Engineering Secure Adaptable Web Services Compositions

Service-oriented architecture defines a paradigm for building applications by assembling autonomous components such as web services to create web service compositions. Web services are executed in complex contexts where unforeseen events may compromise the security of the web services composition. If such compositions perform critical functions, prompt action may be required as new security threats may arise at runtime. Manual interventions may not be ideal or feasible. To automatically decide on valid security changes to make at runtime, the composition needs to make use of current security context information. Such security changes are referred to as dynamic adaptation. This research proposes a framework to develop web services compositions that can dynamically adapt to maintain the same level of security when unforeseen security events occur at runtime. The framework is supported by mechanisms that map revised security requirements arising at runtime to a new security configuration plan that is used to adapt the web services composition

Language and compiler support for dyanmic code generation

Thesis (Ph.D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1999.Includes bibliographical references (p. 131-135).by Massimiliano A. Poletto.Ph.D

Optimizing mobile applications by exploiting variability models at runtime

El servicio de reconfiguración dinámica genera y despliega configuraciones de la aplicación optimizadas para el contexto de la ejecución. Para la generación eficiente de estas configuraciones se han definido los algoritmos genéticos DAGAME (mono-objetivo) y MO-DAGAME (multi-objetivo). Ambos algoritmos han sido evaluados, obteniendo buenos resultados con respecto al tiempo de ejecución y a la calidad de las configuraciones generadas. Fecha de lectura de Tesis Doctoral: 18 de diciembre 2018.Los teléfonos móviles inteligentes son una herramienta indispensable en nuestra vida cotidiana. Son dispositivos con los que podemos ejecutar aplicaciones y tareas complejas en cualquier lugar y en cualquier momento. Estas aplicaciones están fuertemente relacionadas con su contexto (e.g., localización, recursos disponibles, etc.) y los requisitos del usuario cambian cuando lo hace el contexto en el que se ejecutan. Por lo tanto, desarrollar aplicaciones que se adaptan al contexto es fundamental para satisfacer dichos requisitos y, para lograrlo, es necesario proporcionar mecanismos de reconfiguración dinámica. Un enfoque ampliamente aceptado para gestionar la variabilidad de las aplicaciones en tiempo de ejecución son las Líneas de Producto Software Dinámicas (DSPLs). Por otro lado, otro paradigma ampliamente aceptado en la comunidad de los sistemas distributidos es el de la Computación Autónoma (CA), cuyo principal objetivo es dotar a los sistemas distribuidos de capacidades de auto-gestión. Esta tesis explora la aplicación de las DSPLs y la CA al desarrollo de aplicaciones para dispositivos móviles que pueden ser reconfiguradas en tiempo de ejecución en función de su contexto. Sus contribuciones cubren tanto el diseño de la DSPL como el desarrollo de mecanismos de reconfiguración dinámica. Con respecto al diseño de la DSPL, se han propuesto dos alternativas diferentes para la especificación de la arquitectura software y la variabilidad. Por un lado, un mecanismo basado en el uso de perfiles UML y herramientas para modelos de características. Por otro lado, un mecanismo basado en el uso del lenguaje CVL para el modelado de la variabilidad. Para la adaptación de las aplicaciones en tiempo de ejecución se ha definido un middleware que incluye servicios de monitorización del contexto y de reconfiguración dinámica

Variability Support in Domain-Specific Language Development

International audienceDomain Specific Languages (DSLs) are widely adopted to capitalize on business domain experiences. Consequently, DSL development is becoming a recurring activity. Unfortunately, even though it has its benefits, language development is a complex and time-consuming task. Languages are commonly realized from scratch, even when they share some concepts and even though they could share bits of tool support. This cost can be reduced by employing modern modular programming techniques that foster code reuse. However, selecting and composing these modules is often only within the reach of a skilled DSL developer. In this paper we propose to combine modular language development and variability management, with the objective of capitalizing on existing assets. This approach explicitly models the dependencies between language components, thereby allowing a domain expert to configure a desired DSL, and automatically derive its implementation. The approach is tool supported, using Neverlang to implement language components, and the Common Variability Language (CVL) for managing the variability and automating the configuration. We will further illustrate our approach with the help of a case study, where we will implement a family of DSLs to describe state machines

WeaFQAs: A Software Product Line Approach for Customizing and Weaving Efficient Functional Quality Attributes

Fecha de Lectura de Tesis: 10 de julio de 2018Los atributos de calidad funcionales (FQA) son aquellos que tienen una clara implicación en la funcionalidad del sistema, es decir, existen unos componentes específicos que deben ser incorporados a la arquitectura software del sistema para satisfacer sus requisitos de atributos de calidad. Ejemplos de FQAs son seguridad, usabilidad, o persistencia. Modelar estos atributos es una tarea compleja. Por un lado, se componen de muchas características relacionadas, por ejemplo seguridad está compuesto, entre otros, por autenticación, confidencialidad y encriptación. Tienen dependencias entre ellos, por ejemplo, seguridad puede ser requerido por usabilidad o persistencia. Por otro lado, tienen muchos puntos de variabilidad: una aplicación concreta puede requerir autenticación y control de acceso mientras que otra puede necesitar sólo encriptación. Además, su funcionalidad suele estar dispersa afectando a varios componentes del sistema en desarrollo. El objetivo de esta tesis es definir una línea de productos software orientada a aspectos que permita: (1) modelar las similitudes y la variabilidad de los FQAs desde las primeras etapas del proceso de desarrollo, (2) gestionar las dependencias existentes entre los FQAs, (3) independizar el modelado de los FQAs de la arquitectura de la aplicación afectada, (4) configurar los FQAs en base a los requisitos de cada aplicación teniendo además en cuenta propiedades no funcionales como el rendimiento y el consumo energético de cada solución, (5) incorporar las configuraciones a la arquitectura de la aplicación de manera automática; y (6) gestionar la evolución de los FQAs cuando los requisitos cambien en el futuro. Como resultado se ha definido WeaFQAs, un proceso software para gestionar los FQAs que cubre todos los puntos mencionados. Se han realizado y comparado dos instanciaciones de WeaFQAs usando diferentes lenguajes de variabilidad y de modelado, además de proporcionar soporte con una herramienta basada en el lenguaje CVL

A Behavioral Model of Component Frameworks

When using a component framework developers need to respect the behavior implemented by the components. Static information about the component interface is not sufficient. Dynamic information such as the description of valid sequences of operations is required. Instead of being in some external documentation, this information should be formally represented and embedded within the components themselves, so that it can be used by automatic tools. We propose a mathematical model and a formal language to describe the knowledge about behavior. We rely on a hierarchical model of deterministic finite state-machines. The communication between the machines follows the Synchronous Paradigm. We favor a structural approach allowing incremental simulation, automatic verification, code generation, and run-time checks. Associated tools may ensure correct and safe reuse of the components. We focus on extension of components through inheritance (in the sense of sub-typing), owing to the notion of behavioral refinement

Feature Model Synthesis

Variability provides the ability to adapt and customize a software system's artifacts for a particular context or circumstance. Variability enables code reuse, but its mechanisms are often tangled within a software artifact or scattered over multiple artifacts. This makes the system harder to maintain for developers, and harder to understand for users that configure the software. Feature models provide a centralized source for describing the variability in a software system. A feature model consists of a hierarchy of features—the common and variable system characteristics—with constraints between features. Constructing a feature model, however, is a arduous and time-consuming manual process. We developed two techniques for feature model synthesis. The first, Feature-Graph-Extraction, is an automated algorithm for extracting a feature graph from a propositional formula in either conjunctive normal form (CNF), or disjunctive normal form (DNF). A feature graph describes all feature diagrams that are complete with respect to the input. We evaluated our algorithms against related synthesis algorithms and found that our CNF variant was significantly faster than the previous comparable technique, and the DNF algorithm performed similarly to a comparable, but newer technique, with the exception of several models where our algorithm was faster. The second, Feature-Tree-Synthesis, is a semi-automated technique for building a feature model given a feature graph. This technique uses both logical constraints and text to address the most challenging part of feature model synthesis—constructing the feature hierarchy—by ranking potential parents of a feature with a textual similarity heuristic. We found that the procedure effectively reduced a modeler's choices from thousands, to five or less when synthesizing the Linux and eCos variability models. Our third contribution is the analysis of Kconfig—a language similar to feature modeling used to specify the variability model of the Linux kernel. While large feature models are reportedly used in industry, these models have not been available to the research community for benchmarking feature model analysis and synthesis techniques. We compare Kconfig to feature modeling, reverse engineer formal semantics, and translate 12 open-source Kconfig models—including the Linux model with over 6000 features—to propositional logic

High integrity hardware-software codesign

Programmable logic devices (PLDs) are increasing in complexity and speed, and are being used as important components in safety-critical systems. Methods for developing high-integrity software for these systems are well-known, but this is not true for programmable logic. We propose a process for developing a system incorporating software and PLDs, suitable for safety critical systems of the highest levels of integrity. This process incorporates the use of Synchronous Receptive Process Theory as a semantic basis for specifying and proving properties of programs executing on PLDs, and extends the use of SPARK Ada from a programming language for safety-critical systems software to cover the interface between software and programmable logic. We have validated this approach through the specification and development of a substantial safety-critical system incorporating both software and programmable logic components, and the development of tools to support this work. This enables us to claim that the methods demonstrated are not only feasible but also scale up to realistic system sizes, allowing development of such safety-critical software-hardware systems to the levels required by current system safety standards

Composition of object-oriented software design models

In practice, object-oriented design models have been less useful throughout the lifetime of software systems than they should be Design models are often large and monolithic, and the structure of designs is generally quite different from that of requirements. As a result, developers tend to discard the design, especially as the system evolves, since it is too difficult to keep its relationship to requirements and code accurate, especially when both are changing. This thesis identifies a number of key, well-defined problems with current object-oriented design methods and proposes new techniques to solve them. The new techniques present a different approach to designing systems, based on flexible decomposition and composition. The existing decomposition mechanisms of object-oriented designs (based on class, object, interface and method) are extended to include decomposing designs in a manner directly aligning design with requirements specifications. Composition mechanisms for designs are extended to support the additional decomposition mechanisms. The approach closely aligns designs with both requirements specifications and with code. It is illustrated how this approach permits the benefits of designs to be maintained throughout a system’ s lifetime

Integrated Management of Variability in Space and Time in Software Families

Software Product Lines (SPLs) and Software Ecosystems (SECOs) are approaches to capturing families of closely related software systems in terms of common and variable functionality (variability in space). SPLs and especially SECOs are subject to software evolution to adapt to new or changed requirements resulting in different versions of the software family and its variable assets (variability in time). Both dimensions may be interconnected (e.g., through version incompatibilities) and, thus, have to be handled simultaneously as not all customers upgrade their respective products immediately or completely. However, there currently is no integrated approach allowing variant derivation of features in different version combinations. In this thesis, remedy is provided in the form of an integrated approach making contributions in three areas: (1) As variability model, Hyper-Feature Models (HFMs) and a version-aware constraint language are introduced to conceptually capture variability in time as features and feature versions. (2) As variability realization mechanism, delta modeling is extended for variability in time, and a language creation infrastructure is provided to devise suitable delta languages. (3) For the variant derivation procedure, an automatic version selection mechanism is presented as well as a procedure to derive large parts of the application order for delta modules from the structure of the HFM. The presented integrated approach enables derivation of concrete software systems from an SPL or a SECO where both features and feature versions may be configured.:I. Context and Preliminaries 1. The Configurable TurtleBot Driver as Running Example 1.1. TurtleBot: A Domestic Service Robot 1.2. Configurable Driver Functionality 1.3. Software Realization Artifacts 1.4. Development History of the Driver Software 2. Families of Variable Software Systems 2.1. Variability 2.1.1. Variability in Space and Time 2.1.2. Internal and External Variability 2.2. Manifestations of Configuration Knowledge 2.2.1. Variability Models 2.2.2. Variability Realization Mechanisms 2.2.3. Variability in Realization Assets 2.3. Types of Software Families 2.3.1. Software Product Lines 2.3.2. Software Ecosystems 2.3.3. Comparison of Software Product Lines and Software Ecosystems 3. Fundamental Approaches and Technologies of the Thesis 3.1. Model-Driven Software Development 3.1.1. Metamodeling Levels 3.1.2. Utilizing Models in Generative Approaches 3.1.3. Representation of Languages using Metamodels 3.1.4. Changing the Model-Representation of Artifacts 3.1.5. Suitability of Model-Driven Software Development 3.2. Fundamental Variability Management Techniques of the Thesis 3.2.1. Feature Models as Variability Models 3.2.2. Delta Modeling as Variability Realization Mechanism 3.2.3. Variant Derivation Process of Delta Modeling with Feature Models 3.3. Constraint Satisfaction Problems 3.4. Scope 3.4.1. Problem Statement 3.4.2. Requirements 3.4.3. Assumptions and Boundaries II. Integrated Management of Variability in Space and Time 4. Capturing Variability in Space and Time with Hyper-Feature Models 4.1. Feature Models Cannot Capture Variability in Time 4.2. Formal Definition of Feature Models 4.3. Definition of Hyper-Feature Models 4.4. Creation of Hyper-Feature Model Versions 4.5. Version-Aware Constraints to Represent Version Dependencies and Incompatibilities 4.6. Hyper-Feature Models are a True Extension to Feature Models 4.7. Case Study 4.8. Demarcation from Related Work 4.9. Chapter Summary 5. Creating Delta Languages Suitable for Variability in Space and Time 5.1. Current Delta Languages are not Suitable for Variability in Time 5.2. Software Fault Trees as Example of a Source Language 5.3. Evolution Delta Modules as Manifestation of Variability in Time 5.4. Automating Delta Language Generation 5.4.1. Standard Delta Operations Realize Usual Functionality 5.4.2. Custom Delta Operations Realize Specialized Functionality 5.5. Delta Language Creation Infrastructure 5.5.1. The Common Base Delta Language Provides Shared Functionality for all Delta Languages 5.5.2. Delta Dialects Define Delta Operations for Custom Delta Languages 5.5.3. Custom Delta Languages Enable Variability in Source Languages 5.6. Case Study 5.7. Demarcation from Related Work 5.8. Chapter Summary 6. Deriving Variants with Variability in Space and Time 6.1. Variant Derivation Cannot Handle Variability in Time 6.2. Associating Features and Feature Versions with Delta Modules 6.3. Automatically Select Versions to Ease Configuration 6.4. Application Order and Implicitly Required Delta Modules 6.4.1. Determining Relevant Delta Modules 6.4.2. Forming a Dependency Graph of Delta Modules 6.4.3. Performing a Topological Sorting of Delta Modules 6.5. Generating Variants with Versions of Variable Assets 6.6. Case Study 6.7. Demarcation from Related Work 6.8. Chapter Summary III. Realization and Application 7. Realization as Tool Suite DeltaEcore 7.1. Creating Delta Languages 7.1.1. Shared Base Metamodel 7.1.2. Common Base Delta Language 7.1.3. Delta Dialects 7.2. Specifying a Software Family with Variability in Space and Time 7.2.1. Hyper-Feature Models 7.2.2. Version-Aware Constraints 7.2.3. Delta Modules 7.2.4. Application-Order Constraints 7.2.5. Mapping Models 7.3. Deriving Variants 7.3.1. Creating a Configuration 7.3.2. Collecting Delta Modules 7.3.3. Ordering Delta Modules 7.3.4. Applying Delta Modules 8. Evaluation 8.1. Configurable TurtleBot Driver Software 8.1.1. Variability in Space 8.1.2. Variability in Time 8.1.3. Integrated Management of Variability in Space and Time 8.2. Metamodel Family for Role-Based Modeling and Programming Languages 8.2.1. Variability in Space 8.2.2. Variability in Time 8.2.3. Integrated Management of Variability in Space and Time 8.3. A Software Product Line of Feature Modeling Notations and Constraint Languages 8.3.1. Variability in Space 8.3.2. Variability in Time 8.3.3. Integrated Management of Variability in Space and Time 8.4. Results and Discussion 8.4.1. Results and Discussion of RQ1: Variability Model 8.4.2. Results and Discussion of RQ2: Variability Realization Mechanism 8.4.3. Results and Discussion of RQ3: Variant Derivation Procedure 9. Conclusion 9.1. Discussion 9.1.1. Supported Evolutionary Changes 9.1.2. Conceptual Representation of Variability in Time 9.1.3. Perception of Versions as Incremental 9.1.4. Version Numbering Schemes 9.1.5. Created Delta Languages 9.1.6. Scalability of Approach 9.2. Possible Future Application Areas 9.2.1. Extend to Full Software Ecosystem Feature Model 9.2.2. Model Software Ecosystems 9.2.3. Extract Hyper-Feature Model Versions and Record Delta Modules 9.2.4. Introduce Metaevolution Delta Modules 9.2.5. Support Incremental Reconfiguration 9.2.6. Apply for Evolution Analysis and Planning 9.2.7. Enable Evolution of Variable Safety-Critical Systems 9.3. Contribution 9.3.1. Individual Contributions 9.3.2. Handling Updater Stereotypes IV. Appendix A. Delta Operation Generation Algorithm B. Delta Dialects B.1. Delta Dialect for Java B.2. Delta Dialect for Eclipse Projects B.3. Delta Dialect for DocBook Markup B.4. Delta Dialect for Software Fault Trees B.5. Delta Dialect for Component Fault Diagrams B.6. Delta Dialect for Checklists B.7. Delta Dialect for the Goal Structuring Notation B.8. Delta Dialect for EMF Ecore B.9. Delta Dialect for EMFText Concrete Syntax File