Firing up the Erudine engine

Building with behaviour

SANS - Survey on application security programs

This is the next article in our occasional series on new, more formal (mathematically-based) approaches to system development. The first article (here), looked at Bayesian analysis and formal methods (which are only "new" to the general development space, of course).

This article looks at a tool, the Erudine executable behaviour engine, which uses the mathematical modelling of behaviour as a basis for systems development. Unfortunately (or, perhaps, fortunately), Erudine keeps its math a secret, so I can't say much about it – it usually sells by solving intractable development problems in a proof-of-concept, so one can probably assume that the math works.

Erudine automates the elucidation of system behaviours (expressed in the form of rules) and builds up a model of a system, which incorporates automatic consistency and completeness testing, and which can be executed in production. It suits problems with well-defined inputs and outputs (rather than algorithmic problems, although algorithms can be plugged in to the model).

It doesn't do automated Rule Induction - it's all human-steered. However, it can simplify rules for input to rule induction software and it's useful for pre and post-massaging of the inputs to and outputs from other systems.

Erudine Process

From a developer's point-of-view, Erudine claims to be particularly useful for legacy replacement; even if the legacy application is undocumented and its programmers are no longer around. This is because it models the behaviour of the legacy application as a "black box" and completely reproduces this behaviour, as validated by current domain experts, on a new platform. Legacy replacement is a known "pain point" (where traditional approaches often don't work effectively) and is therefore a good place to get new technology deployment accepted. However, the Erudine approach should work on new developments too.

Erudine development follows a reasonably straightforward process:

Stage 1: This is a basic RUP (Rational Unified Process) inception process with domain experts supplying the input – even outside Erudine, this can be quite "agile", see here. Access to real business experts at this stage is important.

Stage 2: At this stage, the developers decide on the partitioning - morphology - of the system. An architectural framework is being built.

Stage 3: A significant piece of the system is chosen - a particular case (not "use case" exactly, it's all data driven) or set of dataflows. The scope of the Erudine model is defined in terms of physical input/output docs; reference data; or (at last resort) by hooking into the system and identifying the outputs from key dataflows. This stage delivers the "mental model" of the problem domain inside developer's heads together with a semantic glossary (usually, just a simple document) for use with the model.

This is where the basic computer model of the system dataflows is built; the developers pull out meanings and put placeholders in the model for scenario-based tests. Conceptual graphs are used to represent real system or domain knowledge – Erudine does this better than most other approaches can.

Stage 4: Now the developers add "behaviour" to the system, module by module – attacking the "low hanging fruit" first. They start with the bits that are easy to replace - or those that the client desperately wants to replace. They need to manage the delivery gap – the period when they're asking questions and nothing is being delivered. However, once delivery starts it is rapid because the most likely cases are being handled first. The end users of the system should also buy into the process early on, because of the focus on business behaviours and the involvement of domain experts from inception.

As each piece of behaviour is added, inconsistencies with early behaviours are highlighted and addressed – which is a form of continuous and automated unit testing.

Stage 4A: The complete model can be executed – the integration process – there is no need for a translation into code or switch over to conventional coding.

3 Big data security analytics techniques

Next page: Issues

More from The Register

next story
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
Plus: iThings and desktops at risk of NEW SSL attack flaw
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story


Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.