1,370 research outputs found

    A model-based approach to service creation

    Get PDF
    This paper presents a model-based approach to support service creation. In this approach, services are assumed to be created from (available) software components. The creation process may involve multiple design steps in which the requested service is repeatedly decomposed into more detailed functional parts, until these parts can be mapped onto software components. A modelling language is used to express and enable analysis of the resulting designs, in particular the behaviour aspects. Methods are needed to verify the correctness of each design step. A technique called behaviour refinement is introduced to assess the conformance relation between an abstract behaviour and a more concrete (detailed) behaviour. This technique is based on the application of abstraction rules to determine the abstraction of the concrete behaviour such that the obtained abstraction can be compared to the original abstract behaviour. The application of this refinement technique throughout the creation process enforces the correctness of the created servic

    An Approach to Relate Viewpoints and Modeling Languages

    Get PDF
    The architectural design of distributed enterprise applications from the viewpoints of different stakeholders has been proposed for some time, for example, as part of RM-ODP and IEEE 1471, and seems now-a-days to gain acceptance in practice. However, much work remains to be done on the relationships between different viewpoints. Failing to relate viewpoints may lead to a collection of viewpoint models that is inconsistent, and may therefore lead to an incorrect implementation. This paper defines an approach that helps designers to relate different viewpoints to each other. Thereby, it helps to enforce the consistency of the overall design. The results of this paper are expected to be particularly interesting for Model Driven Architecture (MDA) projects, since the proposed models can be used for the explicit definition of the models and relationships between models in an MDA trajectory

    Achieving Cost-Effective Software Reliability Through Self-Healing

    Get PDF
    Heterogeneity, mobility, complexity and new application domains raise new software reliability issues that cannot be met cost-effectively only with classic software engineering approaches. Self-healing systems can successfully address these problems, thus increasing software reliability while reducing maintenance costs. Self-healing systems must be able to automatically identify runtime failures, locate faults, and find a way to bring the system back to an acceptable behavior. This paper discusses the challenges underlying the construction of self-healing systems with particular focus on functional failures, and presents a set of techniques to build software systems that can automatically heal such failures. It introduces techniques to automatically derive assertions to effectively detect functional failures, locate the faults underlying the failures, and identify sequences of actions alternative to the failing sequence to bring the system back to an acceptable behavior

    Dynamic verification of mashups of service-oriented things through a mediation platform

    Get PDF
    The new Internet is evolving into the vision of the Internet of Things, where physical world entities are integrated into virtual world things. Things are expected to become active participants in business, information and social processes. Then, the Internet of Things could benefit from the Web Service architecture like today’s Web does; so Future service-oriented Internet things will offer their functionality via service-enabled interfaces. As demonstrated in previous work, there is a need of considering the behaviour of things to develop applications in a more rigorous way. We proposed a lightweight model for representing such behaviour based on the service-oriented paradigm and extending the standard DPWS profile to specify the (partial) order with which things can receive messages. To check whether a mashup of things respects the behaviour, specified at design-time, of composed things, we proposed a static verification. However, at run-time a thing may change its behaviour or receive requests from instances of different mashups. Then, it is required to check and detect dynamically possible invalid invocations provoked by the behaviour’s changes. In this work, we extend our static verification with an approach based on mediation techniques and complex event processing to detect and inhibit invalid invocations, checking that things only receive requests compatible with their behaviour. The solution automatically generates the required elements to perform run-time validation of invocations, and it may be extended to validate other issues. Here, we have also dealt with quality of service and temporal restrictions

    A Language-based Approach to Specification and Enforcement of Architectural Protocols

    Full text link

    Multilevel Contracts for Trusted Components

    Full text link
    This article contributes to the design and the verification of trusted components and services. The contracts are declined at several levels to cover then different facets, such as component consistency, compatibility or correctness. The article introduces multilevel contracts and a design+verification process for handling and analysing these contracts in component models. The approach is implemented with the COSTO platform that supports the Kmelia component model. A case study illustrates the overall approach.Comment: In Proceedings WCSI 2010, arXiv:1010.233

    Contract-based approach to analyze software components

    Get PDF
    International audienceComponent-based software development focuses on building large software systems by integrating existing software components to reduce cost, risk and time. However, behavioural and compositional conflicts among components constitute a crucial barrier to successful software composition. In this paper, we present a contract-based approach to analyze and model the properties of components and their composition in order to detect and correct composition errors. With this approach we characterize the structural, interface and behavioural aspects, and a specific form of evolution of these components. Enabling this, we propose the use of the LOTOS language as an Architecture Description Language (ADL) for formalising these aspects

    Understanding and Identifying Vulnerabilities Related to Architectural Security Tactics

    Get PDF
    To engineer secure software systems, software architects elicit the system\u27s security requirements to adopt suitable architectural solutions. They often make use of architectural security tactics when designing the system\u27s security architecture. Security tactics are reusable solutions to detect, resist, recover from, and react to attacks. Since security tactics are the building blocks of a security architecture, flaws in the adoption of these tactics, their incorrect implementation, or their deterioration during software maintenance activities can lead to vulnerabilities, which we refer to as tactical vulnerabilities . Although security tactics and their correct adoption/implementation are crucial elements to achieve security, prior works have not investigated the architectural context of vulnerabilities. Therefore, this dissertation presents a research work whose major goals are: (i) to identify common types of tactical vulnerabilities, (ii) to investigate tactical vulnerabilities through in-depth empirical studies, and (iii) to develop a technique that detects tactical vulnerabilities caused by object deserialization. First, we introduce the Common Architectural Weakness Enumeration (CAWE), which is a catalog that enumerates 223 tactical vulnerability types. Second, we use this catalog to conduct an empirical study using vulnerability reports from large-scale open-source systems. Among our findings, we observe that Improper Input Validation was the most reoccurring vulnerability type. This tactical vulnerability type is caused by not properly implementing the Validate Inputs tactic. Although prior research focused on devising automated (or semi-automated) techniques for detecting multiple instances of improper input validation (e.g., SQL Injection and Cross-Site Scripting) one of them got neglected, which is the untrusted deserialization of objects. Unlike other input validation problems, object deserialization vulnerabilities exhibit a set of characteristics that are hard to handle for effective vulnerability detection. We currently lack a robust approach that can detect untrusted deserialization problems. Hence, this dissertation introduces DODO untrusteD ObjectDeserialization detectOr), a novel program analysis technique to detect deserialization vulnerabilities. DODO encompasses a sound static analysis of the program to extract potentially vulnerable paths, an exploit generation engine, and a dynamic analysis engine to verify the existence of untrusted object deserialization. Our experiments showed that DODO can successfully infer possible vulnerabilities that could arise at runtime during object deserialization
    • …
    corecore