WeaFQAs: A Software Product Line Approach for Customizing and Weaving Efficient Functional Quality Attributes

Fecha de Lectura de Tesis: 10 de julio de 2018Los atributos de calidad funcionales (FQA) son aquellos que tienen una clara implicación en la funcionalidad del sistema, es decir, existen unos componentes específicos que deben ser incorporados a la arquitectura software del sistema para satisfacer sus requisitos de atributos de calidad. Ejemplos de FQAs son seguridad, usabilidad, o persistencia. Modelar estos atributos es una tarea compleja. Por un lado, se componen de muchas características relacionadas, por ejemplo seguridad está compuesto, entre otros, por autenticación, confidencialidad y encriptación. Tienen dependencias entre ellos, por ejemplo, seguridad puede ser requerido por usabilidad o persistencia. Por otro lado, tienen muchos puntos de variabilidad: una aplicación concreta puede requerir autenticación y control de acceso mientras que otra puede necesitar sólo encriptación. Además, su funcionalidad suele estar dispersa afectando a varios componentes del sistema en desarrollo. El objetivo de esta tesis es definir una línea de productos software orientada a aspectos que permita: (1) modelar las similitudes y la variabilidad de los FQAs desde las primeras etapas del proceso de desarrollo, (2) gestionar las dependencias existentes entre los FQAs, (3) independizar el modelado de los FQAs de la arquitectura de la aplicación afectada, (4) configurar los FQAs en base a los requisitos de cada aplicación teniendo además en cuenta propiedades no funcionales como el rendimiento y el consumo energético de cada solución, (5) incorporar las configuraciones a la arquitectura de la aplicación de manera automática; y (6) gestionar la evolución de los FQAs cuando los requisitos cambien en el futuro. Como resultado se ha definido WeaFQAs, un proceso software para gestionar los FQAs que cubre todos los puntos mencionados. Se han realizado y comparado dos instanciaciones de WeaFQAs usando diferentes lenguajes de variabilidad y de modelado, además de proporcionar soporte con una herramienta basada en el lenguaje CVL

EFFICIENT RUNTIME SECURITY SYSTEM FOR DECENTRALISED DISTRIBUTED SYSTEMS

Distributed systems can be defined as systems that are scattered over geographical distances and provide different activities through communication, processing, data transfer and so on. Thus, increasing the cooperation, efficiency, and reliability to deal with users and data resources jointly. For this reason, distributed systems have been shown to be a promising infrastructure for most applications in the digital world. Despite their advantages, keeping these systems secure, is a complex task because of the unconventional nature of distributed systems which can produce many security problems like phishing, denial of services or eavesdropping. Therefore, adopting security and privacy policies in distributed systems will increase the trustworthiness between the users and these systems. However, adding or updating security is considered one of the most challenging concerns and this relies on various security vulnerabilities which existing in distributed systems. The most significant one is inserting or modifying a new security concern or even removing it according to the security status which may appear at runtime. Moreover, these problems will be exacerbated when the system adopts the multi-hop concept as a way to deal with transmitting and processing information. This can pose many significant security challenges especially if dealing with decentralized distributed systems and the security must be furnished as end-to-end. Unfortunately, existing solutions are insufficient to deal with these problems like CORBA which is considered a one-to-one relationship only, or DSAW which deals with end-to-end security but without taking into account the possibility of changing information sensitivity during runtime. This thesis provides a proposed mechanism for enforcing security policies and dealing with distributed systems’ security weakness in term of the software perspective. The proposed solution utilised Aspect-Oriented Programming (AOP), to address security concerns during compilation and running time. The proposed solution is based on a decentralized distributed system that adopts the multi-hop concept to deal with different requested tasks. The proposed system focused on how to achieve high accuracy, data integrity and high efficiency of the distributed system in real time. This is done through modularising the most efficient security solutions, Access Control and Cryptography, by using Aspect-Oriented Programming language. The experiments’ results show the proposed solution overcomes the shortage of the existing solutions by fully integrating with the decentralized distributed system to achieve dynamic, high cooperation, high performance and end-to-end holistic security

An approach for deploying and monitoring dynamic security policies

Security policies are enforced through the deployment of certain security functionalities within the applications. When the security policies dynamically change, the associated security functionalities currently deployed within the applications must be adapted at runtime in order to enforce the new security policies. INTER-TRUST is a framework for the specification, negotiation, deployment and dynamic adaptation of interoperable security policies, in the context of pervasive systems where devices are constantly exchanging critical information through the network. The dynamic adaptation of the security policies at runtime is addressed using Aspect-Oriented Programming (AOP) that allows enforcing security requirements by dynamically weaving security aspects into the applications. However, a mechanism to guarantee the correct adaptation of the functionality that enforces the changing security policies is needed. In this paper,we present an approach based on the combination of monitoring and detection techniques in order to maintain the correlation between the security policies and the associated functionality deployed using AOP, allowing the INTERTRUST framework to automatically react when needed.European Union INTER-TRUST FP7- 317731Ministerio de Economía y Competitividad TIN2012-34840Ministerio de Economía y Competitividad FamiWare P09-TIC-5231Ministerio de Economía y Competitividad MAGIC P12-TIC181