455 research outputs found
Evaluation Of An Architectural-Level Approach For Finding Security Vulnerabilities
The cost of security vulnerabilities of a software system is high. As a result,
many techniques have been developed to find the vulnerabilities at development time. Of particular interest are static analysis techniques that can consider all possible executions of a system. But, static analysis can suffer from a large number of false positives.
A recently developed approach, Scoria, is a semi-automated static analysis that requires security architects to annotate the code, typecheck the annotations, extract a hierarchical object graph and write constraints in order to find security vulnerabilities in a system.
This thesis evaluates Scoria on three systems (sizes 6 KLOC, 6 KLOC and
25 KLOC) from different application domains (Android and Web) and confirms that Scoria can find security vulnerabilities in those systems without an excessive number of false positives
Apparatuses and Methods for Producing Runtime Architectures of Computer Program Modules
Apparatuses and methods for producing run-time architectures of computer program modules. One embodiment includes creating an abstract graph from the computer program module and from containment information corresponding to the computer program module, wherein the abstract graph has nodes including types and objects, and wherein the abstract graph relates an object to a type, and wherein for a specific object the abstract graph relates the specific object to a type containing the specific object; and creating a runtime graph from the abstract graph, wherein the runtime graph is a representation of the true runtime object graph, wherein the runtime graph represents containment information such that, for a specific object, the runtime graph relates the specific object to another object that contains the specific object
Dynamic Validation of Software Architectural Connectors
In this work we present an approach to dynamically validate the usage of software connectors in the context of software architectures.
By employing aspect oriented techniques the system’s execution is monitored in order to obtain an architectural view describing how processes communicate and interact with each other. This output can later be compared to the connectors specified in the architecture document to validate the consistency between the architecture specification and the implementation of the system. A case study is presented showing the potential of the approach. We believe the results are promising enough to consider future extensions including other architectural elements beyond connectors.Sociedad Argentina de Informática e Investigación Operativa (SADIO
Dynamic Validation of Software Architectural Connectors
In this work we present an approach to dynamically validate the usage of software connectors in the context of software architectures.
By employing aspect oriented techniques the system’s execution is monitored in order to obtain an architectural view describing how processes communicate and interact with each other. This output can later be compared to the connectors specified in the architecture document to validate the consistency between the architecture specification and the implementation of the system. A case study is presented showing the potential of the approach. We believe the results are promising enough to consider future extensions including other architectural elements beyond connectors.Sociedad Argentina de Informática e Investigación Operativa (SADIO
Automated Refinement Of Hierarchical Object Graphs
Object graphs help explain the runtime structure of a system. To make object graphs convey design intent, one insight is to use
abstraction by hierarchy, i.e., to show objects that are implementation details as children of architecturally-relevant objects from the application domain. But additional information is needed to express this object hierarchy, using ownership type qualifiers in the code. Adding qualifiers after the fact involves manual overhead, and requires developers to switch between adding qualifiers in the code and looking at abstract object graphs to understand the object structures that the qualifiers describe. We propose an approach where developers express their design intent by refining an object graph directly, while an inference analysis infers valid qualifiers in the code. We present, formalize and implement the inference analysis. Novel features of the inference analysis compared to closely related work include a larger set of qualifiers to support less restrictive object hierarchy (logical containment) in addition to strict hierarchy (strict encapsulation), as well as object uniqueness and object borrowing. A separate extraction analysis then uses these qualifiers and extracts an updated object graph. We evaluate the approach on two subject systems. One of the subject systems is reproduced from an experiment using related techniques and another ownership type system, which enables a meaningful comparison. For the other subject system, we use its documentation to pick refinements that express design intent. We compute metrics on the refinements (how many attempts on each subject system) and classify them by their type. We also compute metrics on the inferred qualifiers and metrics on the object graphs to enable quantitative comparison. Moreover, we qualitatively compare the hierarchical object graphs with the flat object graphs and with each other, by highlighting how they express design intent. Finally, we confirm that the approach can infer from refinements valid qualifiers such that the extracted object graphs reflect the design intent of the refinements
Dynamic Validation of Software Architectural Connectors
In this work we present an approach to dynamically validate the usage of software connectors in the context of software architectures.
By employing aspect oriented techniques the system’s execution is monitored in order to obtain an architectural view describing how processes communicate and interact with each other. This output can later be compared to the connectors specified in the architecture document to validate the consistency between the architecture specification and the implementation of the system. A case study is presented showing the potential of the approach. We believe the results are promising enough to consider future extensions including other architectural elements beyond connectors.Sociedad Argentina de Informática e Investigación Operativa (SADIO
Microservice Architecture Reconstruction and Visualization Techniques: A Review
Microservice system solutions are driving digital transformation; however,
fundamental tools and system perspectives are missing to better observe,
understand, and manage these systems, their properties, and their dependencies.
Microservices architecture leads towards decentralization, which implies many
advantages to system operation; it, however, brings challenges to their
development. Microservice systems often lack a system-centric perspective that
would help engineers better cope with system evolution and quality assessment.
In this work, we explored microservice-specific architecture reconstruction
based on static analysis. Such reconstruction typically results in system
models to visualize selected system-centric perspectives. Conventional models
involve 2D methods; however, these methods are limited in utility when services
proliferate. We considered various architectural perspectives relevant to
microservices and assessed the relevancy of the traditional method, comparing
it to alternative data visualization using 3D space. As a representative of the
3D method, we considered a 3D graph model presented in augmented reality. To
begin testing the feasibility of deriving such perspectives from microservice
systems, we developed and implemented prototype tools for software architecture
reconstruction and visualization of compared perspectives. Using these
prototypes, we performed a small user study with software practitioners to
highlight the potentials and limitations of these innovative visualizations
used for common practitioner reasoning and tasks
- …