Software Engineering
A Case Tools Index Website
"Software engineering (SE) involves the creation of software systems. Tools
for SE are software programs that enable and facilitate that process, and
help assure the timeliness and accuracy of the resulting software. Such tools
often use the rubric CASE (computer-aided software engineering)"
CASE Tools: Important Features
Since the beginning of time people have used tools as instruments of creation. Some well-known examples of such tools include compasses for maps, dictionaries for writing, or blueprints for architecture. The general logic is an easy one to understand�that tools aid in development. And development is an everlasting event. Since most creations benefit the environment in which they are use, it makes sense to build and consistently improve tools that are designed for specific tasks. This paper explores the use of tools constructed to aid in Software Engineering. Three such Computer Aided Software Engineering (CASE) tools are VISIO, case/4/0, and objectiF. Like other kinds of tools, these three CASE tools have the potential to make software engineering easier because they allow efficiency, consistency, and standardization. To analyze these benefits, this paper (1) explores the general uses of CASE tools, (2) presents the most common features included in CASE tools, (3) analyzes details of each of the CASE tools above, (4) compares details to reveal any advantages or disadvantages between the two types of products, and (5) offers discoveries and recommendations based on the presented information.
Generally, CASE tools are software tools used to help software development and maintenance that can sometimes overwhelm software developers. CASE tools have become increasingly important in Software Engineering because the field continues to evolve at a fast rate, and these tools offer developers many benefits for software development. CASE tools are so important that they �are currently being used in every phase of the life cycle.� For instance, VISIO is a product of Microsoft and offers tools to create real-world solutions. Case/4/0 and objectiF are both products of microTOOL and promote structured software development. Other general uses of CASE tools are the following:
� Assist in the construction of graphical representations of software products�such as flowcharts
� Help developers during the individual phases of the software process�like specification, design, and implementation
� Provide tools that check data items with design�done with a data dictionary and a consistency checker
These uses show that with the help of any CASE tool, software engineers will be better able to manage their organizations' software development.
Moreover, there exists a pattern of common features included in CASE tools. This pattern is found so often in CASE tools that it is referred to as the �programming workbench�. These regular features are determined by the fact that software needs to include a set of basic tools no matter who it is designed for or what it is designed to do. For instance, one feature is up-to-date documentation. By using a CASE tool, members of the development team can be sure that changes are reflected in the project and are current. Even more current is online documentation; it makes information easily accessible and changeable. Another familiar feature that CASE tools introduce is email. The biggest advantage of this feature is communication documentation between team members. Similarly, coding tools like text editors, debuggers, and structure editors are all advantageous because they serve to simplify the programmer�s task by correcting syntax faults �as soon as it has been keyed in by the programmer�. These are essential features and should be found in any CASE tool. The next section of this paper examines three CASE tools�case/4/0, objectiF, and VISIO.
The first CASE tool, case/4/0, can be used to develop at different target languages because it includes its own script language. Case/4/0 is produced by microTOOL and can be used for the following:
� Methods
� Screen Design and Prototyping
� Redundancy Free Meta-model
� Multi-User Capability Repository
� User Management
� Version and Configuration Management
� Reverse Engineering
� Inport/Export Interface
It contains dozens of features but its primary features automate software development in COBOL, C/C++, SQL, Visual Basic and Java. Additional features like function structures, information flows, state diagrams, ER models, data structures, data elements, relational models, and module structures are advantageous because the tool helps developers with relational databases. Other advantages include modest requirements such as Pentium II PC, 64 MB RAM, CD-ROM Drive, one of the Client/Server Platforms--Windows NT or Windows 95/98/2000, and MS Word. However, for a workstation license, case/4/0 costs $600.00.
The second CASE tool, objectiF, is also developed by microTOOL and can be used for the following:
� Methods
� Multi-User Capability
� Operation
� Code Generation
� Documentation
� Configuration Management
� Reverse & Round Trip Engineering
� Interface for Structured Development
This tool, too, contains dozens of features, the prominent being from the Methods category; use case diagrams, activity diagrams, class diagrams, sequence diagrams, state diagrams, packages, and stereotypes and user-defined properties. Advantages to the ObjectiF are that it supports object-oriented and component-based software development; C++, Java�, Visual Basic or ANSI C. Again, the requirements are Pentium II PC, 64 MB RAM, CD-ROM Drive, one of the Client/Server Platforms--Windows NT or Windows 95/98/2000, and MS Word. More expensive than the case/4/0, objectiF Workstation License is $2100.00.
VISIO, the third CASE tool, is produced by Microsoft and is used primarily for enhanced business communications and visual communications. VISIO is the perfect tool for the following:
� Space plans
� Facilities management
� Process plant design
� HVAC design
� Industrial & building automation design
� Electrical engineering schematics
� Mechanical engineering drawings
� Piping and instrumentation drawings
� Manufacturing and assembly drawings
Features of VISIO are intelligent drag-and-drop SmartShape symbols, broad range of industry-specific drawing solutions, Smart connection lines, instant reports, superior CAD compatibility, precision drawing tools, enhanced Internet support, and a customizable drawing platform.
VISIO would be advantageous to students because it contains formula�s that can be changed to repres1ent the real world. Formula�s can be edited to change a shape�s behavior and enhance what it can do. Plus it can associate important data�for example, part numbers or names�with shapes that can be used to create a project layout.
A good example of this application can be found in a case study of Hewlett-Packard and their satisfaction with VISIO. Kevin Pellegrino, the HP Productivity Manager, admits; �Until recently, network schematics were typically sketched on whiteboards, then copied hurriedly by the representative or customer during the sales call�use of Visio Professional drawing and diagramming software has provided significant competitive advantage to the HP field� the Design Center uses Visio Professional to create a detailed schematic of the network topography. A typical case includes one or more floors in one or more buildings, each with unique networking needs and a wide variety of equipment. The network diagrams are extremely detailed�The finished product (shown below) can include thousands of individual shapes.� And even though this product is remarkable accurate and improves business considerably, the newest, standard version of VISIO only costs $199. The system requirements are reasonable too:
� MS Windows 95/98 or Windows NT 4.0 operating system
� Intel Pentium (minimum) 166MHz or better CPU recommended
� 16Mb RAM (minimum for Win 95/98); 24Mb RAM (Win NT). 32Mb recommended
� 125 Mb hard disk space required for typical installation
� CD-ROM drive (required for installation only)
The details of VISIO explain why it is used in many corporations all over the country.
Moreover, the details of these CASE tools explain why CASE tools have become more important to the Software Engineering process, specifically the pattern of common features included in CASE tools. As stated earlier, this pattern or workbench is common among CASE tools. Another similarity between CASE tools is the advantage of management, methods, techniques, discipline, and training. Other comparisons between CASE tools like VISIO, objectiF, and case/4/0 can be seen by the price, ranging from $200 to $2100. Also, VISIO seems more geared toward students and professionals who want more simple functions like shapes, space plans, and engineering diagrams; whereas case/4/0 and objectiF are both Object Oriented CASE tools that support the development process from use cases to implementation and directed toward professionals who know a lot more about Software Engineering. For instance both case/4/0 and objectiF are approved to aid engineering of C++, Java, IDL, and DDL. So although these three CASE tools have common general features and practicalities, they differ in use extensively.
In conclusion and in light of the previous detailed accounts of each CASE tool, advantages and disadvantages between the microTOOL products and the Microsoft product would depend on the user. Obviously, case/4/0 and objectiF are both aimed toward the entire application development process and they are both Object Oriented CASE tools. Large corporations, as well as individual users, on the other hand, can conceivably use VISIO. It is also conceivable to understand why students at IUP would greatly benefit by using VISIO on a more day-to-day basis. The tool would not only increase their understanding of computer design, but it would also provide experience with a tool that is commonly used in business.
Works Cited
1. Chmura, Alan. What�s the Proper Role for CASE Tools? IEEE Software. March 1995.
2. Hebbel, Fred. DBMS and Internet Systems. Using Object-Modeling CASE Tools: Designing and Object-Oriented Application is Easier with a CASE Tool that Supports Object-Oriented Modeling. ) July 1997. Copyright � 1997 Miller Freeman, Inc.
3. MicroTOOL gmbH microTOOL � CASE Tools and IT Services. http://www.microtool.de/case40/en/preis.htm.
4. Orlikowski, Wanda J. Management Information Systems Quarterly. CASE Tools as Organizational Change: Investigating Incremental and Radical Changes in Systems Development. Vol 17. No. 3. Sep. 1993.
5. Schach, Stephen R. Classical and Object-Oriented Software Engineering: With UML and C++. McGraw Hill, 1999.
6. Visio Technical in a Nutshell. http://www.design-drawing.com/
"Society is growing increasingly dependent upon large-scale, highly distributed systems that operate in unbounded network environments. Unbounded networks, such as the Internet, have no central administrative control and no unified security policy. Furthermore, the number and nature of the nodes connected to such networks cannot be fully known. Despite the best efforts of security practitioners, no amount of hardening can assure that a system that is connected to an unbounded network will be invulnerable to attack."
Cyber Security and Software Engineering
Throughout history there have been many real world objects that display the relationship between �engineering� and �security�. This connection can be seen when observing examples like Roman architecture, such as roads, bridges, or theaters. These structures were built so well that many of them are still in use. Not only are they still in use and dependable, but their remarkable development makes obvious the planning that was required and accomplished on the part of the engineer. Likewise, while Roman architecture and engineering were marveled in their time and beyond, so are the technologies in Software Engineering of modern day. This is because when projects are successful, Software Engineering can provide communication, as well as accessibility and information. Yet software engineers must also be able to deal not only with problems creating secure software, but also maintaining the security of the software once a product is �well-traveled� or widely used. A widely used resource is the Internet, but it is also abused in the way that people can break the law by manipulating its intended operations. To fully understand how Software Engineering can help to make cyber space more secure, it is helpful to divide the research into four different parts. Part one will introduce �cyber space�, and look at intrusion and protection terminology to get an idea of some of the current incidents; part two will examine �front-line� organizations that defend the Internet using software engineering techniques like reverse engineering; part three will consider the perspective of a professional Software Engineer on the topic of cyber security and discuss the research of this paper; and part four will elaborate on specific Software Engineering concepts like requirements, testing, and modeling that would make cyber space more secure.
First of all, what is �cyberspace�? �Cyberspace� is just another name for the Internet. The word is generally thought to be new but the French used "cybernetique" in the 1830's to mean "the art of governing.� One hundred years later, the American mathematician Norbert Weiner changed "cybernetique" to "cybernetics" to describe his theory of communications. From that, writer William Gibson created �Cyberspace� in his science fiction novel �Neuromancer� in 1984. But it was the early 1990's when the Internet first impressed the public and "cyberspace" became a popular new word; then "cyber" words began to show up everywhere.
There is now a wide cyber-terminology and as cyber security violations increase, so do the terms and descriptions. A �virus� is any program that inserts itself into a computer, or programs running on a computer, and tries to take some control of the system. Most of the viruses that get major attention do some damage, like deleting files from the system so that it will no longer operate properly. A �worm� is a little different. The primary job of a worm is to make copies of itself and send them into the world by any means possible. Whereas viruses alter individual computers, worms clog up networks by sending out hundreds or thousands of copies of themselves, clogging up communications between computer systems on the Internet. This is the type of malicious program that makes the news and causes widespread warnings, further emphasizing the need to enhance Software Engineering to help prevent this occurrence.
Although other acts are generally less dangerous or destructive than a worm, violations are still plenty. Other more colorful terms used to describe cyber security violations are �script kiddie�, �Trojan horse�, and �white hat�. A script kiddie is like a hacker except less experienced. They use prewritten applications to do things like Web page defacements or denial-of-service attacks. Even more intrusive is a Trojan horse; an application that is designed to perform an illegal action, but is disguised as a less threatening program. Known to arrive through email, Trojans are far more complicated than viruses or worms and allow a hacker unlimited access to a machine. Less malicious than these is a �white hat� or a �hacker who is motivated to explore systems for intellectual curiosity, rather than for malicious or criminal intent.� Even though white hat hackers typically do not damage systems or steal data, they do enter systems for which they do not have authorization.
In contrast, common terms that are used in conjunction with cyber protection are �firewall� and �intrusion detection system�. A firewall is a software program that checks a system�s security standards to block unauthorized information. Even more alerting vigilant than a firewall is an intrusion detection system. This system acts as an alarm for a computer or network and tells an administrator of an intruder. With this information, the administrator can react appropriately.
A �front-line� organization that really has reacted appropriately to �anything alarming� was the CERT�/CC in 1988. The Computer Emergency Response Team Coordination Center (CERT/CC) is located at the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. This team embodies the general ways that Software Engineering can help to make cyber space more secure and hope in the prevention and detection of cyber security violations. For example, the CERT, through reverse engineering, was able to create procedures to eradicate the worm. Reverse engineering is a very useful software engineering concept; this technique starts with the source code and attempts to recreate the design or specification of code. From then on, the Defense Advanced Research Projects Agency (DARPA), sponsors of the Internet, worked on the idea of an �Internet emergency response team��CERT�/CC. Basically, the purpose of this organization is to respond to security incidents.
But their role has expanded over the years. As the world grows accustomed to using the Internet, there have been �increased amounts of damage, increased difficulty of detecting an attack, and increased difficulty of catching the attackers�. In fact, there has been a total of 4,567 incidents reported to CERT�/CC from 1988 to 1995. Each year had an increase in reports except from 1994 to 1995. To handle these reports, the organization is made up of three groups to help the Internet community. These groups are the following:
� Operations�provides a contact point for assistance
� Education and Training�provides documents, summaries, bulletins
� Research and Development�provides security research and engineering
The third group, Research and Development, takes advantage of software engineering concepts to provide cyber security.
More specifically, the research and development that CERT�/CC implements can help in the prevention and detection of cyber security violations. Because the CERT�/CC was created by SEI, the organization uses software engineering concepts like developing models, frameworks, diagnostics, methods, standards, techniques and architectures designed to improve software engineering capability. As previously mentioned, the organization used reverse engineering to deal with the first worm. By doing so, they were able to trace the behavior and reconstruct some of the affected programs. Moreover, CERT encourages cautionary measures. For example, the model of behavior when discovering a threat generally follows these steps: reporting the threat, entering the occurrence in the CERT database, researching the report, and initiating preventive measures.
In addition to the federally funded research center, it is advantageous to get a better idea of security challenges that might be present in a state organization such as the Pennsylvania Department of Transportation. When asked, the systems analyst and head of the Information Technologies Department, Kevin McDonald, said, �a lot of the users we have here in the building don�t really understand that a firewall is for their protection. When we give trainings they want to be able to go to the sites they can see at home.� (See Appendix A) In fact, McDonald went on to explain that most of the problems that the IT department deals with has to do with users who do not know much about the Internet. For instance, during the summer of 2000, many of the users would open email attachments and would get a virus. �One way we deal with this�, McDonald said, �is by giving the user directions they can understand but a lot of times we just write programs or batch files in MS-DOS to fix whatever comes along�that�s what my staff spends a lot of time doing.� This engineering approach then protects the users not only from cyber violations, but also from their own lack of experience with the cyber world.
When asked about his own familiarity with cyber concepts like cyber security and hacking, McDonald indicated that he used to hack more than he does now because �you can get yourself into a lot of trouble nowadays�one minute you�re just seeing what you can do or find and the next minute, boom, they got ya�but one of our best consultants, a man named Howard, started his career based on what he used to do, which was hacking.� When considering the threat of intruders that might try to access information from PennDOT servers, McDonald believed that there is not a large risk. This is because the state enforces strict user verification and the administration can �react quickly to anything that looks alarming�.
These challenges, when overcome, can make certain a more secure and instrumental Internet. To illustrate the Internets importance, take, for example, this paper. This paper was widely researched on the Internet and the interview conducted with Mr. Kevin McDonald was done via email. Because the Internet is current, available, and can be explored with widespread searches, it is a very useful tool for people who are doing research or simply interested in a topic. One of the more popular search engines is �Google�, and most of the information presented in this paper was available through keywords that this search engine located in articles, journals, and books on the Internet. There is a cyclic relationship between creators of websites and readers of websites; readers know that the information is current and useful so they look there, and creators know that readers look there so they make the information current and useful.
Just as people are impressed by the benefits of the Internet, John Tritak, the director of the Critical Infrastructure Assurance Office in the Department of Commerce, was impressed by the example of using software engineering for security set by the SEI. He discusses the vulnerability of computer system�s and efforts to protect them. He believes �steps must be taken to identify the key elements and systems that constitute our critical infrastructures. Their vulnerability to attack must be assessed and plans must be developed to address those vulnerabilities.� Furthermore, he outlines to initial key steps to reach this goal:
1. Prevent attacks from reaching their target in the first place
2. Identify, assess, and make warnings in a timely manner
General Software Engineering concepts can be very instrumental in the first step. For instance, three helpful concepts are requirements, testing, and modeling. Projects should require a security measures that will ensure protection. Then, software engineers should test the project against possible security breaches. That way, the product is secure before it is released. Even in small projects, like a 5-store intranet, there should be functions like order and credit verification or information encryption. And as in regular projects, testing helps to ensure that the software is impenetrable by invaders. Another useful concept is dynamic modeling because a state diagram helps predict the target product; therefore, a comprehensive diagram will result in a highly developed product. But whatever the method, people see the need to meet the challenges posed by national cyber security.
Conclusively, despite awareness, requirements, testing and modeling, there is also a cyclic relationship between cyber security and cyber violations. The more advanced security is, the more advanced violations will become. Despite the ever-growing public dependence of the Internet and the organizations created in response to cyber threats that incorporate SE concepts, Software Engineering is still a very broad field that incorporates many, many engineers. It is so widespread that this plays a major role in the handling of cyber security violations. Therefore it is beneficial to have an organization like CERT to try to outline concrete actions and measures to be taken. With concrete engineering, security will be more dependable. And concrete engineering is accomplished with planning, testing, and modeling. Just as bridge-makers have blueprints, these are the advantages that software engineers have against violators. As one cyber-security advisor said, "Our committee has a special responsibility to focus on the long term - to ensure that the vulnerabilities we have today do not exist tomorrow." And although those vulnerabilities may not exist, hacking will evolve just as solutions do.
Works Cited
1. Brandt, Andrew. Hacker Speak. PCWorld 2 April 2001.
2. Carnegie Mellon University. http://synergy.as.cmu.edu/career/employ/cs/software.html. 20 August 2001.
3. Dietrich, Sven. Meet the CERT Coordination Center. http://www.cert.org/research/bios.html . 13 August 2001.
4. Macmillan, Robert. Cyber-Security Bill Planned by House Committee. Washington Post. 31 October 2001.
5. Morris, Evan. The Word Detective.
http://www.word-detective.com/back-m2.html. 19 August 1997.
6. Schach, Stephen R. Classical and Object-Oriented Software Engineering: With UML and C++. McGraw Hill, 1999/
7. Teasley, Major Glen. Defending the Gates Against Cyber-Invaders. ISCOM Journal. Oct-Dec 1999.
