Automating SLA-Driven API Development with SLA4OAI

The OpenAPI Specification (OAS) is the de facto standard to describe RESTful APIs from a functional perspective. OAS has been a success due to its simple model and the wide ecosystem of tools supporting the SLA-Driven API development lifecycle. Unfortunately, the current OAS scope ignores crucial information for an API such as its Service Level Agreement (SLA). Therefore, in terms of description and management of non-functional information, the disadvantages of not having a standard include the vendor lock-in and prevent the ecosystem to grow and handle extra functional aspects. In this paper, we present SLA4OAI, pioneering in extending OAS not only allowing the specification of SLAs, but also supporting some stages of the SLA-Driven API lifecycle with an open-source ecosystem. Finally, we validate our proposal having modeled 5488 limitations in 148 plans of 35 real-world APIs and show an initial interest from the industry with 600 and 1900 downloads and installs of the SLA Instrumentation Library and the SLA Engine.Ministerio de Economía y Competitividad TIN2015-70560-RMinisterio de Ciencia, Innovación y Universidades RTI2018-101204-B-C21Ministerio de Educación, Cultura y Deporte FPU15/0298

Identifying Security-Critical Cyber-Physical Components in Industrial Control Systems

In recent years, Industrial Control Systems (ICS) have become an appealing target for cyber attacks, having massive destructive consequences. Security metrics are therefore essential to assess their security posture. In this paper, we present a novel ICS security metric based on AND/OR graphs that represent cyber-physical dependencies among network components. Our metric is able to efficiently identify sets of critical cyber-physical components, with minimal cost for an attacker, such that if compromised, the system would enter into a non-operational state. We address this problem by efficiently transforming the input AND/OR graph-based model into a weighted logical formula that is then used to build and solve a Weighted Partial MAX-SAT problem. Our tool, META4ICS, leverages state-of-the-art techniques from the field of logical satisfiability optimisation in order to achieve efficient computation times. Our experimental results indicate that the proposed security metric can efficiently scale to networks with thousands of nodes and be computed in seconds. In addition, we present a case study where we have used our system to analyse the security posture of a realistic water transport network. We discuss our findings on the plant as well as further security applications of our metric.Comment: Keywords: Security metrics, industrial control systems, cyber-physical systems, AND-OR graphs, MAX-SAT resolutio

AUTOMATING OUTPUT SIZE AND REUSE METRICS IN A REPOSITORY-BASED COMPUTER AIDED SOFTWARE ENGINEERING (CASE) ENVIRONMENT

Measurement of software development productivity is needed in order to control software costs, but it is discouragingly labor-intensive and expensive. Computer aided software engineering (CASE) technologies -- especially repository-based, integrated CASE -- have the potential to support the automation of this measurement. In this paper, we discuss the development of automated analyzers for function point and software reuse measurement for object-based CASE. Both analyzers take advantage of the existence of a representation of the application system that is stored within an object repository, and that contains the necessary information about the application system. We also discuss metrics for software reuse measurement, including reuse leverage, reuse value and reuse classification, that are motivated by managerial requirements and the efforts, within industry and the IEEE, to standardize measurement. The functionality and the analytical capabilities of state-of-the-art automated software metrics analyzers are illustrated in the context of an investment banking industry application, that is similar to systems deployed at the New York City-based investment bank where these tools were developed and tested.Information Systems Working Papers Serie

AUTOMATING OUTPUT SIZE AND REUSE METRICS IN A REPOSITORY-BASED COMPUTER AIDED SOFTWARE ENGINEERING (CASE) ENVIRONMENT

Measurement of software development productivity is needed in order to control software costs, but it is discouragingly labor-intensive and expensive. Computer aided software engineering (CASE) technologies -- especially repository-based, integrated CASE -- have the potential to support the automation of this measurement. In this paper, we discuss the development of automated analyzers for function point and software reuse measurement for object-based CASE. Both analyzers take advantage of the existence of a representation of the application system that is stored within an object repository, and that contains the necessary information about the application system. We also discuss metrics for software reuse measurement, including reuse leverage, reuse value and reuse classification, that are motivated by managerial requirements and the efforts, within industry and the IEEE, to standardize measurement. The functionality and the analytical capabilities of state-of-the-art automated software metrics analyzers are illustrated in the context of an investment banking industry application, that is similar to systems deployed at the New York City-based investment bank where these tools were developed and tested.Information Systems Working Papers Serie

AUTOMATING OUTPUT SIZE AND REUSABILITY METRICS IN AN OBJECT-BASED COMPUTER AIDED SOFTWARE ENGINEERING (CASE) ENVIRONMENT

Measurement of software development productivity is needed in order to control software costs, but it is discouragingly labor-intensive and expensive. Computer aided software engineering (CASE) technologies -- especially object-oriented, integrated CASE -- have the potential to support the automation of this measurement. In this paper, we discuss the conceptual development of automated analyzers for function point and software reusability measurement for object-based CASE. Both analyzers take advantage of the existence of a representation of the application system that is stored within an object repository, and that contains the necessary information about the application system. We also propose new metrics for software reusability measurement, including reuse leverage, reuse value and reuse classification. The functionality and analytic capabilities of state-of-the-art automated software metrics analyzers are illustrated in the context of an investment banking industry application.Information Systems Working Papers Serie