Towards security monitoring patterns

Runtime monitoring is performed during system execution to detect whether the system’s behaviour deviates from that described by requirements. To support this activity we have developed a monitoring framework that expresses the requirements to be monitored in event calculus – a formal temporal first order language. Following an investigation of how this framework could be used to monitor security requirements, in this paper we propose patterns for expressing three basic types of such requirements, namely confidentiality, integrity and availability. These patterns aim to ease the task of specifying confidentiality, integrity and availability requirements in monitorable forms by non-expert users. The paper illustrates the use of these patterns using examples of an industrial case study

Assessing architectural evolution: A case study

This is the post-print version of the Article. The official published can be accessed from the link below - Copyright @ 2011 SpringerThis paper proposes to use a historical perspective on generic laws, principles, and guidelines, like Lehman’s software evolution laws and Martin’s design principles, in order to achieve a multi-faceted process and structural assessment of a system’s architectural evolution. We present a simple structural model with associated historical metrics and visualizations that could form part of an architect’s dashboard. We perform such an assessment for the Eclipse SDK, as a case study of a large, complex, and long-lived system for which sustained effective architectural evolution is paramount. The twofold aim of checking generic principles on a well-know system is, on the one hand, to see whether there are certain lessons that could be learned for best practice of architectural evolution, and on the other hand to get more insights about the applicability of such principles. We find that while the Eclipse SDK does follow several of the laws and principles, there are some deviations, and we discuss areas of architectural improvement and limitations of the assessment approach

Pluggable AOP: Designing Aspect Mechanisms for Third-party Composition

Studies of Aspect-Oriented Programming (AOP) usually focus on a language in which a specific aspect extension is integrated with a base language. Languages specified in this manner have a fixed, non-extensible AOP functionality. In this paper we consider the more general case of integrating a base language with a set of domain specific third-party aspect extensions for that language. We present a general mixin-based method for implementing aspect extensions in such a way that multiple, independently developed, dynamic aspect extensions can be subject to third-party composition and work collaboratively

Party system institutionalization and the quality of democracy in eastern Europe

Almost two decades have passed since the Third Wave of democratization brought an avalanche of new, relatively unstable democracies into being in Eastern Europe. Although democracy and a market economy seem to have taken firm root, at least for the ten Eastern European countries currently members of the European Union (EU), in the light of the complicated post-communist legacy, this may have not been enough time for their political parties and party systems to institutionalize. Moreover, a well-rehearsed litany of complaints has been recited against the countries in the region encompassing, inter alia, weak governability and accountability, a representation deficit; corruption and clientelism, populism, and threats to democratic stability; raising once again the question, "How important the former (i.e. political parties and party systems) are for the quality of democracy?

Political mobilisation by minorities in Britain: negative feedback of ‘race relations'?

This article uses a political opportunity approach to study the relationship of minority groups to the political community in Britain. The main argument is that the British race relations approach established in the 1960s had an important effect that still shapes the patterns of political contention by different minority groups today. Original data on political claims-making by minorities demonstrate that British 'racialised' cultural pluralism has structured an inequality of opportunities for the two main groups, African-Caribbeans and Indian subcontinent minorities. African-Caribbeans mobilise along racial lines, use a strongly assimilative 'black' identity, conventional action forms, and target state institutions with demands for justice that are framed within the recognised framework of race relations. Conversely, a high proportion of the Indian subcontinent minority mobilisation is by Muslim groups, a non-assimilative religious identity. These are autonomously organised, but largely make public demands for extending the principle of racial equality to their non-racial group. Within the Indian subcontinent minorities, the relative absence of mobilisation by Indian, Sikh and Hindu minorities, who have achieved much better levels of socio-economic success than Pakistani and Bangladeshi Muslims, suggests that there is also a strong socioeconomic basis for shared experiences and grievances as Muslims in Britain. This relativises the notion that Muslim mobilisation is Britain is purely an expression of the right for cultural difference per se, and sees it as a product of the paradoxes of British race relations

Understanding Android Obfuscation Techniques: A Large-Scale Investigation in the Wild

In this paper, we seek to better understand Android obfuscation and depict a holistic view of the usage of obfuscation through a large-scale investigation in the wild. In particular, we focus on four popular obfuscation approaches: identifier renaming, string encryption, Java reflection, and packing. To obtain the meaningful statistical results, we designed efficient and lightweight detection models for each obfuscation technique and applied them to our massive APK datasets (collected from Google Play, multiple third-party markets, and malware databases). We have learned several interesting facts from the result. For example, malware authors use string encryption more frequently, and more apps on third-party markets than Google Play are packed. We are also interested in the explanation of each finding. Therefore we carry out in-depth code analysis on some Android apps after sampling. We believe our study will help developers select the most suitable obfuscation approach, and in the meantime help researchers improve code analysis systems in the right direction

Requirements and Tools for Variability Management

Explicit and software-supported Business Process Management has become the core infrastructure of any medium and large organization that has a need to be efficient and effective. The number of processes of a single organization can be very high, furthermore, they might be very similar, be in need of momentary change, or evolve frequently. If the ad-hoc adaptation and customization of processes is currently the dominant way, it clearly is not the best. In fact, providing tools for supporting the explicit management of variation in processes (due to customization or evolution needs) has a profound impact on the overall life-cycle of processes in organizations. Additionally, with the increasing adoption of Service-Oriented Architectures, the infrastructure to support automatic reconfiguration and adaptation of business process is solid. In this paper, after defining variability in business process management, we consider the requirements for explicit variation handling for (service based) business process systems. eGovernment serves as an illustrative example of reuse. In this case study, all local municipalities need to implement the same general legal process while adapting it to the local business practices and IT infrastructure needs. Finally, an evaluation of existing tools for explicit variability management is provided with respect to the requirements identified.