Combining Techniques to Verify Service-based Components

International audienceEarly verification is essential in model-driven development because late error detection involves a costly correction and approval process. Modelling real life systems covers three aspects of a system (structure, dynamics and functions) and one verification technique is not sufficient to check the properties related to these aspects. Considering Service-based Component Models, we propose a unifying schema called multi-level contracts that enables a combination of verification techniques (model checking, theorem proving and model testing) to cover the V&V requirements. This proposal is illustrated using the Kmelia language and its COSTO tool

MoPS: A Modular Protection Scheme for Long-Term Storage

Current trends in technology, such as cloud computing, allow outsourcing the storage, backup, and archiving of data. This provides efficiency and flexibility, but also poses new risks for data security. It in particular became crucial to develop protection schemes that ensure security even in the long-term, i.e. beyond the lifetime of keys, certificates, and cryptographic primitives. However, all current solutions fail to provide optimal performance for different application scenarios. Thus, in this work, we present MoPS, a modular protection scheme to ensure authenticity and integrity for data stored over long periods of time. MoPS does not come with any requirements regarding the storage architecture and can therefore be used together with existing archiving or storage systems. It supports a set of techniques which can be plugged together, combined, and migrated in order to create customized solutions that fulfill the requirements of different application scenarios in the best possible way. As a proof of concept we implemented MoPS and provide performance measurements. Furthermore, our implementation provides additional features, such as guidance for non-expert users and export functionalities for external verifiers.Comment: Original Publication (in the same form): ASIACCS 201

Denial-of-Service Resistance in Key Establishment

Denial of Service (DoS) attacks are an increasing problem for network connected systems. Key establishment protocols are applications that are particularly vulnerable to DoS attack as they are typically required to perform computationally expensive cryptographic operations in order to authenticate the protocol initiator and to generate the cryptographic keying material that will subsequently be used to secure the communications between initiator and responder. The goal of DoS resistance in key establishment protocols is to ensure that attackers cannot prevent a legitimate initiator and responder deriving cryptographic keys without expending resources beyond a responder-determined threshold. In this work we review the strategies and techniques used to improve resistance to DoS attacks. Three key establishment protocols implementing DoS resistance techniques are critically reviewed and the impact of misapplication of the techniques on DoS resistance is discussed. Recommendations on effectively applying resistance techniques to key establishment protocols are made

Multimodal person recognition for human-vehicle interaction

Next-generation vehicles will undoubtedly feature biometric person recognition as part of an effort to improve the driving experience. Today's technology prevents such systems from operating satisfactorily under adverse conditions. A proposed framework for achieving person recognition successfully combines different biometric modalities, borne out in two case studies

Towards an Efficient Context-Aware System: Problems and Suggestions to Reduce Energy Consumption in Mobile Devices

Looking for optimizing the battery consumption is an open issue, and we think it is feasible if we analyze the battery consumption behavior of a typical context-aware application to reduce context-aware operations at runtime. This analysis is based on different context sensors configurations. Actually existing context-aware approaches are mainly based on collecting and sending context data to external components, without taking into account how expensive are these operations in terms of energy consumption. As a first result of our work in progress, we are proposing a way for reducing the context data publishing. We have designed a testing battery consumption architecture supported by Nokia Energy Profiler tool to verify consumption in different scenarios

SIMNET: simulation-based exercises for computer net-work curriculum through gamification and augmented reality

Gamification and Augmented Reality techniques, in recent years, have tackled many subjects and environments. Its implementation can, in particular, strengthen teaching and learning processes in schools and universities. Therefore, new forms of knowledge, based on interactions with objects, contributing game, experimentation and collaborative work. Through the technologies mentioned above, we intend to develop an application that serves as a didactic tool, giving support in the area of Computer Networks. This application aims to stand out in simulated controlled environments to create computer networks, taking into ac-count the necessary physical devices and the different physical and logical topologies. The main goal is to enrich the students’ learning experiences and contrib-ute to teacher-student interaction, through collaborative learning provided by the tool, minimizing the need for expensive equipment in learning environments.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tech

Discovery and Selection of Certified Web Services Through Registry-Based Testing and Verification

Reliability and trust are fundamental prerequisites for the establishment of functional relationships among peers in a Collaborative Networked Organisation (CNO), especially in the context of Virtual Enterprises where economic benefits can be directly at stake. This paper presents a novel approach towards effective service discovery and selection that is no longer based on informal, ambiguous and potentially unreliable service descriptions, but on formal specifications that can be used to verify and certify the actual Web service implementations. We propose the use of Stream X-machines (SXMs) as a powerful modelling formalism for constructing the behavioural specification of a Web service, for performing verification through the generation of exhaustive test cases, and for performing validation through animation or model checking during service selection