Ebook: Feature Interactions in Software and Communication Systems X
The International Conference on Feature Interactions in Software and Communication Systems (ICFI) has evolved out of the Feature Interaction Workshop (FIW), which started in 1992 as the leading forum for discussion and reporting on research on feature interactions in telecommunications systems. It is now concerned with feature interaction in all types of software systems. Participation includes practitioners, researchers and educators. The proceedings have been published by IOS Press since 1994.
Welcome to the Tenth International Conference on Feature Interactions in Telecommunications and Software Systems (ICFI2009), which is held in Lisbon, Portugal, 11–12 June 2009. The first event of this kind was a workshop held in St. Petersburg, Florida, in 1992. This was a true workshop, with invited talks, short papers, and focused discussions; no formal proceedings were published. The concept rapidly matured into a series of international workshops and conferences held in North America, Europe, and Japan.
Features are additional services or optional add-ons to a basic system. They began to be studied in the 1990s when they arose in the telecommunications domain: at that time, major telephony providers were adding services like “call forwarding” and “ring back when free” to their basic telephone service. Features occur whenever organizations compete by differentiating their products from those of rival organizations. They also occur when products are upgraded. New software releases are typically described in terms of the features added (and the bugs fixed!) since the last release. Unfortunately, adding one feature may break another, or interfere with it in an undesired way. This phenomenon is called feature interaction. “Feature interference” would have been a better term, since interactions can be good as well as bad, but the term “feature interaction” has stuck – in the global community.
This series of workshops is devoted to exploring ways in which the feature interaction problem may be mitigated. This may be done in several ways:
• by developing new methods for designing and producing software, which support the introduction of features in a safe and understood way;
• by developing tools and techniques for detecting feature interactions once features have been introduced, but before the software is released (this is called off-line detection);
• by developing methods for managing feature interactions when they occur in live systems (this is called on-line detection and resolution).
The conference aims to bring together representatives of the telecommunications industry, the software industry, and the research community working on all aspects of feature interactions in order to discuss possible solutions and their practical applications, as well as setting directions for further research.
The Programme for the conference includes two invited papers from speakers who were chosen because of their excellent contributions to fields which are related to but outside of feature interaction. Additionally, there are 14 full papers and 7 short papers. Each paper received at least three reviews from members of the Programme Committee. All submitted papers where well in the scope of the conference. Even for papers with weaker evaluation, the Programme Committee positively accepted them as work-in-progress papers. This allows people new to the field in emerging areas to become members of the community. Also it allows the community to continue to have this event and see it as a productive discussion forum for the future.
ICFI2009 is held in conjunction with the Distributed Computing Techniques 2009 (DisCoTec'09), a major cluster of conferences sponsored by IFIP. The collocation with a large conference is the first experience in the ICFI history. We are happy to have such a great opportunity to realize cultural exchange with people in other communities.
Acknowledgments: We are grateful to all the authors who have submitted to ICFI, the invited speakers and the panelists for taking part. We thank the Programme Committee for producing thorough reviews to short timescales. Thanks are also due to Prof. António Ravara, Technical University of Lisbon, and Prof. Elie Najm, ENST, for their invaluable support for the collocation with DisCoTec'09.
Masahide Nakamura & Stephan Reiff-Marganiec
April 2009
Goals are abstract, user-oriented objectives for how a system should behave. To be made operational, they are refined into lower-level policies that are executed dynamically. It is explained how previous work on policy-based management has been enhanced with a separate goal system that allows goals to be specified, analysed, refined, and achieved. It is shown how conflicts can arise at several levels among goals, and how these conflicts are detected and handled. Although the approach is general, it is illustrated through an application to Internet telephony.
The Call Processing Language (CPL) is one of the best known approaches developed for creating telephony services in Internet telephony. Its XML-based structure makes it a flexible approach to create services not only by service providers, but also by end-users, which increases the possibility of feature interactions. In this paper we present an online approach for detecting feature interactions of CPL. A feature interaction manager is introduced to handle the problem. The manager detects feature interaction through comparing actions indicated by real-time SIP messages and actions indicated by CPL scripts which we call intentions. We evaluated the proposed approach using the VOCAL (Vovida Open Communication Application Library) VoIP system. Among the ready-made features, a feature interaction has been detected between Call Screening and Call Forward All Calls.
One of the most difficult tasks in software development is that features are implemented by changing the code of other features. This problem cannot be solved with existing general purpose programming languages if the features interact and are executed in the same process [1]. A solution to the problem must include a method that can automatically identify where to make the changes, or in the context of interacting features, automatically detect their interaction conditions. The Feature Language Extensions (FLX) is a set of language constructs that enable the programmer to develop interacting features as separate and reusable program modules. This paper overviews the feature interaction detection method of FLX. It includes an algorithm that determines the satisfiability of quantifier free first order predicate formulas containing variables that are used in the actual software and, therefore, may have complex data structures and predicate methods. FLX provides language constructs for the programmer to specify reusable predicate combination functions so that the algorithm does not require iterations of trials and errors.
The 3rd Generation Partnership Project (3GPP) is the wireless standards development organization setting the standards for evolving mobile broadband beyond the Global System for Mobile communication (GSM). The IP Multimedia Subsystem (IMS) is an architectural framework standardized by the 3GPP for delivering IP multimedia services based on the IETF Session Initiation Protocol (SIP). As the integration of multiple IP multimedia applications via resolving their interactions is an important requirement for the IMS, the 3GPP Services and System Aspects Working Group 2 (SA2) launched a feasibility study on enhancing IMS for better service interaction management in Release 8. This paper reports some important results of this feasibility study from 2006 to 2008 under 3GPP TR 23.810. It describes an incremental enhancement to IMS service control to enable dynamic service interaction management. Several examples we contributed to TR 23.810 are presented in this report to illustrate the ideas. Finally, the report points out open issues for further research in this area.
Feature interaction testing (FIT) suffers from the problem of combinatorial state explosion since all feature combinations have to be tested in all possible states. This paper presents a cost-effective feature interaction testing strategy that is based on a thorough feature interaction analysis, a dynamic prioritization of test cases, and an analysis of customer deployment scenarios. The proposed strategy is applied to Cisco IOS-XR internetworking operating system.
Policies are convenient means to modify system behaviour at run-time. Nowadays, policies are created in great numbers by different actors, ranging from system administrators to lay-users. However, this situation may lead naturally to inconsistencies, a problem that has been recognized and termed policy conflict.
The adoption of a widely-used notation, with good tool support, to express the policies, can not only support the detection, but also help all the involved actors in understanding and resolving the conflicts. In this respect, a natural candidate is UML due to its current wide use in the industrial practice. In this paper we show how to model check policies expressed in UML to verify whether they are free of conflicts: we define a correspondence between APPEL policies and UML state machines and use UMC as a model checker. We validate the approach with examples taken from the literature.
Ideally, a feature interaction (FI) approach for scenario models should require minimal additional specification effort and allow for incremental definition of new scenarios. Furthermore, the scenario specification model and the validation model should be clearly separated. The specification model comprises the intrinsic behavioral and structural properties of the application under consideration, while the validation model consists of any additional information required for ensuring compliance with the feature specifications. The usage of pre- and postconditions in scenario models is one lightweight approach for detecting, modeling, and resolving FIs. It requires low effort, allows for incremental development, and if properly structured, allows for separation of the scenario and validation models. Aspect-oriented modeling techniques, however, add further requirements, as aspectual scenarios should remain independent from each other even if FIs are present. We present a specification and validation framework that satisfies the above-mentioned goals and assess its aspect-oriented scenario notation, Aspect-oriented Use Case Maps, against these goals based on a radio software case study.
A significant number of failures in e-voting systems have arisen because of poorly specified requirements, combined with an ad-hoc approach to engineering multiple variations of similar machines. We demonstrate that e-voting is a suitable domain for leveraging state-of-the-art in software product line (SPL) engineering techniques and tools. We propose, based on examples of typical requirements, that a feature-oriented approach to e-voting domain analysis is a good foundation upon which to carry out commonality and variablity analysis. Simple analysis of our core and optional features (and their variants) leads us to believe that feature interactions are a major problem in voting systems. We conclude that a formal software product line would help to manage the composition of features in such a way as to eliminate interactions in the requirements models, before particular e-voting systems are instantiated.
The idea of feature-oriented programming is to map requirements to features, concepts that can be composed to form a software product. Change-oriented programming (ChOP), in which features are seen as sets of changes that can be applied to a base program, has recently been proposed as an approach to FOP. Changes are recorded as the programmer works and can encapsulate any developer action, including the removing of code.
Before changes can be combined to form a product, it has to be verified that there are no harmful interactions between selected changes. There exists, however, no formal model of the current approach that may serve as a reference specification for ChOP implementations. In an effort to fill this gap, we propose a formal model of ChOP, which, as we will show, maps to the well-understood notion of feature diagram. Thanks to this, we can reuse a number of results in feature diagram research and apply them to ChOP.
Many object-oriented systems, such as CASE tools manipulated by GUIs and Java Servlet applications responding to requests from internet clients, are driven by external inputs. We call such systems object-oriented effect systems. Features in an object-oriented effect system are implemented so that they can collaborate each other by effects, but sometimes defects about effects cause a kind of feature interactions, called effect interactions, specific to object-oriented effect systems.
We explain why locating the defect of effect interactions is difficult, and we explain our basic idea toward a trace analysis approach to solve the problem. We propose a model of program execution traces on which a low-level representation of effect interactions appear. We also address how to abstract the low-level representation and to express hypotheses about the location of defects of effect interactions.
We argue that the feature interaction problem arises primarily from sharing of context and hence features should be structured and analysed through a notation that makes context explicit. We support this argument with three sets of evidence. Firstly, we express feature interaction through Zave and Jackson's entailment relation. With the entailment relation, we structure a feature as a relation between three sets of descriptions: requirement, context, and specification. We show that feature interactions arise due to shared context. Secondly, we examine the literature on sources of feature interactions and conclude that inconsistencies between requirements are ultimately manifested on shared context. Finally, we study feature interaction taxonomies and show that in the characterisation of feature interactions in taxonomies, context sharing is central.
The security of software applications is an important domain, and one that mixes formalisms (e.g. when dealing with cryptography and security protocols) with very ad hoc, low level practical solutions. In this paper, we look at a subset of the “security” field: the production of secure, general purpose software from a software engineering viewpoint. We call this simply “software security”. We show that, when we analyze this particular subset of the field, many if not most problems turn out to be instances of feature interactions problems. We illustrate our claim by looking at three of the top ten most common vulnerabilities in Web application as published by OWASP (the three that are in fact software security issues) and show that in each instance, we can express the problem as a feature interactions problem. We also reach the same conclusion with one of the latest generalized software security vulnerability, “ClickJacking”.
Interactions may arise as a result of deploying multiple secrecy (or security) models in a system, i.e. they can arise in hybrid secrecy or security models. To detect and report these issues we propose the use of logic analyzers to determine if the involved secrecy models are mutually coherent and hence they can coexist, as well as the conditions under which they can coexist. We present our preliminary results with respect to secrecy models such as Chinese Wall, Bell-LaPadula, and Delegation of Authority. Our method is based on representing models and policies using the formal technique Alloy, however the method's principles are conjectured to be generic and hence should apply to any secrecy or security model, with different logic-based tools.
Current generative programming approaches use configuration knowledge to automatically manufacture an end product given a particular requirements specification. Such configuration knowledge models feature interactions either in the problem domain (at the requirements level) or in the solution domain (at the implementation level). Thus, feature interactions are defined as a composition problem in one specific phase of the generative programming lifecycle. However, we experienced the need to model and handle feature interactions that cross the problem and solution domain. This paper presents a specific case study, in the context of our work on distributed runtime adaptation, motivating this important but often ignored category of problem-solution feature interactions.
Detecting undesired interactions in aspect-oriented models is closely related to detecting undesired feature interactions. Aspect interactions can be broadly categorized into syntactic interactions, which can be discovered by analysis based on syntax, and semantic interactions, which require an interpretation of the meaning of models. Semantic interactions are very hard to detect and at the same time often require significant rethinking or remodeling of the aspects. We argue that more research is needed to effectively deal with semantic interactions in aspectual models and that goal models are a suitable candidate to reason about these interactions.
The Next Generation Service Overlay Network (NGSON) is a standard activity launched by IEEE Communications Society in March 2008 to define a framework of Internet Protocol (IP)-based service overlay networks and specify context-aware, dynamically adaptive, and self-organizing networking capabilities, including advanced routing and forwarding schemes that are independent of underlying transport networks. Service interaction research, specifically how to harness service interactions to facilitate service integration and bundling in such a service overlay network, has been the focus of this standard activity. This paper reports the still evolving ideas of IEEE NGSON architecture and describes the new challenges in service interaction research in such a framework.
This paper presents an online detection and resolution method for feature interactions among integrated services in home network systems. To achieve reasonable online detection and resolution, we introduce three new concepts in this paper. Specifically, (a) activation which explicitly defines the execution lifetime of services, (b) mandatory methods which guarantees essential and optional operations in services, and (c) suspend/resume mechanism which allows lower-priority services to sleep temporarily and to wake up later when all conflicting services are terminated. A case study demonstrates the effectiveness of the proposed method.
We explore and discuss different ways of expressing service specifications in the context of home automation systems implemented on OSGiTM. We found that the approach used for expressing services affects the amount of service interaction in the system. Some approaches, as opposed to others, artificially increase the number of situations where services are considered to badly interact. We discuss the pros and cons of three approaches for service specification in the context of the home.
Smart spaces contain a large number of computing devices communicating with each other to perform various high-order tasks. They are governed by predefined policies that users can put according to their preferences. In this paper, we investigate the policy interaction problem beyond the smart home domain. We use a formal method for detecting dynamic conflicts between policies. First, we give an abstract model of the system described with an actor-based language. Then, we identify different kinds of conflicts that may exist among policies in smart home domain. To reduce the complexity of model checking, we use compositional verification as well as data abstraction techniques.
The web-based service (WBS) composition, e.g. mashup, is becoming a popular style to assemble web services. Numerous web-based services are developed by independent organizations and individuals due to the open nature of Web and SOA. As a result, when these components are assembled, the undesired interactions will take place and bring negative impacts. From the perspective of the feature interaction problem (FIP), we study such undesired interaction problems in WBS composition. We illustrate three WBS FIP cases and explain how on-the-fly characteristic, the significant feature of WBS composition, brings new challenges and opportunities to FIP detection and resolution.