3,160 research outputs found
Efficiency and Automation in Threat Analysis of Software Systems
Context: Security is a growing concern in many organizations. Industries developing software systems plan for security early-on to minimize expensive code refactorings after deployment. In the design phase, teams of experts routinely analyze the system architecture and design to find potential security threats and flaws. After the system is implemented, the source code is often inspected to determine its compliance with the intended functionalities. Objective: The goal of this thesis is to improve on the performance of security design analysis techniques (in the design and implementation phases) and support practitioners with automation and tool support.Method: We conducted empirical studies for building an in-depth understanding of existing threat analysis techniques (Systematic Literature Review, controlled experiments). We also conducted empirical case studies with industrial participants to validate our attempt at improving the performance of one technique. Further, we validated our proposal for automating the inspection of security design flaws by organizing workshops with participants (under controlled conditions) and subsequent performance analysis. Finally, we relied on a series of experimental evaluations for assessing the quality of the proposed approach for automating security compliance checks. Findings: We found that the eSTRIDE approach can help focus the analysis and produce twice as many high-priority threats in the same time frame. We also found that reasoning about security in an automated fashion requires extending the existing notations with more precise security information. In a formal setting, minimal model extensions for doing so include security contracts for system nodes handling sensitive information. The formally-based analysis can to some extent provide completeness guarantees. For a graph-based detection of flaws, minimal required model extensions include data types and security solutions. In such a setting, the automated analysis can help in reducing the number of overlooked security flaws. Finally, we suggested to define a correspondence mapping between the design model elements and implemented constructs. We found that such a mapping is a key enabler for automatically checking the security compliance of the implemented system with the intended design. The key for achieving this is two-fold. First, a heuristics-based search is paramount to limit the manual effort that is required to define the mapping. Second, it is important to analyze implemented data flows and compare them to the data flows stipulated by the design
Data-centric Misbehavior Detection in VANETs
Detecting misbehavior (such as transmissions of false information) in
vehicular ad hoc networks (VANETs) is very important problem with wide range of
implications including safety related and congestion avoidance applications. We
discuss several limitations of existing misbehavior detection schemes (MDS)
designed for VANETs. Most MDS are concerned with detection of malicious nodes.
In most situations, vehicles would send wrong information because of selfish
reasons of their owners, e.g. for gaining access to a particular lane. Because
of this (\emph{rational behavior}), it is more important to detect false
information than to identify misbehaving nodes. We introduce the concept of
data-centric misbehavior detection and propose algorithms which detect false
alert messages and misbehaving nodes by observing their actions after sending
out the alert messages. With the data-centric MDS, each node can independently
decide whether an information received is correct or false. The decision is
based on the consistency of recent messages and new alert with reported and
estimated vehicle positions. No voting or majority decisions is needed, making
our MDS resilient to Sybil attacks. Instead of revoking all the secret
credentials of misbehaving nodes, as done in most schemes, we impose fines on
misbehaving nodes (administered by the certification authority), discouraging
them to act selfishly. This reduces the computation and communication costs
involved in revoking all the secret credentials of misbehaving nodes.Comment: 12 page
Automatically Documenting Software Artifacts
Software artifacts, such as database schema and unit test cases, constantly change during evolution and maintenance of software systems. Co-evolution of code and DB schemas in Database-Centric Applications (DCAs) often leads to two types of challenging scenarios for developers, where (i) changes to the DB schema need to be incorporated in the source code, and (ii) maintenance of a DCAs code requires understanding of how the features are implemented by relying on DB operations and corresponding schema constraints. On the other hand, the number of unit test cases often grows as new functionality is introduced into the system, and maintaining these unit tests is important to reduce the introduction of regression bugs due to outdated unit tests. Therefore, one critical artifact that developers need to be able to maintain during evolution and maintenance of software systems is up-to-date and complete documentation. In order to understand developer practices regarding documenting and maintaining these software artifacts, we designed two empirical studies both composed of (i) an online survey of contributors of open source projects and (ii) a mining-based analysis of method comments in these projects. We observed that documenting methods with database accesses and unit test cases is not a common practice. Further, motivated by the findings of the studies, we proposed three novel approaches: (i) DBScribe is an approach for automatically documenting database usages and schema constraints, (ii) UnitTestScribe is an approach for automatically documenting test cases, and (iii) TeStereo tags stereotypes for unit tests and generates html reports to improve the comprehension and browsing of unit tests in a large test suite. We evaluated our tools in the case studies with industrial developers and graduate students. In general, developers indicated that descriptions generated by the tools are complete, concise, and easy to read. The reports are useful for source code comprehension tasks as well as other tasks, such as code smell detection and source code navigation
Compliance validation and diagnosis of business data constraints in business processes at runtime
Business processes involve data that can be modified and updated by various activities at any
time. The data involved in a business process can be associated with flow elements or data
stored. These data must satisfy the business compliance rules associated with the process,
where business compliance rules are policies or statements that govern the behaviour of
a company. To improve and automate the validation and diagnosis of compliance rules
based on the description of data semantics (called Business Data Constraints), we
propose a framework where dataflow variables and stored data are analyzed. The
validation and diagnosis process is automated using Constraint Program-ming, to permit
the detection and identification of possibly unsatisfiable Business Data Constraints, even if
the data involved in these constraints are not all instantiated. This implies that the
potential errors can be determined in advance. Furthermore, a language to describe Business
Data Constraints is proposed, for the improvement of user-oriented aspects of the business
process description. This language allows a business expert to write Business Data
Constraints that will be automatically validated in run-time, without the support of an
information technology expert.Junta de Andalucía P08-TIC-04095Ministerio de Ciencia y Tecnología TIN2009-1371
Evolution of security engineering artifacts: a state of the art survey
Security is an important quality aspect of modern open software systems. However, it is challenging to keep such systems secure because of evolution. Security evolution can only be managed adequately if it is considered for all artifacts throughout the software development lifecycle. This article provides state of the art on the evolution of security engineering artifacts. The article covers the state of the art on evolution of security requirements, security architectures, secure code, security tests, security models, and security risks as well as security monitoring. For each of these artifacts the authors give an overview of evolution and security aspects and discuss the state of the art on its security evolution in detail. Based on this comprehensive survey, they summarize key issues and discuss directions of future research
Report from GI-Dagstuhl Seminar 16394: Software Performance Engineering in the DevOps World
This report documents the program and the outcomes of GI-Dagstuhl Seminar
16394 "Software Performance Engineering in the DevOps World".
The seminar addressed the problem of performance-aware DevOps. Both, DevOps
and performance engineering have been growing trends over the past one to two
years, in no small part due to the rise in importance of identifying
performance anomalies in the operations (Ops) of cloud and big data systems and
feeding these back to the development (Dev). However, so far, the research
community has treated software engineering, performance engineering, and cloud
computing mostly as individual research areas. We aimed to identify
cross-community collaboration, and to set the path for long-lasting
collaborations towards performance-aware DevOps.
The main goal of the seminar was to bring together young researchers (PhD
students in a later stage of their PhD, as well as PostDocs or Junior
Professors) in the areas of (i) software engineering, (ii) performance
engineering, and (iii) cloud computing and big data to present their current
research projects, to exchange experience and expertise, to discuss research
challenges, and to develop ideas for future collaborations
- …