1,370 research outputs found
A model-based approach to service creation
This paper presents a model-based approach to support service creation. In this approach, services are assumed to be created from (available) software components. The creation process may involve multiple design steps in which the requested service is repeatedly decomposed into more detailed functional parts, until these parts can be mapped onto software components. A modelling language is used to express and enable analysis of the resulting designs, in particular the behaviour aspects. Methods are needed to verify the correctness of each design step. A technique called behaviour refinement is introduced to assess the conformance relation between an abstract behaviour and a more concrete (detailed) behaviour. This technique is based on the application of abstraction rules to determine the abstraction of the concrete behaviour such that the obtained abstraction can be compared to the original abstract behaviour. The application of this refinement technique throughout the creation process enforces the correctness of the created servic
An Approach to Relate Viewpoints and Modeling Languages
The architectural design of distributed enterprise applications from the viewpoints of different stakeholders has been proposed for some time, for example, as part of RM-ODP and IEEE 1471, and seems now-a-days to gain acceptance in practice. However, much work remains to be done on the relationships between different viewpoints. Failing to relate viewpoints may lead to a collection of viewpoint models that is inconsistent, and may therefore lead to an incorrect implementation. This paper defines an approach that helps designers to relate different viewpoints to each other. Thereby, it helps to enforce the consistency of the overall design. The results of this paper are expected to be particularly interesting for Model Driven Architecture (MDA) projects, since the proposed models can be used for the explicit definition of the models and relationships between models in an MDA trajectory
Achieving Cost-Effective Software Reliability Through Self-Healing
Heterogeneity, mobility, complexity and new application domains raise new software reliability issues that cannot be met cost-effectively only with classic software engineering approaches. Self-healing systems can successfully address these problems, thus increasing software reliability while reducing maintenance costs. Self-healing systems must be able to automatically identify runtime failures, locate faults, and find a way to bring the system back to an acceptable behavior. This paper discusses the challenges underlying the construction of self-healing systems with particular focus on functional failures, and presents a set of techniques to build software systems that can automatically heal such failures. It introduces techniques to automatically derive assertions to effectively detect functional failures, locate the faults underlying the failures, and identify sequences of actions alternative to the failing sequence to bring the system back to an acceptable behavior
Dynamic verification of mashups of service-oriented things through a mediation platform
The new Internet is evolving into the vision of the Internet of Things, where physical
world entities are integrated into virtual world things. Things are expected to become active
participants in business, information and social processes. Then, the Internet of Things could
benefit from the Web Service architecture like today’s Web does; so Future service-oriented
Internet things will offer their functionality via service-enabled interfaces. As demonstrated in
previous work, there is a need of considering the behaviour of things to develop applications in
a more rigorous way. We proposed a lightweight model for representing such behaviour based
on the service-oriented paradigm and extending the standard DPWS profile to specify the
(partial) order with which things can receive messages. To check whether a mashup of things
respects the behaviour, specified at design-time, of composed things, we proposed a static
verification. However, at run-time a thing may change its behaviour or receive requests from
instances of different mashups. Then, it is required to check and detect dynamically possible
invalid invocations provoked by the behaviour’s changes. In this work, we extend our static
verification with an approach based on mediation techniques and complex event processing to
detect and inhibit invalid invocations, checking that things only receive requests compatible
with their behaviour. The solution automatically generates the required elements to perform
run-time validation of invocations, and it may be extended to validate other issues. Here, we
have also dealt with quality of service and temporal restrictions
Multilevel Contracts for Trusted Components
This article contributes to the design and the verification of trusted
components and services. The contracts are declined at several levels to cover
then different facets, such as component consistency, compatibility or
correctness. The article introduces multilevel contracts and a
design+verification process for handling and analysing these contracts in
component models. The approach is implemented with the COSTO platform that
supports the Kmelia component model. A case study illustrates the overall
approach.Comment: In Proceedings WCSI 2010, arXiv:1010.233
Contract-based approach to analyze software components
International audienceComponent-based software development focuses on building large software systems by integrating existing software components to reduce cost, risk and time. However, behavioural and compositional conflicts among components constitute a crucial barrier to successful software composition. In this paper, we present a contract-based approach to analyze and model the properties of components and their composition in order to detect and correct composition errors. With this approach we characterize the structural, interface and behavioural aspects, and a specific form of evolution of these components. Enabling this, we propose the use of the LOTOS language as an Architecture Description Language (ADL) for formalising these aspects
Understanding and Identifying Vulnerabilities Related to Architectural Security Tactics
To engineer secure software systems, software architects elicit the system\u27s security requirements to adopt suitable architectural solutions. They often make use of architectural security tactics when designing the system\u27s security architecture. Security tactics are reusable solutions to detect, resist, recover from, and react to attacks. Since security tactics are the building blocks of a security architecture, flaws in the adoption of these tactics, their incorrect implementation, or their deterioration during software maintenance activities can lead to vulnerabilities, which we refer to as tactical vulnerabilities . Although security tactics and their correct adoption/implementation are crucial elements to achieve security, prior works have not investigated the architectural context of vulnerabilities. Therefore, this dissertation presents a research work whose major goals are: (i) to identify common types of tactical vulnerabilities, (ii) to investigate tactical vulnerabilities through in-depth empirical studies, and (iii) to develop a technique that detects tactical vulnerabilities caused by object deserialization. First, we introduce the Common Architectural Weakness Enumeration (CAWE), which is a catalog that enumerates 223 tactical vulnerability types. Second, we use this catalog to conduct an empirical study using vulnerability reports from large-scale open-source systems. Among our findings, we observe that Improper Input Validation was the most reoccurring vulnerability type. This tactical vulnerability type is caused by not properly implementing the Validate Inputs tactic. Although prior research focused on devising automated (or semi-automated) techniques for detecting multiple instances of improper input validation (e.g., SQL Injection and Cross-Site Scripting) one of them got neglected, which is the untrusted deserialization of objects. Unlike other input validation problems, object deserialization vulnerabilities exhibit a set of characteristics that are hard to handle for effective vulnerability detection. We currently lack a robust approach that can detect untrusted deserialization problems. Hence, this dissertation introduces DODO untrusteD ObjectDeserialization detectOr), a novel program analysis technique to detect deserialization vulnerabilities. DODO encompasses a sound static analysis of the program to extract potentially vulnerable paths, an exploit generation engine, and a dynamic analysis engine to verify the existence of untrusted object deserialization. Our experiments showed that DODO can successfully infer possible vulnerabilities that could arise at runtime during object deserialization
Recommended from our members
FLAVERS: a Finite State Verification Technique for Software Systems
Software systems are increasing in size and complexity and, subsequently, are becoming ever more difficult to validate. Finite State Verification (FSV) has been gaining credibility and attention as an alternative to testing and to formal verification approaches based on theorem proving. There has recently been a great deal of excitement about the potential for FSV approaches to prove properties about hardware descriptions but, for the most part, these approaches do not scale adequately to handle the complexity usually found in software. In this paper, we describe an FSV approach that creates a compact and conservative, but imprecise, model of the system being analyzed, and then assists the analyst in adding additional details as guided by previous analysis results. This paper describes this approach and a prototype implementation, called FLAVERS, presents a detailed example, and then provides some experimental results demonstrating scalability
- …