2,030 research outputs found

    A Principled Approach to Securing IoT Apps

    Get PDF
    IoT apps are becoming increasingly popular as they allow users to manage their digital lives by connecting otherwise unconnected devices and services: cyberphysical “things” such as smart homes, cars, or fitness armbands, to online services such as Google or Dropbox, to social networks such as Facebook or Twitter. IoT apps rely on end-user programming, such that anyone with an active account on the platform can create and publish apps, with the majority of apps being created by third parties.We demonstrate that the most popular IoT app platforms are susceptible to attacks by malicious app makers and suggest short and longterm countermeasures for securing the apps. For short-term protection we rely on access\ua0control and suggest the apps to be classified either as exclusively private or exclusively public, disallowing in this way information from private sources to flow to public sinks.For longterm protection we rely on a principled approach for designing information flow controls. Following these principles we define projected security, a variant of noninterference that captures the attacker’s view of an app, and design two mechanisms for enforcing it. A static enforcement based on a flow-sensitive type system may be used by the platform to statically analyze the apps before being published on the app store. This enforcement covers leaks stemming from both explicit and implicit flows, but is not expressive enough to address timing attacks. Hence we design a second enforcement based on a dynamic monitor that covers the timing channels as well

    Enhancement of natural language processing approach for automated generation of object constraint language

    Get PDF
    Object Constraint Language (OCL) is the most prevalent modeling language to document requirement constraints that are annotated in the Unified Modeling Language. Various researchers have proved that OCL syntax is complex and difficult for some reasons such as its declarative nature. As the measure of ease-of-use factor of a language has a direct relationship with the language’s usability, the difficulties in the use of OCL result in the low usability of OCL. There are few research works for OCL generation using some different techniques such as pattern-based and Model-Driven Architecture (MDA)-based. The accuracy of the existing patternbased work generating OCL specification is low. MDA focuses on software development based on generating models and transforming these models between each other. There are some researches based on MDA to increase the usability of modeling languages. However, only one of the existing works supports OCL. The existing MDA-based work generating OCL specification does not support some OCL elements, such as collect and reject, and some UML elements such as enumeration. Therefore, this research proposes an MDA-based approach to transform requirement constraints formed in English sentences into OCL specifications using transformation rules. A software tool is developed to validate the proposed approach and compare with the existing works. The comparison shows that the proposed approach solves some limitations of the existing works such as support of some OCL and UML elements, which are not supported by the existing works. The comparison also shows that some accuracy improvement is achieved by the proposed approach in comparison with the existing works

    transML: A Family of Languages to Model Model Transformations

    Get PDF
    Proceedings of: 13th International Conference on Model Driven Engineering Languages and Systems, MODELS 2010, Oslo, Norway, October 3-8, 2010Model transformation is one of the pillars of Model-Driven Engineering (MDE). The increasing complexity of systems and modelling languages has dramatically raised the complexity and size of model transformations. Even though many transformation languages and tools have been proposed in the last few years, most of them are directed to the implementation phase of transformation development. However, there is a lack of cohesive support for the other phases of the transformation development, like requirements, analysis, design and testing. In this paper, we propose a unified family of languages to cover the life-cycle of transformation development. Moreover, following an MDE approach, we provide tools to partially automate the progressive refinement of models between the different phases and the generation of code for specific transformation implementation languages.Work funded by the Spanish Ministry of Science (project TIN2008-02081 and grants JC2009-00015,PR2009-0019), the R&Dprogramme of the Madrid Region (project S2009/TIC-1650), and the European Commission’s 7th Framework programme (grants #218575 (INESS), #248864 (MADES))

    Multi-Facets Contract for Modeling and Verifying Heterogeneous Systems

    Full text link
    Critical and cyber-physical systems (CPS) that exist in large industries, such as nuclear power plants, railway, automotive or aeronautical industries are complex heterogeneous systems. They are complex because they are open, perimeter-less, often built by assembling various heterogeneous and interacting components which are frequently reconfigured due to requirements. Consequently, the modeling and analysis of such systems is a challenge in software engineering. We introduce a new method for modeling and verifying heterogeneous systems. The method consists in: equipping individual components with generalized contract, ordering these contracts according to given facets, composing these components and verifying the resulting system with respect to the facets. We illustrate the use of the method by a case study. The proposed method may be extended to cover more facets, and by strengthening assistance tool through proactive aspects in modelling and property verification

    Quality-aware architectural model transformations in adaptive mashups user interfaces

    Get PDF
    The final publication is available at IOS Press through http://dx.doi.org/10.3233/FI-2016-0000Mashup user interfaces provides their functionality through the combination of different services. The integration of such services can be solved by using reusable and third-party components. Furthermore, these interfaces must be adapted to user preferences, context changes, user interactions and component availability. Model transformation is a useful mechanism to address this adaptation but normally these operations only focus on the functional requirements. In this sense, quality attributes should be included in the adaptation process to obtain the best adapted mashup user interface. This paper proposes a generic quality-aware transformation process to support the adaptation of software architectures. The transformation process has been applied in ENIA, a geographic information system, by constructing a specific quality model for the adaptation of mashup user interfaces. This model is taken into account for evaluating the different transformation alternatives and choosing the one that maximizes the quality assessments. The approach has been validated by a set of adaptation scenarios that are intended to maximize different quality factors and therefore apply distinct combinations of metrics.Peer ReviewedPostprint (author's final draft

    Knowledge-Driven Event Extraction in Russian: Corpus-Based Linguistic Resources

    Get PDF
    Automatic event extraction form text is an important step in knowledge acquisition and knowledge base population. Manual work in development of extraction system is indispensable either in corpus annotation or in vocabularies and pattern creation for a knowledge-based system. Recent works have been focused on adaptation of existing system (for extraction from English texts) to new domains. Event extraction in other languages was not studied due to the lack of resources and algorithms necessary for natural language processing. In this paper we define a set of linguistic resources that are necessary in development of a knowledge-based event extraction system in Russian: a vocabulary of subordination models, a vocabulary of event triggers, and a vocabulary of Frame Elements that are basic building blocks for semantic patterns. We propose a set of methods for creation of such vocabularies in Russian and other languages using Google Books NGram Corpus. The methods are evaluated in development of event extraction system for Russian
    • …
    corecore