Valutazione della Tesi di Dottorato
Evaluation of the PhD Thesis
Nome e cognome del Valutatore
Name and surname of the Reviewe
Università di afferenza
Professor/researcher/lecturer affiliation
Aree di ricerca/competenza
Areas of research /expertise
Nome e cognome del dottorando
Name and surname of the PhD student
Titolo della tesi
Title of the Thesis
Al Coordinatore del Corso di Dottorato
To the PhD Course Coordinator
Prof./Prof.ssa
BRUSSA EUGENIO
To the PhD Office
scudopolito@epolito.info
Federico Millo
POLITECNICO DI TORINO
Ingegneria Informatica e dei Sistemi
María Isabel Hernández Duarte
Automated generation of architectural
feedback from software security analysis
results the creation of a computer security
platform mobile banking for Unicredit
group and San Paolo Group
 A) VALUTAZIONE TESI
(I seguenti commenti saranno inviati sia al dottorando che alla Commissione d'esame finale)
A) THESIS EVALUATION
(The following comments will be sent to both the PhD student and the Committee of the final
defense)

1. Commenti generali sulla tesi:

1. General remarks on the thesis:

Giudizi/ Scores

Molto buono

Insufficiente
Sufficiente
Very Good
Excellent

Average
Ottimo

Buono
Qualità scientifica

Good

Poor
Scientific quality

Originalità dei risultati ottenuti □ X □ □ □

Originality of thesis results
Rilevanza dei risultati nel contesto scientifico □ X □ □ □
Relevance of results in the scientific context
Rigore metodologico □ X □ □ □
Methodological accuracy
Descrizione delle procedure sperimentali □ X □ □ □
Description of the experimental procedures
Molto buono

Insufficiente
Very Good

Sufficiente
Excellent

Average
Ottimo

Buono

Chiarezza e sintesi della tesi

Good

Poor
Clearness and synthesis of the thesis

Chiarezza complessiva della tesi □ □ X □ □

Overall thesis clearness
Chiarezza nella presentazione dei risultati,
inclusa la completezza dei dati presentati
Clearness of results presentation including
□ X □ □ □
completeness of figures presented
Completezza delle fonti X □ □ □ □
Completeness of references

Valutazione complessiva della tesi □ X □ □ □

Overall evaluation of the thesis

B) PROPOSTA DI AMMISSIONE DELLA TESI ALLA DISCUSSIONE PUBBLICA

B) PROPOSAL FOR THE THESIS ADMISSION TO THE PUBLIC DEFENCE

X Ammessa alla discussione pubblica

Admitted to the public defence

□ Non ammessa alla discussione pubblica

Not admitted to the public defence.
It is threrefore recommended to the student postpone the examination for up to six (6) months
because it is deemed that significant additions or corrections are necessary. Once such period has
passed, the thesis will in any case be admitted to the final and discussion examination, accompanied
by a new written opinion by the same referees in the light of the corrections or additions made by
the student.

Si richiedono le seguenti modifiche/integrazioni al lavoro di ricerca:

The following changes/integrations in the research work are required:

1. Different termination criteria can be defined in the antipattern-based process:

(i) fulfilment criterion, i.e. all requirements are satisfied and a suitable software architectural
model is found;

(ii) no-actions criterion, i.e. no antipatterns are detected in the software architectural models
therefore no refactoring actions can be experimented;

(iii) #iterations criterion, i.e. the process can be terminated if a certain number of iterations have
been completed.

It is worth to notice that the solution of one or more antipatterns does not a priori guarantee
performance improvements, because the entire process is based on heuristic evaluations. However,
an antipattern-based refactoring action is usually a correctness-preserving trans- formation that
improves the quality of the software. For example, the interaction between two components might
be refactored to improve performance by sending fewer messages with more data per message.
This transformation does not alter the semantics of the application, but it may improve the overall
performance.

2. Circuitous Treasure Hunt: Occurs when an object must look in several places to find the
information that it needs. If a large amount of pro- cessing is required for each look, per-
formance will suffer. Refactor the design to provide alterna- tive access paths that do not require a
Circuitous Treasure Hunt (or to reduce the cost of each look). Empty Semi Trucks Occurs when an
excessive number of requests is required to perform a task. It may be due to inefficient use of
available bandwidth, an inefficient in- terface, or both. The Batching performance pattern
combines items into messages to make better use of available bandwidth. The Coupling
performance pattern, Ses- sion Facade design pattern, and Ag- gregate Entity design pattern
provide more efficient interfaces.

Data
Date 10/12/2019

Firma
Signature...........................................................
 Allegato 1
Annex 1

Suggerimenti per lo studente (commenti che aiuteranno lo studente a migliorare la tesi)

Recommendations to the student (please report any comments that will help the student
improving her/his thesis)

1. You wouldn’t believe the number of PhD theses I have read that has a typo in the very first line
of the thesis. A reader becomes annoyed if they have to keep correcting typos, and the more
annoyed the reader, the more time they are taking away from actually reading the content. Try
and start off on a good footing, so that the Abstract and Introduction have been read over several
times — typically by talking them out loud. If possible get someone else to read the
Introduction, and see if they understand what the point of work is.

2. Bad grammar could show bad practice and weak supervision. Part of doing a PhD is learning
how to write and present ideas, and how to review and edit. One of the most important things
that you learn in a PhD is how to write — so that others can understand your ideas. A good part
of this is for supervisors to get involved in reading the work, and in giving detailed feedback. It
is often a good idea for supervisors to mark up early drafts with a red pen so that the student
gets an idea about the amount of checking and editing that is often required.

3. Superlatives are not very good! A PhD is a scientific study, and the usage of superlatives should
be avoided, along with weak words like “big” … “the measure gives a very big number”. If a
number is large, define what large actually means, as everything is relative
 Valutazione della Tesi di Dottorato
Evaluation of the PhD Thesis
Nome e cognome del Valutatore
Name and surname of the Reviewe
Università di afferenza
Professor/researcher/lecturer affiliation
Aree di ricerca/competenza
Areas of research /expertise
Nome e cognome del dottorando
Name and surname of the PhD student
Titolo della tesi
Title of the Thesis
Al Coordinatore del Corso di Dottorato
To the PhD Course Coordinator
Prof./Prof.ssa
BRUSSA EUGENIO
To the PhD Office
scudopolito@epolito.info
Grivet Talocia
UNIVERSITÈ GRENOBLES ALPES
Ingegneria Informatica e dei Sistemi
María Isabel Hernández Duarte
Automated generation of architectural
feedback from software security analysis
results the creation of a computer security
platform mobile banking for Unicredit
group and San Paolo Group
 A) VALUTAZIONE TESI
(I seguenti commenti saranno inviati sia al dottorando che alla Commissione d'esame finale)
A) THESIS EVALUATION
(The following comments will be sent to both the PhD student and the Committee of the final
defense)

1. Commenti generali sulla tesi:

1. General remarks on the thesis:

Giudizi/ Scores

Molto buono

Insufficiente
Sufficiente
Very Good
Excellent

Average
Ottimo

Buono
Qualità scientifica

Good

Poor
Scientific quality

Originalità dei risultati ottenuti □ □ □ X □

Originality of thesis results
Rilevanza dei risultati nel contesto scientifico □ □ X □ □
Relevance of results in the scientific context
Rigore metodologico □ X □ □ □
Methodological accuracy
Descrizione delle procedure sperimentali □ X □ □ □
Description of the experimental procedures
Molto buono

Insufficiente
Very Good

Sufficiente
Excellent

Average
Ottimo

Buono

Chiarezza e sintesi della tesi

Good

Poor
Clearness and synthesis of the thesis

Chiarezza complessiva della tesi □ □ □ X □

Overall thesis clearness
Chiarezza nella presentazione dei risultati,
inclusa la completezza dei dati presentati
Clearness of results presentation including
□ □ □ X □
completeness of figures presented
Completezza delle fonti □ X □ □ □
Completeness of references

Valutazione complessiva della tesi □ □ □ □

Overall evaluation of the thesis

B) PROPOSTA DI AMMISSIONE DELLA TESI ALLA DISCUSSIONE PUBBLICA

B) PROPOSAL FOR THE THESIS ADMISSION TO THE PUBLIC DEFENCE

□ Ammessa alla discussione pubblica

Admitted to the public defence

X Non ammessa alla discussione pubblica

Not admitted to the public defence.
It is threrefore recommended to the student postpone the examination for up to six (6) months
because it is deemed that significant additions or corrections are necessary. Once such period has
passed, the thesis will in any case be admitted to the final and discussion examination, accompanied
by a new written opinion by the same referees in the light of the corrections or additions made by
the student.

Si richiedono le seguenti modifiche/integrazioni al lavoro di ricerca:

The following changes/integrations in the research work are required:

1. The cost analysis activity is meant to predict the costs of the reconfiguration actions aimed at
improving the system performance. The evaluation of how much a reconfiguration action costs
can be expressed in terms of time necessary to the designer to apply that action, or in terms of
the capital outlay. In the following we refer as cost both the amount of effort that software
designers need to apply the suggested design alternative and the monetary employment. The
cost exceed the result of the product and makes it inefficient as a subsequent project. Make an
analysis and better interpretation of each antipatron cost in relation to architecture,
implementation and result times.

2. The mapping between performance antipatterns and costs may be not useful to give a priority in
the sequential solution of antipatterns. In Figure 8.4 we can not notice that the PA j antipattern
is the most expensive one. In general hardware solutions are usually more expensive than
software solutions, in fact buying a new hardware machine is more expensive than buying a
new software component; however, the best strategy is to reuse in a better way the available
resources (e.g. re-deploy a software component), without increasing any cost, like for the PA i
antipattern. Hardware solutions will never be more expensive than software solutions, because
they delay all delivery of results by substantial raising cost and the work to be done. What is
shown in the figure does not correspond to the result shown by you. Urgently correct.

Data
Date 10/12/2019

Firma
Signature...........................................................
 Allegato 1
Annex 1

Suggerimenti per lo studente (commenti che aiuteranno lo studente a migliorare la tesi)

Recommendations to the student (please report any comments that will help the student
improving her/his thesis)

1. Note that several issues might emerge in the process of quantifying the cost of the solu- tions for
some antipatterns. The cost estimation might be restricted only to a subset of the detected
antipatterns. For example, the cost of restructuring the database can be more or less expensive,
depending on the experience of the software designer that actually per- forms the operation.
 Valutazione della Tesi di Dottorato
Evaluation of the PhD Thesis
Nome e cognome del Valutatore
Name and surname of the Reviewe
Università di afferenza
Professor/researcher/lecturer affiliation
Aree di ricerca/competenza
Areas of research/expertise
Nome e cognome del dottorando
Name and surname of the PhD student
Titolo della tesi
Title of the Thesis
Al Coordinatore del Corso di Dottorato
To the PhD Course Coordinator
Prof./Prof.ssa
BRUSSA EUGENIO
To the PhD Office
scudopolito@epolito.info
Janin Rivolin Yoccoz
GOETHE UNIVERSITAT FRANKFURT
Ingegneria Informatica e dei Sistemi
María Isabel Hernández Duarte
Automated generation of architectural
feedback from software security analysis
results the creation of a computer security
platform mobile banking for Unicredit
group and San Paolo Group
 A) VALUTAZIONE TESI
(I seguenti commenti saranno inviati sia al dottorando che alla Commissione d'esame finale)
A) THESIS EVALUATION
(The following comments will be sent to both the PhD student and the Committee of the final
defense)

1. Commenti generali sulla tesi:

1. General remarks on the thesis:

Giudizi/ Scores

Molto buono

Insufficiente
Sufficiente
Very Good
Excellent

Average
Ottimo

Buono
Qualità scientifica

Good

Poor
Scientific quality

Originalità dei risultati ottenuti □ X □ □ □

Originality of thesis results
Rilevanza dei risultati nel contesto scientifico □ X □ □ □
Relevance of results in the scientific context
Rigore metodologico □ X □ □ □
Methodological accuracy
Descrizione delle procedure sperimentali □ X □ □ □
Description of the experimental procedures
Molto buono

Insufficiente
Very Good

Sufficiente
Excellent

Average
Ottimo

Buono

Chiarezza e sintesi della tesi

Good

Poor
Clearness and synthesis of the thesis

Chiarezza complessiva della tesi □ X □ □ □

Overall thesis clearness
Chiarezza nella presentazione dei risultati,
inclusa la completezza dei dati presentati
Clearness of results presentation including
□ X □ □ □
completeness of figures presented
Completezza delle fonti □ X □ □ □
Completeness of references

Valutazione complessiva della tesi □ X □ □ □

Overall evaluation of the thesis

B) PROPOSTA DI AMMISSIONE DELLA TESI ALLA DISCUSSIONE PUBBLICA

B) PROPOSAL FOR THE THESIS ADMISSION TO THE PUBLIC DEFENCE

X Ammessa alla discussione pubblica

Admitted to the public defence

□ Non ammessa alla discussione pubblica

Not admitted to the public defence.
It is threrefore recommended to the student postpone the examination for up to six (6) months
because it is deemed that significant additions or corrections are necessary. Once such period has
passed, the thesis will in any case be admitted to the final and discussion examination, accompanied
by a new written opinion by the same referees in the light of the corrections or additions made by
the student.

Si richiedono le seguenti modifiche/integrazioni al lavoro di ricerca:

The following changes/integrations in the research work are required:

1. The workload sensitivity analysis represents the process of evaluating the relationship between
individual or groups of requests and their demands. In general, it is quite com- mon to focus on
the expected workload for a specific system even if workloads can vary in many different
situations and maybe the analysis of peaks can be useful to stress the system up to point out its
limitations. It’s an excellent job in which you can observe a thorough work and with great
perspective. I recommend only modifying the grammar in some intrusions in a way that is more
friendly to readers.

2. Change the graphical representation on how to perform the combination of performance

antipat- terns solutions is shown in Figure 7.6, 7.7 Starting from the ranked antipatterns list, it
is possible to plan a set of different moves: M1, ..., Mk , each containing a set of some
performance antipatterns: Mi = PA x , . . . , PA y . The application of the move Mk on a
software architectural model aims at obtaining another software architectural model candidate,
where a set of antipatterns PA x , . . . , PA y have been solved, and change Coverage of the
requirements- the final goal is to solve all requirements, hence for each violated
requirement Rj, at least one of the involved entities involvedInReq(Rj) or affected entities
affectingReq(Rj) has to be covered by the move. We can count the number of requirements
addressed by move Mi. With weighting factors (involvedF actor, affectedF actor) we allow
to weight the im- portance of requirements covered basing on involved entities (the
requirements are collected in the set setCovReqInvolved, see below) and requirements only
covered by affected entities (which can be considered less covered.

3. Not Two, four or five methodologies can be used to perform the learning activity. The first
methodology is that after evaluating several moves, we might detect that a certain combination
of antipat- terns (e.g. the pair PA 1 , PA 5 ) is correlated with a particularly good or bad
performance. Based on such observation, we can add a positive or negative extra score to all
moves containing this combination. The second methodology is that the weights of the differ-
ent metrics to rank the moves could be adjusted based on the evaluation of a number of moves,
which may lead to a re-ordering the list of moves. Third may be it could be de- tected that
moves with a high score for the coverage of the model exhibited rather poor performance
indices, hence it is better to reduce the weight for this score and more for better results.

Data
Date 12/12/2019
Firma
Signature...........................................................
 Allegato 1
Annex 1

Suggerimenti per lo studente (commenti che aiuteranno lo studente a migliorare la tesi)

Recommendations to the student (please report any comments that will help the student
improving her/his thesis)

1. A thesis should be an enjoyable read in order to sustain a good impression. Readers take a lot
of time and effort to assess a thesis, and if they are not enjoying the read, they are more likely
to judge it to be poor quality.