Abstract: In component-based software engineering, the response time of an entire application is often predicted from the execution durations of individual component services. However, these execution durations are specific for an execution platform (i.e. its resources such as CPU) and for a usage profile. Reusing an existing component on different execution platforms up to now required repeated measurements of the concerned components for each relevant combination of execution platform and usage profile, leading to high effort. This paper presents a novel integrated approach that overcomes these limitations by reconstructing behaviour models with platform-independent resource demands of bytecode components. The reconstructed models are parameterised over input parameter values. Using platform-specific results of bytecode benchmarking, our approach is able to translate the platform-independent resource demands into predictions for execution durations on a certain platform. We validate our approach by predicting the performance of a file sharing application.

Abstract: Java-based systems have evolved from stand-alone applications to multi-component to Service Oriented Programming (SOP) platforms. Each step of this evolution makes a set of Java vulnerabilities directly exploitable by malicious code: access to classes in multi-component platforms, and access to object in SOP, is granted to them with often no control. This paper defines two taxonomies that characterize vulnerabilities in Java components: the vulnerability categories, and the goals of the attacks that are based on these vulnerabilities. The `vulnerability category' taxonomy is based on three application types: stand-alone, class sharing, and SOP. Entries express the absence of proper security features at places they are required to build secure component-based systems. The `goal' taxonomy is based on the distinction between undue access, which encompasses the traditional integrity and confidentiality security properties, and denial-of-service. It provides a matching between the vulnerability categories and their consequences. The exploitability of each vulnerability is validated through the development of a pair of malicious and vulnerable components. Experiments are conducted in the context of the OSGi Platform. Based on the vulnerability taxonomies, recommendations for writing hardened component code are issued.

Abstract: The idea of synthesizing state-based models from scenario-based interaction specifications has received much attention in recent years. The synthesis approach not only helps to significantly reduce the effort of system construction, but it also provides a bridge over the gap between requirements and implementation of systems. However, the existing synthesis techniques only focus on generating (global or local) state machines from scenario-based specifications, while the coordination among the behavior alternatives of services/components in the systems is not considered. In this paper we propose a novel synthesis technique, which can be used to generate constraint automata specification for connectors from scenario specifications. Inspired by the way UML2.0 sequence diagrams can be algebraically composed, we define an algebraic framework for building constraint automata by exploiting the algebraic structure of UML sequence diagrams.

Abstract: Today model checking of security or safety properties of component-based systems based on finite protocols has the flaw that either parallel or sequential systems can be checked. Parallel systems can be described often by well known Petri nets, but it is not possible to model recursive behaviour. On the other hand sequential systems based on pushdown automata can capture recursion and recursive callbacks [27], but they do not provide parallel behaviour in general. In this work we show how this gap can be filled if process rewrite systems (introduced by Mayr [16]) are used to capture the behaviour of components. The protocols of the components interfaces specified as finite state machines can be combined to a system equal to a process rewrite system. By calculating the reachability of the fault state range one gets a trace (counterexample) which does not satisfy the properties specified by all protocols of the combined components, if any error exists.

Abstract: Sense-and-react applications are characterised by the fact that actuators are able to react to data collected by sensors and change the monitored environment. With the introduction of nodes sporting actuators, Wireless Sensor Networks (WSNs) are being used for realising such applications. Sensor and actuator nodes are capable of interact locally. As a result, the logic that coordinates the activities of the different nodes towards a common goals has to be embedded in the network itself. In this scenario, the development of applications becomes more complex. In this paper, we present a component-based framework that facilitates the development of sense-and-react applications promoting reuse of code. While applications components are used to implement basic functionalities (sense and reaction) our framework allows the specification of application-domain requirements. Our framework is composed of a Publish/Subscribe Broker, a component-based service layer and a Policy Manager. The broker manages subscriptions information and the service layer provides mechanisms orthogonal to publish/subscribe core (e.g., diffusion protocols, data communication protocols, data encryption, etc.). The novelty of our approach is the introduction of the Policy Manager where policies are enforced. Policies are rules that govern the choices and behaviour of the system. They can be used for specifying which services have to be associated with the broker operations. Moreover, policies can embed rules for coordinating the activities of the different sensors and actuators for reaching the common goals of applications.

Abstract: The OSGiTMService Platform is becoming the de facto standard for modularized Java applications The market of OSGi based COTS components is continuously growing OSGi specific problems make it harder to validate such components The absence of separate object spaces to isolate components may lead to inconsistencies when they are stopped The platform cannot ensure that objects from a stopped component will no longer be referenced by active code (a problem referred by OSGi specification as stale references) leading to memory retention and inconsistencies (eg, utilization of invalid cached data) that can introduce faults in the system This paper classifies different patterns of stale references detailing them and presents techniques based on Aspect Oriented Programming for runtime detection of such problems We also present a fail-stop mechanism on services to avoid propagation of incorrect results These techniques have proven to be effective in a tool implementation that validated our study

Abstract: Model-based performance prediction methods aim at evaluating the expected response time, throughput, and resource utilisation of a software system at design time, before implementation Existing performance prediction methods use monolithic, throw-away prediction models or component-based, reusable prediction models While it is intuitively clear that the development of reusable models requires more effort, the actual higher amount of effort has not been quantified or analysed systematically yet To study the effort, we conducted a controlled experiment with 19 computer science students who predicted the performance of two example systems applying an established, monolithic method (Software Performance Engineering) as well as our own component-based method (Palladio) The results show that the effort of model creation with Palladio is approximately 125 times higher than with SPE in our experimental setting, with the resulting models having comparable prediction accuracy Therefore, in some cases, the creation of reusable prediction models can already be justified, if they are reused at least once

Abstract: Many organizations use opportunistic reuse as a low-cost mechanism to improve the efficiency of development. Scrapheap reuse is a particular form of opportunistic development that we explore in this paper with the aid of an experimental study.

Abstract: This paper proposes a technology for the development of distributed real-time component-based applications, which takes advantage of the features that Ada offers for the development of applications with predictable temporal behaviour, and which can be executed in embedded platforms with limited resources. The technology uses the Deployment and Configuration of Compo nent-based Distributed Applications Specification of the OMG for describing the components, the execution platforms and the applications. The framework defined in the Lightweight CCM standard of the OMG is taken as the basis of the internal architecture of the components and the applications. It has been extended with a number of features to make the temporal behaviour of the appli cations predictable. Among these extensions, the usage of CORBA has been replaced by special distributed components, called connectors, which implement the interaction between components by means of predictable and customizable communication services. Besides, special mechanisms have been introduced in the environment to make the threading characteristics of the components config urable. The technology fixes the responsibilities and the knowledge required by each actor involved in the component-based development process, and for each of them it defines the input and output artifacts that they have to manage.

Abstract: Automata-based interface and protocol specifications provide an elegant framework to capture and automatically verify the interactive behavior of component-based software systems. Unfortunately, the underlying formalisms suffer from combinatorial state explosionwhen constructing new specifications for composite components or systems and may therefore render the application of these techniques impractical for real-world applications. In this paper, we explore the bisimulationtechnique as a means for a mechanical state space reduction of component-based systems. In particular, we apply both strong and weak bisimulation to Component Interaction Automatain order to obtain a minimal automatathat can serve as a behavioral equivalent abstraction for a given component specification and illustrate that the proposed approach can significantly reduce the complexity of an interface specification after composition.

Abstract: Component-based software engineering proposes building complex applications from COTS (Commercial Off-The-Shelf) organized into component markets. Therefore, the main development effort is required in selection of the components that fit the specific needs of an application. In this article, we propose a mechanism allowing the automatic selection of a component among a set of candidate COTS, according to functional and non-functional properties. This mechanism has been validated on an example using the ComponentSourcecomponent market.

Abstract: Performance is a critical attribute of software systems and depends heavily on the software architecture. Though the impact of the component and connector architecture on performance is well appreciated and modeled, the impact of component deployment has not been studied much. For a given component and connector architecture, the system performance is also affected by how components are deployed onto hardware resources. In this work we first formulate this problem of finding the deployment that maximizes performance, and then present a heuristic-based solution approach for it. Our approach incorporates the software architecture, component resource requirements, and the hardware specifications of the system. We break the problem into two sub-problems and formulate heuristics for suggesting the best deployment in terms of performance. Our evaluation indicates that the proposed heuristic performs very well and outputs a deployment that is the best or close to the best, in more than 96% cases.

Abstract: Workflow systems provide support for combining components to achieve a particular outcome. Various approaches from software engineering have been utilized within such systems, such as the use of design patterns to support composition, and the use of a software engineering lifecycle to support workflow construction and execution. As components used within a workflow may be implemented by third parties, it is often necessary to be able to determine the impact a particular component composition will have on the overall execution of a workflow. A method for predicting the execution time of a given workflow is proposed. First, the method obtains a model from a given workflow in an automated way. The model obtained is a Reference net --- a specific type of Petri net. Features of Reference nets can subsequently be exploited, such as the possibility of building hierarchical workflow models which can facilitate the modelling process. The Reference nets are extended so that each task in the model is parameterised with a time value, representing the execution time of the task. We propose several timing profiles: those obtained from real measurement of the workflow system, from stochastic and constant values which allow us to test the model behaviour under specific situations.

Abstract: Many component models and frameworks have been created since the advent of component-based software engineering. While they all claim to follow fundamental component principles, the black-box nature in particular, a deeper look reveals surprising problems mainly in the component models built into the mainstream frameworks. In this paper we elaborate on these fundamental principles, analyse a selection of industrial and research component models in light of them, and propose a component model named CoSi. Its aim is to address the problems uncovered by the analysis while keeping the good aspects of current state state of the art models. It supports OSGi-style lightweight components with a rich set of features, and puts a strong emphasis on facilitating component comprehension and application consistency.

Abstract: Model-driven and component-based software development seems to be a promising approach to handling the complexity and at the same time increasing the quality of software systems. Although the idea of assembling systems from pre-fabricated components is appealing, quality becomes a major issue, especially for embedded systems. Quality defects in one component might not affect the quality of the component but that of others. This paper presents an integrated, formal verification approach to ensure the correct behavior of embedded software components, as well as a case study that demonstrates its practical applicability. The approach is based on the formalism of abstract components and their refinements, with its focus being on interaction behavior among components. The approach enables the identification of unanticipated design errors that are difficult to find and costly to correct using traditional verification methods such as testing and simulation.

Abstract: Access control is a means to achieve information security. When we build large-scale systems based on commercial component middleware platforms, such as those compliant to J2EE, a usual way to enforce access control is to define Access Control Configurations (ACCs) for components in a declarative manner. These ACCs can be enforced by the J2EE security service to grant or deny access requests to components. However, it is difficult for the developers to define correct ACCs according to complex and sometimes ambiguous real-world access control requirements. Faults of ACCs in large-scale J2EE applications may inevitably occur due to various reasons, for example ad hoc mistakes of the developers. This paper identifies three kinds of faults specific to ACCs of J2EE applications as incompleteness, inconsistency, and redundancy, presents validation algorithms for identifying these faults according to access control requirements, illustrates these faults and the validation algorithms with an online bank application.

Abstract: Systems are increasingly expected to adapt themselves to changing requirements and environmental situations with minimum user interactions. A challenge for self-adaptation is the increasing heterogeneity of applications and services, integrating multiple systems implemented in different platform and language technologies. In order to cope with this heterogeneity, self-adaptive systems need to support the integration of various technologies, allowing the target adaptive system to be built from subsystems realized with different implementation technologies. In this paper, we argue that state-of-the adaptation frameworks do not lend themselves to ease technology integration and exploitation of advanced features and opportunities offered by different implementation technologies. We present the QuA adaptation framework and its support for technology integration and exploitation. Unlike other adaptation frameworks the adaptation framework of QuA is able to exploit a wide range of adaptation mechanisms and technologies, without modification to the adaptation framework itself. As a demonstration of this property of QuA , we describe the integration of an advanced component model technology, the Fractal component model, with the QuA framework. Our experience from this exercise shows that the QuA adaptation framework indeed allows integration of advanced implementation technologies with moderate effort.

Abstract: Current software component models insufficiently reflect the different stages of component life-cycle, which involves design, implementation, deployment, and runtime. Therefore, reasoning techniques for component-based models (e.g., protocol checking, QoS predictions, etc.) are often limited to a particular life-cycle stage. We propose modelling software components in different design stages, after implemenatation, and during deployment. Abstract models for newly designed components can be combined with refined models for already implemented components. As a proof-of-concept, we have implemented the new modelling techniques as part of our Palladio Component Model (PCM).

Abstract: Many real component-based systems, so called Control-User systems, are composed of a stable part (control component) and a number of dynamic components of the same type (user components). Models of these systems are parametrised by the number of user components and thus potentially infinite. Model checking techniques can be used to verify only specific instances of the systems. This paper presents an algorithmic technique for verification of safety interaction properties of Control-User systems. The core of our verification method is a computation of a cutoff. If the system is proved to be correct for every number of user components lower than the cutoff then it is correct for any number of users. We present an on-the-fly model checking algorithm which integrates computation of a cutoff with the verification itself. Symmetry reduction can be applied during the verification to tackle the state explosion of the model. Applying the algorithm we verify models of several previously published component-based systems.

Abstract: Component based development of software systems needs to devise effective test management strategies in order fully achieve its perceived advantages of cost efficiency, flexibility, and quality in industrial contexts. In industrial systems with quality demands, while testing software, measures are employed to evaluate the thoroughness achieved by execution of a certain set of test cases. Typically, these measures are expressed in the form of coverageof different structural test criteria, e.g., statement coverage. However, such measures are traditionally applicable only on the lowest level of software integration (i.e., the component level). As components are assembled into subsystems and further into full systems, general measures of test thoroughness are no longer available. In this context, we formalize the added test effort and show to what extent the coverage of structural test criteria are maintained when components are integrated, in three representative component models. This enables focusing on testing the right aspects of the software at the right level of integration, and achieves cost reduction during testing -- one of the most resource-consuming activities in software engineering.

Abstract: The identification of business components, which together define a modularsystems architecture, is a key task in todays component-based development approaches for the business domain. This paper describes the Business Component Identification (BCI) method which supports a systematic partitioning of a problem domain into business components. The method allows the designer to state preferences for the partitioning process and uses them as the basis to produce an optimized balance between the business components' granularity on the one hand and their context dependencies on the other hand. It makes use of business domain models specified during the definition of system requirements and can be integrated into the early design phase of a component-based development process. The paper also shows how the produced partitioning can easily be refined into an architecture specification and thus can be used as a starting point for the technical design of a software system and/or its business components.

Abstract: In this paper we focus on design of a class of distributed embedded systems that primarily perform real-time controlling tasks. We propose a two-layer component model for design and development of such embedded systems with the aim of using component-based development for decreasing the complexity in design and providing a ground for analyzing them and predict their properties, such as resource consumption and timing behavior. The two-layer model is used to efficiently cope with different design paradigms on different abstraction levels. The model is illustrated by an example from the vehicular domain.