Professional Documents
Culture Documents
Methods and Techniques For Recommender Systems in Secure Software Engineering A Literature Review
Methods and Techniques For Recommender Systems in Secure Software Engineering A Literature Review
ISSN No:-2456-2165
Abstract:- Recommender Systems are software tools next activities, based on codes write from other developers.
that can assist developers with a wide range of activities, Many studies have analyzed the usability of security. Clark
from reusing codes to suggest developers what to do and Godspeed [4] and Whitten and Tygar [5] explore
during development of these systems. All recommender misuses of cryptography components from the end-user’s
systems should exert one or three of future point of view. Others analyze misuses of security APIs by
functionalities: Gathering Data and Creating Dataset, application developers. It is worth noting that that over
Static Analysis and Recommendation to user-by-user 83% of the vulnerabilities they analyzed from the CVE
interface. In this paper, we have presented a literature database were due to misuses of cryptography libraries
review in the field of recommender systems. Papers are while only 17% were caused by implementation bugs in the
aggregating by their context in three main groups: cryptography libraries themselves [4].
Mechanism to Collect Data, Recommendation Engine to
Analyze Data and Generate Recommendations and The aim of this paper is therefore to study the existing
User Interface to Deliver Recommendations. In the research in methods and techniques for recommender
conclusion are presented number of reviewed paper for systems in software engineering, in order to analyze the
each category. state-of-art and to identify future directions. The method
consists of the application of a systematic mapping study to
Keywords:- Recommender Systems, Machine Learning, extract as much literature as possible.
Software Engineering, Data Mining Techniques, Control
Flow Graphs. In order to identify related work, more than 150
papers selected have been classified by recommendation
I. INTRODUCTION task and theirs sub categories and present a brief
introduction to each paper or technique. At the end of each
Software developers have always used tools to section a summary is presented regarding the gap identified
perform their work. In the earliest days of the discipline, in literature review, comparing with approach of using code
the tools provided basic compilation and assembly type through a control-flow graph which latter can be used
functionality [1]. Then came tools and environments that for generating a dataset for recommendation purposes.
increasingly provided sophisticated data about the software
under development [1] [2]. Nowadays, the systematic and II. RESULTS AND DISCUSSION
large-scale accumulation of software engineering data
opened up new opportunities for the creation of tools or In modern software development, API are means to
APIs (Application Programming Interfaces), that infer encapsulate responsibilities and facilitate code reuse and
information estimated to be helpful to developers in a given they are widely used in statically typed programming
context. languages. Typical RSSE approaches apply static analyses
to extract information about the usage of these APIs from
One way for helping developers during daily the source code of many projects. Some RSSE techniques
development activities is reusing code from previous learn general patterns from source code by treating it as text
project that they have developed or reuse code from or just on the syntax level [6].
projects developed from other developers. Today, there are
online platforms (like Stack Overflow. GitHub etc.), in In order to identify related work, we consulted a
which developer posts their projects or snipped code from recent comprehensive survey and some recent publications
projects, these codes therefore can be used by other renowned software engineering conferences. In the next
developers in their own projects. In most cases, these codes sections, we will present paper recommenders grouped by
are used in worst fashion possible, copying from source and their recommendation task and present a brief introduction
paste in their projects. This approach can be very risky to each paper or technique.
reusing code in this way, considering that from 1.3 million
Android applications that are analyzed 15.4 % contained A. Mechanism to Collect Data
security-related code snippets from Stack Overflow. Out of While for researchers in different field of studies, data is
these 97.9 %, contain at least one insecure code snippet [1] very important part of their research, for researchers in
[3]. recommender systems finding reliable data or dataset is one
of the biggest challenges. Nowadays versioned source code
Recommender Systems for Software Engineering is available in many public repositories of open-source
(RSSEs) are software tools that can assist developers with a projects, it is much harder to get access to more detailed
wide range of activities, from reusing codes to suggest change information or to activities that describe the in-IDE
developers what to do during development [5]. These tools (Integrated Developer Environment) development process.
can be used also to guide and recommend a developer for
Based on the most literature consulted during this [1.] M. P. Robillard, W. Maalej, R. J. Walker and T.
work, the recommendation systems for software Zimmermann, Recommendation Systems in Software
engineering (RSSEs) are defined as a software tools Engineering, Heidelberg New York Dordrecht
introduced specifically to help software development teams London: Springer-Verlag, 2014.
and stakeholders to deal with information seeking and [2.] M. P. Robillard, R. J. Walker and T. Zimmermann,
decision-making. "Development tools: Recommendation Systems for
Software Engineering," I E E E S O F T WA R E
They comprise three main components, which are [2]: www. c omp u t e r . o r g / s o f tw a r e.
Mechanism to collect data, [3.] F. Fischer, K. B¨ottinger, H. Xiao, C. Stransky, Y.
Recommendation engine to analyze data and generate Acar, M. Backe and S. Fahl, "Stack Overflow
recommendations, Considered Harmful? The Impact of Copy&Paste on
User interface to deliver recommendations. Android Application Security," IEEE Symposium on
Security and Privacy, 2017.
In this work we have presented past work from [4.] S. Clark, T. Goodspeed, P. Metzger, Z. Wasserman,
different researchers in the field of recommender systems, K. Xu and M. Blaze , "Why (special agent) Johnny
different approaches to the use of data mining algorithms (still) can't encrypt: a security analysis of the APCO
for static analysis and different tools that are developed as project 25 two-way radio system," in Proceedings of
outcome of these research and which now are using by the 20th USENIX conference on Security , Berkeley,
developers during coding processes. 2011.
[5.] Whitten and J. D. Tygar, "Why Johnny can't encrypt:
Based in literature review, in the table below are a usability evaluation of PGP 5.0," in Proceedings of
presented publication grouped by recommendation task and the 8th conference on USENIX Security Symposium -
theirs sub categories. Volume 8 , Washington, 1999.
[6.] R. Holmes and G. C. Murphy, "Using Structural
Recommenda Categories Publication Context to Recommend Source Code Examples," in
tionTask International Conference on Software Engineering
(ICSE), 2005.
Mechanism to Source Code [8],[9], [10], [11] [7.] L. Pickard, B. Kitchenham and a. S. Linkman, "An
Collect Data investigation of analysis techniques for software
Source Code [12], [13], [14], [15] datasets," in nternational Software Metrics
Under Symposium, 1999.
Developmen [8.] S. Shirabad and T. Menzies, "The PROMISE
t Repository of Software Engineering Databases.
School of Information Technology and Engineering,"
Meta Data [16], [17] http://promise.site.uottawa.ca/SERepository,
University of Ottawa, Canada, 2005.
[9.] Tempero, C. Anslow, J. Dietrich, T. Han, J. Li, M.
Interactions [18], [19], [20], [21],
Lumpe, H. Melton and J. Noble, "Qualitas corpus: A
[22]
curated collection of java code for empirical studies,"
in Asia Pacific Software Engineering Conference,
Recommendat [23], [18], [25], [26], 2010.
ion Engine to [27], [28], [29], [30], [10.] A. Sawant and A. Bacchelli, "A dataset for API
Analyze Data [31], [32], [33], [34], usage," in International Conference on Mining
and Generate [35], [36], [37], [38], Software Repositories, 2015.
Recommendat [48] [11.] R. Dyer, H. A. Nguyen, H. Rajan and T. N. Nguyen,
ions "BOA: Ultra-Large-Scale Software Repository and
Source-Code Mining.," Transactions on Software
User Interface Guiding [39], [40],[41], [42], [43] Engineering and Methodology, 2015.
to Deliver Software [12.] S. Negara, M. Vakilian, N. Chen, R. E. Johnson and
Recommendat Changes D. Dig, "Is it dangerous to use version control
ions histories to study source code evolution?," in
Code Search [44], [45],[2], [46], [47] European Conference on Object-Oriented
Table 1: Publication grouped by recommendation task Programming, Springer, 2012.
[13.] R. Robbes and M. Lanza, "SpyWare: A Change-aware
Development Toolset," in International Conference on
Software Engineering, ICSE, NY, 2008.
[14.] J. Spacco, J. Strecker, D. Hovemeyer and W. Pugh,
"Software Repository Mining with Marmoset: An
Automated Programming Project Snapshot and
Testing System," in International Workshop on
Mining Software Repositories, 2005.