47 research outputs found

    BALANCING NON-FUNCTIONAL REQUIREMENTS IN CLOUD-BASED SOFTWARE: AN APPROACH BASED ON SECURITY-AWARE DESIGN AND MULTI-OBJECTIVE SOFTWARE DYNAMIC MANAGEMENT

    Get PDF
    Beyond its functional requirements, architectural design, the quality of a software system is also defined by the degree to which it meets its non-functional requirements. The complexity of managing these non-functional requirements is exacerbated by the fact that they are potentially conflicting with one another. For cloud-based software, i.e., software whose service is delivered through a cloud infrastructure, other constraints related to the features of the hosting data center, such as cost, security and performance, have to be considered by system and software designers. For instance, the evaluation of requests to access sensitive resources results in performance overhead introduced by policy rules evaluation and message exchange between the different geographically distributed components of the authorization system. Duplicating policy rule evaluation engines traditionally solves such performance issues, however such a decision has an impact on security since it introduces additional potential private data leakage points. Taking into account all the aforementioned features is a key factor to enhance the perceived quality of service (QoS) of the cloud as a whole. Maximizing users and software developers satisfaction with cloud-based software is a challenging task since trade-off decisions have to be dynamically taken between these conflicting quality attributes to adapt to system requirements evolution. In this thesis, we tackle the challenges of building a decision support method to optimize software deployment in a cloud environment. Our proposed holistic method operates both at the level of 1) Platform as a service (PaaS) by handling software components deployment to achieve an efficient runtime optimization to satisfy cloud providers and customers objectives 2) Guest applications by making inroads into the design of applications to enable the design of secure systems that also meet flexibility, performance and cost requirements. To thoroughly investigate these challenges, we identify three main objectives that we address as follows: The first objective is to achieve a runtime optimization of cloud-based software deployment at the Platform as a service (PaaS) layer, by considering both cloud customers and providers constraints. To fulfill this objective, we leverage the [email protected] paradigm to build an abstraction layer to model a cloud infrastructure. In a second step, we model the software placement problem as a multi-objective optimization problem and we use multi-objective evolutionary algorithms (MOEAs) to identify a set of possible cloud optimal configurations that exhibit best trade-offs between conflicting objectives. The approach is validated through a case study that we defined with EBRC1, a cloud provider in Luxembourg, as a representative of a software component placement problem in heterogeneous distributed cloud nodes. The second objective is to ameliorate the convergence speed of MOEAs that we have used to achieve a run-time optimization of cloud-based software. To cope with elasticity requirements of cloud-based applications, we improve the way the search strategy operates by proposing a hyper-heuristic that operates on top of MOEAs. Our hyper-heuristic uses the history of mutation effect on fitness functions to select the most relevant mutation operators. Our evaluation shows that MOEAs in conjunction with our hyper-heuristic has a significant performance improvement in terms of resolution time over the original MOEAs. The third objective aims at optimizing cloud-based software trade-offs by exploring applications design as a complementary step to the optimization at the level of the cloud infrastructure, tackled in the first and second objectives. We aimed at achieving security trade-offs at the level of guest applications by revisiting current practices in software methods. We focus on access control as a main security concern and we opt for guest applications that manage resources regulated by access control policies specified in XACML2. This focus is mainly motivated by two key factors: 1) Access control is the pillar of computer security as it allows to protect sensitive resources in a given system from unauthorized accesses 2) XACML is the de facto standard language to specify access control policies and proposes an access control architectural model that supports several advanced access requirements such as interoperability and portability. To attain this objective, we advocate the design of applications based on XACML architectural model to achieve a trade-off between security and flexibility and we adopt a three-step approach: First, we identify a lack in the literature in XACML with obligation handling support. Obligations enable to specify user actions that have to be performed before/during/after the access to resources. We propose an extension of the XACML reference model and language to use the history of obligations states at the decision making time. In this step, we extend XACML access control architecture to support a wider range of usage control scenarios. Second, in order to avoid degrading performance while using a secure architecture based on XACML, we propose a refactoring technique applied on access control policies to enhance request evaluation time. Our approach, evaluated on three Java policy-based systems, enables to substantially reduce request evaluation time. Finally, to achieve a trade-off between a safe security policy evolution and regression testing costs, we develop a regression-test-selection approach for selecting test cases that reveal faults caused by policy changes. To sum up, in all aforementioned objectives, we pursue the goal of analysing and improving the current landscape in the development of cloud-based software. Our focus on security quality attributes is driven by its crucial role in widening the adoption of cloud computing. Our approach brings to light a security-aware design of guest applications that is based on XACML architecture. We provide useful guidelines, methods with underlying algorithms and tools for developers and cloud solution designers to enhance tomorrow’s cloud-based software design. Keywords: XACML-policy based systems, Cloud Computing, Trade-offs, Multi-Objective Optimizatio

    Autonomic Wireless Sensor Networks: A Systematic Literature Review

    Get PDF
    Autonomic computing (AC) is a promising approach to meet basic requirements in the design of wireless sensor networks (WSNs), and its principles can be applied to efficiently manage nodes operation and optimize network resources. Middleware for WSNs supports the implementation and basic operation of such networks. In this systematic literature review (SLR) we aim to provide an overview of existing WSN middleware systems that address autonomic properties. The main goal is to identify which development approaches of AC are used for designing WSN middleware system, which allow the self-management of WSN. Another goal is finding out which interactions and behavior can be automated in WSN components. We drew the following main conclusions from the SLR results: (i) the selected studies address WSN concerns according to the self-* properties of AC, namely, self-configuration, self-healing, self-optimization, and self-protection; (ii) the selected studies use different approaches for managing the dynamic behavior of middleware systems for WSN, such as policy-based reasoning, context-based reasoning, feedback control loops, mobile agents, model transformations, and code generation. Finally, we identified a lack of comprehensive system architecture designs that support the autonomy of sensor networking

    Introduction to the Special Issue "Applications in Self-Aware Computing Systems and their Evaluation"

    Get PDF
    The joint 1st Workshop on Evaluations and Measurements in Self-Aware Computing Systems (EMSAC 2019) and Workshop on Self-Aware Computing (SeAC) was held as part of the FAS* conference alliance in conjunction with the 16th IEEE International Conference on Autonomic Computing (ICAC) and the 13th IEEE International Conference on Self-Adaptive and Self-Organizing Systems (SASO) in UmeĂĄ, Sweden on 20 June 2019. The goal of this one-day workshop was to bring together researchers and practitioners from academic environments and from the industry to share their solutions, ideas, visions, and doubts in self-aware computing systems in general and in the evaluation and measurements of such systems in particular. The workshop aimed to enable discussions, partnerships, and collaborations among the participants. This special issue follows the theme of the workshop. It contains extended versions of workshop presentations as well as additional contributions

    Dagstuhl News January - December 2011

    Get PDF
    "Dagstuhl News" is a publication edited especially for the members of the Foundation "Informatikzentrum Schloss Dagstuhl" to thank them for their support. The News give a summary of the scientific work being done in Dagstuhl. Each Dagstuhl Seminar is presented by a small abstract describing the contents and scientific highlights of the seminar as well as the perspectives or challenges of the research topic

    A survey on engineering approaches for self-adaptive systems (extended version)

    Full text link
    The complexity of information systems is increasing in recent years, leading to increased effort for maintenance and configuration. Self-adaptive systems (SASs) address this issue. Due to new computing trends, such as pervasive computing, miniaturization of IT leads to mobile devices with the emerging need for context adaptation. Therefore, it is beneficial that devices are able to adapt context. Hence, we propose to extend the definition of SASs and include context adaptation. This paper presents a taxonomy of self-adaptation and a survey on engineering SASs. Based on the taxonomy and the survey, we motivate a new perspective on SAS including context adaptation

    A systematic literature review on Energy Efficiency in Cloud Software Architectures

    Get PDF
    Cloud-based software architectures introduce more complexity and require new competences for migration, maintenance, and evolution. Although cloud computing is often considered as an energy-efficient technology, the implications of cloud-based software on energy efficiency lack scientific evidence. At the same time, energy efficiency is becoming a crucial requirement for cloud service provisioning, as energy costs significantly contribute to the Total Cost of Ownership (TCO) of a data center. In this paper, we present the results of a systematic literature review that investigates cloud software architectures addressing energy efficiency as a primary concern. The aim is to provide an analysis of the state-of-the-art in the field of energy-efficient software architectures

    Intergiciel d'intergiciels adaptable Ă  base de Services, Composants et Aspects

    Get PDF
    Cette habilitation à diriger des recherches présente mes travaux sur le génie logiciel des intergiciels, domaine à la croisée de l’informatique répartie et du génie logiciel. L’intergiciel est la couche logicielle permettant de s’abstraire de l’hétérogénéité des technologies de l’informatique distribuée et de répondre aux besoins d’interopérabilité, de portabilité, d’adaptation et de séparation des préoccupations des applications réparties. Mes travaux ont été guidés par deux questions de recherche ouvertes : 1) quel est le paradigme de programmation le plus approprié pour les applications réparties ? 2) quelle est l’organisation la plus appropriée pour l’intergiciel ?La première partie présente une synthèse de mes travaux et contributions. Premièrement, mes travaux ont porté sur la transition des objets vers les composants CORBA donnant lieu à deux contributions majeures : le langage de script CorbaScript standardisé auprès de l’OMG et la plate-forme OpenCCM pour le développement, le déploiement, l’exécution et l’administration d’applications réparties à base de composants CORBA. Deuxièmement, je me suis intéressé à la conception de canevas intergiciels hautement adaptables. Ces travaux basés sur les composants réflexifs Fractal ont donné lieu à un cadre de programmation par attributs sur lequel trois canevas flexibles pour la gestion du transactionnel, le déploiement de systèmes distribués hétérogènes et les composants Java temps-réels ont été bâtis. Enfin, mes travaux ont porté sur la proposition du modèle Services Composants Aspects (SCA) et l’intergiciel d’intergiciels FraSCAti.La deuxième partie opère un zoom sur le projet FraSCAti. La contribution scientifique de ce projet est de proposer un intergiciel réflexif pour l’informatique orientée service combinant deux idées originales : la notion d’intergiciel d’intergiciels et le modèle Services Composants Aspects réflexif. Partant du constat qu’il n’existe pas d’intergiciel universel capable de couvrir l’ensemble des besoins de toutes les applications distribuées, le projet FraSCAti propose un canevas intergiciel extensible pour l’intégration et la composition élégante des intergiciels et technologies SOA existants, c’est-à-dire un intergiciel d’intergiciels. Le modèle SCA réflexif est quant à lui le mariage fécond du standard OASIS Service Component Architecture (SCA), du modèle de composants Fractal et de la programmation orientée aspects (AOP). Dans ce modèle, tout est composant réflexif permettant ainsi d’adapter dynamiquement aussi bien les applications métiers, l’intergiciel, les liaisons de communication réseau que les aspects non fonctionnels. Cette contribution a été appliquée sur l’orchestration de services à large échelle, la construction de systèmes de systèmes et une plate-forme distribuée multi-nuages. La dernière partie dresse un bilan des contributions et présente mes perspectives de recherche centrées sur le génie logiciel pour l’informatique en nuage (cloud computing)

    Software engineering for self-adaptive systems:research challenges in the provision of assurances

    Get PDF
    The important concern for modern software systems is to become more cost-effective, while being versatile, flexible, resilient, dependable, energy-efficient, customisable, configurable and self-optimising when reacting to run-time changes that may occur within the system itself, its environment or requirements. One of the most promising approaches to achieving such properties is to equip software systems with self-managing capabilities using self-adaptation mechanisms. Despite recent advances in this area, one key aspect of self-adaptive systems that remains to be tackled in depth is the provision of assurances, i.e., the collection, analysis and synthesis of evidence that the system satisfies its stated functional and non-functional requirements during its operation in the presence of self-adaptation. The provision of assurances for self-adaptive systems is challenging since run-time changes introduce a high degree of uncertainty. This paper on research challenges complements previous roadmap papers on software engineering for self-adaptive systems covering a different set of topics, which are related to assurances, namely, perpetual assurances, composition and decomposition of assurances, and assurances obtained from control theory. This research challenges paper is one of the many results of the Dagstuhl Seminar 13511 on Software Engineering for Self-Adaptive Systems: Assurances which took place in December 2013

    Moving target defense for securing smart grid communications: Architectural design, implementation and evaluation

    Get PDF
    Supervisory Control And Data Acquisition (SCADA) communications are often subjected to various kinds of sophisticated cyber-attacks which can have a serious impact on the Critical Infrastructure such as the power grid. Most of the time, the success of the attack is based on the static characteristics of the system, thereby enabling an easier profiling of the target system(s) by the adversary and consequently exploiting their limited resources. In this thesis, a novel approach to mitigate such static vulnerabilities is proposed by implementing a Moving Target Defense (MTD) strategy in a power grid SCADA environment, which leverages the existing communication network with an end-to-end IP Hopping technique among the trusted peer devices. This offers a proactive L3 layer network defense, minimizing IP-specific threats and thwarting worm propagation, APTs, etc., which utilize the cyber kill chain for attacking the system through the SCADA network. The main contribution of this thesis is to show how MTD concepts provide proactive defense against targeted cyber-attacks, and a dynamic attack surface to adversaries without compromising the availability of a SCADA system. Specifically, the thesis presents a brief overview of the different type of MTD designs, the proposed MTD architecture and its implementation with IP hopping technique over a Control Center–Substation network link along with a 3-way handshake protocol for synchronization on the Iowa State’s Power Cyber testbed. The thesis further investigates the delay and throughput characteristics of the entire system with and without the MTD to choose the best hopping rate for the given link. It also includes additional contributions for making the testbed scenarios more realistic to real world scenarios with multi-hop, multi-path WAN. Using that and studying a specific attack model, the thesis analyses the best ranges of IP address for different hopping rate and different number of interfaces. Finally, the thesis describes two case studies to explore and identify potential weaknesses of the proposed mechanism, and also experimentally validate the proposed mitigation alterations to resolve the discovered vulnerabilities. As part of future work, we plan to extend this work by optimizing the MTD algorithm to be more resilient by incorporating other techniques like network port mutation to further increase the attack complexity and cost
    corecore