2,195 research outputs found
Advanced transport operating system software upgrade: Flight management/flight controls software description
The Flight Management/Flight Controls (FM/FC) software for the Norden 2 (PDP-11/70M) computer installed on the NASA 737 aircraft is described. The software computes the navigation position estimates, guidance commands, those commands to be issued to the control surfaces to direct the aircraft in flight based on the modes selected on the Advanced Guidance Control System (AGSC) mode panel, and the flight path selected via the Navigation Control/Display Unit (NCDU)
Metamodel-based model conformance and multiview consistency checking
Model-driven development, using languages such as UML and BON, often makes use of multiple diagrams (e.g., class and sequence diagrams) when modeling systems. These diagrams, presenting different views of a system of interest, may be inconsistent. A metamodel provides a unifying framework in which to ensure and check consistency, while at the same time providing the means to distinguish between valid and invalid models, that is, conformance. Two formal specifications of the metamodel for an object-oriented modeling language are presented, and it is shown how to use these specifications for model conformance and multiview consistency checking. Comparisons are made in terms of completeness and the level of automation each provide for checking multiview consistency and model conformance. The lessons learned from applying formal techniques to the problems of metamodeling, model conformance, and multiview consistency checking are summarized
Lemur: Harmonizing Natural Language and Code for Language Agents
We introduce Lemur and Lemur-Chat, openly accessible language models
optimized for both natural language and coding capabilities to serve as the
backbone of versatile language agents. The evolution from language chat models
to functional language agents demands that models not only master human
interaction, reasoning, and planning but also ensure grounding in the relevant
environments. This calls for a harmonious blend of language and coding
capabilities in the models. Lemur and Lemur-Chat are proposed to address this
necessity, demonstrating balanced proficiencies in both domains, unlike
existing open-source models that tend to specialize in either. Through
meticulous pre-training using a code-intensive corpus and instruction
fine-tuning on text and code data, our models achieve state-of-the-art averaged
performance across diverse text and coding benchmarks among open-source models.
Comprehensive experiments demonstrate Lemur's superiority over existing
open-source models and its proficiency across various agent tasks involving
human communication, tool usage, and interaction under fully- and partially-
observable environments. The harmonization between natural and programming
languages enables Lemur-Chat to significantly narrow the gap with proprietary
models on agent abilities, providing key insights into developing advanced
open-source agents adept at reasoning, planning, and operating seamlessly
across environments. https://github.com/OpenLemur/Lemu
VeriOSS: Using the Blockchain to Foster Bug Bounty Programs
Nowadays software is everywhere and this is particularly true for free and open source software (FOSS). Discovering bugs in FOSS projects is of paramount importance and many bug bounty programs attempt to attract skilled analysts by promising rewards. Nevertheless, developing an effective bug bounty program is challenging. As a consequence, many programs fail to support an efficient and fair bug bounty market. In this paper, we present VeriOSS, a novel bug bounty platform. The idea behind VeriOSS is to exploit the blockchain technology to develop a fair and efficient bug bounty market. To this aim, VeriOSS combines formal guarantees and economic incentives to ensure that the bug disclosure is both reliable and convenient for the market actors
Segurança de contentores em ambiente de desenvolvimento contÃnuo
The rising of the DevOps movement and the transition from a product economy
to a service economy drove significant changes in the software development
life cycle paradigm, among which the dropping of the waterfall in favor of
agile methods. Since DevOps is itself an agile method, it allows us to monitor
current releases, receiving constant feedback from clients, and improving
the next software releases. Despite its extraordinary development, DevOps
still presents limitations concerning security, which needs to be included in the
Continuous Integration or Continuous Deployment pipelines (CI/CD) used in
software development.
The massive adoption of cloud services and open-source software, the widely
spread containers and related orchestration, as well as microservice architectures,
broke all conventional models of software development. Due to these
new technologies, packaging and shipping new software is done in short periods
nowadays and becomes almost instantly available to users worldwide.
The usual approach to attach security at the end of the software development
life cycle (SDLC) is now becoming obsolete, thus pushing the adoption of DevSecOps
or SecDevOps, by injecting security into SDLC processes earlier
and preventing security defects or issues from entering into production.
This dissertation aims to reduce the impact of microservices’ vulnerabilities by
examining the respective images and containers through a flexible and adaptable
set of analysis tools running in dedicated CI/CD pipelines. This approach
intends to provide a clean and secure collection of microservices for later release
in cloud production environments. To achieve this purpose, we have
developed a solution that allows programming and orchestrating a battery of
tests. There is a form where we can select several security analysis tools, and
the solution performs this set of tests in a controlled way according to the defined
dependencies. To demonstrate the solution’s effectiveness, we program
a battery of tests for different scenarios, defining the security analysis pipeline
to incorporate various tools. Finally, we will show security tools working locally,
which subsequently integrated into our solution return the same results.A ascensão da estratégia DevOps e a transição de uma economia de produto
para uma economia de serviços conduziu a mudanças significativas no paradigma
do ciclo de vida do desenvolvimento de software, entre as quais o
abandono do modelo em cascata em favor de métodos ágeis. Uma vez que
o DevOps é parte integrante de um método ágil, permite-nos monitorizar as
versões actuais, recebendo feedback constante dos clientes, e melhorando
as próximas versões de software. Apesar do seu extraordinário desenvolvimento,
o DevOps ainda apresenta limitações relativas à segurança, que necessita
de ser incluÃda nas pipelines de integração contÃnua ou implantação
contÃnua (CI/CD) utilizadas no desenvolvimento de software.
A adopção em massa de serviços na nuvem e software aberto, a ampla difusão
de contentores e respectiva orquestração bem como das arquitecturas
de micro-serviços, quebraram assim todos os modelos convencionais de desenvolvimento
de software. Devido a estas novas tecnologias, a preparação e
expedição de novo software é hoje em dia feita em curtos perÃodos temporais
e ficando disponÃvel quase instantaneamente a utilizadores em todo o mundo.
Face a estes fatores, a abordagem habitual que adiciona segurança ao final
do ciclo de vida do desenvolvimento de software está a tornar-se obsoleta,
sendo crucial adotar metodologias DevSecOps ou SecDevOps, injetando a
segurança mais cedo nos processos de desenvolvimento de software e impedindo
que defeitos ou problemas de segurança fluam para os ambientes de
produção.
O objectivo desta dissertação é reduzir o impacto de vulnerabilidades em
micro-serviços através do exame das respectivas imagens e contentores por
um conjunto flexÃvel e adaptável de ferramentas de análise que funcionam em
pipelines CI/CD dedicadas. Esta abordagem pretende fornecer uma coleção
limpa e segura de micro-serviços para posteriormente serem lançados em
ambientes de produção na nuvem. Para atingir este objectivo, desenvolvemos
uma solução que permite programar e orquestrar uma bateria de testes.
Existe um formulário onde podemos seleccionar várias ferramentas de análise
de segurança, e a solução executa este conjunto de testes de uma forma
controlada de acordo com as dependências definidas. Para demonstrar a
eficácia da solução, programamos um conjunto de testes para diferentes cenários,
definindo as pipelines de análise de segurança para incorporar várias
ferramentas. Finalmente, mostraremos ferramentas de segurança a funcionar
localmente, que posteriormente integradas na nossa solução devolvem
os mesmos resultados.Mestrado em Engenharia Informátic
- …