs. It gives an overview of software architecture basics and a detailed guide to architecture design tasks, focusing on four fundamental views of architecture--conceptual, module, execution, and code. Through four real-life case studies, this book reveals the insights and best practices of the most skilled software architects in designing software architecture. These case studies, written with the masters who created them, demonstrate how the book's concepts and techniques are embodied in state-of-the-art architecture design. You will learn how to: * create designs flexible enough to incorporate tomorrow's technology; * use architecture as the basis for meeting performance, modifiability, reliability, and safety requirements; * determine priorities among conflicting requirements and arrive at a successful solution; and * use software architecture to help integrate system components. Anyone involved in software architecture will find this book a valuable compendium of best practices and an insightful look at the critical role of architecture in software development.

This paper introduces new analytical techniques for performing vulnerability analysis of state estimation when it is subject to a hidden false data injection cyber-attack on a power grid's SCADA system. Specifically, we consider ac state estimation and describe how the physical properties of the system can be used as an advantage in protecting the power system from such an attack. We present an algorithm based on graph theory which allows determining how many and which measurement signals an attacker will attack in order to minimize his efforts in keeping the attack hidden from bad data detection. This provides guidance on which measurements are vulnerable and need increased protection. Hence, this paper provides insights into the vulnerabilities but also the inherent strengths provided by ac state estimation and network topology features such as buses without power injections.

This paper presents the Architecture Tradeoff Analysis Method (ATAM), a structured technique for understanding the tradeoffs inherent in the architectures of software-intensive systems. This method was developed to provide a principled way to evaluate a software architecture's fitness with respect to multiple competing quality attributes: modifiability, security, performance, availability, and so forth. These attributes interact-improving one often comes at the price of worsening one or more of the others-as is shown in the paper, and the method helps us to reason about architectural decisions that affect quality attribute interactions. The ATAM is a spiral model of design: one of postulating candidate architectures followed by analysis and risk mitigation, leading to refined architectures.

The feature-oriented reuse method analyzes and models a product line's commonalities and differences in terms of product features and uses the analysis results to develop architectures and components. The article illustrates, with a home integration system example, how FORM brings efficiency into product line development.

Despite advances in clarifying high level design needs, analyzing a system's ability to meet desired quality criteria is still difficult. The authors propose using scenarios to make analysis more straightforward. In their case study report, they analyze lessons learned with this approach. They developed the Software Architecture Analysis Method, an approach that uses scenarios to gain information about a system's ability to meet desired quality attributes. Scenarios are brief narratives of expected or anticipated system uses from both user and developer views and they provide a look at how the system satisfies quality attributes in various use contexts.

: While software architecture has become an increasingly important research topic in recent years, insufficient attention has been paid to methods for evaluation of these architectures. Evaluating architectures is difficult for two main reasons. First, there is no common language used to describe different architectures. Second, there is no clear way of understanding an architecture with respect to an organization&amp;apos;s life cycle concerns---software quality concerns such as maintainability, portability, modularity, reusability, and so forth. This paper addresses these shortcomings by describing three perspectives by which we can understand the description of a software architecture and then proposing a five-step method for analyzing software architectures called SAAM (Software Architecture Analysis Method) . We illustrate the method by analyzing three separate user interface architectures with respect to the quality of modifiability. Keywords Software Architecture; Analysis Methods; User...

Most real-time computer-controlled systems are built in two separate steps, each in isolation: controller design and its digital implementation. Computational tasks that realize the control algorithms are usually scheduled by treating their execution times and periods as unchangeable parameters. Task scheduling therefore depends only on the limited computing resources available. On the other hand, controller design is primarily based on the continuous-time dynamics of the physical system being controlled. The set of tasks resulting from this controller design may not be schedulable with the limited computing resources available. Even if the given set of tasks is schedulable, the overall control performance may not be optimal in the sense that they do not make a full use of the computing resource. We propose an integrated approach to controller design and task scheduling. Specifically, task frequencies (or periods) are allowed to vary within a certain range as long as such a change does not affect critical control functions such as maintenance of system stability. We present an algorithm that optimizes task frequencies and then schedules the resulting tasks with the limited computing resources available. The proposed approach is also applicable to failure recovery and reconfiguration in real-time control systems.

h e A bout the time Fred Brooks was warning us there was not likely to be a single, "silver bullet" solution to the essential difficulties of developing software [3], Watts Humphrey and others at the Software Engineering Institute (SEI) were busy putting together the set of ideas that was to become the Capability Maturity Model (CMM) for Software. 1 The CMM adopted the opposite of the quick-fix silver bullet philosophy. It was intended to be a coherent, ordered set of incremental improvements, all having experienced success in the field, packaged into a roadmap that showed how effective practices could be built on one another in a logical progression (see "The Capability Maturity Model for Software" sidebar). Far from a quick fix, it was 1 CMM and Capability Maturity Model are service marks of

This empirical research demonstrates the effectiveness of content analysis to map the research literature of the software engineering discipline. The results suggest that certain research themes in software engineering have remained constant, but with changing thrusts. Other themes have arisen, matured, and then faded as major research topics, while still others seem transient or immature. Co-word analysis is the specific technique used. This methodology identifies associations among publication descriptors (indexing terms) from the ACM Computing Classification System and produces networks of descriptors that reveal these underlying patterns. This methodology is applicable to other domains with a supporting corpus of textual data. While this study utilizes index terms from a fixed taxonomy, that restriction is not inherent; the descriptors can be generated from the corpus. Hence, co-word analysis and the supporting software tools employed here can provide unique insights into any discipline's evolution.

In 1987 and 1990, the Software Engineering Institute conducted process assessments of the Software Engineering Division (SED) of Hughes Aircraft in Fullerton, CA. The first assessment found the SED to be a level two organization, based on the SEI's process-maturity scale of one to five, where one is worst and five is best. The first assessment identified the strengths and weaknesses of the SED, and the SEI made recommendations for process improvement. Hughes then established and implemented an action plan in accordance with these recommendations. The second assessment found the SEP to be a strong level three organization. The authors outline the assessment method used, the findings and recommendations from the initial assessment, the actions taken by Hughes, the lessons learned, and the business and product consequences.< <ETX xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">&gt;</ETX>

In 1995, Boehm predicted that by 2005, there would be "55 million performers" of "end user programming" in the United States. The original context and method which generated this number had two weaknesses, both of which we address. First, it relies on undocumented, judgment-based factors to estimate the number of end user programmers based on the total number of end users; we address this weakness by identifying specific end user sub-populations and then estimating their sizes. Second, Boehm's estimate relies on additional undocumented, judgment-based factors to adjust for rising computer usage rates; we address this weakness by integrating fresh Bureau of Labor Statistics (BLS) data and projections as well as a richer estimation method. With these improvements to Boehm's method, we estimate that in 2012 there will be 90 million end users in American workplaces. Of these, we anticipate that over 55 million will use spreadsheets or databases (and therefore may potentially program), while over 13 million will describe themselves as programmers, compared to BLS projections of fewer than 3 million professional programmers. We have validated our improved method by generating estimates for 2001 and 2003, then verifying that our estimates are consistent with existing estimates from other sources.

Rate monotonic scheduling theory puts real-time software engineering on a sound analytical footing. The authors review the theory and its implications for Ada.< <ETX xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">&gt;</ETX>

As organizations adopt component-based software engineering, it becomes essential to clearly define its characteristics, advantages and organizational implications. This report presents key discussion points from a workshop on CBSE and provides a useful synthesis of participants' diverse perspectives and experiences.

Requirements engineering, a vital component in successful project development, often neglects sufficient attention to security concerns. Further, industry lacks a useful model for incorporating security requirements into project development. Studies show that upfront attention to security saves the economy billions of dollars. Industry is thus in need of a model to examine security and quality requirements in the development stages of the production lifecycle.In this paper, we examine a methodology for both eliciting and prioritizing security requirements on a development project within an organization. We present a model developed by the Software Engineering Institute's Networked Systems Survivability (NSS) Program, and then examine two case studies where the model was applied to a client system. The NSS Program continues to develop this useful model, which has proven effective in helping an organization understand its security posture.