Systematic adaptation of dynamically generated source code via domain-specific examples

In modern web-based applications, an increasing amount of source code is generated dynamically at runtime. Web applications commonly execute dynamically generated code (DGC) emitted by third-party, black-box generators, run at remote sites. Web developers often need to adapt DGC before it can be executed: embedded HTML can be vulnerable to cross-site scripting attacks; an API may be incompatible with some browsers; and the program\u27s state created by DGC may not be persisting. Lacking any systematic approaches for adapting DGC, web developers resort to ad-hoc techniques that are unsafe and error-prone. This study presents an approach for adapting DGC systematically that follows the program-transformation-byexample paradigm. The proposed approach provides predefined, domain-specific before/after examples that capture the variability of commonly used adaptations. By approving or rejecting these examples, web developers determine the required adaptation transformations, which are encoded in an adaptation script operating on the generated code\u27s abstract syntax tree. The proposed approach is a suite of practical JavaScript program adaptations and their corresponding before/after examples. The authors have successfully applied the approach to real web applications to adapt third-party generated JavaScript code for security, browser compatibility, and persistence

SaaS-palvelun konfigurointi ja kustomointi: konfiguroinninhallintatyökalu digitaaliselle allekirjoituspalvelulle

Today, cloud computing – a result of combining existing technologies – is a popular paradigm that has brought many benefits for users and enterprises. Cloud computing fosters the provision and use of IT infrastructure, platforms, and applications of any kind in the form of services that are available on the Web. Expensive initial hardware and software investments are not necessary anymore as the resources can be acquired as a service from cloud providers with a pay-per-use pricing model. One aspect that cannot be overlooked in cloud computing is multi-tenancy. It is a property of a system where multiple customers, so-called tenants, transparently share the system's resources. It leverages economies of scale where users and cloud providers benefit from reduced costs, which is a result of higher system density and increased utilization rate of resources. This model surpasses the traditional methods of using single-tenant architecture and ASP model in which a single instance or server is provisioned solely for one customer. Customizability is an essential part of multi-tenant systems. Ideally cloud application vendors wish that every user would be satisfied with the standardized offering, but usually users have their own unique business needs. Customizability can be divided into configuration, which supports differentiation by pre-defined scope, and customization, which supports tenant's custom code. Software variations can be applied to user interface, business logic related workflows, underlying data and reporting utilities. Multi-tenancy shares a lot in common with software product line engineering. However, implementing multi-tenancy and supporting differentiation between tenants have to be carefully planned. Increased complexity may have an impact in maintenance costs and re-engineering costs can be significant. Goal of the thesis is to first examine the requirements for a multi-tenant application, and based on the research, to develop a prototype of a configuration management tool in order to solve the customization need produced by tenants' unique business requirements. The target environment consists of a new SaaS service called SignHero, which is a digital signature service suited for companies that want to shift their signing process to modern times. The scope includes three variability points: customizing the logo in the signing page, customizing the logo in the emails and saving a default workflow. The developed tool fulfills the requirements, and the main service was extended to apply the saved configurations. The implementation leaves many improvement possibilities related to customizability and cloud characteristics. Findings promote the fact that customizability has to be initially included in the product design

Epiviz: a view inside the design of an integrated visual analysis software for genomics

Computational and visual data analysis for genomics has traditionally involved a combination of tools and resources, of which the most ubiquitous consist of genome browsers, focused mainly on integrative visualization of large numbers of big datasets, and computational environments, focused on data modeling of a small number of moderately sized datasets. Workflows that involve the integration and exploration of multiple heterogeneous data sources, small and large, public and user specific have been poorly addressed by these tools. In our previous work, we introduced Epiviz, which bridges the gap between the two types of tools, simplifying these workflows. In this paper we expand on the design decisions behind Epiviz, and introduce a series of new advanced features that further support the type of interactive exploratory workflow we have targeted. We discuss three ways in which Epiviz advances the field of genomic data analysis: 1) it brings code to interactive visualizations at various different levels; 2) takes the first steps in the direction of collaborative data analysis by incorporating user plugins from source control providers, as well as by allowing analysis states to be shared among the scientific community; 3) combines established analysis features that have never before been available simultaneously in a genome browser. In our discussion section, we present security implications of the current design, as well as a series of limitations and future research steps. Since many of the design choices of Epiviz are novel in genomics data analysis, this paper serves both as a document of our own approaches with lessons learned, as well as a start point for future efforts in the same direction for the genomics community.https://doi.org/10.1186/1471-2105-16-S11-S

Multi-tenant hybrid cloud architecture

This paper examines the challenges associated with the multi-tenant hybrid cloud architecture and describes how this architectural approach was applied in two software development projects. The motivation for using this architectural approach is to allow developing new features on top of monolithic legacy systems – that are still in production use – but without using legacy technologies. The architectural approach considers these legacy systems as master systems that can be extended with multi-tenant cloud-based add-on applications. In general, legacy systems are run in customer-operated environments, whereas add-on applications can be deployed to cloud platforms. It is thus imperative to have a means connectivity between these environments over the internet. The technology stack used within the scope of this thesis is limited to the offering of the .NET Core ecosystem and Microsoft Azure. In the first part of the thesis work, a literature review was carried out. The literature review focused on the challenges associated with the architectural approach, and as a result, a list of challenges was formed. This list was utilized in the software development projects of the second part of the thesis. It should be noted that there were very few high-quality papers available focusing exactly on the multi-tenant hybrid cloud architecture, so, in the end, source material for the review was searched separately for multi-tenant and for hybrid cloud design challenges. This factor is noted in the evaluation of the review. In the second part of the thesis work, the architectural approach was applied in two software development projects. Goals were set for the architectural approach: the add-on applications should be developed with modern technology stacks; their delivery should be automated; their subscription should be straightforward for customer organizations and they should leverage multi-tenant resource sharing. In the first project a data quality management tool was developed on top of a legacy dealership management system. Due to database connectivity challenges, confidentiality of customer data and authentication requirements, the implemented solution does not fully utilize the architectural approach, as having the add-on application hosted in the customer environment was the most reasonable solution. Despite this, the add-on application was developed with a modern technology stack and its delivery is automated. The subscription process does involve certain manual steps and, if the customer infrastructure changes over time, these steps must be repeated by the developers. This decreases the scalability of the overall delivery model. In the second project a PDA application was developed on top of a legacy vehicle maintenance tire hotel system. The final implementation fully utilizes the architectural approach. Support for multi-tenancy was implemented using ASP.NET Core Dependency Injection and Finbuckle.MultiTenancy-library. Azure Relay Hybrid Connection was used for hybrid cloud connectivity between the add-on application and the master system. The delivery model incorporates the same challenges regarding subscription and customer infrastructure changes as the delivery model of the data quality management tool. However, the manual steps associated with these challenges must be performed only once per customer – not once per customer per application. In addition, the delivery model could be improved to support customer self-service governance, enabling the delegation of any customer environment installations to the customers themselves. Even further, the customer environment installation could potentially cover an entire product family. As an example, instead of just providing access for the PDA application, the installation could provide access for all vehicle maintenance family add-on applications. This would make customer environment management easier and developing new add-on applications faster

A Generic method for assembling software product line components

Software product lines (SPL) facilitate the industrialization of software development. The main goal is to create a set of reusable software components for the rapid production of a software systems family. Many authors propose different approaches to implement and assemble the reusable components of an SPL. However, the construction and assembly of these components continue to be a complex and time-consuming process. This thesis analyzes the advantages and disadvantages of the current approaches to implement and assemble the reusable components of an SPL. Taking advantage of these elements and with the goal of developing a generic method (which can be applied to several software components developed in different software languages), we develop Fragment-oriented programming (FragOP), a framework to design, implement and reuse SPL domain components. FragOP is based on: (i) domain components, (ii) domain files, (iii) fragmentation points, (iv) fragments, (v) customization points, and (vi) customization files. FragOP was implemented in an open-source tool called VariaMos, and we also carried out three evaluations: (i) we created a clothing stores SPL, derived five different products, and discussed the results. (ii) We developed a discussion about the comparison between FragOP and other approaches. And (iii) we designed and executed a usability test of VariaMos to support the FragOP approach. The results show preliminary evidence that the use of FragOP reduces the manual intervention when assembling SPL domain components and it can be used as a generic method for assembling assets and SPL components developed in different software languages.Las líneas de productos de software (LPS) promueven la industrialización del desarrollo de software mediante la definición y ensamblaje de componentes reutilizables de software. Actualmente existen diferentes propuestas para implementar y ensamblar estos componentes. Sin embargo, su construcción y ensamblaje continúa siendo un proceso complejo y que requiere mucho tiempo. Esta tesis analiza las ventajas y desventajas de las diferentes estrategias actuales para implementación y ensamblaje de componentes de LPS. Con base en esto y con el objetivo de desarrollar un método genérico (el cual se pueda aplicar a múltiples componentes de software desarrollados en diferentes lenguajes), esta tesis desarrolla la programación orientada a fragmentos (FragOP), la cual define un marco de trabajo para diseñar, implementar y reutilizar componentes de dominio de LPS. FragOP se basa en: (i) componentes de dominio, (ii) archivos de dominio, (iii) puntos de fragmentación, (iv) fragmentos, (v) puntos de personalización, y (vi) archivos de personalización. Además, se realizó una implementación de FragOP en una herramienta llamada VariaMos, y se llevaron a cabo tres evaluaciones: (i) se creó una LPS de tiendas de ropa, se derivaron cinco productos y se discutieron los resultados. (ii) Se realizó una discusión acerca de la comparación de FragOP y otras propuestas actuales. Y (iii) se diseñó una prueba de usabilidad acerca del soporte de VariaMos para FragOP. Los resultados muestran evidencia preliminar de que el uso de FragOP reduce la intervención manual cuando se ensamblan componentes, y que FragOP puede usarse como un método genérico para el ensamblaje de componentes.Doctorad

Epiviz: Integrative Visual Analysis Software for Genomics

Computational and visual data analysis for genomics has traditionally involved a combination of tools and resources, of which the most ubiquitous consist of genome browsers, focused mainly on integrative visualization of large numbers of big datasets, and computational environments, focused on data modeling of a small number of moderately sized datasets. Workflows that involve the integration and exploration of multiple heterogeneous data sources, small and large, public and user specific have been poorly addressed by these tools. Commonly, the data visualized in these tools is the output of analyses performed in powerful computing environments like R/Bioconductor or Python. Two essential aspects of data analysis are usually treated as distinct, in spite of being part of the same exploratory process: algorithmic analysis and interactive visualization. In current technologies these are not integrated within one tool, but rather, one precedes the other. Recent technological advances in web-based data visualization have made it possible for interactive visualization tools to tightly integrate with powerful algorithmic tools, without being restricted to one such tool in particular. We introduce Epiviz (http://epiviz.cbcb.umd.edu), an integrative visualization tool that bridges the gap between the two types of tools, simplifying genomic data analysis workflows. Epiviz is the first genomics interactive visualization tool to provide tight-knit integration with computational and statistical modeling and data analysis. We discuss three ways in which Epiviz advances the field of genomic data analysis: 1) it brings code to interactive visualizations at various different levels; 2) takes the first steps in the direction of collaborative data analysis by incorporating user plugins from source control providers, as well as by allowing analysis states to be shared among the scientific community; 3) combines established analysis features that have never before been available simultaneously in a visualization tool for genomics. Epiviz can be used in multiple branches of genomics data analysis for various types of datasets, of which we detail two: functional genomics data, aligned to a continuous coordinate such as the genome, and metagenomics, organized according to volatile hierarchical coordinate spaces. We also present security implications of the current design, performance benchmarks, a series of limitations and future research steps

Report on Enhancing Services to Preserve New Forms of Scholarship

This report describes preservation activities, methods, and context for the Enhancing Services to Preserve New Forms of Scholarship project. Digital preservation institutions, libraries, and university presses examined a variety of enhanced digital publications and identified which features can be preserved at scale using tools currently available.The Andrew W. Mellon Foundatio

SoK: Lessons Learned From Android Security Research For Appified Software Platforms

Android security and privacy research has boomed in recent years, far outstripping investigations of other appified platforms. However, despite this attention, research efforts are fragmented and lack any coherent evaluation framework. We present a systematization of Android security and privacy research with a focus on the appification of software systems. To put Android security and privacy research into context, we compare the concept of appification with conventional operating system and software ecosystems. While appification has improved some issues (e.g., market access and usability), it has also introduced a whole range of new problems and aggravated some problems of the old ecosystems (e.g., coarse and unclear policy, poor software development practices). Some of our key findings are that contemporary research frequently stays on the beaten path instead of following unconventional and often promising new routes. Many security and privacy proposals focus entirely on the Android OS and do not take advantage of the unique features and actors of an appified ecosystem, which could be used to roll out new security mechanisms less disruptively. Our work highlights areas that have received the larger shares of attention, which attacker models were addressed, who is the target, and who has the capabilities and incentives to implement the countermeasures. We conclude with lessons learned from comparing the appified with the old world, shedding light on missed opportunities and proposing directions for future research