Model transformation, in a simple definition, is a program that accepts a model as input and generates another model as output. Model transformations are the cornerstone of model-driven engineering (MDE), hence testing them and ensuring the correctness of their implementation is a critical task. A challenging aspect of testing model transformations is to generate test models that both conform to their meta-model and satisfy the defined constraints. There exist several solutions for generating test models. Epsilon Model Generation (EMG) is a language for generating appropriate test models. EMG uses random operations for producing test models, hence it is possible that some tests have the same structure and the same value, i.e., they are redundant. In this paper, we propose an approach for generating appropriate test models, i.e., test models which are valuable from the tester’s point of view. In this approach, the tester specifies the number of model elements that should be generated in the test model, as well as how they are linked. Our approach is based on the idea of enriching the EMG language with equivalence partitioning technique. The idea of partitioning is that testing a member in an equivalence class is as good as testing the whole class. We have evaluated the proposed method via a case study. The results show the superiority of the proposed approach over EMG.
Due to the increasing occurrence of unexpected events and the need for pre-crisis planning to reduce risks and losses, modeling emergency response environments (ERE) is needed more than ever. Modeling may lead to more careful planning for crisis-response operations, such as team formation, task assignment, and doing the task by teams. ERE-ML is a model-driven framework which allows a crisis manager to model an ERE, and to automatically generate the executable code of a multi-agent system (MAS) for that environment. However, the application generated by ERE-ML lacks the capability of supporting interactions among the agents and the organizations involved in the crisis management. In this paper, we propose ERE-ML 2.0 as an upgrade of the previous framework. The ERE-ML 2.0 framework supports the interactions by adding new features to the ERE-ML language, modifying the transformation code, and extending the platform. To evaluate the upgraded framework, the Plasco Tower Collapse incident is modeled, and then the model is transformed into the executable code of a MAS to visualize the run-time scenarios.
VAnDroid: A framework for vulnerability analysis of Android applications using a model‐driven reverse engineering technique
Android is extensively used worldwide by mobile application developers. Android provides applications with a message passing system to communicate within and between them. Due to the risks associated with this system, it is vital to detect its unsafe operations and potential vulnerabilities. To achieve this goal, a new framework, called VAnDroid, based on Model Driven Reverse Engineering (MDRE), is presented that identifies security risks and vulnerabilities related to the Android application communication model. In the proposed framework, some security‐related information included in an Android app is automatically extracted and represented as a domain‐specific model. Then, it is used for analyzing security configurations and identifying vulnerabilities in the corresponding application. The proposed framework is implemented as an Eclipse‐based tool, which automatically identifies the Intent Spoofing and Unauthorized Intent Receipt as two attacks related to the Android application communication model. To evaluate the tool, it has been applied to several real‐world Android applications, including 20 apps from Google Play and 110 apps from the F‐Droid repository. VAnDroid is also compared with several existing analysis tools, and it is shown that it has a number of key advantages over those tools specifically regarding its high correctness, scalability, and usability in discovering vulnerabilities. The results well indicate the effectiveness and capacity of the VAnDroid as a promising approach in the field of Android security.
This paper reports on experiences of integrating Agile and Model-Driven Development, for the development of code generators and financial systems. We evaluate the benefits of the Agile MDD approach by comparing Agile non-MDD and Agile MDD developments of code generators, and an agile MDD development of a financial application with
three other independent versions of the same application developed using different approaches. We also compare the functionality of the systems and a variety of technical debt metrics measuring the quality of the code and its design. Based on the case study results, we have found evidence that the use of Agile MDD leads to reductions in development effort, and to improvements in software quality and efficiency.
Our paper entitled “Towards a Model-Driven Framework for Simulating Interactive Emergency Response Environments” was accepted in Journal of Computing and Security.
The Impact of Integrating Agile Software Development and Model-Driven Development: A Comparative Case Study
Agile and Model-Driven Development integration (Agile MDD) is of significant interest to researchers who want to leverage the best of both worlds. Currently, there is no clear evidence or proof for the real impact of such integration. As a first step in this direction, this paper reports an empirical investigation on the impact of integrating Agile and Model-Driven Development on the quality of software systems. To this end, we developed a financial application using Agile MDD, which is further contrasted with three other independent versions of the same application developed using different approaches: Agile method, MDD method, and traditional (manually-coded) method, respectively. We also compared the functionality of the systems and a variety of technical debt metrics measuring the quality of the code and its design. Based on the case study results, we have found that the use of Agile MDD shows some improvements in the product quality and efficiency.
Our paper entitled “VAnDroid: A framework for vulnerability analysis of Android applications using a model-driven reverse engineering technique” was accepted in Software: Practice and Experience Journal.
Our paper entitled “Test Model Generation using Equivalence Partitioning” was accepted in 8th International Conference on Computer and Knowledge Engineering (ICCKE 2018).
Abstract Model transformations (MT), as with any other software artifact, may contain quality flaws. Even if a transformation is functionally correct, such flaws will impair maintenance activities such as enhancement and porting. The concept of technical debt (TD) models the impact of such flaws as a burden carried by the software which must either be settled in a ‘lump sum’to eradicate the flaw, or paid in the ongoing additional costs of maintaining the software with the flaw. In this paper we investigate the characteristics of technical debt in model transformations, analysing a range of MT cases in different MT languages, and using measures of quality flaws or ‘bad smells’ for MT, adapted from code measures. Based on these measures we identify significant differences in the level and kinds of technical debt in different MT languages, and we propose ways in which TD can be reduced.
This article describes how experience in domain specific modeling can be captured and abstracted in a domain specific modeling language (DSML). Modeling with a DSML results in quality models. Patterns of enterprise application architecture (PofEAA) is a rich set of patterns that can be used by designers when designing (modeling) web-based enterprise applications. This article aims at defining a DSML based on PofEAA patterns, as well as providing tool support for designing web-based enterprise applications that use these patterns. The authors have built a DSML using the profile extension mechanism of UML, by defining stereotypes. In addition to the proposed profile, this article has implemented the structure and behavior of PofEAA patterns in Rational Software Architecture (RSA) which is resulted in a tool that facilitates the design of software for designers. To show the usefulness of the tool, it is used for modeling two small systems based on the PofEAA patterns. The results show that many of the design is automated and the modeling speed is increased.