Software Design Quality Metrics for Web Based Systems

Ph.D. Dissertation
(Session 2004)

Supervised By

Prof. Dr. Abad Ali Shah

Submitted By

Ms. Shazia Arshad

2004-Ph.D-CS-01

Department of Computer Science and Engineering

University of Engineering and Technology
Lahore – Pakistan
2010
 In the Name of Allah,
The Most Beneficent, The Most Merciful

Our Lord! Forgive us our sins and the lack of moderation in our
doings, and make firm our steps and succor us against those who
deny the truth.

Al-Quran

ii
 Software Design Quality Metrics for Web Based Systems

Shazia Arshad

2004-Ph.D-CS-01

Supervisor

Prof. Dr. Abad Ali Shah

A dissertation submitted for the degree of

Doctor of Philosophy
in Computer Science

Internal Examiner External Examiner

Dr. Abad Ali Shah Dr Rahat Hussain Bukhari

Professor – Department of Computer Director Computer Center
Science and Engineering, University of Quaid-e-Azam University
Engineering & Technology, Lahore Islamabad

CHAIRMAN Dean
Department of Computer Science Faculty of Electrical Engineering,
and Engineering, University of Engineering University of Engineering &
& Technology, Lahore. Technology, Lahore.

iii
 Dedicated to:

My Father, Muhammad Arshad Chaudhry,

Mother, Brother, Sisters
And
My Husband
for their prayers and unbounded love.

iv
 Declaration:

None of the material contained in this thesis has been submitted in support of an

application for another degree or qualification of this or any other university or

the institution of learning.

v
 Acknowledgment

Undertaking the writing of a Ph. D. Dissertation is both a painful and enjoyable experience. It

brought back memories of the era when I learnt how to drive for the first time. Once again I

experienced the same frustration, encouragement, bitterness, trust and hardship all over again.

Only this time the teacher who was guiding me was my supervisor, instead of the driving-

instructor. And now that I have completed my dissertation and flip through its chapters so

lovingly, I do realize that I have a lot of people on my list to pay my gratitude to.

Firstly, I would like to thank Allah Almighty who gave me courage and patience to complete

this magnanimous task. This piece of work could never be accomplished without His

Blessings and His Power that works within me. And also without the people behind my life

for inspiring, guiding and accompanying me through thick and thin.

I would like to express my deep and sincere gratitude to my supervisor, Professor Dr. Abad

Ali Shah, University of Engineering and Technology. His wide knowledge and logical way of

thinking have been of great value for me. His understanding, encouraging and personal

guidance have provided a good basis for the present ddissertation. He offered me so much

advice, patiently supervising me, and always guiding me in the right direction. I’ve learned a

lot from him.

I am deeply grateful to my husband, Dr. Muhammad Shoaib, for his detailed and constructive

comments, and for his important support throughout this work. Dear Husband, without your

encouraging smile this thesis wouldn’t have been possible. Thanks for always being there

when I need your help and company, thanks for being there when I need someone to talk to.

You know me more than others. You form the backbone and origin of my happiness. I will

never forget the way you laugh and just continue being simple and humble. I owe this

achievement to you.

vi
My deepest gratitude goes out to Chairman, Department of Computer Science and

Engineering, Prof. Dr. M. A. Maud. Throughout this research he has been of the utmost help.

His guidance and suggestions have been invaluable.

I wish to express my warm and sincere thanks to my support system, my father. He is not

with me in person right now, but I know high above the heavens he can see his dream being

fulfilled. His prayers and motivation all along have helped me complete this work. He always

gave worth to me at the first place and supported me spiritually throughout my life.

I owe my most sincere gratitude to my mother, Saeeda Khanum. Her understanding nature

and her love encouraged me to work hard to complete my Ph. D. dissertation. Her firm and

kind-hearted personality has affected me to be steadfast and never bend to difficulty. She

always lets me know that she is proud of me, which motivates me to work harder and do my

best.

I would like to express my appreciation and sincere thanks to my brother, Dr.Sharjeel; my

sisters, Samina, Dr.Tehmina, Nabeela, Dr.Saima and Aisha ,who gave me indispensable

support and appreciation to complete this dissertation successfully.

Special thanks to my in-laws, who gave me untiring help during my difficult moments,

especially my mother-in-law, Nazeera Bibi, who constantly prayed and cared for me. I have

many wonderful memories attached with her.

I would like to extend my heart-felt gratitude to my respected brother in-laws Major Ashfaq

Azhar, Ehsan ,Dr.Adnan and my bhabi Dr.saima.

Next come my dear nieces and nephews: Arsalan, Milhan, Hassan, Hasan, Mustafa, Fatima,

Gul, Danial, Mifzal, Mahnoor, Abdullah, Zoha and Zainab. Their laughter turned every bleak

moment into a bright, memorable one. I thank Allah for bestowing such joy on me.

vii
I am indebted to my many student colleagues for providing a stimulating and fun

environment in which to learn and grow. I am especially grateful to Iqra, Aysha, Kanwal,

Javeriya, Saba and Fasiha.

I warmly thank the honourable Vice Chancellor Lt.Gen.(R) Muhammad Akram Khan and

Mrs. Akram for their valuable advice and help. Their extensive discussions around my work

and interesting explorations in operations have been very helpful for this study.

During this work I have collaborated with many colleagues, friends and the non-teaching

staff at UET, for whom I have great regard, and I wish to extend my warmest thanks to all

those who have helped me with my work

Shazia Shoaib

viii
 Abstract

Today, the internet and the World Wide Web are the most amazing and dynamically

growing computer technologies. With the growth of World Wide Web (WWW) the number

of Web Based Hypermedia Applications (WBHAs) has also increased at a tremendous rate.

A quality application can be produced only through a quality design. For a quality design it

is necessary that all its aspects should be measured at the design phase. . The existing

metrics only cater the aspects of software applications after implementation phase.

Many methodologies have been proposed for the web applications design and development.

These methodologies do not cover the issues related to security. OODM was also proposed

with the objectives of web application development but the security issues were also not

covered in this methodology.

Furthermore there are no measurements for the design schema and its different models in

OODM. Other methodologies are also without this feature.

A methodology for the design of a web application has been proposed in this dissertation.

Secure Object oriented design methodology (S-OODM) is an extension of the OODM in

which security issue has been incorporated in the analysis and design. Metrics for overall

design schema and all its models have been proposed and validated through a case study of

university web site. The case study shows that application with security constraints can be

developed by using this methodology and validation of one design or comparison of

different design can be carried out through these metrics. The designer can design a quality

ix
design through these metrics and can improve its quality without going on the next phase.

Using these metrics the complexity of the design can be reduced. The performance of the

design can be measured and hence can be increased. The valuable resources like cost, time

and space can be measured and thus can be saved by using the proposed metrics.

Navigational time is another feature of the web applications that can be measured and thus

the easiest navigational path can be computed by using these metrics. User interaction is

important in the web applications and this is also achieved by using the proposed metrics.

The metrics provides valuable information about the vital components from the security

point of view which help the designer to give a care full attention to the vital components.

The methodology, OODM/S-OODM, is believed one of first web application development

methodologies. It provides a complete, detailed and step-wise development process.

Therefore, it needs to be automated. Work in this direction can be done. There can be

another future direction of this work can be to upgrade this methodology (S-OODM) for the

development of semantic web applications.

It can further be extended for the sub domains as at present it deals with the domains only.

x
 Table of Contents

Declaration: ................................................................................................................................ v 

Acknowledgment ...................................................................................................................... vi 

Abstract ..................................................................................................................................... ix 

List of Figures ....................................................................................................................... xviv 

List of Tables ..................................................................................................................... xviivi 

Chapter 1 .................................................................................................................................... 1 

Introduction ................................................................................................................................ 1 

Chapter 2 .................................................................................................................................... 5 

Literature Survey ....................................................................................................................... 5 

2.1 Measurement Theory ....................................................................................................... 5 

2.1.1 The Waterfall Model ............................................................................................... 7 

2.1.2 Software metrics: ...................................................................................................... 8 

2.2 Paradigm for software development and Metrics .......................................................... 10 

2.2.1 Structural Approach ................................................................................................ 10 

2.2.1.3.1 McCabe ............................................................................................................. 12 

2.2.1.3.2 Halstead............................................................................................................. 15 

2.2.2 Object Oriented Approach ...................................................................................... 16 

2.3 Web based software ....................................................................................................... 27 

2.3.1 Web application Design .......................................................................................... 28 

2.3.2 Difference between Web base and non web base application .............................. 29 

xii
 2.3.3 Metrics for Web based Systems .............................................................................. 31 

2.4 The Hypermedia Design Methodologies ....................................................................... 35 

2.4.1 Hypermedia Design Model (HDM) ........................................................................ 35 

2.4.2 Relationship Management Methodology (RMM) .................................................. 36 

2.4.3 Object-Oriented Hypermedia Design Model (OOHDM) ....................................... 37 

2.4.4 Drawbacks of Hypermedia Methodologies ............................................................ 38 

2.4.5 Object Oriented Design Methodology (OODM) .................................................. 38 

2.5 Summary ........................................................................................................................ 39 

Chapter 3 .................................................................................................................................. 40 

S-OODM: A Secure Object Oriented Design Methodology ................................................... 40 

3.1 Inclusion of Security Model........................................................................................... 42 

3.2 Modified architecture “S-OODM” ................................................................................ 43 

3.3 Building Security Model ................................................................................................ 43 

3.3.1 Building Component Model ................................................................................... 44 

3.3.2 Building Navigation Model .................................................................................... 45 

3.3.3 Building Operation Partitioning Model .................................................................. 45 

3.3.4  Building User Interface .......................................................................................... 45 

3.3.5 Building Security Model ......................................................................................... 46 

Chapter 4 .................................................................................................................................. 48 

DESIGN METRICS FOR WEB APPLICATIONS ................................................................ 48 

4.1 Schema Metrics .............................................................................................................. 50 

xiii
 4.2 Component Model ......................................................................................................... 53 

4.2.1Reusability Metric .................................................................................................... 54 

4.3 Navigational Model ....................................................................................................... 56 

4.3.1 Navigational Accessing Time Metric ..................................................................... 58 

4.4 Operation Partitioning Model ........................................................................................ 58 

4.4.1 Operation Performance Metric ............................................................................... 59 

4.5 User Interface Model ..................................................................................................... 62 

4.5.1 Interface Coherence Metric..................................................................................... 62 

4.6 Security Model ............................................................................................................... 64 

4.6.1 Security Metric........................................................................................................ 65 

Chapter 5 .................................................................................................................................. 68 

Case Study of a University Web Application .......................................................................... 68 

5.1 Introduction .................................................................................................................... 68 

5.2 Problem Statement ......................................................................................................... 70 

5.3 Analysis Phase ............................................................................................................... 72 

5.3.1 Security Realization ................................................................................................ 72 

5.4 Design Phase .................................................................................................................. 78 

5.4.1 Building Component Model ................................................................................... 80 

5.4.2 Building Navigational Model ................................................................................. 83 

5.4.3 Building Operation-partitioning Model ................................................................ 89 

5.4.4 Building User Interface Model ............................................................................... 92 

xiv
Chapter 6 .................................................................................................................................. 95 

Evaluation of Results and Discussion ...................................................................................... 95 

6.1 Schema Metric Evaluation ............................................................................................. 95 

6.2 Space Complexity Metric Evaluation. ........................................................................... 96 

6.3 Component Model Evaluation ....................................................................................... 97 

6.3.1 Reusability Metric ................................................................................................... 97 

6.4 Navigational Model Evaluation ..................................................................................... 99 

6.4.1 Navigational Accessing Time Metric ..................................................................... 99 

6.5 Operation-Partitioning Model Evaluation.................................................................... 101 

6.5.1 Operation Performance Metric ............................................................................. 101 

6.6 User Interface Model Evaluation ................................................................................. 103 

6.6.1 Interface Coherence Metric................................................................................... 103 

6.7 Security Model Metrics Evaluation ............................................................................. 106 

6.7.1 Security Risk Metric ............................................................................................. 106 

Chapter 7 ................................................................................................................................ 109 

Conclusion and Future Directions ......................................................................................... 109 

7.1 Conclusion ................................................................................................................... 109 

7.2 Future Directions ......................................................................................................... 111 

Processing Steps of S-OODM in the Form of Algorithms ................................................ 112 

References .............................................................................................................................. 120 

xv
 List of Figures

2.1 Simple form of Water fall life cycle model …………………………………………07

2.2 McCabe Cyclomatic Complexities [Jacobson, 1992]………………………………..13
2.3 Examples showing Cyclomatic Complexity for four basic programming languages..14
2.4 The shows 4 different regions in a flow graph……………………………………....15
3.1 OODM [Shah, A., 2003]………………………………………...…….......................41
3.2 The modified architecture of the OODM with security model……………………....42
3.3 Modified architecture “S-OODM”…………………………………………………..43
3.4 Web users with their roles............................................................................................44
3.5 Role of security in different models.............................................................................46
4.1 Design of a Web application-Link Tree.......................................................................48
4.2 Logical layout of a web application.............................................................................54
4.3 Uni-directional & Bi- directional Links……………………………………………...55
4.4 Navigational Model with Local, Instance and Global navigation…………………...57
4.5 Shows the height of two operations………………………………………….………60
5.1 Overall Design Schema of University Website……………………………………...70
5.2 Login verification using security....………………………………………………….79
5.3 A graphical representation for navigating department page class…………………...86
5.4 A graphical representation of navigating college page………………………………88
5.5 Complete navigational model for the UNIVERSITY WA………………………….89
5.6 The registration operation detailed using both OIG…………………………………90
5.7 Algorithmic descriptions of the OIG for the registration operation………………....91
5.8 Five frame based user interface……………………………………………………...94
6.1 Figure shows different access sequences of a link tree………………………………95
6.2 Figure shows the reusability of an independent path……………………………......98
6.3 Figure shows different access sequence of a Link tree………………………….…..99
6.4 Different cases for Operation Performance………………………………………...101
6.5 Interface that shows navigation between attributes of the same component…….…103
6.6 Interface that shows navigation between attributes of different components……....104
6.7 Interface that shows navigation between components of different page-classes…...105
6.8 Faculty page-class showing 9 Multimedia attributes……………………………….107

xvi
 List of Tables

2.1 Halstead Scalar Numbers and Measures (Halstead 1977)…………………………...16

2.2 Differences between Object Oriented paradigm and Traditional Structure Metrics...26
2.3 Difference between Web base and non web base application……………………….31
5.1 Building information model with security consideration table....................................73
5.2 Building Navigational Model………………………………………………………..75
5.3 Potential Student………………………………………………………………..……76
5.4 Existing User…………………………………………………………………………77
5.5 Components of the department page class…………………………………………...81
5.6 Components of the faculty page class………………………………………………..82
6.1 Multimedia attributes & their type of Department page-class……………………….96

xvii
 Chapter 1

Introduction

World Wide Web (WWW) is rapidly progressing and its users are increasing in millions. Due

to much increase in the web users, the World Wide Web based applications are also

increasing. The sources of information on the WWW are heterogeneous in nature. The

systems provide the capability of navigation. The WWW systems architecture is client-

server. In order to design the Web based applications hypertext or hypermedia paradigm is

provided.

The web applications are different in nature as compared to the traditional applications [1].

The Structured Analysis and Design (SADT) and Object oriented techniques do not provide a

good solution for web based applications. As observed in [2], these techniques are unable to

analyze, design, implement and test the web based applications.

Design and measurement are two important activities that can effects the performance of any

system.

“Measurement is a process by which numbers or symbols are assigned to attributes of entities

in the real world in such a way as to describe them according to clearly defined rules”[3].

Measurement is everywhere. Medical system measurements help doctors to diagnose specific

illness. Measurements for a car enable us to have looked for the performance of the car.

Measurement can help us to predict weather in future.

Software measurements help us to understand, control, and improve the software products.

There are many entities in the software like length of program, structure, and correctness. A

good measurement can clearly distinguish the characteristics of one entity from another by

analysis and drawing the conclusion. Software Metrics are used to measure the attributes of

1
an entity. It is generally accepted that quality of a system or software product is strongly

dependent on the quality of its design [1]. The usability factor, the ease of use of systems, the

efficiency and the cost effectiveness are the issues those depend upon how good is design [1].

For Web based applications the quality factor is of great concern as these applications are

evaluated by number of users. Therefore, good design and techniques are used to measure it

in an early stage can help to produce an efficient design. Many Methodologies for the Web

Based Applications are proposed for the design of hypermedia applications for the

development of Web Applications (OODM) are Hypermedia Design Model (HDM),

Relational Management Methodology (RMM), Hypermedia Design Model (OOHDM) and

An Object-Oriented Design Methodology [4].

Design is that phase in software development where ideas of the experts are given the form of

blueprints. Architect in the language of the web is the prominent image of the design . From

the professional’s experience we deduce that on web development there are significant

differences between traditional software applications and web applications. Normally the web

application are dynamic in nature and their appearance and content keeps on changing so the

deployment of the traditional software technology on the web is not the appropriate action but

for using the traditional software technology on the web we must make some basic

amendments in the functionality, working and design of the software so that we may get the

desired output from the software.

The most expensive and time consuming phase during the development of the software is the

design phase. During this phase the definitions of its high and low level structures are

discussed and a large number of resources are utilized during this phase. That is why it is

known that performing the design phase successfully means that most of the laborious job is

done and there would be less usage of the resources as was required during the design phase.

2
So the successful completion of the design phase guarantees the précised software which

fulfills the user requirements.

Due to standardization for the communications on the World Wide Web, a wide range of

applications, which include business to business services i.e. commerce oriented, customer

support, and entertainment have been enabled. Performance has always been a major area of

concern in the field of web based applications. Due to this reason, the design and

development of web applications have been made faster, the implementation of the

performance metrics was not taken care of properly and so the web based applications

remained failed to fulfill the motive they were created for. Further the other major problems

like scalability and multiple accesses of sites caused the difficulties in the operation of the

web based applications and the methodologies developed for this purpose don’t care for such

issues. OODM [4] methodology addressed some of the problems but it was without the

measurements and does not address the security issues.

The purpose behind this research is to present a methodology that can take care of security

issues at the design level and measurement at the design level in the form of metrics can be

introduced at each design phase of the proposed methodology.

The design and measurement processes of a web based application are complex in nature. It

is always concerned that a web based application should be a good hypermedia application as

well as good WWW application.

The design phase enables a system architect to choose right platforms, considering the

security issues, notions of linking, the size, and complexity of the web based applications.

In this dissertation, we explore the number of issues related to design and its measurements.

We have presented a design methodology (i.e S-OODM) while considering the security. All

the phases have been quantified by proposing the metrics. Among many other metrics, design

complexity measurement metrics have been presented.

3
 This dissertation has the following contributions:

i). The study of different metrics for the measurement of non-web based and web based

applications has been carried out.

ii). Different methodologies for the development of hypermedia applications have been

analyzed.

iii). A methodology for the web based systems with security considerations has been imposed

and presented.

iv). The proposed methodology has quantified by proposing metrics for each phase.

v). Proposed metrics have been validated by taking a real web application as a case study.

The rest of the dissertation is organized as, the chapter 2, discusses the software metrics for

three generations classical, object oriented and web based applications. Then special focus is

given to the hypermedia applications developments methodologies. A detail analysis of these

methodologies is presented.

In Chapter 3 the proposed methodology for the web based applications with security issues

has been presented. In chapter 4 design quality metrics for web application and models are

given with full illustrations in this chapter. In chapter 5 a case study to illustrate the proposed

methodology is discussed. In chapter 6 evaluations of results and discussion are presented

and in chapter 7 conclusion of the research work and some future recommendations has been

presented. At the end we provide list of references.

4
 Chapter 2

Literature Survey

2.1 Measurement Theory

Measurement is a multidimensional term which is used according to specific scenarios, for

instance somewhere it is employed to get the size of things and at other places, find the

amount and quantity of things for the purpose of making comparative analysis and getting the

final results. There are certain set of rules which are employed to get the final output and this

output is totally dependent upon these standards [1]. Measurement has now achieved the key

position in our daily life, e.g. while purchasing our routine stuff we measure prices; while

solving arithmetic equations, we measure its variables; while traveling, we measure distances

etc. Similarly, software is needed to be measured in order to validate reliability, stability,

usability, quality and its applicability etc. Each and every type of software is measured

according to some strategy. [1]

Why do we need measurement?

Importance of measurement is evident from the fact that almost each and every system linked

with human beings makes the use of measurement. Medically measurement is applied for

diagnosis of diseases, in economic systems it is used for checking price compatibility,

weather reports are generated by the weather broadcast stations while using measurement as

the basic tool. Fenton declares that workability of any technology is impossible without the

application of measurement [2]. So, the applicability of measurement in every field of life is

almost inevitable. In every field, measurement has its prominent role. In case of software, the

role of measurement is very much clear and should be clearly understood so that it may not

5
create any suspicions for the user. Measurement in terms of software development is of very

much concern to the technical personnel like engineers, managers and system analysts. The

use of measurement by these professionals is as follows:

They calculate that how much time and expertise are involved for the development of

software. At each phase in the development cycle of the software, the tool of measurement

has its key role. When the software is developed and is ready for its operation, the role of

measurement is again comes in place. According to user requirements, the software is

customized with the help of the measurement tool. The comparative analysis of the software

after its installation is made possible with the help of the measurement tool. This analysis

makes the proper working of the software possible. From the very initial stages of the

software development, the system engineers calculate the user needs and analyze that

whether the required software is possible to be developed and can it be testified after its

development. Likewise, the causes of the failure and inefficient working of the software can

be found with the help of the measurement mechanism. Final results of the software after its

installation can be testified and the possibility of timely achievement of the final goals is

possible with the help of the measuring tools [3, 5, 6]. Fenton & Pfleeger stated that

measurement is helpful to improve, understand and control our software. Software

engineering employs measurement at every stage during the development of the software [7].

Following stages are included in the software development.

 Analysis

 Design

 Cost

 Planning

 Implementation

 Testing

6
For development of software these stages must be performed according to the requirements

and only then the successful software can be implemented [1].

2.1.1 The Waterfall Model

Different models are proposed for the development of software and one of the famous models

is Water Fall Process Model. The software life-cycle is simply the entire existence of a

software product. Another way of looking at the life cycle is to consider it as the process

model; i.e. a model for the development and use of software. The waterfall life-cycle model

views the development process as series of discrete phases. In its simplest form (see Figure

2.1) each phase is completed and 'signed-off' before commencing the next stage. The stages

that are typically used are to analyze and specify the system, then to design the system, then

to implement the software, test the final system, and finally to operate and maintain the

software[8,9].

Requirements
Analysis
Document

Design

Implementation

Testing

Maintenance

Figure 2.1: Simple form of Water fall life cycle model

Although this form is useful from the point of project management, in practice the various

stages typically overlap, and feedback is usually provided from each stage to the previous [9].

However, there are a number of criticisms of the waterfall model. These include: First, it

freezes the specification at too early a stage of the development, and that it makes iterations

7
difficult. Second, A working version of the program will not be available until late in the

project time span. Finally, it suits a specific class of software applications [9].

Consequently, a number of other models attempt to resolve these problems such as prototype

model and spiral model. Shazia and Shah, A., in 2006 also attempts and modified the water

fall method for the web based software development [10].

2.1.2 Software metrics:

Metrics is derived from the Greek word “metron” which means measure. Metric system owes

its origin to the measurements and calculation in different fields of life. French were the first

ones who adopted the metric system by law 1970s. Later on this system was used for weights

and measures by many countries. After its employment in these fields scientists used this

system. Likewise computer scientists utilized the metric system for the development of the

software and the various systems and given it the name of software metrics [1]. For better

understanding of the term software metrics we need to get the knowledge of the term

“software crisis”. Statistics declare that by 1990, the computer automation occupied almost

one half of the American work [14]. As the trend shifted towards the software based

simulation from the hardware, the need for its maintenance also increased. The lack of

scientists and experts related to the field of computer sciences provided the basis for

maintenance and development of the software [14]. Software development with some flaws

can be as:

 Inaccurate scheduling and cost estimates.

 Poor quality software.

 Less productive rate of software than the demands [14].

This situation has been referred to as “Software Crisis” [14]. The problem of software crisis

must be solved first to get better and efficient results by the computer applications. Proper

estimation related with cost and time of the system, quality and performance are the main

8
points which come under the heading of the software metrics. This management needs better

measures to improve performance of software. Decision making is the job of managers.

Timely decision making is very fruitful in case of software development as it avoids many

serious risks to the life of the software. So in this way managers can use different measures

and parameters which are very helpful in ensuring the proper working and efficiency of the

system. This is the main motive of software metrics. The identification and measurement of

the essential parameters, which affect software development, is the main goal of software

metrics [15,16]. In fact, software metrics is a multidimensional term and is used to describe

very wide range of properties attached with measurement in software engineering. “Software

metrics deals with the measurement of the software product and the process by which it is

developed” [1,16]. Different models are included in the software metrics which play their

role in the enhancement of the working of the software. So, the proper description of the

software metrics is needed. Thus, ideal metrics should be:

 Precision based defining of the software

 Objective

 Availability and cost effectiveness

 Validation of the needs

 Understanding the irrelevant information.[1,15,16]

Software metrics are related to the four important phases of software development [17].

 Planning

 Organizing

 Controlling

 Improving

Software development has become the key element in the evolution of computer-based

9
systems and products. Software development life-cycle is a discipline that integrates

methods, tools and procedures for the development of computer software. For software

development life-cycle, different paradigms have been proposed each exhibiting strengths

and weaknesses [18].

2.2 Paradigm for software development and Metrics

 Structural Approach

 Object Oriented Approach

 Web Based Approach

2.2.1 Structural Approach

A famous paradigm for software development is Structural technique. Structured techniques

evolved from a coding methodology [20, 21]. As other engineering disciplines structured

analysis and design techniques have been introduced to establish acceptable practices in

software development.

In late 1960s academic community adopted structured techniques, and during the early 1970s

the structured techniques became well known in industry. By the late 1970s, structured

techniques had grown into a set of technologies covering the whole software life cycle. They

addressed both technical and management issues. They ranged from programming languages

constructions to problem solving procedures. The basic notational tool of Structural Analysis

(SA) is the Data Flow Diagram (DFD) [20, 21].

10
2.2.1.1 Structured/Function Oriented Design

By the mid 1970s the structured philosophy spread to the design phase [20,21]. During

program development problem solving process start that was a new idea. This had the effect

of applying organization and discipline into program design. Earlier system development

techniques concentrated on detailed instruction-level view of the program. In comparison to

this, structured design focused on a high-level view of the system and used the program

module as the basic building block. Concentrated effort in establishing a relationship between

the problem and its programmed solution gave assistance in developing a picture of the

proposed solution to solve the problem. The concept of modularization was refined by

standardizing the structure of a program module, restricting the interfaces between modules,

and defining a program quality metrics [20, 21].

2.2.1.2 Structural Design Metrics

Importance of the design metrics is evident from the fact that the validation of software

totally depends upon them which is based on certain specific standards. There are certain

possible standardized rules which if are violated, are better understandable with the help of

the design metrics. There are various types of design metrics which can be categorized as:

Basic Metrics: These are about the computer language which is used for implementing the

software. Quality Metrics: These are certain standardized metrics based on the principles of

software engineering. Stability Metrics: [22]. These constitute the stability of the packages.

 Coupling

 Cohesion

 Understandability

 Adaptability

The above four metrics are available in the literature for design phase of structural

11
 approach. Quantification of the parameter, coupling, is only available in the form of Fan-in

and Fan-out [8].

i. The Fan-out of a module is the number of its immediately subordinate modules.

 As a rule of thumb, the optimum fan-out is seven, plus or minus.

 George Miller determined that the human mind has difficulty dealing with

more than seven things at once.

ii. The Fan-in of a module is the number of its immediately super-ordinate (i.e., parent or

boss) modules.

 The designer should try to reduce redundant code and increase maintainability.

2.2.1.3 Metrics for Structural Approach

In Structural Approach/Function oriented approach functionality of the system is mainly

captured. The basic unit of a program is function or procedure. Functional requirements are

captured during development and they are analyzed and design. Halstead and McCabe

proposed the famous metrics in the seventies for the structural Systems [23, 24, 25, 26].

There are three methods [27] to measure cyclomatic complexity generally.

 Firstly, it can be measured by making a flow graph and then using the formula

V(G)=E-N+2 .

Where, E= Edges, N= Nodes

 Secondly, by measuring number of regions in the flow graph.

 Thirdly, by knowing the number of predicate nodes (which has 2 edges emanating

from the node) the formula used then is V (G) =P+1.

  Where P= Predicate Nodes 

2.2.1.3.1 McCabe

McCabe proposed a complexity measure [24, 25, 26]. His major concentration was on the

complexity attribute. McCabe complexity metric is a program complexity metric [24,25].

12
McCabe tries to measure the quality and complexity of a program through a control flow

graph (or program graph) of a method or procedure [24,25]. Input to the flow graph is

program and program consists of:

 Assignment statement,

 Conditions

 Loops.

In his work, a graph is drawn, depicting the program in the form of a sequence of paths it

adopts. McCabe made this assumption that cyclomatic numbers of a connected graph are

paths that are linearly independent paths in graph or the number of regions in the planner

graph.

Flow graph consist of nodes and edges. Nodes are conditions and edges are control flow of a

program. The complexity is calculated as:

Complexity = Edges – Nodes + 2

And the number obtained showing how complex the method is. This cyclomatic number

according to McCabe is the smallest number of paths in the graph. He suggested that program

complexity can be decided through the smallest no of paths. Following three graphs shows

the way cyclomatic complexity is measured [24].

Figure2.2: McCabe Cyclomatic Complexity [Jacobson, 1992] [56]

13
In algorithms of a method, cyclomatic complexity goes as counting the number of test cases

required to test the algorithm comprehensively. The formula is written as

Number of independent test paths = Edges – Nodes +2

If there is only one path exist, then there is no need of option and only one test case is

required. For more than one paths, an IF condition is run, if condition is true then one path is

selected else some other alternate path is selected.

Figure 2.3:- Examples show Cyclomatic Complexity for four basic programming

languages[26].

Software metrics that are static in nature use Cyclomatic complexity more than any other

measure. As it is concerned with the program module. It is also known as program

complexity or simply McCabe complexity. This is sometimes also being referred to as

soundness and confidence of a program. The Cyclomatic complexity is useful in following

ways:

It can be used to minimize any inherited risk by predicting it at an early stage of software

development. During coding, risk of the change can be minimized. It can be very helpful in

test planning. It tells the number of tests needed for each step. In this way a complex program

14
can be broken down to smaller modules/programs. However, due to static analysis of code,

these theories are not without their flaws. These are not changed when the program changes.

Contain high association with the program size. Many metrics contain no intuitive reason.

Ignore computing environment, algorithms and ability of programmers. Programmers can

introduce more obscure complexity [26].

2.2.1.3.2 Halstead

Complexity Metric is a program metric and it measures the quality and complexity of a

program. These metrics are program metrics, which means we are dealing with

implementation phase and development phase. After our product is ready then we use these

metrics[27].

 Region:

In a flow graph there are some nodes and edges. Nodes are connected to other nodes through

edges. The area bounded by some edges and nodes is termed as region. In addition the area

surrounding these regions will also be called a region.

Figure2.4: Shows 4 different regions in a flow graph [Roger S Pressman 2001].

15
It was proposed that programmer time and effort may be stated as operator, operand working

and it can be measured by the program source [23]. Halstead complexity measurement was

developed to measure program modules complexity. He defines it as follow

n1= the number of distinct operators

n 2= the number of distinct operands

N1=the total number of operators

N2=the total number of operands

There are five measures [16]

Measure Symbol Formula

Program length N N=N1+N2

Program vocabulary n n= n1+n2

Volume V V=n*(LOG2n)

Difficulty D D= (n1/2) * (N2/m)

Effort E E=D*V

Table 2.1: Halstead Scalar Numbers and Measures (Halstead 1977)

 In beginning both of these metrics were proposed to measure the complexity and

quality of a program.

 It was just an academic exercise.

 So after writing a program you can know only about quality of the program.

 These metrics were not much helpful to reduce cost and time because they were

measured after implementation.

2.2.2 Object Oriented Approach

Today a new methodology is emerging for computer software development which is called

16
Object-Oriented Modeling and Design. The first version of Smalltalk was released in 1972

[28, 29, 30, 31]. It was also around 1970, that the term “object-oriented” came into

significant use. Some people credit Aln Kay as the first to use the term. He used it to describe

the thinking behind Smalltalk, and many people think of Smalltalk as the first and standard

object-oriented programming language [28, 29, 30, 31].

It is a new way of thinking about problem solving using models organized around real-world

concepts. The fundamental construction in this methodology is an object, which combines

both data structure and behavior into a single entity. Object-oriented models are useful for

understanding problems, communicating with application experts, modeling enterprises,

preparing documentation and designing programs. Although, the object-oriented models not

only affected the database field its effects and superiority can also be felt in other disciplines

of computer science [27, 32, 33,34].

2.2.2.1 Features of Object Oriented Approach

Following parameters are available to measure the quality of software [35]. Definition of all

parameters is available but how to measure is not given for all. Some of the parameters are

given below:

 Understandability

All of the design and user documentation must be clearly written so that it is easily

understandable.

 Completeness

Presence of all essential parts, with each part fully developed. All required input data

must also be available.

 Conciseness

17
 Minimization of too much or redundant information or processing. It can be improved

by replacing repeated functionality by one subroutine or function which achieves that

functionality. It also applies to documents.

 Portability

Ability to be run well and easily on multiple computer configurations.

 Consistency

Uniformity in notation, symbology, appearance, and terminology within itself.

 Maintainability

Tendency to facilitate updates to satisfy new requirements.

 Testability

Characteristic to support acceptance criteria and evaluation of performance.

 Usability

Easiness and practicality of use. This is affected by such things as the human-

computer interface.

 Reliability

Ability to be expected to perform its proposed functions satisfactorily.

 Structuredness

Organisation of basic parts in a definite pattern.

 Efficiency

Completion of purpose without waste of resources, such as memory, space and

processor utilization, network bandwidth, time, etc.

 Security

Ability to protect data from unauthorized access and to resist unintentional

interference with its operations.

18
Which are not available in traditional methodologies. This methodology improves a

programmer's productivity by increasing extendibility of the core system. It assists in

managing and controlling software complexity and increases reliability by reusing software

components. Object-oriented methodology attributes to lowering the cost of software

maintenance [36].

The object-oriented approach uses concepts of reusability, polymorphism, encapsulation and

inheritance. These features are not generally used in traditional methodologies [37, 38, 39,40,

74].

2.2.2.2 Object-Oriented Design

Object-oriented design is the process by which software requirements are turned into a

detailed specification of objects. This specification includes a complete description of the

respective roles and responsibilities of objects and how they communicate with each other.

However, there are two points to be considered related to the process of design in general.

The result of design is not a final product. In a sense, no design is ever final. Even after the

software is implemented, tested, and delivered to the user, it may undergo revision after

revision. Certainly before it is implemented, designers reiterate, revisit old decisions and

rework portions of the application.

The designing process is not rigid. Although, designing requires rigor and discipline, but also

there is room for art. Designers should be left free to use their aesthetic sense as a guide. The

object-oriented design process initially consists of the following steps [37, 38, 39,40].

 Identify the classes in your systems.

 Determine the operations each class is responsible for performing.

 Determine the manner in which objects collaborate with other objects in order to carry

out their responsibilities.

19
These steps produce:

 a list of classes within your application

 a description of the operations for which each class is responsible

 a description of collaborations between classes

By focusing on objects, the object-oriented approach becomes very useful in understanding

problems when communicating with application experts whom are responsible for modeling

enterprises, preparing documentation and designing programs. The object-oriented approach

uses concepts of reusability, polymorphism, encapsulation and inheritance. These features are

not generally used in traditional approaches [37, 38, 39, 40, 74]. The object-oriented

methodology improves productivity, provides better control of software complexity and

decreases the cost on the long run [41, 42].

2.2.2.3 Metrics for Object Oriented Approach

For Object Oriented Technology, different metrics were proposed.

2.2.2.3.1 Coupling Metrics

According to Alesssandro, [43] coupling is “The level to which certain design metrics are

coupled in the design of the software”.

The coupling level has its effects on the working and quality of the whole system and it

affects the maintainability, understandability, reusability, testability and efficiency [43, 74].

Quality software can be obtained with accurate and efficient results only when we have lesser

coupling as describe below [43]. Coupling defines the level to which certain design metrics

are coupled in the design of the software [43].

Coupling Between Components (CBC): It is about the coupling with the other modules

either in the system or in the main module. It gives the connectivity count with other modules

20
or the system. For example, counting attribute declarations, or return types parameters [43].

Inheritance Tree depth (ITD): It calculates length of the tree from node to the root. It

notify with reference to the inheritance. If there is high ITD value then we may get the

enhanced module complexity and due to this reason it is difficult to understand test and

maintain it [43].

Number of Children (NOC): It tells about the sub-modules and how much children a

module have. More NOC helps to reduce reusability and testing [43, 74].

Coupling on Method call (CMC): The methods in a module can be called by the other

modules during the working of the program and CMC gives the number of times the methods

are called. It makes other modules highly dependent upon the specific module. CBC metric is

linked to CMC [43].

Coupling on filed access (CFA): Coupling on field access tells us how many times a field is

access by other modules. How much a module is dependent on other modules? The metric is

near to zero for Object Oriented system. High CFA mean high dependencies [43].

Response for a Module (RFM): When the messages cause certain methods to be executed

then the RFM counts it. It gives about the whole transfer of information between the different

modules. RFM counts module methods no and count no of time a method is called. When

RFM is high, it reduces understandability, reusability, testability and maintenance [43].

Number of Stub methods (NsM): It calculates the number of times a method is called. As

there are the methods of other modules. Stub method is in the testing phase of the other

module. High NsM reduce reusability and testability [43, 74].

In-Cyclical Dependencies (iCd): In-Cyclical dependencies of the software in a module are

measured by the iCd. If iCd is high then it reduces reusability, testability and maintenance.

Cyclical Dependencies (Cd): In a system it counts the cyclical dependencies. If Cd is high

then it reduces reusability, testability, maintenance and modularity [Aless04].

21
2.2.2.3.2 Cohesion Metrics

Cohesion is defined as “level to which different elements of that software are related with one

another and their operation is intertwined with each other for giving better performance and

output”. High cohesion is good and shows good module subdivision. Low cohesion

maximizes complexity. Lack of Cohesion in Methods is the cohesion metric and can be

elaborated as under:

Cohesiveness is important and it promotes Encapsulation and lake of Cohesion shows that

classes are different and we should split them into two or more classes. Cohesion metric can

be defined by finding and considering relationship between the methods of the class.

Co1

Connectivity (1)

Connectivity 1 can be explained with the help of undirected graph, where the class

methods are represented by vectors of the graph. Two vectors are connected with the help of

an edge. If the connected vertices use at least one common attribute or any of them invoke

other.

Then Connectivity1 is

(     
2
    

Where V is the no of vertices of graph G and E is number of edges.

Above connectivity can be defined by another formula


2
    

Coh

Cohesion

Suppose we consider all the method of a class in a form of set like

22
 accessing attributes set e.g.

Then we can say that

Represent a number of methods having attribute

then Cohesion is equal to Coh

j1
 ( A j)
.
m  a

Where, m = methods, a = attributes

LCoh

Loose Class cohesion

This Metric will measure indirectly connected methods (vertices). Consider m1, m2 … mn, as

methods such that mj and mj+1 are connected where j=1 …n-1, then we can say that m1+mn

are indirectly connected means m1 and mn are indirectly connected. Basically this metric

represent the percentage of public method which are indirectly or directly connected within a

class [44].

23
LCOM

Lack of Cohesion in Methods (LCOM)

LCOM calculates the similarity level of methods in the modules. Analyzing the methods in

the modules forms the basis of the basic technique which calculates the LCOM. The total

number of disjoint sets and common attributes of the methods are also calculated by the

LCOM. This metric influence modularity, functionality, reusability and testability [43, 45,

74].

Following are the main six software metrics that are proposed by [45] to help developers to

reduce the cost, increase the quality, and decrease the amount of time spent on maintenance.

Weighted Methods per Class (WMC), Depth of Inheritance Tree (DIT), Number of Children

(NOC), Coupling between Object Classes (CBO), Response for a Class (RFC), and Lack of

Cohesion in Methods (LCOM) [45].

Weighted Methods per Class (WMC)

It counts the number of methods. It makes objects more application oriented and restricts

their reuse as they are specialized in their purpose. Inheritance property affects the children

because if we use the methods for greater number of times then its effect on children is

directly proportional to its usage.

Depth of Inheritance Tree (DIT)

The level of deepness in hierarchy affects the children and DIT is the number of ancestor

classes which has their affect on a class. This makes it more complex.

Number of Children (NOC)

Every class has a subclass and the metric NOC counts the subclasses which gets the methods

from their parent classes. In hierarchy, depth is always preferred to breadth because in this

24
way we can count a large number of children and it offers a weaker design as for every child

we need special tests [45].

Coupling between Object Classes (CBO)

As discussed earlier that coupling describes the relation of a class with the other classes

which are directly attached with that class, so, here the metric CBO counts the number of

other classes which are coupled with this specific class. CBO counts class to class

connectivity and it is not the inheritance. CBO is a measure of fan-out, which means that an

object is coupled to another if two objects act upon each other. So the higher makes the

design strict because we need more testing. It also makes the maintenance difficult.

Response for a Class (RFC)

Objects receive messages from different classes and in reply to these messages certain

methods of objects are called and the job of the RFC is to count the number of times methods

are called. It measures both external and internal communication.

Lack of Cohesion in Methods (LCOM)

Different parts of programs are also linked with each other within the same program and

cohesion counts this inter connectivity. The degree of similarity for two methods MI and M2

in class C is given by:

∂ ( ) = {I1} n {I2}

Where {I l} and {I 2} are the sets of instance variables used by MI and M.

The LCOM is a count of the number of method pairs whose similarity is zero (i.e., ( ) is a

null set) minus the count of method pairs whose similarity is not zero. Larger the number of

25
similar methods, more cohesive the class is. A high value of LCOM suggests that classes

should be split into two or more classes. If none of the methods in a class utilize instance

variables, they have no similarity and consequently the value of LCOM is equal to zero in

that class. LCOM is tied to the instance variables and methods of a class; therefore, it is a

measure of the attributes of an object class [45].

2.2.2.4: Differences between Object Oriented paradigm and Traditional Structure

Metrics:

Parameters Object Oriented Traditional Metrics

Metrics

Implementation Less complex and easy to High complexity and

implement difficult to implement

Definition Well-defined and rigid Ill-defined and vague

Organization Organized around clusters Organized by presence or absence of

of attributes of objects

Correlated attributes

Construction strongly shaped by Designers have to construct abstract

responder’s goals and the generic classes which

context in which the perform general operations

reasoning occurs

Psychological essentialism Once an object is created it Inheritance allows dramatic changes in

remains immutable. objects.

Family resemblance All objects have the same Objects can selectively inherit features.

attributes.

Table 2.2: Differences between Object Oriented paradigm and Traditional Structure Metrics:

26
2.3 Web based software

OODM is the methodology which can used to develop web based software. While using this

technology to build this software we have to take care of many factors. The design

complexity of web based systems is the most prominent of them. To design web based

software we consider two main components i.e. Link Tree, Link Directory.

Logical view of a web based system is given by the Link tree. Pages of the tree are linked in

both uni-directional and bi-directional way by the arcs of the links trees, whereas the job of

link directory is to keep the record of complete information about links of the link trees.

Web based application consist of web pages that can be of two types i.e.

 Static web pages

 Dynamic web pages

Static Web Page

Static web pages are static in nature means that they do not change when they are loaded into

browser unless the owner of that website change them There content and appearance never

changes automatically and the only visible change is the jump to another page or the owner of

the site uploads a newer version of that page for the use of general clients.

Dynamic Web Page

The runtime change in the appearance and content of the web page is the main feature of the

dynamic web page. These changes occur every time a page is loaded and their contents are

changed based on the user’s liking. The most common type of the dynamic web page is the

database driven. Best example is of user’s email inbox because every time a new mail comes

that change is directly made into the back end database without human intervention. The

contents of mail inbox are loaded from the database automatically. Every addition, deletion

and updating of the mail box is handled automatically by the database server which is

working at the back end [46, 47].

27
2.3.1 Web application Design

Design is that phase in software development where ideas of the experts are given the form of

blueprints. Architect in the language of the web is the prominent image of the design [48].

From the professional’s experience we deduce that on web development there are significant

differences between traditional software applications and web applications. Normally the web

applications are dynamic in nature. Their appearance and content keeps on changing so the

deployment of the traditional software technology on the web is not appropriate action. For

using the traditional software technology on the web we must make some basic amendments

in the functionality, working and design of the software so that we may get the desired output

from the software.

The most expensive and time consuming phase during the development of software is the

design phase because during this phase the definitions of its high and low level structures are

discussed and a large number of resources are utilized during this phase. That is why it is

known that performing the design phase successfully means that most of the laborious job is

done and there would be less usage of resources as was required during the design phase [49,

50, 51, 52, 53]. So the successful completion of the design phase guarantees the précised

software which may fulfill the user requirements.

The World Wide Web has created a standardized communications infrastructure that has

enabled a wide range of applications, which include business to business services i.e.

commerce oriented, customer support, and entertainment. Performance has always been a

major area of concern in the field of web based applications but because of the rapid design

and deployment of web applications, implementation of the performance metrics was not

taken care of properly and so the web based application remained failed to fulfill the motive

they were created for [54]. Further the other major problems like scalability and multiple

accesses of sites caused the difficulties in the operation of the web based applications. These

28
problems included poor availability and long response times [54, 55].

The purpose behind this search is to improve the issues of low scalability, flexibility,

efficiency, and high maintenance cost for a web-based application. Web application is

advancement in technology and is a hot issue. They are different from the non web

applications from the following point of views as stated by Shah, A., [2003] in his lecture

series.

2.3.2 Difference between Web base and non web base application

Parameters Web based Applications Non Web based Applications

Availability Web based applications provide reliable It’s not platforms independent

information at all sorts of platforms. so can’t be accessed anywhere.

Accessibility Provide efficient access to relevant Not accessible easily at more

information than one location.

Multimedia Facilitating online media e.g. video, Multimedia isn’t much efficient

sound, animation etc here.

Economical Web based applications are normally Modifications involve

very economical to be stored, modified complicated work requiring

and reproduced. high cost of manpower, tools

and management.

Accuracy These applications require short cycles Long and complex cycles

and so easily updated afterwards. involving heavy load for

updating.

Interaction Users and the system itself are directly Users and system itself can’t

interacted with the system directly interact with the system

simultaneously. at the same time.

29
Networking Depends upon connection to the Can work well even if there is

network for its functionality. no network available.

Asynchronous These applications are mostly These are synchronous

asynchronous and little delay causes applications. Delays don’t occur

long response times. here.

Security Multiple users accessing the network are Security lies here but not at a

checked by giving log-in or passwords level as to check users and their

etc. So, data can’t be copied. Users can authentication at every step.

only use those features that are needed

by them.

Monitoring Developers can monitor their data easily No such prediction available

because application is running on a few rather developers have to rely

servers and they know where an error on the consumer feedback to get

could be. Predicted and correction of awareness of the errors

errors is very quick and effective. occurring in their application.

Internet Heavy load of users creates decreasing No such traffic is created here.

Traffic speed of service and even server shut

down.

User interface Because of Java it provides slow user These use different tools like

interface. Visual basic etc. and so

interface is not slow.

Customer Being providing services to users, these These applications are product

Oriented have to take care of a lot of aspects as oriented and that’s why no such

protection against human errors, issues here.

hardware failures, hackers etc.

Administrative Online application doesn’t need to be These applications are needed to

costs installed at every workstation where it is be installed wherever to be

30
 to be run. It saves time and money. used.

Portability Users can open/browse the same data at Users have to re-install the

office, home, work place etc not needing software needed to run the

to re-install that application at every application at more than one

place. place.

Slow Clicking on the button at browser No such transfer of service here,

Response requires information sent to server and rather clicking on the button at

then back to the user through the desktop gives quick response,

internet and then back to the user.

Intensive and The use of Web based applications are They are used Less intensive

Frequent Use high and less frequently.

Investment of More time has to spent by users to have User can understand unlucky

time by user a hand on experience which decrease the and hence increase in

productivity productivity

Attention Attention is not a serious limiting factor It can be a serious problem for

for effective interactions in web based effective interactions in

applications. traditional applications.

Coupling Web based have more coupling than non Non web based have low

web based applications coupling

Occurrence of Web based can have more defects. Non-web based has fewer

defects defects.

Table 2.3: Difference between Web base and Non Web base Application:

2.3.3 Metrics for Web based Systems

The constitution element of the web based application is a web page. For a web page
31
 different metrics have been proposed by researchers. Some of the metrics are hereby given as

under Emilia mendes [2001] proposed the Size metric for the web based applications which

counts the number of pages belonging to a particular site or domain which is under

consideration. We can ask different questions about the web such as "how large is the Web",

"how fast does the Web grow" etc. The web site metrics with respect to size can be defined

as:

i. Page Count

Page count is the no of html files used in the web application pages.

ii. Media Count

Media count means how many media files are used by the web application.

iii. Program Count

It is an application that use Java Script files, cgi script, Java applets

iv. Total Allocation

Pages like html or shtml are allocated space which is used in application.

v. Total Media Allocation

Media files that are used in the application are allocate space (Mbytes).

vi. Total Code Length:

Programs used by an application are calculated by counting its line of code.

2.3.3.1 Reusability Metrics

The reusability metrics for the measurement of web based components that can be used in

other web applications or within a same application. As describe below

i. Reused Media Count

Reused/modified media files are numbered

ii. Reused Program Count

Reused/modified programs are numbered

32
 iii. Total Reused Media Allocation

Reused media files that are used in the application, we calculate their allocated space

(Mbytes).

iv. Total Reused Code Length

Programs reused by an application are calculated by Number of lines of code

2.3.3.2 Complexity Metrics

The complexity metrics is used to facilitate the measurement of the web application:-

i. Connectivity

Connectivity is not represented dynamically generated links but it present total inter links.

ii. Connectivity Density

It can be calculated as Connectivity divided by Page Count

iii. Total Page Complexity

It can be calculated with the help of this formula

Emilia Mendes [2001] [58]

iv. Cyclomatic Complexity

It can be calculated like this

(Connectivity - Page Count) + 2.

v. Structure

Application is sequence, organized by its main structure which is measured by sequence,

hierarchy and Network.

2.3.3.3 Effort Metrics

The factors involved in calculating the efforts used in developing web sites are[51]:

33
Total Effort

Total effort (TE) = structuring effort (SE) +interlinking effort (IE) + inter planning (IP)+inter

building (IB) + link testing effort (LTE) + media testing effort (MTE)

Structuring Effort (SE)

To Structure an Application estimate elapsed time (number of hours)

Interlinking Effort (IE)

To interlink the pages in order to build the application's structure estimated elapsed time

(number of hours)

Interface Planning (IP)

To plan the Application's interface estimated elapsed time (number of hours)

Interface Building (IB)

To implement the application's interface estimated elapsed time (number of hours)

Link Testing Effort (LTE)

To test all the links on an application estimated elapsed time (number of hours

Media Testing Effort (MTE)

To test all the media on an application estimated elapsed time (number of hours)

2.3.3.4 Confounding Factors

Experience

With the help of a scale from 0 (no experience) to 4 (very good experience) It measures the

authoring/design experience of a subject.

Type

It measures the type of tool used for authoring or designing the web pages [51]. All above

citied metrics are at application level and are unable to provide the details at systems level.

For the web based applications, there are no metrics available for the system level design.

However, different methodologies have been proposed for the systematic design of the web

34
based applications and some of them are given as under:-

2.4 The Hypermedia Design Methodologies

The most popular methodologies cited in the research for the hypermedia applications are the

following [56]:-

 Hypermedia Design Model (HDM)

 Relationship Management Methodology (RMM)

 The Object-Oriented Hypermedia Design Model (OOHDM)

 An Object-Oriented Design Methodology For the Web Applications Development

2.4.1 Hypermedia Design Model (HDM)

The HDM was defined by Franca Garzotto [1993] [57], the Hypermedia Design Model

(HDM), suggests a domain of application consists of entities which are shaped with the help

of sequence of components. In these hierarchies the entities belong to type. With the help of

links different entities or components are connected to structural or application links. The

hierarchical structure of entities is basically representing structural links of entities or

component connection with application links in order to represent the application domain

relations.

Units are one or more perspective and this is because of instantiated of components. A

reference context to information is provided by Units. HDM schema can be represented as an

application link type and entity set when we define entities and links by using some schema is

called a HDM schema instance. So after defining the schema instance it is easy to define the

requirement of specific browsing semantics and application behavior at run time. Consider an

example of Pakistan Law 1973; “Law 1973” is an entity and this entity is chosen as object for

a relevant application. A piece of information about this entity will be component e.g.

component is “Article 1” of Pakistan law 1973. Through different ways we can represent

35
hypermedia information. It means there are several ways to present the outlook of

information. Unit in HDM is defined as piece of information related to component. A unit is a

tiny piece of information. e.g. in “Pakistan law 1973” one unit has a body i.e. “official” text

another unit’s body is “Description”. Structural, Application and Perspective are the three

kinds of links which are differentiated by HDM. Components belonging to same hierarchy

are Structural links and application links exists between entities. Component has many units

& it is possible to move between them.

An HDM 98 focus on structural, navigational, dynamic, and user control ‘dimensions’ of

hypermedia. Specification of a web based application consists of a schema definition and a

set of instance definitions. Entity links are defined by schema definition and they are

connected by a set of application link types. Instances are allowed to be inserted in the

hypermedia application only if they obey the constraints specified by the schema.

Lack of design step and limited number of access primitives are two basic drawback of this

methodology [57, 58, 59, 60].

2.4.2 Relationship Management Methodology (RMM)

RMM (Isakowtis et al; 1995) is based on Relationship Management Design Methodologies

(RMDS) means how entity relationship can be managed. It is the primary full web based

application design methodology. In this methodology the information domain of the

application is captured by conventional Entity Relationship diagram. Slices are then defined

which means a meaningful group of an entity’s attribute. This step produce enriched diagram

related to relationships, ER diagram, slices from the entities relationship derived all

navigation paths. All above defined by entity belongings and relationship and they are

completed in navigational design

The result of this step is RMDM diagram, which is core in RMM, all RMDM can be

compared with the HDM in that it uses almost the same modeling primitives of HDM such as

36
entity types and entities, and it also distinguishes among three types of links. RMDM extends

the access primitives supported by HDM into four types of access primitives (conditional

indexed guided tour, grouping, conditional index and conditional guided tour). At last, it

ropes a set of laws to map an RMDM diagram into a hypermedia network consisting of nodes

and links [61, 62].

2.4.3 Object-Oriented Hypermedia Design Model (OOHDM)

OOHDM [71] (1995) presents an approach that defines four steps: conceptual design,

navigational design, abstract interface design, and implementation. The conceptual data

model is described by using OOHDM primitives, namely: classes, relationships and

subsystems. Navigation design is described in terms of navigation classes (nodes, links, and

access primitives). Nodes present valid views on conceptual classes in step one. Consequent

relationship makes the reason of links as described previously. Access primitives are used to

model movement in the hypermedia application. Many navigational models during this step

can be built for similar conceptual schema different for same area. Through interface design,

an interface helps the user to identify navigational objects; this specification is done at a

higher level that of the actual implementation environments. During this step, the designer

specifies what the perceptible objects are, that intends to make available to users, and how

they behave in terms of the actions originating from users. Perceptible objects are generally

built using primitive GUI objects such as buttons, text fields, graphics field etc. It gives the

interface for navigational objects. The implementation step concerns mapping the interface

objects into implementation objects. In this step the designer produces the actual hypermedia

application to be run. In particular, the models generated after performing step one to step

three are implemented on top of available hypermedia system platforms [63, 64, 65].

37
2.4.4 Drawbacks of Hypermedia Methodologies

 In the previous hypermedia methodologies, design and implementation were merged

together. We cannot separate them.

 Analysis was minimum

 Those methodologies were not based on software engineering principles.

 In Shah, A., [2003] proposed a methodology which is OODM (Object Oriented

Design Methodology) by following the principles of software engineering.

2.4.5 Object Oriented Design Methodology (OODM)

The OODM presented by Shah, A. in 2003 [4] describes two phases i.e. analysis and design

mainly. Analysis deals with problem statement of Web based Application, the information

and their structure, potential users and their goals, navigation paths, and operations supported

by the web application are identified.

The design phase addresses the issues like presentations of information to users, user

navigation paths, implementation of each operation, and user-interface elements and how to

design them.

The Analysis Phase captures mainly three aspects of the Web based applications and these

are information structure, the navigation paths to be followed by different user-classes during

access, and operations performed by the Web Application. The phase deals with three aspects

individually and develops corresponding three models. These three phases are Building

Operation Model, Building User Navigation Model and Building Information Model. These

items make three different models like Operation Model Information Model and User

Navigation Model.

The report generated by the analysis phase becomes the input of the design phase and it

works as four processing units as Building Component Model, Building Navigation Model,

38
Building Operation and Building User Interface[4].

2.5 Summary

All the above described methodologies suffer from some drawbacks e.g. RMM and OOHDM

consists of plain class model which is unable to handle special elements like narrative

structures. RMM depends upon the ER model in which individual objects are left out.

In HMM more sophisticated specifications techniques are required for handling complex

types like games. These techniques do not follow any recognized process model like Water

Fall Model for the development purpose.

The OODM do have covered some of the above defined flaws but still the following short

comings are noted in OODM.

 Issues related to security are not considered.

 Adaptive navigation, has not been considered, in which pages selection depends upon

user’s mode e.g. Faculty or student, or it depends upon user’s previous moves.

 Passing of Input and output data through the public networks have not been

addressed.

 Today’s processing on the web is also some time conscious and issue is not addressed

in this methodology.

 No quantification in terms of measurements has been given.

The focus of this research is to present the extension of OODM approach which may cover

the above defined flaws and to define the measurements at each model of the proposed

methodology.

39
 Chapter 3

S-OODM: A Secure Object Oriented Design Methodology

Many methodologies have been proposed for the web applications design and development.

These methodologies do not cover the issues related to security. OODM is also proposed with

the objectives of web application development but without the consideration of security

issues. S-OODM is an extension of the OODM in which security issue has been considered.

To accommodate the security issues, OODM is required to be updated. The OODM presented

by Shah, A. in 2003 [4] describe two phases i.e. analysis and design mainly. Analysis deals

with problem statement of Web based Application, the information and their structure,

potential users and their goals, navigation paths, and operations supported by the WA are

identified.

The design phase addresses the issues like presentations of information to users, user

navigation paths, implementation of each operation, and user-interface elements and how to

design them.

The Analysis Phase captures mainly three aspects of the Web based applications and these

are information structure, the navigation paths to be followed by different user-classes during

access, and operations performed by the Web Application. The phase deals with the three

aspects individually and develops corresponding three models. These three phases are

Building Operation Model, Building User Navigation Model and Building Information

Model. The three items make three different models like Operation Model Information Model

and User Navigation Model.

The report generated by the analysis phase becomes the input of the design phase and it

works with four processing units as Building Component Model, Building Navigation Model,

40
Building Operation and Building User Interface Shah, A., [2003].Over all structure of

OODM is as under:

Figure 3.1: OODM [Shah, A., 2003]

Introduction of a new security model is required. Each model of the OODM is required to be

secured by introduction of a level of security. An algorithm for the inclusion of security

model has been given.

41
3.1 Inclusion of Security Model

Figure 3.2: The modified architecture of the OODM with security model (S-OODM)

42
 3.2 Modified architecture “S-OODM”

S - OODM
Identify Security model
Input: problem statement, information ,
Analysis navigation, operational models.
Phase Output: identify user role, user permission, level
of security,

Information model Navigation model

Input: problem statement
Output : page classes,
multimedia attributes and
associations among page
classes
Input: problem statement, Operational model
Input: problem statement,
information model
Output: user classes, user goals, information, user navigation
models.
user access scenarios, user
Output: operation names, input,
navigation path
output and dynamic page classes

Component model Navigational model Operation partitioning model

Input::information model
Output: component and
component access sequence,
associations among components
Security: roles, permissions,
level of security
Input: component, user Input: operation model
navigation models. Output: client and server
Output: local , instance, global operations
and menu navigations. Security: security on authorized
Security: rules permissions, input, security on operations
level of security (delete, update etc )

Design
Phase
User interface
component and component access
Input::information model Building Security model
Output: sequence Rules, permissions, level of
Security: login security security

Figure 3.3: Modified architecture “S-OODM”

3.3 Building Security Model

The security is implemented in the S-OODM through a security model. Security model is

building though a Security Manger. It consists of methods/operations. Methods declare

permissions required to access the objects. When operation is called from sandbox context

(HTTP URL, Page template or site script) all calls going outside the sandbox are checked by

OODM Security Manger. After breaching out from the security sandbox, there are no further

43
automatic security manager call checks, since the security management gives heavy

performance overhead for each function call.

It is very important to define proper permissions for each operation which could manipulate

or export private information. There are several roles e.g., Administrator, Super user, user

which have set of permissions e.g. Update, Create, Edit, Delete roles are inherited - a

subfolder can have different permission set for the role as the parent folder.

Users and groups are given roles. Again, user can have different roles in the different part of

the site.

Figure 3.4: Web users with their roles

3.3.1 Building Component Model

This model has already been built for OODM by (Shah, A., 2003), now we have restructured

it for S-OODM. Building Component Model has the following functionalities:-

 This unit identifies page-classes, their associations and their multimedia attributes

from problem statement.

 The problem statement should be correct and taken from valid, authenticated and

authorized users.

 To ensure validity, authentication and authorization of user’s secured logging should

be implemented.

44
3.3.2 Building Navigation Model

Navigation Model was first generated by (Shah, A., 2003) for OODM; it has to be

reconstructed accordingly for S-OODM. Building Navigation Model Contains the

functionalities mentioned below:

 This unit designs the information structure of a WA. While navigating through web

pages.

 During user navigation secure session management should be done to reduce user

disorientation and cognitive overhead.

 To make user navigation most secure, strict criteria and constraint for anonymous users

are defined to avoid unwanted access from the web.

3.3.3 Building Operation Partitioning Model

Shah, A., (2003) has built up this model for OODM Model and we have reused it to in-

cooperate security in S-OODM. Building Operation Partitioning Model has the following

functionalities:-

 This unit categorizes operations into client operations and server operations.

 For completing and refining the operation-partitioning model valid and authorized cline

and server should be identified.

 Secure message passing has been obtained by precisely selecting to which object level

(administrator, super user, user) data is to be sent.

 What kind of information is accessible by which level of object or user?

3.3.4 Building User Interface

This model has already been developed for OODM by (Shah, A., 2003), now it is recreated

for S-OODM. Building User Interface works as follows:-

45
  This processing unit deals with the designing of user’s perception and interaction with

WA. For designing the user interface. Information about user’s perception should be

gathered from valid users.

S-OODM (Secure Object Oriented Design Methodology)

Building Security

Model

Component Model Navigational Model Operation partitioning User Interface

Model
Input: Information Model Input Component, user, Input: Operation Model Component
Output: Client and Server
Output: Component and navigation models operations Security: &Component access
Security on authorized
Component access Output: local, Instance input, Security on Input: Information model
operations (delete, update

Figure 3.5: Role of security in different models

3.3.5 Building Security Model

The Security Model attempts to incorporate all of the features of OODM in addition to

security aspects, leading to what is called “S-OODM”. How security may be incorporated

into each of model mentioned above is given as under:

Firstly, we will see the Component Model. To build the Component Model, page-classes,

their associations and their multimedia attributes are identified from the problem statement.

This problem statement should be correct and taken from valid, authenticated and authorized

46
users. Also to ensure validity, authentication and authorization of users, a secured log-in

should be implemented.

Secondly, we will see the Navigation Model. This unit designs the information source of a

Web Application while navigating through the web-pages. During user’s navigation, secure

session management should be done to reduce user-disorientation and cognitive overhead. To

make user-navigation more secure, strict criteria and constraints for anonymous users are

defined to avoid unwanted access from the web.

Thirdly, we will see the Operation Partitioning Model. This unit categorizes operations into

client operations and server operations. For completing and refining the operation-

partitioning model, valid and authorized client and server should be identified. Secure

message passing has to be obtained by precisely selecting which object level (administrator,

super user, and user) data is to be sent. Another question that needs to be answered is that

what kind of information is accessible by which level of objects or users. Also it is to be seen

what kind of operations need to be incorporated and how: insert, delete, update etc.

Lastly, we will see the User Interface Model. This processing unit deals with the designing of

user’s perception and interaction with the Web Application. For designing the user interface

information about users’ perception should be gathered from valid users. To incorporate

security, log-in security is to be considered too.

To implement all of the factors mentioned above we employ the Security Manager. It consists

of methods/operations. Methods declare permissions required to access the objects. When

operations are called from the sandbox context (HTTP URL, page template or site script) all

calls going outside the sandbox are checked by OODM Security Manger. After breaching

out from the security sandbox, there are no further automatic security manager call checks,

since the security management gives heavy performance overhead for each function call.

47
 Chapter 4

DESIGN METRICS FOR WEB APPLICATIONS

In Object-Oriented Design Methodology (OODM) and Secure Object-Oriented Design

Methodology (S-OODM) (see Chapter 2 and Chapter 3), design of a web application is

represented using Abstract Data Type (ADT) undirected graph (see Figure 4.1). In the figure,

we have shown a general design of a web application. In the graph (see Figure 4.1), the root

node represents home page of the application and other nodes of the graph represent pages,

these can be either static pages or dynamic pages. Note that a page which does not take any

input from the user, is referred to as the static page, and a page that takes input from the user,

is referred to as dynamic page.

P1

P4
P2 P3

P6 P7 P8
P5

Pn-3 Pn-2 Pn
Pn-1
Figure 4.1 Design of a Web application-Link Tree

48
As mentioned earlier, both OODM and S-OODM are design schemas of a web application in

the form of an ADT graph/tree, which is referred to as the link-tree (see Figure 4.1). A web

application is a collection of pages (as shown in Figure 4.1), in which nodes represent the

pages of the application and edges/arcs represent links between the pages/nodes. The links

are of two types and they are listed below:

 Uni-directional

 Bi-directional

Through a uni-directional link, a user can only go from one page to the next page, whereas,

through a bi-directional link, a user can go from one page to the next page and also go back to

the previous page.

Now we formally define a link-tree (LT):

LT = {IN1, IN2,.……. INn} U {LN1, LN2,…….,LNm} --------------------- (1)

In Equation (1), LT is union of the two sets, as shown above. The first set {IN1, IN2.… INn}

of Equation (1) can also be written as {IN1, IN2,…INi….,INn}, where INi is the ith internal

node and it is defined as (Pi, αi). Pi is the ith page of the link tree and αi is the outgoing edge

of the page Pi and it is either uni-directional or bi-directional. If αi = 1, then it is a uni-

directional edge and if αi=2, then it is a bi-directional edge. Internal nodes are the ones which

have sibling nodes.

In the second set {LN1, LN2……………,LNm} of Equation (1), m is an integer. The set (LN) is

the set of leaf nodes of the link-tree LT and a leaf node LNj is the jth page Pj of the link-tree.

The leaf node LNi is defined as LNi= Pi because there is no outgoing arc/edge in LNi. This

feature is typical of external nodes only. In other words, an external node, as well as a leaf

node are one and the same thing and they do not have sibling nodes (Thomas et al 2003 ).

49
Since each internal node (page) is represented by two parameters, i.e. (Pi, αi), therefore, we

quantify each internal node by the weight wi, where |wi| = memory size/space that the pages is

carrying. Note that wi is the sum of memory space and multimedia information/data that the

page is carrying. Similarly, each leaf node/page is defined only by the wi because there is no

outgoing edge from any leaf node.

The methodology S-OODM designs schema of a web application in the form of a link-tree

along with five (5) models: Building Component Model, Building Navigational Model,

Building Operation Partitioning Model, Building User Interface Model and Security Model.

Now we quantify these models by defining and proposing their metrics, using the structure of

the schema, link-tree, given in Figure 3.1.

4.1 Schema Metrics

In this section, we propose design metrics of overall schema of a web application. The basis

of this metric is based on the fact that performance of a graph search is proportional to its

depth. It is worthy to mention here that performance of a graph search also shows the

performance of our web-application, as the no. of nodes actually represent no. of web pages.

Hence, performance of a web-application depends upon searching time of a web-application

(which can be extracted from the graph).

We rewrite Equation (1) as follows:

LT= {INi | 1 ≤ i ≤ n} U {LNj |1 ≤ j ≤ m} ------------------ (2)

In the terms of weight and edge of each node/page, the equation can also be written as

follows:

LT= {(wi , αi) | 1 ≤ i ≤ n} U {wj |1 ≤ j ≤ m} ---------------------- (3)

50
The space complexity (SC) of a web application can be computed as follows:

n m
SC   wi   wj ------------------------- (4)
i 1 j 1

From this metric (SC), we can estimate space requirements of a web application. In equation

(4), the part

w
i 1
i is the total sum of the space required by internal nodes of the application; and the part

of equation

w
j 1
j is the total sum of space occupied by leaf nodes/pages of the application.

Now we define the term an Access Sequence (AS) of a user in a web application as follows:

ASj = {Pi | 1 ≤ i≤ k} U Pl ----------------- (5)

The Access Sequence (AS) can be computed taking into account both the internal node/page

and the external node/page using the above given notation. The range 1 to k is for the internal

node, whereas, l is for the external page as it has no siblings.

In Equation (5), ASj is the jth access sequence of a web application and Pl is single element

set which is leaf page of the ASj. Further, ASj can also be written in the terms of weights of a

page and α edge weights as follows:

ASj = {(wi,αi) | 1≤ i≤ K} U {wl} ------------------ (6)

Now we define metric for length/depth of the access sequence ASj (LASj)

k
LASj  
i 1
 ij ------------------ (7)

51
The metric that is defined in Equation (7) measures the length/depth of an Access Sequence

(AS) of a web application. As we have mentioned earlier, the performance of a web

application depends on its searching time which is designed using an Abstract Data Type

(ADT) graph (flow graph).

Now we first predict total number of access sequences in a web application, then we compute

the sum of lengths of all possible access sequences in the application. This gives the overall

design metric of the application. To predict total number of possible access sequences in a

web application, we use McCabe Chromatic Complexity (CC) of a program (McCabe, 1976).

This complexity has also been used in predicting total number of independent paths in a flow

graph in the defect testing technique (White-Box Testing) that is also referred to as the

path/branch testing [8,30] Note that in this defect testing technique, a source code of a

program is represented as a flow graph. Hence, we can conclude that total number of

independent paths in a flow graph is predicted by using the formula used for the chromatic

complexity metric.

Total number (N) of independent paths in graph/program (with GOTO statement in the

program) is predicted by using the formula given in Equation (8).

N = Number of edges - Number of nodes +2 ---------------------------- (8)

Or

N = e – n +2

Now we define the overall Design Complexity (DC) of a given web application by Equation

(9).

N
DC =  LAS
j 1
j ---------------------- (9)

N K
DC  j 1 i 1
ij ------------------------------ (10)

52
In Equation (10), the index i represents ith page in the jth access sequence.

4.2 Component Model

Related multimedia attributes of a page-class are collectively known as Component Model.

Its objectives are described as follows:

Objective

 To identify page-classes of web application.

 To identify components of a page-class.

 To identify multimedia attributes of a component of a page-class.

Contribution

Its main contribution to the design phase is that it provides a component model as an input for

Building Navigation Model and User Interface Model. It also gives an understanding of

components, relationships among them and their access sequences. A set of related

multimedia attribute of a page-class is called component [4]. In the Component Model we

model the following

 Multimedia attributes of each page-class and their subdivision into meaningful and

logical components.

 Component access sequences: Important First and least important at the end

Measurable Parameter

Page-class complexity of a Component Model is the most significant parameter of itself. It

can be measured by measuring fan-out of components. The components having low fan-out

are considered to be lesser in complexity. And the components having more fan-out indicate

53
 Page-class

Page Page Page

Component Component Component

Text Image Sound Video

Figure 4.2: Logical layout of a web application where fan-out is

Fan-out = 2+3+2=7

the fact that they share more components, which enhances reusability and complexity of these

components.

4.2.1Reusability Metric

As S-OODM is an object oriented design methodology, so we have to measure its features in

terms of features of the object oriented paradigm. Reusability is one of its important

characteristics. In this section we measure reusability of the design of a web application and it

is directly proportional to the depth of a link-tree (which is a logical view of web

applications). A web application is a collection of pages. In the tree, nodes represent the

pages of the application and edges/arcs represent links between the pages/nodes [75, 76].

Design process in the most engineering disciplines is based on reuse of different parts.

54
Software should be considered as an asset and reuse of these properties is vital to increase

the return of investment.

Reusability and depth of the tree are directly proportional to each other and an inverse

relationship holds between the depth of a tree and its complexity [4]. However, this relation

holds true only till the depth (D) ≤ 5 and can be maximum 8 but not beyond that as after that

it becomes more complex [4, 74].

Reusability of jth Access Sequence(AS) is equal to the length of the Access Sequence

n
RASj =  R ij
i1 -------------------------- (11)

Where RASj =Reusability Access Sequence

i = Count from 1 to total no of links.

j = jth page of the link tree.

Assume there is N number of ASs in a web application then reusability metric for the web

application (RWA) is

N n
RWA=    ij
j 1 i 1
------------------------ (12)

where  ij =1

 will attain value 1 always because

α=β if α = 1

α=2 α=1

Figure 4.3: Uni-directional & Bi- directional Links

55
In reusability metric when αi = 1 then we represent α as β to take unique value of α. If it is

required to measure the depth of a tree, then always take β=1. This is the only method to

measure the depth of a tree; else it takes the form of a directed or cyclic graph which is not

within our scope. The links are of two types and they are listed as Uni –directional & Bi-

directional. Through a uni-directional link, user can only go from one page to the next page,

whereas, through a bi-directional link, user can go from one page to the next page and also go

back to the previous page. If αi = 1, then it is a uni-directional edge and if αi=2, then it is a bi-

directional edge.

Advantages

As a positive factor, if the link tree is deeper in hierarchy then greater the reuse. Moreover, it

decreases the cost and time of a project, in terms of space a page is occupying in memory.

Once again this factor holds true only till the depth goes up to 5 or 8, not beyond that.

Disadvantages

As a negative factor, a deeper tree than the one prescribed before, inherits more operations

and attributes that show greater design complexity. Hence more work is required for the

testing of large no. of nodes introduced.

4.3 Navigational Model

The navigational model is used to design the information structure of a web based

application. This information structure helps the user to navigate web pages. It provides

various levels of navigation such as local navigation, global navigation, instance navigation

and menu navigation [Shah, A., 2003].

56
    

           
 

               

   
   

     

Figure 4.4: Navigational Model with Local, Instance and Global navigation

Navigational model is constructed with the following objectives:

Objectives

 To find and define various ways of navigating a web page or web pages.

 Easy and efficient access of information from the web pages.

Contribution

Its major contribution is that it provides help in building User Interface Model. Because this

model defines various modes of navigating the web page(s), therefore without this model it is

very difficult to build a user interface model. It helps the user in visiting web pages through

various navigation constructs. It works as a map and guides the user to reach a specific

location in a web page or on another web page.

57
Measurable Parameter

Accessing Time

4.3.1 Navigational Accessing Time Metric

The main purpose of navigational accessing time metric is to help in calculating the total

navigational time to reach the goal. Designer can develop a design by using this metrics

which calculates the total time of navigation,

The time involved between two consecutive nodes is 1 i.e.,

T=1

As we mention earlier that α = 1 so T = α.

The number of nodes involved are n, where (1 ≤ n ≤ i)

We can calculate the accessing time to reach the goal with the help of this formula:

T = ( n - 1) --------------------------(13)

As the number of nodes involved in a path to reach the goal is increased, then the total

accessing time to reach the specific node will also increase.

n  T
The relationship holds true only till the depth of the tree ≤ 5 and can be maximum 8 but not

beyond that as after that it becomes more complex and for that reason consumes more time.

4.4 Operation Partitioning Model

This model is concerned with the following processing units:

 The operations represent services that are provided by the web pages of a WA

 Design the execution pattern of each operation

58
 Design of Message passing pattern among the objects. Building an object-interaction

graph(OIG)

 Completing and refining Operation Partitioning Model.

Objective

Its main objective is to identify objects and relationship among them.

Contribution

This model provides the implementation approach of the web application. All objects and

their relationship are defined in this model.

Measurable Parameter

Operations performance

4.4.1 Operation Performance Metric

 We can calculate the complexity of an object by calculating the height of its operations’

parameters.

 Objects which have a larger no. of operations are more complex.

 Its Performance increases (advantage), while its readability decreases (disadvantage).

This implies, performance is inversely proportional to height and readability.

We can calculate the complexity of a component by measuring the total complexity of its

operations the complexity of an operation, then in turn, depends on the complexity of the

parameters it is comprised of. When compared, it is found out that the operations which have

a large no. of parameters are more complex than those which cater to lesser no. of

parameters.

59
 Operation Performance metric

M1
M1

M2
M2

(a) (b)

Figure 4.5: Shows the height of two operations

There is a same page but we display it in two different ways. We say page have two

operations and there are two ways to display these operations. Firstly in Figure 4.5(a) two

operations are present in one component and in Figure 4.5(b) two operations are present in

two different components. In first case it is more cohesive. If the component is cohesive then

in this case as an advantage, its efficiency increases but as a disadvantage its readability

decreases. It means efficiency is inversely proportional to readability. Metrics can be defined

as

1
Performance  (hi  0) --------------------------- (14)
hi


P
hi

The metric given above indicates that as the depth of the tree (value of hi ) increases,

performance (P) will decrease. Whereas, readability (R) increases.

Readability  height

R  h i

60
 1
Efficiency 
readability


Coherence 
height


Co 
hi -------------------------- (15)

This metric (15) indicates that as the depth of the tree (value of hi ) decreases, coherence (Co)

increases. In contrast the lessening of the value of hi indicates that efficiency (E) increases,

whereas readability (R) decreases.


Efficiency 
height


E
hi ------------------------------ (16)


Performance 
Efficiency


P
E ----------------------------- (17)

In web application there are N operations, and then operational complexity is

N n
1
Complexity  
j 1 i 1 hij ------------------------- (18)

 N represents total no of component in web application.

 n represents total no of operations in component .

 hij tell about how many heights have these operations .

According to the metric (15) as the depth of the tree (value of hi ) decreases, coupling (Co)

increases. Moreover, decrease in the value of hi leads to an increase in coupling, an increase

in readability(R) and a decrease in performance (P).

61
In the above equations the proportionality sign can be replaced by k where, k is the

proportionality constant. As we know that proportionality constant k=1.

4.5 User Interface Model

This processing unit deals with the designing of user’s perception and interaction with web

application. Then the user interface design produces a consistent and predictable appearance

of web application pages. The design process first determines user interface elements (for

example, pages, forms, frames, colors, command buttons, bars, check boxes) for the objects,

e.g., page-classes, components, navigation types, operations, and navigation primitives. The

user interface is designed using the frames, which are capable of dividing the window into

different regions, and they are displayed and scrolled separately.

Measurable Parameter

Interface coherence

4.5.1 Interface Coherence Metric

Here we are going to measure the cohesion in terms of relationship between data on one

screen. There are three modes of coherence:

 High coherence

 Medium coherence

 Low coherence

62
4.5.1.1 High coherence
Pdr
Col if data on interface is related to the attributes of the same
The cohesion is said to be high
PWA
component of a page-class. High cohesion for one page can be calculated as follows:

Where Ps -------------------------- (19)

C oh 
PWA

Ps = Attributes of the same component

PWA = All page-classes of web application

4.5.1.2 Medium coherence

The cohesion is said to be medium if data on interface is related to two or more interrelated

components of the same page-class. Medium cohesion can be calculated as follows:

Where

Pr = related components of the same page-class

Pr ----------------------- (20)
C om 
P WA

4.5.1.3 Low coherence

The cohesion is said to be low if data on interface is related to the different page-classes. Low

cohesion can be calculated as following:

---------------------------- (21)
P dr
C ol 
P WPAdr
Col 
PWA
Pdr = related components of different page-classes

By summing all these cohesions, we can determine the overall cohesion of interface of a web

application. It can be calculated as:

Coh  Com  Col

CoWA 
PWA ----------------------------- (22)

63
Advantages

 Highly cohesive pages provide a balanced ratio of width to height.

 The highly cohesive page provides unity, which helps to keep the user interest in the page

to get the related information from that same page.

4.6 Security Model

This model provides security at each step of the design phase. Security is implemented by a

security manager. The security is achieved by implementing security at various levels: such

as, at the user level by defining various roles like administrator, super user and user.

Similarly, security is also achieved by various levels of security such as secret, classified and

unclassified. Security is achieved at permission level by permitting a user to update, create,

edit and delete a record. Its objectives are as follows:

Objectives

This model attempts to introduce security at each phase of the S-OODM so that the

information of the application can be secured from unauthorized access.

Contribution

This model has contributed at each step of the design phase. For example in Component

Model it has contributed by securing components and in Navigational Model it has

contributed by securing navigation paths. For example, a user may not be allowed to access a

web page or particular link etc. Similarly it has also contributed in Operation Partitioning

Model because security is actually implanted in business logic and some code, method or

attributes may not be allowed to be accessed by other objects or users.

64
Measurable Parameters of Security Model

There may be several parameters this model which should be measured but following are the

significant parameters.

 Security risk

 Security check

4.6.1 Security Metric

Security issue in the web applications is critical due to many reasons. It avoids unauthorized

access consistently and protects malfunctioning of the components of the web application. A

page-class consists of pages and these pages consist of some multimedia information also

termed as attributes.

A modification in attributes of any web application can affect the web application as a whole.

To avoid the undesired access to these attributes security consideration is required. To ensure

that web application is free from these attacks, certain measurements are required to be

introduced at design level.

Moreover, in order to achieve consistency, accuracy and to protect critical data contained by

these components, certain security measurements are required. Imposing security is also

accompanied by some drawback in the web applications, like loss of flexibility. There is a

trade-off between flexibility and security. If we increase security then it decreases flexibility,

means flexibility is inversely proportional to security.

1
F ----------------------------- (23)
S

Here F represents flexibility and S shows security. If we are imposing more security checks

then there will be low efficiency of the application as it has to perform security checks by

consuming more time. Then efficiency is inversely proportional to security

65
 1
E ------------------------------- (24)
S

E represents efficiency. Cost is directly proportional to security.

C S -------------------------------- (25)

In the above Equation C represents cost. Space is directly proportional to security.

Space  S --------------------------------- (26)

4.6.1.1 Security Risk Metric

A security risk increases when some critical data changes, due to this reason the whole

process becomes destabilized. For that cause, components that contain critical data should be

put on higher security risk. This risk can be calculated as:

Vital Component Ratio =

P i

VCR  i 1
n
-------------------------- (27)
P
i j
ij

VCR represents Vital Component Ratio. Variable n defines the no of critical component in a

page and j defines the total no of components present in a page. Where Pi ≤ Pj.

4.6.1.2 Security Check Metric

Security check metric can be defined as the percentage of security checks in a page divided

by total no of security checks in a page-class.

66
 n m

 C
i 1 j 1
ij

SCM = n sc
-------------------------- (28)
 C
i  sc k 1
ik

SCM represents Security check metric Variable n defines the no. of pages in a page-class and

m defines the no of security checks applied in that particular page n. The variable Security

Check (SC) is the maximum number of possible security checks that could be included within

that page-class, where Cij ≤ Cik

67
 Chapter 5

Case Study of a University Web Application

5.1 Introduction

The object-oriented design methodology (OODM) was proposed by Shah in 2003 (Shah, A.,

2003) to design web applications. The similar case study was also conducted for OODM by

(Shah, A., 2003). I have borrowed and modified it to accommodate security aspects. In the

chapter 3, we have first extended the methodology by including security element in the

methodology, and are referred to as the secure object-oriented design methodology (S-

OODM) for web applications. The original version of the methodology (OODM) did not

include security aspect of a web application while designing it. In the upgraded version of

OODM, i.e., S-OODM, this aspect has been taken care of. Then the design metrics of the

design elements of a web application which will be developed by using S-OODM were given

in chapter 3.

In this chapter, we show by an example how the proposed methodology take care of security

issues and then evaluation of the proposed metrics have been given in this chapter. The

example is applied by using A University web application as a case study.

In this chapter Section 1 defines the problem statement for a university. Section 2 describes,

using the University web application how the security issues can be handled at the design

phase. Section 3 describes the evaluation of the proposed metrics.

68
 

  The 
University 
 

 
CS,FC,VS,RS
 
CS CS,PS,FC,PR,VS
CS,FC

CS,FC,VS,RS,

LMS SIS CIS     TDS     BS Exhibition       Policy

CS,FC,VS,RS CS,VS

CS,PS,FC,PR,VS

    Project Employment
opportunity Student
resume

College Conference

   Research        Department Library

  center 
 
 
 
 
 
Dissertation
  Publication

 
  Program
 
 
 
 
 
 
  Book Paper 
Faculty Course Magazine
 
 
 
 
 
Figure 5.1: Overall Design Schema of University Website

69
5.2 Problem Statement

A university web site is intended to host the University Home Page and well-integrated set of

Web pages containing information about University. Web pages on University web site are

intended to have a consistent look and feel user interface. This was given by Shah in 2003

(Shah, A., 2003) in his case study for OODM and we have modified it according to S-

OODM. According to (Shah, A., 2003), the information which contained in the web pages of

University website is as follows:

 Departments, research centers, conferences, exhibitions, and colleges.

 Courses, projects, libraries, policies, dissertations, and publications.

 Degree programs, research papers, book, and magazines.

 Employment opportunities, student resumes.

 Faculties.

Furthermore, there are some existing information systems in the University Web site, which

are accessible to users. These systems are as follows:

 Library Management System (LMS). LMS is used to Search for a publication in the

library.

 Student Information System (SIS). SIS is used by users to print students transcripts.

 Course Information System (CIS). CIS is used for registering a course and its

timetable for a student.

 Telephone Directory System (TDS). TDS is used to search for contact numbers of

University staff.

 Bookstore System (BS). BS is used for searching books in the bookstore of the

University.

 There are different users who get information from the University website. Those

users include:

70
 Faculties: These include those users who teach in University. The information in

which they are interested in accessing is, about: Departments, Research centers,

Conferences, Exhibitions, Colleges, Courses, Projects, Libraries, Policies,

Dissertations, Degree programs, Research papers, Books, Magazines, and Faculties.

They are also interested to use Library Management System (LMS), Course

Information System (CIS), Telephone Directory System (TDS), and Bookstore

System (BS) for searching.

 Potential students: These include those students who are interested in studying a

degree program offered by University. The information of their interest is about:

Colleges and their Departments, Degree programs offered by a Department, Courses

offered by a Degree program, Faculties teaching in a college, and Policies of

University. They are also interested in using Telephone Directory System (TDS) for

searching.

 Existing students: These include those students who are currently studying in

University. The information of their interest is about: Departments, Research centers,

Conferences, Exhibitions, Colleges, Courses, Projects, Libraries, Policies,

Dissertations, Degree programs, Research papers, Books, Magazines, Employment

opportunities, and Faculties. They may be interested in using LMS, CIS, TDS, and

BIS for searching. They are also interested in using CIS to register a course and its

timetable, and to use SIS to print their transcripts.

 Guests: These include users who are from outside University. The information of

their interest is about: Departments, Conferences, Exhibitions, Colleges, Courses,

Degree programs, Research papers, Books, Magazines, and Faculties. They may also

be interested in using LMS, TDS, and BIS for searching.

71
  Guardian/parents: These are guardian/parents of existing and potential students. The

information of their interest is about: Departments, Colleges, Courses, Policies,

Degree programs, and Faculties. They may also be interested in using TDS for

searching.

 Researchers: These are users performing research. They are interested in accessing

information about the following: Departments, Research centers, Conferences,

Exhibitions, Colleges, Courses, Projects, Libraries, Dissertations, Degree programs,

Research papers, Books, Magazines, and Faculties. They may also be interested in

using LMS, TDS, and BIS for searching.

 Companies’ representatives: These are the users who are representing outside

companies. The information of their interest is about: Student resumes, Student

dissertations, Student supervisors, Projects, Faculties involved in Projects,

Departments, Exhibitions, Courses, Degree programs, and Faculties. They may also

be interested in using TDS for searching.

5.3 Analysis Phase

5.3.1 Security Realization

The security model at Analysis phase will be implemented and realization of the security

needs at its different phases has been done as under. This was not given by Shah, A., [2003]

in his case study for OODM. We have borrowed OODM case study to incorporated security

in it and reproduce it as S-OODM. The analysis phase consists of four analysis steps:-

i. Building information model. This step is concerned with identifying multimedia

information that needs to be presented to users and associations among that

72
 multimedia information. That information is represented using one diagram called

information model.

ii. Building user navigation model. This step is concerned with identifying potential

users of the hypermedia application, goals of each user class, and user navigation

paths. The information is represented using one diagram called user navigation

model.

iii. Building operation model. This step is concerned with identifying operations

performed by the hypermedia application.

iv. Security Model. This model basically suggest the realization of security in all the

above given models of the S-OODM whose realization will be done in the analysis

phase and will be implemented in the design phase.

For simplicity we have given below the modified models of case study of OODM. The

analysis phase using university hypermedia application will be as under. Next, we describe

each analysis step in more details using university hypermedia application as an example.

5.3.1.1 Building Information Model

Page-classes, their associations and their multimedia attributes are identified in the case study

of university. According to security model following consideration should be given to make it

secure. This was given by Shah [2003] in his case study for OODM and we have modified it

according to S-OODM.

Table 5.1: Building Information Model with security consideration

Page-class User Roles Permission Level of Security

Department User View Classified

Conference User View Classified

73
Course User View Classified

Library User View Classified

Student resume User View Classified

Employment User View Classified

opportunity

Research Centre User View Classified

College User View Classified

Policy User View Classified

Degree program User View Classified

Paper User View Classified

Faculty User View Classified

Course Registration Administrator Create, update, Secret

System delete, edit

Tel Directory Super User Create, update Classified

System

Library Administrator Create, update, Secret

management delete, edit

System

Student Academic Administrator Create, update, Secret

Record delete, edit

Management

System

74
5.3.1.2 Building Navigational Model

Table 5.2: Building Navigational Model for Faculty page-class with security consideration

Seq Agent Action Web Resource Secure Session

management

1 Faculty Access university university Yes

home page home page

2 Faculty Access CRS page CRS page Yes

3 Faculty Enter Search criteria CRS page Yes

4 WA Run search query Search output No.

is created

5 WA Format Output New page is No.

created

6 WA Display output New page No.

7 Faculty Read Output New page No.

75
Table 5.3: Building Navigational Model for Potential Student with security consideration

Seq Agent Action Web Resource Secure Session

management

1 Potential Access UNIVERSITY UNIVERSITY No.

student home page home page

2 Potential Find ‘Computer College’ College index No

student

3 Potential Access ‘Computer ‘Computer No

student College’ page college’ page

4 Potential Find ‘CS’ Department Department No

student page index

5 Potential Access ‘CS’ Department ‘CS No

student page Department’

page

6 Potential Find offered graduate Degree No

student degree programs programs

guided tour

7 Potential Read degree program Degree No

student page programs page

76
Table 5.4: Building Navigational Model for Existing User with security consideration

Seq Agent Action Web Resource Secure Session

management

1 Existing Access UNIVERSITY UNIVERSITY Yes

User home page home page

2 Existing Access CRS page CRS page Yes

User

3 Existing Access registration Registration Yes

User form Form

4 Existing Enter course data Registration Yes

User Form

5 WA Validate course data Course data No

6 WA Check Course Course Data No

conflicts

7 WA Adds the course New Course is Yes

added

8 WA Acknowledge Registration No

Completion form

9 Existing Read Acknowledge Registration Yes

User message form

77
5.3.1.3 Building Operation Model

On the client side, secure socket layer should be enabled in the browser. The client should be

registered in administrative domain. User name and password should be provided in order to

make it authenticated access to the server. On the server side make sure that web application

is placed on the proper place according to need of session management.

This was given by Shah in 2003 (Shah, A., 2003) in his case study for OODM and we have

modified it according to S-OODM.

5.3.1.4 Building Security Model

Proper login page is provided before starting of web application.

IsActive (account No): Boolean

Validate (account No, password): Boolean

Login
Setup_Deatils (accountNi): String

Check_role (account No): String

Figure 5.2: Login verification using security

5.4 Design Phase

Design of Models According to S-OODM

 Component model

78
  Navigation model

 Operation-partitioning model

 User interface model

 Security Model

This was given by Shah in 2003 (Shah, A., 2003) in his case study for OODM and we have

modified it according to S-OODM by incorporating the security issue. In chapter 4, we gave

a detailed description of the design phase of the proposed development method. In this

section, we discuss the design phase using UNIVERSITY hypermedia application as an

example to show how the design process works. Input to the design phase is the analysis

report containing information model, navigation model, operation model and security model.

The design phase is performed in five steps. First: building component model design step.

This design step is concerned with structuring and presenting multimedia information of each

page-class. Second: building navigation model design step. This design step is concerned

with designing navigation paths using navigation primitives. Third: building operation

partitioning model design step. This design step is concerned with detailing each

hypermedia application operation into sub-operations. These sub-operations are then

partitioned into client and server operations. Fourth: building user interface model design

step. This design step is concerned with describing interface elements for the following:

page-classes, multimedia information, hyperlinks, operations input and output, and

navigation primitives. Fifth: security model design step. This design step is concerned with

the security issues in the above described four models.

Next, we describe each design step in more details using UNIVERSITY hypermedia

application as an example for illustration.

79
5.4.1 Building Component Model

Related multimedia attributes of a page-class are collectively known as Component Model.

Its objectives are described as follows:

 To identify classes of pages.

 To identify components of a page-class.

 To identify multimedia attributes of a component of a page-class.

Its main contribution to the design phase is that it provides a component model as an input to

Building Navigation Model and Building User Interface Model. It also gives an

understanding of components, relationships among them and their access sequences and

provides the security among the components. This was given by Shah [2003] [4] in his case

study for OODM and we have modified it according to S-OODM.

Component design step deals with structuring and presenting the multimedia information of a

page-class. Presenting multimedia information about an entity in one single page which

might be very long may causes difficulties in accessing information in that page and may

disorient users. Also, presenting multimedia information about an entity in different pages

causes difficulties in accessing the information since information are fragmented over

different pages and the long time required loading each page. Therefore, in this design step,

we divide each page-class into a set of meaningful components that can be accessed

individually by users, but can be presented to users in one single page.

In this design step, each page-class in the user model is subdivided into a set of components.

Each component contains a set of related multimedia attributes of the page-class. For

example, Table 5.5 shows the Department page-class subdivided into five components:

general information, objectives, statistics, location, and requirements. The general

information component contains the following multimedia attributes, name, creation date,

80
description, image, and video clip. The objective component contains a text description about

the objectives of establishing the Department. The statistics component contains two charts

showing both courses taught and students graduated per year. The location component

contains a map showing the location of the Department and a text description of the map. The

requirement component contains a text description about the requirements for joining the

Department. These five components are presented to users in the following order: general

information, objectives, requirements, statistics and then location.

Components Multimedia attributes Order of

access

General Name, creation date, description, image, 1

information video clip

Objectives Objectives 2

Requirements Requirements 3

Statistics Statistic one, statistic two 4

Location Location one, location two 5

Table 5.5: Components of the Department page-class OODM [Shah, A., 2003]

As another example, information about a Faculty page-class is presented to users using five

components as shown in Table 5.6. These components are: general information, specialty,

research interest, qualification, and job history. The general information component contains

the following multimedia attributes, name, description, image, sound, and video clip. The

specialty component contains a text description about the Faculty specialty. The research

interest component contains a text description about the research interest of the Faculty. The

81
qualification component contains a text description about the Faculty qualification. The job

history component contains a text description about the job history of the Faculty. The

components are presented to users in following sequence: general information, specialty,

research interest, qualification and then job history.

Components Multimedia attributes Order of

access

General information Name, description, image, video clip, sound 1

Specialty Specialty 2

Research interest Research interest 3

Qualification Qualification 4

Job history Job history 5

Table 5.6: Components of the Faculty page-class: OODM [Shah, A., 2003]

In Component model, by considering the Faculty page-class, we have five components:

 General Information

 Specialty

 Research Interest

 Qualification

 Job History

We have to add security in some of its components, like general information so that nobody

can get access to it, except the authorized person. Similarly security is added to the

qualification component. Those components in which we add security is known as vital

components.

82
5.4.2 Building Navigational Model

The navigational model is used to design the information structure of a web based

application. This information structure helps the user to navigate web pages. It provides

various levels of navigation such as local navigation, global navigation, instance navigation

and menu navigation. Navigational model is constructed with the following objectives:

 To find and define the various ways of navigating a web page or web pages.

 Easy and efficient access of information from the web pages with security.

Its major contribution is that it provides help in building User Interface Model. Because this

model defines various modes of navigating the web page(s), therefore without this model it is

very difficult to build a user interface model. It helps the user in visiting web pages through

various navigation constructs. It works as a map and guides the user to reach a specific

location in a web page or on another web page. . This was given by Shah in 2003 [4] in his

case study for OODM and we have modified it according to S-OODM.

In the navigation design step, we design the navigational paths that enable hypermedia

navigation. The goals of this design step are as follows. First: to convey the information

structure contained in a hypermedia application to users. Therefore, users will be able to

understand the information structure easily. Second: to help users in accessing the desired

information easily. Third: to orient and guide users while navigating through web pages of a

hypermedia application. Fourth: to provide a single diagram describing how users navigate

through web pages. Therefore, maintaining the hypermedia application will be easier and the

reusability of the navigation components becomes high. Fifth: to provide a base for

implementation and testing phase. Therefore, implementation will be easier since

implementers need only to map navigation components to its corresponding implementation

components.

83
 In this design step, navigation paths are categorized into three different types: First: local

navigation paths followed by users to access components of one page-class. For example

moving from the specialty component of a Faculty page to the qualification component of the

same Faculty page. Second: instance navigation paths followed by users to access Web pages

of the same page-class. For example moving from a page representing information about a

Faculty to another page representing information about another Faculty. Third: global

navigation paths followed by users to move from a page-class to another related page-class.

For example, moving from a page representing information about a Faculty to a page

representing information about the Department that the Faculty is working in.

During this design step, we use navigation primitives: uni-directional link, bi-directional link,

index, embedded index, guided tour, indexed guided tour, embedded indexed guided tour,

and menu. These navigation primitives are used to design the navigation paths defined in the

user model. For example, a graphical representation of how navigation primitives are used to

design local, instance, and global navigation for the Department page-class. The description

of the design of these three navigation path types for the Department page-class is given next.

i. Local navigation paths: Users can access different components containing information

about a Department using an index containing a list of hyperlinks pointing to those

components.

ii. Instance navigation paths:

 From a college to its Department: Users can navigate through Department pages

belonging to a college using guided tour commands such as forward and backward

commands.

 From a Faculty to his Department: One Department page is displayed since a

Faculty belongs only to one Department.

84
  From a degree program to a Department: One Department page is displayed

since a degree program belongs only to one Department.

iii. Global navigation:

 From a Department to its College: Users can access a Department of the College

by clicking on a hyperlink labeled with ‘Department College’.

 From a Department to its Faculties: Users can access Faculties teaching in that

Department by clicking on a hyperlink labeled with ‘Department faculties’.

 From a Department to its offered Degree programs: Users can access Faculties

teaching in that Department by clicking on a hyperlink labeled with ‘Department

faculties’.

C o lle g e

D e p a rte m e n t P ro g ra m
F a c u lt y

Figure 5.3: A graphical representation for navigating Department page-class: [OODM:

Shah, A., 2003]

Figure 5.4 shows a graphical representation of how navigation primitives are used to design

local, instance, and global navigation for the College page-class. The description of the

design of these three navigation path types for the College page-class is given next.

85
 i. Local navigation paths:

Users can access different components containing information about a College using an

index containing a list of hyperlinks pointing to those components.

ii. Instance navigation paths:

 From UNIVERSITY to its Colleges. Users can navigate through Colleges belonging

to UNIVERSITY using an index containing hyperlinks pointing to Colleges.

 From a Faculty to his College: One College page is displayed since a Faculty

belongs only to one College.

 From a Department to its College: One College page is displayed since a

Department belongs only to one College.

 From a Library to its College: One College page is displayed since a Library

belongs only to one College.

 From a Research center to its College: One College page is displayed since a

Research center belongs only to one College.

iii. Global navigation paths:

 From a College to its Departments: Users can access Departments of a College

using an index of hyperlinks pointing to the College Departments.

 From a College to its Faculties: Users can access faculties teaching in the College

using an index of hyperlinks pointing to College faculties.

 From a College to its Library: Users can access the Library of a College by

clicking on a hyperlink labeled with ‘College library’.

 From a College to its Research center: Users can access the research center of a

College by clicking on a hyperlink labeled with ‘College research center’.

86
  From a College to UNIVERSITY home page: Users can access UNIVERSITY

home page by clicking on a hyperlink labeled with ‘UNIVERSITY home page’.

Figure 5.4: A graphical representation of navigating College page-class [OODM: Shah, A.,

2003]

Figure 5.5 shows the complete navigation model for UNIVERSITY. All navigation paths in

the user model are designed using navigation primitives. Furthermore, abstract classes are

replaced with menu navigation primitive. For example, UNIVERSITY and Publication page-

classes are replaced with menu navigation primitive.

In Navigation Model, We have to add security in some navigation primitives. By

considering the Faculty page-class, we add security in its general information component. In

a case, when an unauthorized person wants to navigate from general information to next

page, it will not be provided the access, because factor of security is involved in the

navigation primitive.

87
 Complete navigational model for the UNIVERSITY WA.

Figure 5.5: Complete navigational model for the UNIVERSITY WA:[OODM: Shah, A.,

2003]

88
5.4.3 Building Operation-partitioning Model

Building Operation-partitioning Model was first generated by (Shah, A., 2003) for OODM; it

has to be reconstructed accordingly for S-OODM. This model is concerned with the

following processing units:-

 Building an object-interaction graph(OIG)

 Completing and refining Operation Partitioning Model.

Its main objective is to identify objects and relationship among them. This model provides

implementation approach of the web application. All objects and their relationship are

defined in this model.

This design step is concerned with detailing each hypermedia application operation in the

operation model resulted from the analysis phase. To describe each operation in details we

use the Object Interaction Graph (OIG) of Fusion method. For example, Figure 5.7 shows the

registration operation detailed using OIG. The registration operation has been detailed into

three main operations: First, validation operation that validates the user input by insuring that

both user id and course name have values. Second, conflict operation that checks if the

course that need to be registered has either time conflict or a prerequisite conflict. Third, add

operation that adds the course to the list of registered courses for that student.

89
 Validate():Bollean
1
Add(user id, course name )

Register(user id, course name ):message A: CIMS 3

2.2
2.1 Check_conflicts(user id, course name): Boolean

Check_Max(user id, course name):Boolean

Check_Pre(user id, course name): Boolean

Figure 5.6: The registration operation detailed using both OIG:[OODM: Shah, A., 2003]

The next step is to give an algorithmic description of each sub-operation resulted from

detailing each hypermedia application operations. For example, Figure 5.7 shows algorithmic

descriptions of the Object Interaction Graph for the registration operation.

Operation CIS: Register(user id, course name): message

Operation CIS: Set-permissions(user, information class): message

Check to see if the input is valid (1)

if yes then

check if there is no conflict (2)

if yes then

add the record

else

return an conflict error message

else

return an invalid error message

method CIS: Validate(user id, course name): Boolean

if the user id is entered and course name is entered then

return true

else

90
 return false

method CIS: check conflicts(user id, course name): Boolean

if the user is at maximum of hours then (2.1)

return false

else if the course requires a prerequisite then (2.2)

return false

else

return true

method CIS: Check_Max(user id, course name): Boolean

if the user is at maximum of hours then

return false

else

return true

method CIS: Permit(user , information class): Boolean

if the user has access permissions for the specific information class

then

return true

else

return false

method CIS: Check Pre(user id, course name): Boolean

if the course requires a prerequisite then return false

else

return true

Figure 5.7: Modified Algorithmic descriptions of the OIG for the registration operation:

[OODM: Shah, A., 2003]

91
The final step is to partition the operations into client and server operations. Client operations

are performed at the client side and can be implemented using Java script, VB script, Java

applet, etc. Server operations are performed at the server side and can be implemented using

different techniques such as: First: Common Gateway Interface (CGI) using Java, C++.

Second: Remote Methods Invocation (RMI) using Java. Third: Common Object Request

Broker (CORB) using C++, Java, etc. During this step designers build their decision whether

an operation need to be either a server or a client operation mainly on performance issue. For

example, when a user wants to register a course, the user input should be checked for bad

input. However, when the validation operation is designed to be a server operation, the user

will be informed about bad input only by sending an HTML page from the server back to the

browser.

In Operation Partitioning Model, some operations required to check the security. In the

case of Faculty page-class, the login operation requires security to check that whether the

user and its password are valid or invalid only. The valid user has only the right to add, delete

and modify the information.

5.4.4 Building User Interface Model

The designing of user’s perception and interaction with web application has been deal in this

processing unit. Then the user interface design produces a consistent and predictable

appearance of web application pages. Shah, A., (2003) has built up Interface Model for

OODM and we have reused it to in-cooperate security in S-OODM.

In this model, we have introduced the cohesion metric which helps to measure the cohesion

in terms of relationship between data on one Interface.

In user interface, there are number of components but this is not necessary that user can get

access to every component. Some components may involve security issues in it. Those

components which are critical or vital, they need security. Access is given to only authorize

92
person. In Faculty page-class, only Faculty members get access to all components, but other

users can only visit the components. Moreover they are not authorized to change those

components because we have added security to it.

Figure 5.8: five frame based user interface:[OODM: Shah, A., 2003]

5.4.5 Building Security Model

This model provides security at each step of the design phase. Security is implemented by a

security manager. The security is achieved by implementing security at various levels: such

as, at the user level by defining various roles like administrator, super user and user.

Similarly, security is also achieved by various levels of security such as secret, classified and

unclassified. Security is achieved at permission level by permitting a user to update, create,

edit and delete a record. Its sole purpose is to secure information from unauthorized access.

This model has contributed at each step of the design phase. For example in Component

Model it has contributed by securing components and in Navigational Model it has

contributed by securing navigation paths. For example, a user may not be allowed to access a

web page or particular link etc. Similarly it has also contributed in Operation Partitioning

93
Model because security is actually implanted in business logic and some code, method or

attributes may not be allowed to be accessed by other objects or users.

In Component model, by considering the Faculty page-class, we have five components:

 General Information

 Specialty

 Research Interest

 Qualification

 Job History

We have to add security in some of its components, like general information so that nobody

can get access to it, except the authorized person. Similarly security is added to the

qualification component. Those components in which we add security is known as vital

components.

In Navigation Model, We have to add security in some navigation primitives. By

considering the Faculty page-class, we add security in its general information component. In

a case, when an unauthorized person wants to navigate from general information to next

page, it will not be provided the access, because factor of security is involved in the

navigation primitive.

In Operation Partitioning Model, some operations required to check the security. In the

case of Faculty page-class, the login operation requires security to check that whether the

user and its password is valid or invalid. Only valid user has the right to add, delete and

modify the information.

94
 Chapter 6

Evaluation of Results and Discussion

6.1 Schema Metric Evaluation

Over All Design Complexity of Web Application. These are different access sequences of a

link tree.

Figure 6.1: Shows different access sequences of a link tree

This metric measures the depth of an access sequence of web application. And also calculate

performance of a web application in terms of searching time of a web application.

k
L A S j  i1
 ij

LA S j  5

95
 N k
DC  
j 1 i 1
ij

DC =1+1+1+1+1+1+1+3+1+6+2+3+3+3+3+3+2+5+3

DC  44

By knowing the overall complexity of a web application, the designer can measure

complexity and reduce it at the time of design. Because performance of a web application

depends on searching time of a web application

6.2 Space Complexity Metric Evaluation.

We can quantify each internal node by the weight wi . Where wi is sum of the memory

space and multimedia information/data that the page is carrying.

Table 6.1: Multimedia attributes & their type of Department page-class

96
With the help of this metric we can calculate the space complexity of a web application.

n m

 
n m
C wj
SC   wi S wi  wj
i 1 j 1
i 1 j 1

SC  1230K B

We can quantify each internal node by the weight wi . Where wi is sum of the memory space

and multimedia information/data that the page is carrying. With the help of this metric we

can calculate the space complexity of a web application. Texts, images and videos have

different weights in terms of spaces in memory. These metrics developed by us help the

designer, at the time of design, to reduce the complexity and cost of the web-application. If

these values come out to be high, the designer can reduce space, cost or time requirements to

an optimum value.

6.3 Component Model Evaluation

6.3.1 Reusability Metric

Reusability metric helps to measure the depth of an independent path and overall complexity

of web application.

97
98
According to the figure the total no. of nodes involved in an independent path are 9.By

putting this value in equation

Page/node = 9

j
RASj  
i 1
R ij

RASj = 9

It means depth of a tree is 9

where depth of the tree should be ≤ 5 and can be maximum 8.

Reusability decreases the space, cost and time of a project. By measuring the reusability at

the time of design the designer can save the valuable resources by keeping ( hi ≤ 5) of its

components and thus can save valuable resources like time , cost and space.( Chidamber,

Kemerer)

6.4 Navigational Model Evaluation

6.4.1 Navigational Accessing Time Metric

Calculate time involved between two consecutive nodes of an access sequence.

Figure 6.3: Shows different access sequence of a Link tree

99
By putting the values of access sequences in metric

For the first case: home Faculty

n=2

T = (2-1)

T = (1)

For the second case: home College Faculty

n=3

T = (3-1)

T =(2)

For the third case: home College Department Faculty

n=4

T = (4-1)

T =(3)

For the forth case:

home College Department program course Faculty

n=6

T = (6-1)

T = (5)

For the fifth case:

home College Department program course Faculty dissertation

n=7

T = (7-1)

T = (6)

As the number of nodes involved in a path to reach the goal is increased, then the total

accessing time to reach the specific node will also increase. From this metric we can calculate

100
 how much time an operation takes to complete a task, so that complexity remains under

limits. The case was moving towards complexity as its value of nodes is 6.

6.5 Operation-Partitioning Model Evaluation

6.5.1 Operation Performance Metric

By taking two cases of Faculty page-class:

         
   

Pk
hi

               

   

     

Case 1 Case 2

Figure 6.4: Different cases for Operation Performance

The Faculty page-class has five components and their height is 1 (hi = 1) and the height of

their attributes is 2. Putting these values in the proposed metric for the first case we get:

  (0  P  1)
P Pk
hi hi

Here assume k=1 as k is the proportionality constant.

101
 Putting k=1 in the metric, we get:

k
P 
hi
Now putting hi = 1


P
hi


P


P  (0  P  1)
In this case, as value of P is 1 means efficiency has increased, readability has decreased.

This also indicates that our application is more cohesive.

Now putting hi = 2,


P


P  0 .5

In this case, as performance has decreased, readability has increased. Application has become

less cohesive. As height is increasing, efficiency goes on decreasing.

In Operation performance metric, as value of P is 1 means efficiency has increased and

readability has decreased. This also indicates that our application is more cohesive. But as

value decreases, performance also decreases, whereas, readability increases. In this case, the

application becomes less cohesive. Also, as height increases, efficiency decreases. Basically

with the Operation Performance Metric we are able to calculate the overall performance and

efficiency of a web-application.

102
6.6 User Interface Model Evaluation

6.6.1 Interface Coherence Metric

6.6.1.1 High Cohesion

 

     
 

Pk
hi

   

   

Figure 6.5: Interface that shows navigation between attributes of the same component

The cohesion is said to be high if data on one interface shows the navigation between

attributes of the same component.

High cohesion can be calculated as:

P s
C o h 
P WA
1
C o h 
5
C o h  0 .2
103
6.6.1.2 Medium Cohesion

     
 

P k
hi

     

   

   

Figure 6.6: Interface that shows navigation between attributes of different components

Pr
C om 
PWA

2
C o m 
5
C o m  0 .4

104
6.6.1.3 Low Cohesion

105
Low cohesion of the given interface is given as under:

P dr
C o l 
P W A
4
C o l 
5

Co l  0.8
High, medium and low cohesion is

C o h  0 .2

C o m  0 .4
C o l  0 .8

If coherence lies between (0 ≤ C ≤ 1) it shows, that if value is near to 1, it means coherence

is low and if far from 1 means high coherence.

If high coherence is achieved, the user can be restricted to one screen for accessing its

components. The interface coherence metrics enables the designer to measure the coherence

and then improve it, which was not possible in case of OODM or any other methodology.

The relevancy and time saving has been increased and navigational effort has been reduced

as more and more information from the same page can be obtained.

6.7 Security Model Metrics Evaluation

6.7.1 Security Risk Metric

By considering the Faculty page-class example, from the case study, we calculate Vital

Component Ratio as follows:

106
  

     
 

P  k
hi

   

   

Figure 6.8: Faculty page-class showing 9 multimedia attributes

There are totally 9 attributes in Faculty page-class namely: Name, Description, Image, Video,

Sound, Specialty, Research, Qualification and Job History.

Five of these attributes are crucially vital making any changes to any of these 5 attributes

brings about a multi-fold effect on the rest of the attributes. Keeping this in view, we insert

these values into our metric.

 P i
5
V C R  i  1
n
  0 .5 6 V C R  1
9

i  j
P ij

The calculated value is 0.56 and if the value of VCR approximately 1, then it is said to be

more critical in terms of security so this component is critical.

107
The value of (approximately 1) then we can say it is more critical in terms of security. As the actual

value obtained was above 0.5 so it can be said that from security point of view this component is more

critical. This metrics thus provide valuable information to the designer related to the security concern

of each component.

108
 Chapter 7

Conclusion and Future Directions

The object-oriented design methodology (OODM) was proposed by Shah in 2003 (Shah, A.,

2003) to design web applications. In this dissertation, we have first extended the

methodology by including security element in the methodology, and it is referred to as the

secure object-oriented design methodology (S-OODM) for web applications. Note that the

original version of the methodology (OODM) did not include security aspect of a web

application while designing it. In the upgraded version of OODM, i.e., S-OODM, this aspect

has been taken care of.

Another work that we have done in this dissertation is the proposals of the design metrics of

the design elements of a web application that has been design using S-OODM. In the next

two sections, we give concluding remarks of our both works in this dissertation, and give

future directions of both works.

7.1 Conclusion

As we have mentioned earlier that in this dissertation we have accomplished two tasks, the

first task is the up-gradation of the original version of OODM and enabling it to develop a

secure design of web applications. Note that in OODM the security aspect of web

applications was not addressed during designing web applications. To include security aspect

in designing web applications, we have included Security Model in OODM that makes

OODM as S-OODM. This model designs and includes security aspects in a design of a web

application. The security is implemented in the S-OODM through a security model. This

model consists of rules, permissions and level of security. Every model in the S-OODM calls

this model for security. The problem statement, information model and operation model are

109
its input, which are used for defining the securities policies, accessing roles and permissions.

There are several roles e.g., Administrator, Super user, user which have set of permissions

e.g. Update, Create, edit, delete Roles are inherited - a subfolder can have different

permission set for the role as the parent folder. Users and groups are given roles. Again, user

can have different roles in the different part of the site.

The second task of this dissertation that we have done is that we have taken the design and

different moles of S-OODM that are used in the design of a web application and proposed

design metrics to evaluate design quality of the web application.

The main design elements of the upgraded methodology (S-OODM) are: i) Link-Tree which

gives an overall logical view (schema) of a web application, ii) Link-Directory, iii)

Operational Model, iv) Navigational Model, v) Operation Partition Model, vi) Interface

Model, vii) Security Model. These models design different aspects of a web application. In

this dissertation, we have proposed design metrics to evaluate the overall quality of a design

by evaluating schema of a web application, which is represented by a link –tree (for details

see Chapter 4), and these models evaluate the different aspect of the web application.

Through these design metrics we can evaluate design quality of a web application and its

different design aspects and assess overall performance of a web application and performance

of its different modules before going to implantation. After the design, if we come to know

about the design quality of a web application, then we are in position to do some important

decisions about the development of the web application before going to implementation.

Hence, we can save the development cost and effort of web applications.

There is another use of these proposed design metrics. In the case, we have two different

designs of a same web application, and we have to decide that which design should be used in

further development of the web application. In this situation, we can decide this by evaluating

and comparing the proposed design quality metrics of both designs. Using these proposed

110
metrics we can tell which design is overall better than other. We can also compare different

aspects of both designs using the model evaluating metrics and can compare them aspect-

wise.

7.2 Future Directions

The methodology, OODM/S-OODM, is believed one of first web application development

methodologies. It provides a complete, detailed and step-wise development process.

Therefore, it needs to be automated. In future work in this direction may be done. There can be

another future direction of this work can be to upgrade this methodology (S-OODM) for the

development of semantic web applications. For handling sub-domains extension of the S-

OODM is required as it handled presently only domain.

111
 APPENDIX I

Processing Steps of S-OODM in the Form of Algorithms

(Modified originally proposed for OODM)(A.Shah 2003)

Design Phase Algorithms

Building Component Model

INPUT: Building component Model

OUTPUT: Component Model with security

STEP1: /* Building secure components for page-classes

FOR each page-class in the information model DO

CREATE a set of components for the page-class

FOR each multimedia attribute of the page-class DO

ADD security to the vital multimedia attribute TO the

corresponding component

END {FOR}

END {FOR}

END {STEP 1}

STEP 2: /* Building secure access sequence for components

FOR each page-class in the information model DO

FOR each vital components of the page-class DO

ASSIGN the security and access sequence number

END {FOR}

END {FOR}

END {STEP 2}

112
Building Navigation Model

INPUT: component model and user navigation model

OUTPUT: navigation model with security

STEP 1: /* Building local navigation

FOR each page-class components DO

DEFINE either an index or guided tour navigation primitive to

security access components

END {FOR}

END {STEP 1}

STEP 2: /* Building instance and global navigation

FOR each page-class DO

FOR each incoming path to the page-class check security DO /*

instance navigation

IF the path represents a one-to-one relationship THEN

REPLACE the path WITH a bidirectional link

ELSE

REPLACE the path WITH an index, a guided tour, an indexed

guided tour, embedded index, or embedded indexed guided tour

END {IF}

END {FOR}

FOR each outgoing path from the page-class check security DO

/* global navigation

IF the path represents a one-to-one relationship THEN

REPLACE the path WITH a uni-directional link

113
 ELSE

REPLACE the path WITH an index, a guided tour, an indexed

guided tour, embedded index, or embedded indexed guided tour

END {IF}

END {FOR}

END {FOR}

END {STEP 2}

STEP 3: /* replacing abstract classes with the menu primitive

FOR each abstract page-class in the user navigation model

check securities DO

REPLACE the abstract class WITH the menu navigation

primitive

END {FOR}

END {STEP 3}

STEP 4: /* Completing and refining navigation model with

security

FOR each navigation model of a page-class DO

INSERT the navigation model of the page-class INTO the

navigation model

END {FOR}

END {STEP 4}

END {ALGORITHM}

114
Building Operation Partitioning Model

INPUT: Operation Model

OUTPUT: operation-partitioning model with security

STEP 1: /* building object-interaction graph

FOR each dynamic class DO

FOR each operation in the dynamic class DO

DETAIL operation INTO sub-operations using object interaction

graph

END {FOR}

END {FOR}

END {STEP 1}

STEP 2: /* building an algorithmic form for operations by

incorporating security

FOR each object-interaction graph DO

FOR each operation in the object-interaction graph DO

BUILD an algorithmic form for the operation

END {FOR}

END {FOR}

END {STEP 2}

STEP 3: /* Completing and refining operation-partitioning

model with security

FOR each dynamic class DO

FOR each operation in the dynamic class DO

115
CHECK that an object-interaction graph has been built for the

operation

CHECK that what kind of operation is to be performed against a

query. The user might be of any level (Administrator, super

user, user)

CHECK that an algorithmic form has been built for

Operations in the object-interaction graph

END {FOR}

END {FOR}

END {STEP 4}

END {ALGORITHM}

Building User Interface Model

INPUT: component model, navigation model, operation

partitioning

model, and navigation model

OUTPUT: user interface model with security

STEP 1: /* building component user interface with security

FOR each page-class not abstract classes DO

FOR Each component DO

FOR each multimedia attribute in the component check

securities DO

DEFINE user interface elements for the multimedia attribute

END {FOR}

116
END {FOR}; MAP the page-class components TO data frame

END {FOR}

END {STEP 1}

STEP 2: /* Defining interface elements for navigation

primitives by checking security

FOR each page-class not abstract classes DO

DEFINE user interface element FOR the local navigation

primitive

MAP local navigation primitive TO local navigation frame

FOR each navigation primitive representing instance navigation

check security DO

DEFINE user interface elements for the instance navigation

primitive

CREATE a new five-frame user interface FOR the page-class

MAP the page-class components TO data frame

MAP local navigation primitive TO local navigation frame

MAP instance navigation primitive TO local navigation frame

END {FOR}

FOR each navigation primitive representing global navigation

check security DO

DEFINE user interface elements for the global navigation

primitive

END {FOR}

END {FOR}

END {STEP 2}

117
STEP 3: /* Building interface elements for operations with

security

FOR each dynamic page-class DO

DEFINE a form page

FOR each operation of the page-class check security DO

DEFINE interface element for the operation button; DEFINE

interface elements for the input

DEFINE interface elements for the output

END {FOR}

END {FOR}

END {STEP 3}

STEP 4: /* building interface elements for user navigation

model

DEFINE interface elements FOR the home page

FOR each user class DO

DEFINE a menu page FOR the user class containing page-classes

that can be accessed from the home page

FOR each page-class accessed by the user class check security

DO

IF the page-class is an abstract class THEN

DEFINE a menu page FOR the abstract page-class containing

page-classes that can be accessed by the user class

ELSE

118
DEFINE a new five-frame user interface FOR the page-class

MAP the page-class components TO data frame

MAP local navigation primitive TO local navigation frame

MAP instance navigation primitive TO local navigation frame

ADD global navigation primitive TO global navigation frame

END {IF}

END {FOR}

DEFINE connection between page-classes accessed by the user

class

END {FOR}

END {STEP 4}

END {ALGORITHM}

119
 References

[1] Norman E. Fenton and Shari Lawrence Pfleeger., Software Metrics: “A Rigorous and
Practical Approach”, 2nd edition International Thomson Computer Press, 1997.

[2] Norman Fenton., Software Measurement: “A Necessary Scientific Basis”, IEEE

Transactions on Software Engineering, Vol 20, No. 3, March I994.

[3] Tom DeMarco., “Controlling software projects: management, measurement &

estimation”, foreword by Barry W.Boehm Publisher, New York, NY, Yourdon Press,
1982.

[4] Abad Shah., “OODM: An Object-Oriented Design Methodology for Development of

Web Applications”, King Saud University, Kingdom of Saudi Arabia ,P. 189-229,
Idea Group, Inc, Copyright © 2003.

[5] Karl.E. Wiegers., “ A Software Metrics Primer”, Copyright © 1999.

http://www.processimpact.com/articles/metrics_primer.pdf

[6] Horst Zuse., “History of Software Measurement”, 14th September, 1995.

http://irb.cs.tu-berlin.de/~zuse/metrics/3-hist.html

[7] Chidamber. S and Kemerer., “A metric suit for Object Oriented Design”, IEEE
transactions on Software Engineering, Vol 20, 1994.
(http://www.aivosto.com/project/help/pm-oo-ck.html)

[8] Roger S. Pressman., “Software Engineering A Practitioner’s Approach”, Fifth Edition

2001.

[9] Sommerville., “Software engineering by Sommerville”, Feb 2008.

120
[10] Shazia & Shah, A., “Proposed life cycle model for web based hypermedia application
development methodologies”, International conference on systems and software
engineering, U.S.A. 2006.

[14] Arthur,L,J., “Measuring programmer Productivity & Software quality”, Wiley, New
York, 1985.

[15] Everald E. Mills., “Metrics in the software engineering curriculum”, Pages: 181 – 200
Volume 6, Issue 1-4, ISSN: 1022-7091, April 1999.

[16] Everald E. Mills., “Metrics in the software engineering curriculum”, publish in journal
Annals of Software Engineering ISSN, 1022-7091 (Print) 1573-7489 (Online), Issue,
Volume 6, Numbers 1-4 / March, 1998, Pages, 181-200 Springer link date, Thursday,
October 28, 2004.

[17] Fernando Brito e Abreu., “Design Quality Metrics for Object-Oriented Software
Systems”. ERCIM news No. 23, Volume 6 Issue 4, October 1995.

[18] krell,Bruce E., “Ada software Development Methodology with case study”, Tutorials
of Tri-Ada 1990, Tri-Ada conference, Baltimore, Maryland, December, 1990.

[20] Firesmith Donald., “Structured Analysis and Object-Oriented Design are not
Compatible”, ACM Ada Letters, Volume XI, Number 9, 1991.

[21] Shumate Ken., "Structured Analysis and Object-Oriented Design are Compatible"
ACM Ada Letters, Volume XI, Number 4, 1991.

[22] Ivory, Rashmi R. Sinha, Marti A. Hearst., “Empirically validated Web page Design
Metrics”, Psychology Department/ EECS Department, UC Berkeley. Appearing in
ACM SIGCHI 01, Seattle, WA, USA , March 31- April 4, 2001.

[23] Halstead., “Elements of Software Science”, New York, Elsevier North-Holland, 1977.

121
[24] McCabe. T. J., A software Complexity Measure”, IEEE transaction of software
engineering vol. 2, pp.308-320, 1976.

[25] McCabe, T. J. and Butler, C.W., “Design complexity measurement and testing”
communications of the ACM, 32(12), pp.1415-25, 1989.

[26] McCabe & Associates., “McCabe Object Oriented Tool User” Instructions. 1994.

[27] Perssman R., “Software Engineering: A Practitioner's Approach”, McGraw Hill, New
York, 1992.

[28] Berard V. Edward., Essays on “Object-Oriented Software Engineering”, Volume I,

Prentice Hall, Englewood Cliffs, New Jersey, 1991.

[29] Cook Steve and Daniels John., “Designing Object Systems: Object-Oriented
Modeling with Syntropy”, Cambridge University, UK, 1994.

[30] Embley David, Kurtz Barry, and Woddfield Scott., “Object-Oriented Systems
Analysis: A Model-Driven Approach”, Prentice Hall, Englewood Cliffs, NJ, 1992.

[31] Halladay Steve and Wiebel Michael., “Object-Oriented Software Engineering”,

Prentice Hall, Kansas, 1993.

[32] Coad Peter and Yourdon Edward., “Object-Oriented Analysis”, Prentice Hall, Cliffs,
New Jersey, 1991.

[33] Coad Peter and Yourdon Edward., “Object-Oriented Design”, Prentice Hall,
Englewood Cliffs, New Jersey, 1991.

[34] Montgomery Stephen., “Object-Oriented Information Engineering”, Academic Press,

USA, 1994.
[35] http://en.wikipedia.org/wiki/Software_quality

122
[36] Civello Franco., “Roles for composite objects in object-oriented analysis and design”,
ACM SIGPLAN NOTICES, Volume 28, Number 10, October, 1993.

[37] Gilbert Philip., “Software Design and Development”, Science Research Associates,
USA, 1983.

[38] Gomaa H., “A Software Design Method for Real-Time Systems”, Communications of
the ACM, Volume 27, Number 9, September, 1984.

[39] Gomaa H., “A Software Design Method for Ada Based Real-Time Systems”,
Proceedings of the Sixth Washington Ada Symposium, June 26-29, 1989.

[40] Mange Geir, Guttorn., “On the purpose of Object-Oriented Analysis,” ACM
SIGPLAN NOTICES, Volume 28, Number 10, October, 1993.

[41] Nielsen, Kjell, and Shumate Ken., “Designing Large Real-Time Systems with Ada”,
McGraw-Hill, New York, 1988.

[42] Ward Paul., "How to Integrate Object-Oriented with Structured Analysis and Design”,
IEEE Software, 1989.

[43] Alessandro Marchetto., “A concerns-based metrics suite for web applications”,

Dipartimento di Informatica e Comunicazione Università degli Studi di Milano Via
Comelico 39, 20135 Milano, Italy, Accepted August 12, 2005.

[44] www.frontendart.com/monitor/help/node23.html - 11

[45] Dr. Linda H. Rosenberg., “Applying and Interpreting Object Oriented Metrics”,
October 1996.

[46] Ivory, R.R. Sinha, and M.A. Hearst., “Preliminary Findings on Quantitative Measures
for Distinguishing Highly Rated Information-Centric Web Pages,” Proc. 6th Conf.
Human Factors and the Web, June 2000.

123
[47] Ivory, R.R. Sinha, and M.A. Hearst., “Empirically Validated Web Page Design
Metrics”, Proc. Conf. Human Factors in Computing Systems, vol. 1, , pp. 53-60,
ACM Press, New York, Mar. 2001.

[48] http://docs.codecharge.com/studio3/html/index.html?http://docs.codecharge.com/
Studio3/html/ UserGuide/IntroWebProg/ArchitectureWebApps.html

[49] http://www.idi.ntnu.no/emner/dif8914/essays/Ziemer-essay2002.pdf

[50] Yourdon, E... JAVA., “The Web, And Software Development”, IEEE Internet
Journal, 25–32, 1996.

[51] Emilia Mendes, Nile Mosley, Steve Counsel., “ Web Metrics estimating design and
authoring effort ”, IEEE, January-March 2001.

[52] Rachel Fewster, Emilia Mendus, “Measurement, Prediction and Risk Analysis for
web Application”, Proceeding of the IEEE , 2002.

[53] Alessandro Marchetto, “A concerns-based metrics suite for web applications”, 2008.

[54] S. Hansen, S. Murugesan, Y. Deshpande and A. Ginge., “Web Engineering: A new

discipline for development of web-based systems”, In Proceedings of the First ICSE
Workshop en Web Engineering, 1999.

[55] Sven Ziemer., “An Architecture for Web Applications”, November 28th, 2002.

[56] Jacobson, I. Christerson, M. Jonsson, P. and Overgaard G., “Object-Oriented

Software Engineering: A Use-Case Driven Approach”, Addison-Wesley, 1992.

[57.a] Garzotto, F., Paolini, P., & Schwabe D. “Authoring-in-the-Large: Software

Engineering Techniques for Hypermedia Application Design”, Proceedings of 6th
IEEE International Workshop on Specification and Design, (193–201), 1991.

124
[57.b] Garzotto, F., Mainetti, L., Paolini, P., & Milano P., “Navigation Patterns in
Hypermedia Databases”, Proceedings of the 26th Annual Hawaii International
Conference on System Sciences, (269–379), 1993.

[58] Fernandes, H. “Online and Hypermedia Information Design”, Proceedings of the

IEEE Conference on Expanding Technologies for Technical Communication, pp 28-
32 1991.

[59] Garzotto, F., Paolini, P., & Schwabe D., “Authoring-in-the-Large: Software
Engineering Techniques for Hypermedia Application Design”, Proceedings of 6th
IEEE International Workshop on Specification and Design, pp 193-201, 1991.

[60] Garzotto, F., Mainetti, L., Paolini, P., & Milano P., “Navigation Patterns in
Hypermedia Databases”, Proceedings of the 26th Annual Hawaii International
Conference on System Sciences, pp 269-379, 1993.

[61] Balasubramaniam, P., Isakowitz, T., & Stohr E., “Designing Hypermedia
Applications”, Proceedings of the 27th Annual Hawaii International Conference on
System Sciences, pp 354–364, 1994.

[62] Isakowitz, D., Stohr, E., & Balasubramanian, P., “RMM: A Methodology for
structured hypermedia design”, Communication of the ACM, 38(8), 34–44, 1995.

[63] Herman, I. & Reynolds, G., “MADE: A Multimedia Application Development

Environment”, Proceedings of the 27th Annual Hawaii International Conference on
Systems Sciences, pp 184-194, 1994.

[64] Rumbaugh, J., Blaha, M., Premerlani, W., Eddy, F., & Lorensen, W., “Object
oriented modeling and design”, Englewood Cliffs, NJ: Prentice Hall, 1991.

[65] Schwabe D. & Rossi G., “Building Hypermedia Applications as Navigational Views
of Information Models”, Proceedings of the 28th Annual Hawaii International
Conference on System Sciences, (231–240), 1995.

125
[66] Gunnar Peterson., “Security Architecture Blueprint”. Arctec Group, LLC, 2006, 2007.

[67] Jehad Al Dallal., “A Design Based Cohesion Metric for Object-Oriented Classes”,
PWASET Volume 25 ISSN 1307-6884, November 2007.

[68] Sommerville, “Software engineering”, Feb 2008.

[69] Shazia & Shah, A., “Proposed life cycle model for web based hypermedia application
development methodologies”, International conference on systems and software
engineering, U.S.A. 2006.

[70] Shah, A., “A framework for life-cycle of the prototype-based software development
methodologies”, The Journal of King Saud University, 13(1): 105–124, 2001.

[71] Ghosheh, Emad and Black, Sue E. and Qaddour., Jihad (2007) “An introduction of
new UML design metrics for Web applicationns”, International Journal of Computer
and Information Science, 8 (4). ISSN 1525-9293, 11 Jan 2010.

[72] Edward B. Allen, Taghi M. Khoshgoftaar, Ye Chen., "Measuring Coupling and

Cohesion of Software Modules: An Information-Theory Approach”, London, England
April 04-April 2006.

[73] Emad Ghosheh, Sue Black, Jihad Qaddour., "Design metrics for web application
maintainability measurement", aiccsa, pp.778-784, IEEE/ACS, 2008.

[74] Judith Barnard, "A new reusability metric for object-oriented software", Software
Quality Journal 7, pp.35-50, 1998.

[75] Devpriya Soni, Ritu Shrivastava, M Kumar., “A framework for validation of object-
oriented design metrices", (IJCSIS) International Journal of Computer Science and
Information Security, Vol. 6, No. 3, 2009.

126
[76] Seyyed Mohsen Jamali., "Object oriented metrics (A Survey Approach)", Jan, 2006
http://ce.sharif.edu/~m_jamali/resources/ObjectOrientedMetrics.pdf

127