Facilitating the Reactive Web - A Condition Action System using Node.js

The orchestration of the Web is a big issue for Web users all around the world. Web users have a high interest in services, which are able to personalise and customise the Web. However, for Web reactivity there exists only a few limited solutions that allow the aggregation of Web resources. This paper takes a look at existing event- based methods that build upon Event-Condition-Action (ECA) Rules and Complex Event Processing (CEP). Moreover, this paper illustrates the architecture of a fully functioning Condition Action System prototype for the creation of reactivity in between Web resources. In a proof of concept, we could detect and determine the change interval of electronic newspaper headlines. With the proposed system, we are able to orchestrate Web resources e.g. Detecting Web Changes. The orchestration of the Web is a big issue for Web users all around the world. Web users have a high interestin services, which are able to personalise and customise the Web. However, for Web reactivity there exists onlya few limited solutions that allow the aggregation of Web resources. This paper takes a look at existing event-based methods that build upon Event-Condition-Action (ECA) Rules and Complex Event Processing (CEP).Moreover, this paper illustrates the architecture of a fully functioning Condition Action System prototype forthe creation of reactivity in between Web resources. In a proof of concept, we could detect and determine thechange interval of electronic newspaper headlines. With the proposed system, we are able to orchestrate Webresources e.g. Detecting Web Changes

Securing Node-RED Applications

Trigger-Action Platforms (TAPs) play a vital role in fulfilling the promise of the Internet of Things (IoT) by seamlessly connecting otherwise unconnected devices and services. While enabling novel and exciting applications across a variety of services, security and privacy issues must be taken into consideration because TAPs essentially act as persons-in-the-middle between trigger and action services. The issue is further aggravated since the triggers and actions on TAPs are mostly provided by third parties extending the trust beyond the platform providers. Node-RED, an open-source JavaScript-driven TAP, provides the opportunity for users to effortlessly employ and link nodes via a graphical user interface. Being built upon Node.js, third-party developers can extend the platform’s functionality through publishing nodes and their wirings, known as flows. This paper proposes an essential model for Node-RED, suitable to reason about nodes and flows, be they benign, vulnerable, or malicious. We expand on attacks discovered in recent work, ranging from exfiltrating data from unsuspecting users to taking over the entire platform by misusing sensitive APIs within nodes. We present a formalization of a runtime monitoring framework for a core language that soundly and transparently enforces fine-grained allowlist policies at module-, API-, value-, and context-level. We introduce the monitoring framework for Node-RED that isolates nodes while permitting them to communicate via well-defined API calls complying with the policy specified for each node

A Novel Approach for Triggering the Serverless Function in Serverless Environment

Serverless computing has gained significant popularity in recent years due to its scalability, cost efficiency, and simplified development process. In a serverless environment, functions are the basic units of computation that are executed on-demand, without the need for provisioning and managing servers. However, efficiently triggering serverless functions remains a challenge, as traditional methodologies often suffer from latency, Time limit and scalability issues and the efficient execution and management of serverless functions heavily rely on effective triggering mechanisms. This research paper explores various design considerations and proposes a novel approach for designing efficient triggering mechanisms in serverless environments. By leveraging our proposed methodology, developers can efficiently trigger serverless functions in a variety of scenarios, including event-driven architectures, data processing pipelines, and web application backend

Securing Software in the Presence of Third-Party Modules

Modular programming is a key concept in software development where the program consists of code modules that are designed and implemented independently. This approach accelerates the development process and enhances scalability of the final product. Modules, however, are often written by third parties, aggravating security concerns such as stealing confidential information, tampering with sensitive data, and executing malicious code.Trigger-Action Platforms (TAPs) are concrete examples of employing modular programming. Any user can develop TAP applications by connecting trigger and action services, and publish them on public repositories. In the presence of malicious application makers, users cannot trust applications written by third parties, which can threaten users’ and platform’s security. We present SandTrap, a novel runtime monitor for JavaScript that can be used to securely integrate third-party applications. SandTrap enforces fine-grained access control policies at the levels of module, API, value, and context. We instantiate SandTrap to IFTTT, Zapier, and Node-RED, three popular JavaScript-driven TAPs, and illustrate how it enforces various policies on a set of benchmarks while incurring a tolerable runtime overhead. We also prove soundness and transparency of the monitoring framework on an essential model of Node-RED. Furthermore, nontransitive policies have been recently introduced as a natural fit for coarse-grained information-flow control where labels are specified at the level of modules. The flow relation does not need to be transitive, resulting in nonstandard noninterference and enforcement mechanism. We develop a lattice encoding to prove that nontransitive policies can be reduced to classical transitive policies. We also devise a lightweight program transformation that leverages standard flow-sensitive information-flow analyses to enforce nontransitive policies more permissively

SandTrap: Securing JavaScript-driven Trigger-Action Platforms

Trigger-Action Platforms (TAPs) seamlessly connect a wide variety of otherwise unconnected devices and services, ranging from IoT devices to cloud services and social networks. TAPs raise critical security and privacy concerns because a TAP is effectively a “person-in-the-middle” between trigger and action services. Third-party code, routinely deployed as “apps” on TAPs, further exacerbates these concerns. This paper focuses on JavaScript-driven TAPs. We show that the popular IFTTT and Zapier platforms and an open-source alternative Node-RED are susceptible to attacks ranging from exfiltrating data from unsuspecting users to taking over the entire platform. We report on the changes by the platforms in response to our findings and present an empirical study to assess the implications for Node-RED. Motivated by the need for a secure yet flexible way to integrate third-party JavaScript apps, we propose SandTrap, a novel JavaScript monitor that securely combines the Node.js vm module with fully structural proxy-based two-sided membranes to enforce fine-grained access control policies. To aid developers, SandTrap includes a policy generation mechanism. We instantiate SandTrap to IFTTT, Zapier, and Node-RED and illustrate on a set of benchmarks how SandTrap enforces a variety of policies while incurring a tolerable runtime overhead

Bendit_I/O: A System for Extending Mediated and Networked Performance Techniques to Circuit-Bent Devices

Circuit bending—the act of modifying a consumer device\u27s internal circuitry in search of new, previously-unintended responses—provides artists with a chance to subvert expectations for how a certain piece of hardware should be utilized, asking them to view everyday objects as complex electronic instruments. Along with the ability to create avant-garde instruments from unique and nostalgic sound sources, the practice of circuit bending serves as a methodology for exploring the histories of discarded objects through activism, democratization, and creative resurrection. While a rich history of circuit bending continues to inspire artists today, the recent advent of smart musical instruments and the growing number of hybrid tools available for creating connective musical experiences through networks asks us to reconsider the ways in which repurposed devices can continue to play a role in modern sonic art. Bendit_I/O serves as a synthesis of the technologies and aesthetics of the circuit bending and Networked Musical Performance (NMP) practices. The framework extends techniques native to the practices of telematic and network art to hacked hardware so that artists can design collaborative and mediated experiences that incorporate old devices into new realities. Consisting of user-friendly hardware and software components, Bendit_I/O aims to be an entry point for novice artists into both of the creative realms it brings together. This document presents details on the components of the Bendit_I/O framework along with an analysis of their use in three new compositions. Additional research serves to place the framework in historical context through literature reviews of previous work undertaken in the circuit bending and networked musical performance practices. Additionally, a case is made for performing hacked consumer hardware across a wireless network, emphasizing how extensions to current circuit bending and NMP practices provide the ability to probe our relationships with hardware through collaborative, mediated, and multimodal methods

A JavaScript Framework Comparison Based on Benchmarking Software Metrics and Environment Configuration

JavaScript is a client-side programming language that can be used in multi-platform applications. It controls HTML and CSS to manipulate page behaviours and is widely used in most websites over the internet. JavaScript frameworks are structures made to help web developers build web applications faster by offering features that enhance the user interaction with the web page. An increasing number of JavaScript frameworks have been released in recent years in the market to help front-end developers build applications in a shorter space of time. Decision makers in software companies have been struggling to determine which frameworks are best suited for a specific project. This work investigates the actual state-of-the-art of JavaScript framework comparison, and it proposes metrics and methods that could help developers when choosing a JavaScript framework. In this work, a benchmark framework executes tasks to test the efficiency of three JavaScript frameworks (AngularJS, Aurelia, and Ember). The research shows the impact of the environment (CPU usage and network connectivity) on JavaScript frameworks

Web observations: analysing Web data through automated data extraction

In this thesis, a generic architecture for Web observations is introduced. Beginning with fundamental data aspects and technologies for building Web observations, requirements and architectural designs are outlined. Because Web observations are basic tools to collect information from any Web resource, legal perspectives are discussed in order to give an understanding of recent regulations, e.g. General Data Protection Regulation (GDPR). The general idea of Web observatories, its concepts, and experiments are presented to identify the best solution for Web data collections and based thereon, visualisation from any kind of Web resource. With the help of several Web observation scenarios, data sets were collected, analysed and eventually published in a machine-readable or visual form for users to be interpreted. The main research goal was to create a Web observation based on an architecture that is able to collect information from any given Web resource to make sense of a broad amount of yet untapped information sources. To find this generally applicable architectural structure, several research projects with different designs have been conducted. Eventually, the container based building block architecture emerged from these initial designs as the most flexible architectural structure. Thanks to these considerations and architectural designs, a flexible and easily adaptable architecture was created that is able to collect data from all kinds of Web resources. Thanks to such broad Web data collections, users can get a more comprehensible understanding and insight of real-life problems, the efficiency and profitability of services as well as gaining valuable information on the changes of a Web resource

RUNTIME EXPLORATION FEATURES TO SMARTIFY PRODUCTS

With the introduction of industry 4.0, the process of Smartification has grown constantly in popularity and demand. A symbol of that reality is the widespread use of computers and smartphones to control different type of devices and objects independently of its domain and purpose. Consequently, smartification solutions are reaching all industries, and furniture is just one of its examples that is explored in this dissertation. A framework to guide the development and further control of smartified objects is proposed. Thus, it explores features such as data gathering & processing, functional security, monitoring and lastly maintenance of smart products, exploring its impact in products enhancement.Com a introdução da Internet 4.0, o processo de Smartificação cresceu não só em popularidade mas também em procura. Um marco desta realidade é o uso regular de computadores e telemóveis para controlar diferentes dispositivos e objectos, em diferentes meios e com diferentes objetivos. Por conseguinte, soluções de smartificação estão a chegar às indústrias, e o mobiliário que é apenas uma delas vai ser focada nesta dissertação. É proposta então uma framework, com o intuito de ajudar o desenvolvimento de trabalho futuro. A Dissertação aborda os temas mais recorrentemente associados à exploração do Runtime, nomeadamente a manutenção, o processamento e aquisição de informação, de forma segura e funcional para explorar o impacte que este tem na aprimoração de um equipamento

Adopting test automation at Effizency to Improve Agility and Software Quality

Digital solutions have long been used as a means to solve everyday problems. Over time these solutions have been improved and refined. These solutions have emerged to help humans, primarily with tasks that can be cumbersome or repetitive. The demand for repetitive tasks and process optimization through digital means is peaked. For this reason, many companies in the software development area have adopted the use of automated tests capable of doing autonomously and quickly the tasks that previously required a lot of resources to perform, thus jumping on the "Automation Bandwagon”. By applying this approach, companies have the goal to improve the quality standards of the software offered by reducing the number of bugs and identifying them as early as possible in the development process. To observe the applicability, optimization, and efficiency of the automation of autonomous testing in a specific system, the concepts and technologies proposed here were applied in a professional scenario of a young company, Effizency. This company aims to facilitate the sale of energy services and electrical optimization. Effizency currently works using an agile approach and is constantly looking for ways to improve its development process. The company is currently facing the challenge of increasing the quality of its software and at the same time reducing the repetitiveness of its validation processes. Through this dissertation, it is expected that an improvement will be identified in terms of both a reduction of process repetition, time consumption and an increase in the test coverage performed. The main objective of this dissertation is to improve the quality of a company's software and the agility of its development process. This objective will be achieved using automated testing.As soluções digitais são usadas para resolver problemas do dia a dia há muito tempo. Ao longo do tempo, estas têm sido melhoradas e aperfeiçoadas. Estas soluções surgiram com o objetivo de ajudar o ser humano nas suas tarefas, maioritariamente tarefas que podem ser pesadas ou repetitivas. A procura pela automatização de tarefas repetitivas e de otimização de processos através de meios digitais está no seu auge. Por essa razão, muitas empresas na área de desenvolvimento de software adotaram o uso de testes automáticos capazes de fazer de forma autónoma e rápida as tarefas que anteriormente necessitariam de muitos recursos para realizar, entrando assim no “Vagão da Automatização”. Ao aplicar esta abordagem, as empresas têm o objetivo de melhorar os padrões de qualidade do software oferecidos reduzindo o número de bugs e identificando-os o mais cedo possível no processo de desenvolvimento. Com o intuito de observar a aplicabilidade, otimização e eficiência da automação de testes autónomos num sistema em concreto foi realizada a aplicação dos conceitos e tecnologias aqui propostos num cenário profissional de uma empresa jovem, Effizency. A Effizency trabalha atualmente utilizando uma abordagem ágil e está constantemente à procura de formas de melhorar o seu processo de desenvolvimento. Atualmente a empresa, enfrenta o desafio de aumentar a qualidade do seu software e, ao mesmo tempo reduzir o a repetitividade dos seus processos de validação. Através desta dissertação, espera-se que seja identificada uma melhoria tanto em termos de uma redução da repetição do processo, do consumo de tempo e de um aumento da cobertura dos testes realizados. O principal objetivo desta dissertação é melhorar a qualidade do software de uma empresa e a agilidade do seu processo de desenvolvimento. Este objetivo será alcançado através de testes automatizados