Browsing by Author "Martinez, Jabier"
Now showing 1 - 13 of 13
Results Per Page
Sort Options
Item The AQUAS ECSEL Project Aggregated Quality Assurance for Systems: Co-Engineering Inside and Across the Product Life Cycle: Co-Engineering Inside and Across the Product Life Cycle(2019-09) Pomante, Luigi; Muttillo, Vittoriano; Křena, Bohuslav; Vojnar, Tomáš; Veljković, Filip; Magnin, Pacôme; Matschnig, Martin; Fischer, Bernhard; Martinez, Jabier; Gruber, Thomas; SWTThere is an ever-increasing complexity of the systems we engineer in modern society, which includes facing the convergence of the embedded world and the open world. This complexity creates increasing difficulty with providing assurance for factors including safety, security and performance. In such a context, the AQUAS project investigates the challenges arising from e.g., the inter-dependence of safety, security and performance of systems and aims at efficient solutions for the entire product life-cycle. The project builds on knowledge of partners gained in current or former EU projects and will demonstrate the newly developed methods and techniques for co-engineering across use cases spanning Aerospace, Medicine, Transport and Industrial Control.Item Information technologies exposing children to privacy risks: Domains and children-specific technical controls: Domains and children-specific technical controls(2022-08) Crepax, Tommaso; Muntés-Mulero, Victor; Martinez, Jabier; Ruiz, Alejandra; SWT; QuantumEU data protection law requires that digital service providers and system developers put in place technical measures that are adequate to protect children’s informational privacy. The stringent legal obligations of implementing principles of data protection by design into digital systems intensified the engineers’ need to create processes and technological solutions to enhance children’s privacy in digital services. However, in several cases, generic controls have proven to have limited effects on the protection of children’s privacy, raising questions about the need to further develop children- specific technical controls. This paper contributes to address the need for privacy controls by providing (a) a summary of real-world applications of information technologies domains that expose children to privacy risks, and (b) a list that represents the state-of-the-art of the technical controls designed specifically to protect children’s privacy. We identify 24 technical controls that we manually classify with NIST Security and Privacy control categories and Hoepman’s Privacy design strategies. We find that most controls relate to identification and authentication, many of which in the form of techniques for age verification. In general, the vast majority of controls belong to minimization strategies. Our findings show that the field of technical controls specifically designed for children is yet to be developed.Item Modelling the Component-based Architecture and Safety Contracts of ArmAssist in Papyrus for Robotics(Institute of Electrical and Electronics Engineers Inc., 2021-06) Martinez, Jabier; Ruiz, Alejandra; Garzo, Ainara; Keller, Thierry; Radermacher, Ansgar; Tonetta, Stefano; Tecnalia Research & Innovation; SWT; Quantum; Medical TechnologiesHealthcare robots are increasingly being used and the way they are engineered they still have several challenges regarding reference models and validation. In this experience report we focus on the ArmAssist robotic system and how it can be modelled including safety considerations for validation in early design phases. ArmAssist is an upper-limb robotic system for stroke rehabilitation based on serious games. The open-source tool Papyrus for Robotics was used for modelling the robotic system in close collaboration with neurorehabilitation domain experts. Papyrus for Robotics includes new functionalities that we contributed for contract-based design at component and system level, allowing to make explicit and validate the safety considerations using formal languages. In our case, the assertions are expressed in OCL and Othello. We present the resulting model and a discussion from domain experts.Item Open-source software product line extraction processes: the ArgoUML-SPL and Phaser cases: the ArgoUML-SPL and Phaser cases(2022-04-08) Moreira, Rodrigo André Ferreira; Assunção, Wesley K. G.; Martinez, Jabier; Figueiredo, Eduardo; SWTSoftware Product Lines (SPLs) are rarely developed from scratch. Commonly, they emerge from one product when there is a need to create tailored variants, or from existing variants created in an ad-hoc way once their separated maintenance and evolution become challenging. Despite the vast literature about re-engineering systems into SPLs and related technical approaches, there is a lack of detailed analysis of the process itself and the effort involved. In this paper, we provide and analyze empirical data of the extraction processes of two open source case studies, namely ArgoUML and Phaser. Both cases emerged from the transition of a monolithic system into an SPL. The analysis relies on information mined from the version control history of their respective source-code repositories and the discussion with developers that took part in the process. Unlike previous works that focused mostly on the structural results of the final SPL, the contribution of this study is an in-depth characterization of the processes. With this work, we aimed at providing a deeper understanding of the strategies for SPL extraction and their implications. Our results indicate that the source code changes can range from almost a fourth to over half of the total lines of code. Developers may or may not use branching strategies for feature extraction. Additionally, the problems faced during the extraction process may be due to lack of tool support, complexity on managing feature dependencies and issues with feature constraints. We made publicly available the datasets and the analysis scripts of both case studies to be used as a baseline for extractive SPL adoption research and practice.Item Product line architecture recovery with outlier filtering in software families: the Apo-Games case study: the Apo-Games case study(2019-12-01) Lima, Crescencio; Assunção, Wesley KG; Martinez, Jabier; Mendonça, William; Machado, Ivan C; Chavez, Christina FG; SWTSoftware product line (SPL) approach has been widely adopted to achieve systematic reuse in families of software products. Despite its benefits, developing an SPL from scratch requires high up-front investment. Because of that, organizations commonly create product variants with opportunistic reuse approaches (e.g., copy-and-paste or clone-and-own). However, maintenance and evolution of a large number of product variants is a challenging task. In this context, a family of products developed opportunistically is a good starting point to adopt SPLs, known as extractive approach for SPL adoption. One of the initial phases of the extractive approach is the recovery and definition of a product line architecture (PLA) based on existing software variants, to support variant derivation and also to allow the customization according to customers’ needs. The problem of defining a PLA from existing system variants is that some variants can become highly unrelated to their predecessors, known as outlier variants. The inclusion of outlier variants in the PLA recovery leads to additional effort and noise in the common structure and complicates architectural decisions. In this work, we present an automatic approach to identify and filter outlier variants during the recovery and definition of PLAs. Our approach identifies the minimum subset of cross-product architectural information for an effective PLA recovery. To evaluate our approach, we focus on real-world variants of the Apo-Games family. We recover a PLA taking as input 34 Apo-Game variants developed by using opportunistic reuse. The results provided evidence that our automatic approach is able to identify and filter outlier variants, allowing to eliminate exclusive packages and classes without removing the whole variant. We consider that the recovered PLA can help domain experts to take informed decisions to support SPL adoption.Item REVE 2021: 9th International Workshop on Reverse Variability Engineering: 9th International Workshop on Reverse Variability Engineering(Association for Computing Machinery, 2021-09-06) Assunção, Wesley K.G.; Lopez-Herrejon, Roberto E.; Ziadi, Tewfik; Martinez, Jabier; Mousavi, Mohammad; Schobbens, Pierre-Yves; Araujo, Hugo; Schaefer, Ina; ter Beek, Maurice H.; Devroey, Xavier; Rojas, Jose Miguel; Pinto, Monica; Teixeira, Leopoldo; Berger, Thorsten; Noppen, Johannes; Reinhartz-Berger, Iris; Temple, Paul; Damiani, Ferruccio; Petke, Justyna; SWTSoftware Product Line (SPL) migration remains a challenging endeavour. From organizational issues to purely technical challenges, there is a wide range of barriers that complicates SPL adoption. This workshop aims to foster research about making the most of the two main inputs for SPL migration: 1) domain knowledge and 2) legacy assets. Domain knowledge, usually implicit and spread across an organization, is key to define the SPL scope and to validate the variability model and its semantics. At the technical level, domain expertise is also needed to create or extract the reusable software components. Legacy assets can be, for instance, similar product variants (e.g., requirements, models, source code, etc.) that were implemented using ad-hoc reuse techniques such as clone-and-own. More generally, the workshop REverse Variability Engineering attracts researchers and practitioners contributing to processes, techniques, tools, or empirical studies related to the automatic, semi-automatic or manual extraction or refinement of SPL assets.Item Safety and Security Interference Analysis in the Design Stage(Springer, 2020-09-15) Martinez, Jabier; Godot, Jean; Ruiz, Alejandra; Balbis, Abel; Ruiz Nolasco, RicardoSafety and security engineering have been traditionally separated disciplines (e.g., different required knowledge and skills, terminology, standards and life-cycles) and operated in quasi-silos of knowledge and practices. However, the co-engineering of these two critical qualities of a system is being largely investigated as it promises the removal of redundant work and the detection of trade-offs in early stages of the product development life-cycle. In this work, we enrich an existing safety-security co-analysis method in the design stage providing capabilities for interference analysis. Reports on interference analyses are crucial to trigger co-engineering meetings leading to the trade-offs analyses and system refinements. We detail our automatic approach for this interference analysis, performed through fault trees generated from safety and security local analyses. We evaluate and discuss our approach from the perspective of two industrial case studies on the space and medical domains.Item Security Debt: Characteristics, Product Life-Cycle Integration and Items(Institute of Electrical and Electronics Engineers Inc., 2021) Martinez, Jabier; Quintano, Nuria; Ruiz, Alejandra; Santamaria, Izaskun; de Soria, Iker Martinez; Arias, JoseIndustries from very diverse domains are realising that security should not be treated in a reactive way (e.g., once the cyberattack has happened). This way, security-related requirements and risks need to be continuously managed, and the need of integrating technical measures should be continuously assessed. In some cases, some decisions led, intentionally or unintentionally, to debt related to security aspects. This security debt is thus incurred when limited approaches or solutions are applied to reach the expected security levels of the system in operation. Identifying and making explicit security debt items is a challenge for companies. In this work, we analyse the literature on security debt to provide initial insights on the topic. Concretely, we discuss its definition, identify its most salient characteristics, present approaches for integrating its management in the product life-cycle, and to present categories and examples of security debt items.Item Smart Grid Challenges Through the Lens of the European General Data Protection Regulation(Springer, 2020) Martinez, Jabier; Ruiz, Alejandra; Puelles, Javier; Arechalde, Ibon; Miadzvetskaya, Yuliya; Siarheyeva, Alena; Barry, Chris; Lang, Michael; Linger, Henry; Schneider, Christoph; SWT; Quantum; DIG_LIF_SKI; Tecnalia Research & InnovationThe General Data Protection Regulation (GDPR) was conceived to remove the obstacles to the free movement of personal data while ensuring the protection of natural persons with regard to the processing of such data. The Smart Grid has similar features as any privacy-critical system but, in comparison to the engineering of other architectures, has the peculiarity of being the source of energy consumption data. Electricity consumption constitutes an indirect means to infer personal information. This work looks at the Smart Grid from the perspective of the GDPR, which is especially relevant now given the current growth and diversification of the Smart Grid ecosystem. We provide a review of existing works highlighting the importance of energy consumption as valuable personal data as well as an analysis of the established Smart Grid Architecture Model and its main challenges from a legal viewpoint, in particular the challenge of sharing data with third parties.Item Spectrum-based feature localization: A case study using ArgoUML: A case study using ArgoUML(Association for Computing Machinery, 2021-09-06) Michelon, Gabriela K.; Sotto-Mayor, Bruno; Martinez, Jabier; Arrieta, Aitor; Abreu, Rui; Assunção, Wesley K. G.; Mousavi, Mohammad; Schobbens, Pierre-Yves; Araujo, Hugo; Schaefer, Ina; ter Beek, Maurice H.; Devroey, Xavier; Rojas, Jose Miguel; Pinto, Monica; Teixeira, Leopoldo; Berger, Thorsten; Noppen, Johannes; Reinhartz-Berger, Iris; Temple, Paul; Damiani, Ferruccio; Petke, Justyna; SWTFeature localization (FL) is a basic activity in re-engineering legacy systems into software product lines. In this work, we explore the use of the Spectrum-based localization technique for this task. This technique is traditionally used for fault localization but with practical applications in other tasks like the dynamic FL approach that we propose. The ArgoUML SPL benchmark is used as a case study and we compare it with a previous hybrid (static and dynamic) approach from which we reuse the manual and testing execution traces of the features. We conclude that it is feasible and sound to use the Spectrum-based approach providing promising results in the benchmark metrics.Item The state of adoption and the challenges of systematic variability management in industry(2020-05-01) Berger, Thorsten; Steghöfer, Jan-Philipp; Ziadi, Tewfik; Robin, Jacques; Martinez, Jabier; SWTHandling large-scale software variability is still a challenge for many organizations. After decades of research on variability management concepts, many industrial organizations have introduced techniques known from research, but still lament that pure textbook approaches are not applicable or efficient. For instance, software product line engineering—an approach to systematically develop portfolios of products—is difficult to adopt given the high upfront investments; and even when adopted, organizations are challenged by evolving their complex product lines. Consequently, the research community now mainly focuses on re-engineering and evolution techniques for product lines; yet, understanding the current state of adoption and the industrial challenges for organizations is necessary to conceive effective techniques. In this multiple-case study, we analyze the current adoption of variability management techniques in twelve medium- to large-scale industrial cases in domains such as automotive, aerospace or railway systems. We identify the current state of variability management, emphasizing the techniques and concepts they adopted. We elicit the needs and challenges expressed for these cases, triangulated with results from a literature review. We believe our results help to understand the current state of adoption and shed light on gaps to address in industrial practice.Item Visualizations for the evolution of Variant-Rich Systems: A systematic mapping study: A systematic mapping study(2023-02) Medeiros, Raul; Martinez, Jabier; Díaz, Oscar; Falleri, Jean-Rémy; SWTContext: Variant-Rich Systems (VRSs), such as Software Product Lines or variants created through clone & own, aim at reusing existing assets. The long lifespan of families of variants, and the scale of both the code base and the workforce make VRS maintenance and evolution a challenge. Visualization tools are a needed companion. Objective: We aim at mapping the current state of visualization interventions in the area of VRS evolution. We tackle evolution in both functionality and architecture. Three research questions are posed: What sort of analysis is being conducted to assess VRS evolution? (Analysis perspective); What sort of visualizations are displayed? (Visualization perspective); What is the research maturity of the reported interventions? (Maturity perspective). Methods: We performed a systematic mapping study including automated search in digital libraries, expert knowledge, and snowballing. Results: The study reports on 41 visualization approaches to cope with VRS evolution. Analysis wise, feature identification and location is the most popular scenario, followed by variant integration towards a Software Product Line. As for visualization, nodelink diagram visualization is predominant while researchers have come up with a wealth of ingenious visualization approaches. Finally, maturity wise, almost half of the studies are solution proposals. Most of the studies provide proof-of-concept, some of them also include publicly available tools, yet very few face proof-of-value. Conclusions: This study introduces a comparison framework where to frame future studies. It also points out distinct research gaps worth investigating as well as shortcomings in the evidence about relevance and contextual considerations (e.g., scalability).Item Will safety-security co-engineering pay off? A quality and cost perspective in two case studies(Institute of Electrical and Electronics Engineers Inc., 2021) Urretavizcaya, Imanol; Martinez, Jabier; Satriani, Giuseppe; Ruiz, Alejandra; Nolasco, Ricardo Ruiz; Gonzalez, Antonio; Moreno, Isaac; Balbis, AbelSafety and Security concerns are usually interlinked while building critical software-intensive systems of systems. Several efforts try to approach both domains of expertise to increase the overall reliability of the systems and reduce costs by an earlier detection of issues and trade-offs. Despite the growing number of co-engineering practices at different life-cycle stages, there is a lack on business justifications such as economic costs of their adoption. We report on using a cost model to evaluate the convenience (or not) of adopting co-engineering practices in two industrial case studies (space and medical devices). Simulation results with the collected data suggest an improvement in quality if any of the selected co-engineering practices are integrated while cost increases in one case but reduces in the other. We discuss the results but, as they cannot be generalized, the main contribution is on proposing the cost model for answering the title’s question.