Language-based access control approach for component-based software applications

Security in component-based software applications is studied by looking at information leakage from one component to another through operation calls. Components and security specifications about confidentiality as regular languages are modelled. Then a systematic way is provided to synthesise an access control mechanism, which not only guarantees all specifications to be obeyed, but also allows each user to attain maximum permissive behaviours

BALANCING NON-FUNCTIONAL REQUIREMENTS IN CLOUD-BASED SOFTWARE: AN APPROACH BASED ON SECURITY-AWARE DESIGN AND MULTI-OBJECTIVE SOFTWARE DYNAMIC MANAGEMENT

Beyond its functional requirements, architectural design, the quality of a software system is also defined by the degree to which it meets its non-functional requirements. The complexity of managing these non-functional requirements is exacerbated by the fact that they are potentially conflicting with one another. For cloud-based software, i.e., software whose service is delivered through a cloud infrastructure, other constraints related to the features of the hosting data center, such as cost, security and performance, have to be considered by system and software designers. For instance, the evaluation of requests to access sensitive resources results in performance overhead introduced by policy rules evaluation and message exchange between the different geographically distributed components of the authorization system. Duplicating policy rule evaluation engines traditionally solves such performance issues, however such a decision has an impact on security since it introduces additional potential private data leakage points. Taking into account all the aforementioned features is a key factor to enhance the perceived quality of service (QoS) of the cloud as a whole. Maximizing users and software developers satisfaction with cloud-based software is a challenging task since trade-off decisions have to be dynamically taken between these conflicting quality attributes to adapt to system requirements evolution. In this thesis, we tackle the challenges of building a decision support method to optimize software deployment in a cloud environment. Our proposed holistic method operates both at the level of 1) Platform as a service (PaaS) by handling software components deployment to achieve an efficient runtime optimization to satisfy cloud providers and customers objectives 2) Guest applications by making inroads into the design of applications to enable the design of secure systems that also meet flexibility, performance and cost requirements. To thoroughly investigate these challenges, we identify three main objectives that we address as follows: The first objective is to achieve a runtime optimization of cloud-based software deployment at the Platform as a service (PaaS) layer, by considering both cloud customers and providers constraints. To fulfill this objective, we leverage the [email protected] paradigm to build an abstraction layer to model a cloud infrastructure. In a second step, we model the software placement problem as a multi-objective optimization problem and we use multi-objective evolutionary algorithms (MOEAs) to identify a set of possible cloud optimal configurations that exhibit best trade-offs between conflicting objectives. The approach is validated through a case study that we defined with EBRC1, a cloud provider in Luxembourg, as a representative of a software component placement problem in heterogeneous distributed cloud nodes. The second objective is to ameliorate the convergence speed of MOEAs that we have used to achieve a run-time optimization of cloud-based software. To cope with elasticity requirements of cloud-based applications, we improve the way the search strategy operates by proposing a hyper-heuristic that operates on top of MOEAs. Our hyper-heuristic uses the history of mutation effect on fitness functions to select the most relevant mutation operators. Our evaluation shows that MOEAs in conjunction with our hyper-heuristic has a significant performance improvement in terms of resolution time over the original MOEAs. The third objective aims at optimizing cloud-based software trade-offs by exploring applications design as a complementary step to the optimization at the level of the cloud infrastructure, tackled in the first and second objectives. We aimed at achieving security trade-offs at the level of guest applications by revisiting current practices in software methods. We focus on access control as a main security concern and we opt for guest applications that manage resources regulated by access control policies specified in XACML2. This focus is mainly motivated by two key factors: 1) Access control is the pillar of computer security as it allows to protect sensitive resources in a given system from unauthorized accesses 2) XACML is the de facto standard language to specify access control policies and proposes an access control architectural model that supports several advanced access requirements such as interoperability and portability. To attain this objective, we advocate the design of applications based on XACML architectural model to achieve a trade-off between security and flexibility and we adopt a three-step approach: First, we identify a lack in the literature in XACML with obligation handling support. Obligations enable to specify user actions that have to be performed before/during/after the access to resources. We propose an extension of the XACML reference model and language to use the history of obligations states at the decision making time. In this step, we extend XACML access control architecture to support a wider range of usage control scenarios. Second, in order to avoid degrading performance while using a secure architecture based on XACML, we propose a refactoring technique applied on access control policies to enhance request evaluation time. Our approach, evaluated on three Java policy-based systems, enables to substantially reduce request evaluation time. Finally, to achieve a trade-off between a safe security policy evolution and regression testing costs, we develop a regression-test-selection approach for selecting test cases that reveal faults caused by policy changes. To sum up, in all aforementioned objectives, we pursue the goal of analysing and improving the current landscape in the development of cloud-based software. Our focus on security quality attributes is driven by its crucial role in widening the adoption of cloud computing. Our approach brings to light a security-aware design of guest applications that is based on XACML architecture. We provide useful guidelines, methods with underlying algorithms and tools for developers and cloud solution designers to enhance tomorrow’s cloud-based software design. Keywords: XACML-policy based systems, Cloud Computing, Trade-offs, Multi-Objective Optimizatio

The Transitivity of Trust Problem in the Interaction of Android Applications

Mobile phones have developed into complex platforms with large numbers of installed applications and a wide range of sensitive data. Application security policies limit the permissions of each installed application. As applications may interact, restricting single applications may create a false sense of security for the end users while data may still leave the mobile phone through other applications. Instead, the information flow needs to be policed for the composite system of applications in a transparent and usable manner. In this paper, we propose to employ static analysis based on the software architecture and focused data flow analysis to scalably detect information flows between components. Specifically, we aim to reveal transitivity of trust problems in multi-component mobile platforms. We demonstrate the feasibility of our approach with Android applications, although the generalization of the analysis to similar composition-based architectures, such as Service-oriented Architecture, can also be explored in the future

SDN Access Control for the Masses

The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network providers, operators and application developers. We introduce a taxonomy of SDN access models, describe a comprehensive design for SDN access control and implement the proposed solution as an extension of the ONOS network controller intent framework

Open Programming Language Interpreters

Context: This paper presents the concept of open programming language interpreters and the implementation of a framework-level metaobject protocol (MOP) to support them. Inquiry: We address the problem of dynamic interpreter adaptation to tailor the interpreter's behavior on the task to be solved and to introduce new features to fulfill unforeseen requirements. Many languages provide a MOP that to some degree supports reflection. However, MOPs are typically language-specific, their reflective functionality is often restricted, and the adaptation and application logic are often mixed which hardens the understanding and maintenance of the source code. Our system overcomes these limitations. Approach: We designed and implemented a system to support open programming language interpreters. The prototype implementation is integrated in the Neverlang framework. The system exposes the structure, behavior and the runtime state of any Neverlang-based interpreter with the ability to modify it. Knowledge: Our system provides a complete control over interpreter's structure, behavior and its runtime state. The approach is applicable to every Neverlang-based interpreter. Adaptation code can potentially be reused across different language implementations. Grounding: Having a prototype implementation we focused on feasibility evaluation. The paper shows that our approach well addresses problems commonly found in the research literature. We have a demonstrative video and examples that illustrate our approach on dynamic software adaptation, aspect-oriented programming, debugging and context-aware interpreters. Importance: To our knowledge, our paper presents the first reflective approach targeting a general framework for language development. Our system provides full reflective support for free to any Neverlang-based interpreter. We are not aware of any prior application of open implementations to programming language interpreters in the sense defined in this paper. Rather than substituting other approaches, we believe our system can be used as a complementary technique in situations where other approaches present serious limitations

Towards an aspect weaving BPEL engine

This position paper proposes the use of dynamic aspects and the visitor design pattern to obtain a highly configurable and extensible BPEL engine. Using these two techniques, the core of this infrastructural software can be customised to meet new requirements and add features such as debugging, execution monitoring, or changing to another Web Service selection policy. Additionally, it can easily be extended to cope with customer-specific BPEL extensions. We propose the use of dynamic aspects not only on the engine itself but also on the workflow in order to tackle the problems of Web Service hot deployment and hot fixes to long running processes. In this way, composing aWeb Service "on-the-fly" means weaving its choreography interface into the workflow

Forum Session at the First International Conference on Service Oriented Computing (ICSOC03)

The First International Conference on Service Oriented Computing (ICSOC) was held in Trento, December 15-18, 2003. The focus of the conference ---Service Oriented Computing (SOC)--- is the new emerging paradigm for distributed computing and e-business processing that has evolved from object-oriented and component computing to enable building agile networks of collaborating business applications distributed within and across organizational boundaries. Of the 181 papers submitted to the ICSOC conference, 10 were selected for the forum session which took place on December the 16th, 2003. The papers were chosen based on their technical quality, originality, relevance to SOC and for their nature of being best suited for a poster presentation or a demonstration. This technical report contains the 10 papers presented during the forum session at the ICSOC conference. In particular, the last two papers in the report ere submitted as industrial papers