Supporting requirements to code traceability through refactoring

Mahmoud, Anas; Niu, Nan

doi:10.1007/s00766-013-0197-0

Cited by 29 publications

(11 citation statements)

References 69 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The refactoring is a regular practice used in agile approaches, and is often applied on source code [1]; this contributes to the emergence of a successful architecture, improving the internal structure of the application, making the architectural elements more comprehensible, and avoiding the architecture decay, specially in them defined slightly [15,21]. Performing an incomplete refactoring is a cause of ATD that can insert part of ATD and generates new debt [2].…”

Section: Astesj Issn: 2415-6698mentioning

confidence: 99%

“…The refactoring can be performed manually, or semi or fully automatic. The fully automatic approach carry out the identification and transformation of code elements, nevertheless a human commits modifications [1,16]. This work enables a fully automatic refactoring, taking into account the identification by the proposed analysis, and applying a transformation through a renaming of classes.…”

Section: Astesj Issn: 2415-6698mentioning

confidence: 99%

“…This work enables a fully automatic refactoring, taking into account the identification by the proposed analysis, and applying a transformation through a renaming of classes. The last is a kind of global refactoring (i.e., affects classes in more than one package) [10] with API level (Application Programming Interface) [30], which is often used automatically in programming environments [8,30] with aims of organization and conceptualization [25], standing out over other refactoring forms by supporting the software traceability [1].…”

Section: Astesj Issn: 2415-6698mentioning

confidence: 99%

See 2 more Smart Citations

Using Naming Patterns for Identifying Architectural Technical Debt

Carpio¹

2017

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

Section: Astesj Issn: 2415-6698mentioning

confidence: 99%

Section: Astesj Issn: 2415-6698mentioning

confidence: 99%

Section: Astesj Issn: 2415-6698mentioning

confidence: 99%

See 1 more Smart Citation

Using Naming Patterns for Identifying Architectural Technical Debt

Carpio¹

2017

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

“…They use an incremental model-checking approach based on evolving statecharts to state logical properties and compare them against a system model during agile development. Mahmoud and Niu [63] focus on refactoring techniques that recover structural vocabulary terms to improve information retrieval (IR)-based traceability techniques that span code, tests, and requirements. Their approach works by making textual artifacts more normative through systematic refactoring using three operations (Rename Identifier, Move Method, eXtract Method) adapted from other in IR-based approaches.…”

Section: Addressing Security Requirements During Developmentmentioning

confidence: 99%

“…Multiple research efforts [61][62][63][64][65][66][67][68] have explored how formalized security requirements and formal methods used in the design process can be translated into developer-friendly tools for use during product implementation. Generally, these approaches focus on providing traceability from requirements to code to test cases [61][62][63], weakness, threat, and vulnerability repositories knowledge re-use for risk assessment and mitigation [64][65][66], and tool support for certification [67,68]. Keeping code traceable to the requirements that generated it to the test cases that assess whether those requirements are satisfied or not is the central focus of many efforts within the requirements engineering community.…”

Section: Addressing Security Requirements During Developmentmentioning

confidence: 99%

Semantic hierarchies for extracting, modeling, and connecting compliance requirements in information security control standards

Hale

Gamble

2017

Requirements Eng

View full text Add to dashboard Cite

Companies and government organizations are increasingly compelled, if not required by law, to ensure that their information systems will comply with various federal and industry regulatory standards, such as the NIST Special Publication on Security Controls for Federal Information Systems (NIST SP-800-53), or the Common Criteria (ISO 15408-2). Such organizations operate business or mission critical systems where a lack of or lapse in security protections translates to serious confidentiality, integrity, and availability risks that, if exploited, could result in information disclosure, loss of money, or, at worst, loss of life. To mitigate these risks and ensure that their information systems meet regulatory standards, organizations must be able to (a) contextualize regulatory documents in a way that extracts the relevant technical implications for their systems, (b) formally represent their systems and demonstrate that they meet the extracted requirements following an accreditation process, and (c) ensure that all third-party systems, which may exist outside of the information system enclave as web or cloud services also implement appropriate security measures consistent with organizational expectations. This paper introduces a step-wise process, based on semantic hierarchies, that systematically extracts relevant security requirements from control standards to build a certification baseline for organizations to use in conjunction with formal methods and service agreements for accreditation. The approach is demonstrated following a case study of all audit-related controls in the SP-800-53, ISO 15408-2, and related documents. Accuracy, applicability, consistency, and efficacy of the approach were evaluated using controlled qualitative and quantitative methods in two separate studies.

show abstract