Contributions in Merlin

null

null

The dependencies and interrelations between classes and modules affect the maintainability of object-oriented systems. It is therefore important to capture weaknesses of the software architecture to make necessary corrections. This paper describes a method for software evolution analysis. It consists of three complementary steps, which form an integrated approach for the reasoning about software structures based on historical data: 1) The Quantitative Analysis uses version information for the assessment of growth and change behavior; 2) the Change Sequence Analysis identifies common change patterns across all system parts; and 3) the Relation Analysis compares classes based on CVS release history data and reveals the dependencies within the evolution of particular entities. In this paper, we focus on the Relation Analysis and discuss its results; it has been validated based on empirical data collected from a Concurrent Versions System (CVS) covering 28 months of a Picture Archiving and Communication System (PACS). Our software evolution analysis approach enabled us to detect shortcomings of PACS such as architectural weaknesses, poorly designed inheritance hierarchies, or blurred interfaces of modules.

In database federations the integrity problem arises from the degree of heterogeneity and autonomy of participating component database systems. This causes integrity control more complicate than that in traditional centralized database systems. Semantic integrity should be considered in two phases: constraint federation and constraint enforcement. Otherwise, the administrators of component database systems might not agree to join the federation, or some or even all of component databases will be in an inconsistent state when an update is executed. The semantic integrity of federated database refers to representation integrity and enforcement integrity. The representation integrity means that the constraint definition of federated database schema should correctly reflect the characteristics of schema integration. The enforcement integrity means that the federated database state should be consistent with constraints defined over it, when an update is executed. In this thesis, we propose a new component to keep the semantic integrity of federated database. Firstly, we specify an integrity control component, which plays an extendible part of an FDBMS. A set of modules within a reference architecture is given; different degrees of evaluation autonomy are distinguished; and coupling principle is developed to unravel conflicts between the evaluation state of component constraints and that of global ones. Secondly, we develop integrity control enforcement policies for the federation policy. We show that this model is adaptable and flexible to represent the characteristics of federation and the application requirements of constraint enforcement plan. Thirdly, we define an integrity constraint type model that acts as a canonical model. It represents component constraints as integrity constraint types. Based on this model, federation users can translate component constraints, then integrate them and form global ones. These two models, taken together, preserve the representation integrity at the constraint federation phase. Fourthly, we give a two-step approach to enforce constraints. This approach is made up of two parts: type-based two-phase evaluation and policy-based two-phase commitment. It maintains the enforcement integrity at the constraint enforcement phase. Finally, the feasibility of the proposed component is implemented in a prototype, called MIGI. Spatial constraint federation and spatial constraint enforcement have been taken into account in MIGI.

As more enterprises start to transfer their business processes to electronic media, the need for appropriate information security arises. In today's business the security of information systems is not only necessary to ensure business continuity and to protect one's assets from harm; some authors even state that security is also the enabler to do business at all. Unfortunately, it is difficult to specify which measures to take in order to achieve appropriate security. Security reviews or analyses to that aim are usually both tedious and expensive, because they require the knowledge of the IT systems as well as the business processes around them - even though the latter are generally not regarded explicitely. The idea pursued in this thesis is, therefore, to examine business processes descriptions in order to analyse IT security. In this thesis the relations between business process reengineering (BPR) or general process modelling and security analysis will be investigated. Mutual influences will be explained, synergies will be pointed out. Starting from this analysis, the so-called POSeM method - the main contribution of this thesis - was developed. The abbreviation POSeM denotes Process Oriented Security Models. These models are used to select appropriate security measures for a pre-defined business process. In four steps security objectives for the business process in general will be converted into a catalogue of appropriate safeguards, i.e., safeguards that have to be implemented in order to achieve the security objectives defined before. Two rule bases are used: one to ensure the consistency of the defined security objectives and another to derive appropriate security safeguards. Both can be configured to suit the user's security needs. The first step of POSeM examines the security objectives of an enterprise and the business process in general. During a second step these security objectives are broken down into security levels that will be assigned to all parts of the business process for the protection objectives confidentiality, integrity, availability and accountability. These levels are defined according to a discrete and ordered scale consisting of the values none, low, medium, high and, very high. Furthermore components can be assigned types that will later influence the security measures to be implemented for them. After explaining the method and its goals in general, a formal description of its rules and constraints is given. Its implementation is explained and illustrated. To prove the method's applicability it is exercised using an example from the e-business sector (i.e., the use of a content management system) and a detailed example process from the health care sector. A discussion of the method's use cases and advantages compared to ""classical""' methods as well as further research directions will be given in the last chapter.

The goal of multichannel banking is the provision of banking services and products for customers via different sales channels whilst offering various means of access to a financial institute. The user of a multichannel banking offering can decide to use one or more of the sales channels on offer depending on the occasion, the situation and his need, and thus conduct his daily banking business optimally and as efficiently as possible. In this work a new application framework is presented which can be used as the basis for a multichannel infrastructure. The discussion of the fundamental problems in the development, operations and maintenance of today&Mac226;s banking applications leads to a new architectural model for multichannel infrastructures. The use of XML as the central data format for data administration and of XSL for specific formatting stylesheets leads to a new architectural model for multichannel infrastructures. This opens the way for the development of promising application scenarios, e.g. multichannel based banking and brokerage applications. Areas of application with especially high potential are the banking domains account information, payments and securities trading. Up until now it has only been possible to satisfy the intensely information related, geographically dependent and time critical character of banking services and processes in the financial services sector through the development of proprietary applications. The use of integrated, multichannel-based banking infrastructures can make a significant contribution to the development of more efficient and more flexible solutions. A portal framework is presented which enables the integration of various Internet based end-devices. The innovative system architecture, the portable screen layouts and concepts for screen design as well as the various user interfaces for the different end-devices are presented and discussed. In addition, the end-devices are grouped into categories and examined as to their suitability for various customer segments. In the description of the prototype system, it is shown how end-device specific style sheets in a 4-tier architecture can be dynamically deployed at run-time to generate the required target format for the specific end-devices. The various client applications, methods and techniques of implementation are discussed in order to postulate adequate recommendations for multichannel management. Aspects of usability are demonstrated by means of the implemented prototypes and the problems of specific end-devices are discussed. Finally, a possible approach to a portal application is shown which allows the integration of cross-media information and applications into a multichannel portal framework. The close relationship of the prototype application to financial services providers allows the design of new architectural models and user interfaces for multichannel applications for financial institutes based on the results of this work.

The research areas agents and workflow management systems were analysed almost independent in the past. Agents show a number of solutions for different problems in workflow management systems. Therefore, it has to be examined in which fields the use of agents in workflow management is promising and how a solution could look like. Traditional workflow management systems are monolithic, i.e. they have a central server who controls the running processes. In a system with hundreds of clients this server must have very high performance. A problem is the reliability of the server. If the server crashes, the whole system stops. Another problem is the connection between the workflow system and other systems. Especially in large companies, a number of different systems are used. For each system, a special interface must be implemented, which is a time consuming task. This thesis presents a solution to the problems mentioned above with AWA, an agent based workflow architecture. The general idea of AWA is to use mobile agents to control the workflow. This is done by defining specialised agents that work in team. For each new process instance, a new kind of agent is created who controls the overall process by creating new agents. One focus of this work is security. On the one hand, all agents running on a system can be attacked from this system, on the other hand, a company must protect a system not only from outside but also from inside attacks. Therefore, an editor is presented that can be used to model security rules graphically. A close description of the prototype AWA/P, who implements the AWA architecture, closes this thesis.

Currently active database systems (ADBMSs) are principally conceived as rather tightly integrated software systems. They are either realized as a part of monolithic DBMSs, or the active database mechanisms are provided as a layer that resides on top of traditional DBMSs. As these modules still can be coupled tightly with the underlying DBMS, the latter approach does not ensure that the respective modules are adapted easily to other DBMSs. Providing active database mechanisms as individual and customizable database services would therefore open the opportunity to use them in a variety of ways and environments. In that sense, this thesis investigates in the systematic provision of sophisticated active mechanisms in database or database-related environments and proposes an engineering approach to construct active database systems in a cost-effective way. In a first stage the basic concepts of active database management systems as well as the foundations of (Active) DBMS construction are discussed. These investigations enable the conclusion that the principal approach to be devised in this thesis relies best on decomposing ADBMSs into reusable components that are recombined later on into specific active database services. In a next step concise meta models to describe the software components and software architectures are elaborated, followed by the definition of specific reuse-oriented software processes to take ADBMSs apart into components and to build active database services out ofthese components. Subsequently a reference architecture underlying the prospective active database services is devised by applying specialized architecture design techniques. The reference architecture is specified formally by means of an architecture definition language. Techniques to transform the reference architecture into actual software components are conceived afterwards. The procedure consists of a method to specify components in an implementation-independent way, a technique to generalize them systematically and a process to develop the components with a chosen component infrastructure. In order to recombine the components into a coherent ensemble a method to specify the prospective active database service is devised as well as a schema to classify components and specific tools that assist the software engineer in the assembly of an active database service. Finally, a prototype has been implemented as a proof of concept.

This paper represents an initial effort to explore the empirical relationship between business ideologies and perceptions of organizational downsizing. The results of four studies, two conducted in the US and one each in Singapore and Korea, suggest that respondents' belief in the ideology of employee self‐reliance reduces the degree to which they perceive layoffs as a breach of the psychological contract. This finding appears to generalize to respondents' perceptions of their own layoffs and also to respondents' perceptions of layoffs happening to others. We spell out the implications of these results for the evolving theory of the ideological foundations of perceptions of downsizing.