25,062 research outputs found
Automatic architectural enforcement
Automatic architectural enforcement would be very beneficial especially in product line development using open source practices where there is very limited or no access to the architects and the architecture is of paramount importance. However, current techniques for modelling software architecture do not support the modelling of architectural design rules which means that architectural enforcement is achieved by manual reviews. This paper addresses this problem by proposing how architectural design rules could be expressed in UML in a meta-model for the system model
The normativity of code as law: towards input legitimacy
In the debate on how the new information and communication technologies impact on democratic politics the role played by the digital architecture seems to be surprisingly underrated. In particular, while a lot of attention has been paid to the possibilities that new technologies open up to democratic theory, few works have attempted to look at how democracy may help in shaping technologies. By adopting as a starting point the approach known as ‘code as law’, the paper aims at two objectives: to re-affirm the importance of discussing normative principles to guide the process of code writing in order to reinvigorate the debate; to claim the importance of input reasons when deciding which principles should be chosen. After having remarked that code is relevant for establishing democratic norms, the paper briefly tackles with the main attempts by European scholars to deal with this issue. Then, a couple of practical examples of how code impacts on democratic rights are sketched out. In the last section of the paper a shift from an output-based approach to the legitimacy of code to an input-based is openly advocated: an inquiry into the legitimacy of code should focus on its production
On the Automated Synthesis of Enterprise Integration Patterns to Adapt Choreography-based Distributed Systems
The Future Internet is becoming a reality, providing a large-scale computing
environments where a virtually infinite number of available services can be
composed so to fit users' needs. Modern service-oriented applications will be
more and more often built by reusing and assembling distributed services. A key
enabler for this vision is then the ability to automatically compose and
dynamically coordinate software services. Service choreographies are an
emergent Service Engineering (SE) approach to compose together and coordinate
services in a distributed way. When mismatching third-party services are to be
composed, obtaining the distributed coordination and adaptation logic required
to suitably realize a choreography is a non-trivial and error prone task.
Automatic support is then needed. In this direction, this paper leverages
previous work on the automatic synthesis of choreography-based systems, and
describes our preliminary steps towards exploiting Enterprise Integration
Patterns to deal with a form of choreography adaptation.Comment: In Proceedings FOCLASA 2015, arXiv:1512.0694
Towards alignment of architectural domains in security policy specifications
Large organizations need to align the security architecture across three different domains: access control, network layout and physical infrastructure. Security policy specification formalisms are usually dedicated to only one or two of these domains. Consequently, more than one policy has to be maintained, leading to alignment problems. Approaches from the area of model-driven security enable creating graphical models that span all three domains, but these models do not scale well in real-world scenarios with hundreds of applications and thousands of user roles. In this paper, we demonstrate the feasibility of aligning all three domains in a single enforceable security policy expressed in a Prolog-based formalism by using the Law Governed Interaction (LGI) framework. Our approach alleviates the limitations of policy formalisms that are domain-specific while helping to reach scalability by automatic enforcement provided by LGI
ANCHOR: logically-centralized security for Software-Defined Networks
While the centralization of SDN brought advantages such as a faster pace of
innovation, it also disrupted some of the natural defenses of traditional
architectures against different threats. The literature on SDN has mostly been
concerned with the functional side, despite some specific works concerning
non-functional properties like 'security' or 'dependability'. Though addressing
the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to
efficiency and effectiveness problems. We claim that the enforcement of
non-functional properties as a pillar of SDN robustness calls for a systemic
approach. As a general concept, we propose ANCHOR, a subsystem architecture
that promotes the logical centralization of non-functional properties. To show
the effectiveness of the concept, we focus on 'security' in this paper: we
identify the current security gaps in SDNs and we populate the architecture
middleware with the appropriate security mechanisms, in a global and consistent
manner. Essential security mechanisms provided by anchor include reliable
entropy and resilient pseudo-random generators, and protocols for secure
registration and association of SDN devices. We claim and justify in the paper
that centralizing such mechanisms is key for their effectiveness, by allowing
us to: define and enforce global policies for those properties; reduce the
complexity of controllers and forwarding devices; ensure higher levels of
robustness for critical services; foster interoperability of the non-functional
property enforcement mechanisms; and promote the security and resilience of the
architecture itself. We discuss design and implementation aspects, and we prove
and evaluate our algorithms and mechanisms, including the formalisation of the
main protocols and the verification of their core security properties using the
Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference
Distributed Enforcement of Service Choreographies
Modern service-oriented systems are often built by reusing, and composing
together, existing services distributed over the Internet. Service choreography
is a possible form of service composition whose goal is to specify the
interactions among participant services from a global perspective. In this
paper, we formalize a method for the distributed and automated enforcement of
service choreographies, and prove its correctness with respect to the
realization of the specified choreography. The formalized method is implemented
as part of a model-based tool chain released to support the development of
choreography-based systems within the EU CHOReOS project. We illustrate our
method at work on a distributed social proximity network scenario.Comment: In Proceedings FOCLASA 2014, arXiv:1502.0315
Hierarchical Design Based Intrusion Detection System For Wireless Ad hoc Network
In recent years, wireless ad hoc sensor network becomes popular both in civil
and military jobs. However, security is one of the significant challenges for
sensor network because of their deployment in open and unprotected environment.
As cryptographic mechanism is not enough to protect sensor network from
external attacks, intrusion detection system needs to be introduced. Though
intrusion prevention mechanism is one of the major and efficient methods
against attacks, but there might be some attacks for which prevention method is
not known. Besides preventing the system from some known attacks, intrusion
detection system gather necessary information related to attack technique and
help in the development of intrusion prevention system. In addition to
reviewing the present attacks available in wireless sensor network this paper
examines the current efforts to intrusion detection system against wireless
sensor network. In this paper we propose a hierarchical architectural design
based intrusion detection system that fits the current demands and restrictions
of wireless ad hoc sensor network. In this proposed intrusion detection system
architecture we followed clustering mechanism to build a four level
hierarchical network which enhances network scalability to large geographical
area and use both anomaly and misuse detection techniques for intrusion
detection. We introduce policy based detection mechanism as well as intrusion
response together with GSM cell concept for intrusion detection architecture.Comment: 16 pages, International Journal of Network Security & Its
Applications (IJNSA), Vol.2, No.3, July 2010. arXiv admin note: text overlap
with arXiv:1111.1933 by other author
Assistive Technology, Accommodations, and the Americans with Disabilities Act
This brochure on Assistive Technology, Accommodations, and the Americans with Disabilities Act (ADA) is one of a series on human resources practices and workplace accommodations for persons with disabilities edited by Susanne M. Bruyère, Ph.D., CRC, SPHR, Director, Program on Employment and Disability, School of Industrial and Labor Relations - Extension Division, Cornell University. Cornell University was funded in the early 1990’s by the U.S. Department of Education National Institute on Disability and Rehabilitation Research as a National Materials Development Project on the employment provisions (Title I) of the ADA (Grant #H133D10155). These updates, and the development of new brochures, have been funded by Cornell’s Program on Employment and Disability and the Pacific Disability and Business Technical Assistance Center
- …