Current Ongoing Research Projects at UMass Amherst (Sept 2015 - present)
  • Evaluating applicability of Automatic Program Repair techniques using large real-world datsets
    Existing evaluations of automated repair techniques focus on the fraction of the defects for which the technique can produce a patch, the time needed to produce patches, and how well patches generalize to the intended specification. These evaluations have not focused on the applicability of repair techniques and the characteristics of the defects that these techniques can repair. This project aims to find answers for questions such as “can automated repair techniques repair bugs that are hard for humans to repair?” and “which techniques are more likely to repair a memory leak defect?”.
  • Enhanching Automatic Program Repair technqiues considering quality of patch generated
    With the invention of multiple automatic program repair techniques since 2009, the focus of automatic program repair research community has now shifted from coming up with techniques that can fix more bugs to technqiues that can produce more acceptable fixes. This project aims to enhance two existing techniques and evaluate them using real-world defect datasets.
Past Research Projects pursued at Tata Research Development and Design Center, Pune, India (July 2011 - July 2015)
  • Towards automating the security compliance value chain (2014-2015)
    Information security is of paramount importance in this digital era. While businesses strive to adopt industry-accepted system-hardening standards such as benchmarks recommended by the Center for Internet Security (CIS) to combat threats, they are confronted with an additional challenge of ever-evolving regulations that address security concerns. These create additional requirements, which must be incorporated into software systems. In this paper, we present a generic approach towards automating different activities of the Security Compliance Value Chain (SCVC) in organizations. We discuss the approach in the context of the Payment Card Industry Data Security Standard (PCI-DSS) regulations. Specifically, we present automation of (1) interpretation of PCI-DSS regulations to infer system requirements, (2) traceability of the inferred system requirements to CIS security controls (3) implementation of appropriate security controls, and finally, (4) verification and reporting of compliance.
  • Getting Stakeholders on Same Indifference Curve - A Requirements Negotiation Model (2014-2015)
    Stakeholders’ experiential expectations from business processes (and software systems supporting them) are often negotiable when viewed from the angle of meeting conflicting goals. For a given set of conflicting goals that must be aligned with, stakeholders are seen to be willing to climb down from their most preferred choices in terms of meeting requirements and settle for the next best option(s). The process of requirements negotiation among stakeholders who ‘own’ conflicting goals should finally result in getting all the involved stakeholders on the same indifference curve:- a concept we borrow rather broadly in spirit, from Microeconomics. In this work we reimagine software systems as intelligent systems that take into account possible negotiations among stakeholders and recommend optimal decision based on negotiation parameters in a given scenario. We present a requirements negotiation model and early results of its illustration for stakeholders internal and external to an organization 
  • Automating the Interpretation of Regulations and Tracing of their Implications to Requirements (2013 - 2014)
    Regulations influence several aspects of IT-enabled businesses. Aimed at safeguarding the wellbeing of citizens, they are written with great rigor and discipline to minimize incidents of violations. However, their diction is so highly specialized that it is almost incomprehensible to business communities and software vendors who need to ensure regulatory compliance. We devise a Regulatory Rule Model (RRM) to represent regulations and demonstrate its use to automate the interpretation of regulations. We apply NLP-based techniques around RRM to detect intended constraints in regulatory statements and interpret them in terms of the implementation specifics they necessitate for software systems to be compliant. Further, we demonstrate the use of RRM for tracing the implementation-specific implications of regulations to software requirements. The traces in our case, not only associate relevant regulatory statements with requirements, they also transmit interpretations of those regulatory statements into requirements.
  • Detecting System Use Cases and Validations from Documents (2012 - 2013)
    Identifying system use cases and corresponding validations involves analyzing large requirement documents to understand the descriptions of business processes, rules and policies. This consumes a significant amount of effort and time. We proposed an approach to automate the detection of system use cases and corresponding validations from documents. We devised a representation that allows for capturing the essence of rule statements as a composition of atomic ‘Rule intents’ and key phrases associated with the intents. Rule intents that co-occur frequently constitute 'Rule acts’ analogous to the Speech acts in Linguistics. We employ syntactic and semantic NL analyses around the model to identify and classify rules and annotate them with Rule acts. We map the Rule acts to business process steps and highlight the combinations as potential system use cases and validations for human supervision. [ View Details ]
  • Knowledge assisted product requirements configuration (2012 - 2013)
    Time to market is a key determinant for the success of any product-based business. This depends to a great extent on how efficiently the existing product knowledge is utilized for customization needs. The knowledge is often not represented in a form that allows an easy reuse. In this project, we developed an ontological representation of product primitives for a knowledge-assisted requirements configurator and deployed it in an organizational unit for a financial product suite. [ View Details ]
  • Automated extraction, classification and annotation of Business Rules from Project Documentation (2012 - 2013)
    Business rules represent constraints in a domain, which need to be taken into account either during development or usage of a system. In software engineering and requirements engineering (SE & RE) communities, business rules have been studied with the purpose of developing rule engines and rule-based systems that aim to facilitate the “business driving IT vision.” Despite long-standing recognition for its business impact, business rule management isn’t mainstream. Motivated by the knowledge reuse potential within a given domain, we studied business rules in our organization. We interviewed 11 experienced practitioners on how they understand, capture, and use business rules. We found that practitioners have a very broad perception for this term, ranging from business process flows to directives for calling external system interfaces. We identified 27 types of rules, which are typically captured in requirements documents and other project documentation. We used these rule types to create a method and tool to automate the classification and annotation of business rules from documents. The novelty of our approach lay in (1) providing the right granularity for representing rules formally and (2) focus on working with documents which is still the preferred medium of work in the RE practice. [ View Details ]
  • Organizing Requirements in Large Transformational Programs (2012 - 2013)
    Clients across the globe have been increasingly trusting TCS as a business partner and the kind of large programs that we execute now include the entire business cycle, starting with identifying business needs of client’s organization to actually operating its business; post deployment and acceptance testing. This is radically different from previous engagements that involved mainly exercises such as application development, technology migrations or system integrations. The large program management opens up numerous challenges unique to its expansive scope. For example, as a result of having to operate the business for the client, a multitude of stringent Service Level Agreements (SLAs) that are tied to business events come into picture. The SLAs inherently have regulatory compliance inbuilt into them and hence are severe in terms of the consequences if not met. The exercise of understanding requirements and interpreting them all the way to operations phase in terms of their ability to meet the SLAs thus, is a new Requirements Engineering (RE) practice that needed to be explicitly addressed. All the sub-practices of RE such as capturing and managing the domain knowledge, prioritizing requirements, effort-estimations will have to be then viewed with a different lens. In this project, we proposed a viewpoint model to help organize the requirements in large transformational programs. We conducted interviews of experts in different key roles from a large UK Government program to understand the additional types of requirements involved. We analyzed our findings to identify these types and classified them into new viewpoints in addition to those defined in our previous work. Experts independently validated that mapping of requirements to the viewpoints enabled addressing the requirements deliberately and explicitly and thus aided in meeting SLAs. [ View Details ]
  • Exploring Personality Driven Dynamics of Projects (Agent-Based simulation) (2012 - 2013)
    Among the goals of organizations in pursuing process initiatives like Capability Maturity Model (CMM) and ISO is to make processes and their execution so rigorous that we can commit to process completion metrics irrespective of the individuals who occupy key roles in a project. In an ideal scenario, replacing a worker with another would have very little impact on the project, apart from temporary transients due to the entropy of learning curves and handovers. While some projects may proceed in this ideal fashion, anecdotal evidence indicates that for many other projects, people, especially in key roles (Project Leader, Architect, etc.), have mattered. In this project, we went beyond the process centric model to see how individual actors (people and their personalities) and their dynamics with other actors influence a project, positively and negatively. We aimed to develop experience based and heuristic models and theories of personalities in projects and how different personalities interact and engage with one another in different roles.[ View Details ]
  • Purpose-centric search for Enterprise Knowledge Reuse (2012 - 2013)
    Knowledge workers in software enterprises deal with broad range of knowledge tasks. To facilitate these, enterprise Knowledge Management Systems (KMS) employ flexible and lightweight platforms such as wikis and weblogs, and use context-sensitive approaches. These advancements have resulted in increased reuse efficiency of KMS; however finding the right portion of knowledge corresponding to knowledge workers’ need is a challenge. In this project, we proposed taxonomy of search purpose. The taxonomy explicated the knowledge workers’ needs in terms of three purpose-values—Consume, Produce and Maintain. We presented a purpose-centric search approach that takes into account explicated purpose-value along with search query and context, to retrieve and present right portion of relevant knowledge elements. We demonstrated the concept using purpose-centric search extension developed for MediaWiki.
    [ View Details ]
  • Knowledge-assisted Requirements Elicitation (SynQuanOnto)   (2011 - 2012)
    The project was aimed to develop a semantic and collaborative platform that combines the virtues of social software principles and the semantic web concepts to enable creation, refinement, selection and reuse of domain knowledge for the purpose of requirements definition. It employees domain ontologies to classify, define and relate domain knowledge in a terminology acceptable to all participants. The platform fosters enterprise-wide sharing and reuse of domain knowledge while defining requirements.