Software securityHelping software to help improve software

The earlier a problem is detected, the easier it can be solved. Before implementing complex programs in a time-consuming process, computer scientists also want to know whether they will reach the desired performance. Apart from own experience, developers can now rely on the PALLADIO simulation tool. The software package initiated and coordinated by Professor Ralf Reussner of Karlsruhe Institute of Technology (KIT), analyzes the program structure in advance and prognosticates the need for resources and limitations.

“In the beginning was our observation that software developers apply a trial-and-error process. This is a rather inefficient method to produce error-free software,” says Professor Reussner. He compares this process with the construction of a bridge: “If you want to build a bridge, you do not simply place a stone on top of a stone, let a truck drive across, and hope that the bridge will survive the load.”

A Karlsruhe Institute of Technology release reports that instead, simulation programs calculate the statics and design and provide architects and engineers with dependable framework conditions.

This engineering approach has now been transferred to software technology by Reussner’s team of researchers. The result is the PALLADIO open source software package and an additional counseling package for industry partners. The project is named after the architect Andrea Palladio, who created a new building style in Renaissance by combining esthetics with functions. PALLADIO is designed to support programmers in the development of dependable, sustainable, and complex software. Analysis of the software architecture yields findings relating to non-functional properties, such as performance, reliability, maintainability, and costs. In addition, workflows in the components and subcomponents, scalability, use of resources, and distribution aspects of the software are disclosed. The complete layout of the software is checked before “building” is started.

PALLADIO is run in a model-based manner. Instead of implementing a software system in a trial-and-error process and finding limitations, PALLADIO helps detect and prevent in advance on the model level potential limitations, such as bottlenecks or load and elasticity problems. Expensive implementations of meaningless software designs are prevented.

Manifold possibilities of using PALLADIO in practice make the software simulator interesting for industry and economy using complex software systems or in applications with high quality requirements. Enterprises with a complex IT structure in particular are given the possibility of improving their quality assurance and enhancing the efficiency of generating performant and reliable software.

The release notes that in a number of projects to counsel industry, the affiliated Research Center for Information Technology (FZI) has already succeeded in improving quality and enhancing planning security by PALLADIO. This is of particular importance to critical software systems of enterprises. “At the moment, we are preparing PALLADIO for simulating the integration of the software inventory and cloud computing, i.e. the so-called hybrid cloud computing,” says FZI Department Manager Dr. Klaus Krogmann. “In this way, we can combine cloud performance with the existing stock of software.”

The development team of PALLADIO consists of experts from KIT, FZI, and the University of Paderborn. By combining their efforts, the three research partners are able to rapidly respond to new research problems, such as the quality of virtualized cloud applications.