GRIMACE: GeneRIc MetAmodel for domain Component modElling.

International audienceComponent Based Software Engineering (CBSE) is a popular and widely adopted software engineering paradigm that has proven his usefulness and success to increase reusability and efficiency in various application domains. In this paper, we propose a common metamodel to support CBSE requirements taking into account the specificities of each domain. The resulting modeling framework serves primarily to capture the basic concepts of concerns related to component systems development based on the clear separation between the development process, interactions and the domain knowledge

An MDE Approach for Domain based Architectural Components Modelling.

International audienceComponent Based Software Engineering (CBSE) is a popular and widely adopted software engineering paradigm that has proven his usefulness and success to increase reusability and efficiency in various application domains. In this paper, we propose a common metamodel of a component to support all the requirements of CBSE taking into account the specificities of each domain. The resulting modeling framework serves primarily to capture the basic concepts of concerns related to component systems development based on the clear separation between the development process, interactions and the domain knowledge. As a proof of concept, we are evaluating the feasibility of our approach through the CCM component model applied to an use case for building systems having real-time requirements

Processus IDM pour l’intégration des patrons de sécurité dans une application à base de composants

Security has become an important challenge in current software and system development. Most of designers are experts in software development but not experts in security. It is important to guide them to apply security mechanisms in the early phases of software development to reduce time and cost of development. To reach this objective, we propose to apply security expertise as security patterns at software design phase. A security pattern is a well-understood solution to a recurring information security problem. So, security patterns encapsulate the knowledge accumulated by security experts to secure a software system. Although well documented, patterns are often neglected at the design level and do not constitute an intuitive solution that can be used by software designers. This can be the result of the maladjustment of those patterns to systems context, the inexpertness of designers with security solutions and the need of integration process to let designers apply those pattern ? solutions in practical situations and to work with patterns at higher levels of abstraction. To enable designers to use solutions proposed by security patterns, this thesis proposes a model driven engineering approach to secure applications through the integration of security patterns. Component-based approach is a powerful means to develop and reuse complex systems. In this thesis, we take component based software systems as an application domain for our approach to facilitate the development of applications by assembling prefabricated software building blocks called components. The proposed process provides separation between domain expertise and application security expertise, both of which are needed to build a secure application. Our main goal is to provide a semi-automatic integrating of security patterns into component-based models, and producing an executable secure code. This integration is performed through a set of transformation rules. The result of this integration is a new model supporting security concepts. It is then automatically translated into aspect-oriented code related to security. These aspects are then woven in a modular way within the functional application code to enforce specified security properties. The use of aspect technology in the implementation phase guarantees that the application of security patterns is independent from any particular implementation. In order to provide a clear comprehension of the SCRIP process, we have described it using the standard SPEM . This work is implemented in a software tool called SCRI-TOOL (SeCurity patteRn Integration Tool). This tool allows not security experts developers to integrate different security properties throughout the development cycle of an component based application. To illustrate the use of SCRI-TOOL, we propose a case study regarding electronic healthcare systems. The choice of such a case study is motivated by the great attention archived for such systems from academia and industry and by the importance of security in such systems. Indeed, because of the large number of actors that can interact in such systems, security is a critical requirement. This case study will also allow us to illustrate the proposed methodology to highlight the importance of security management at a high level of abstraction. As results of the application of this process, we obtain a health care application completely secure and meeting the requirements of medical context.La sécurité est devenue un enjeu important dans le développement des systèmes logiciels actuels. La majorité des concepteurs de ces systèmes manquent d’expertise dans le domaine de la sécurité. Il s’avère donc important de les guider tout au long des différentes phases de développement logiciel dans le but de produire des systèmes plus sécurisés. Cela permettra de réduire le temps ainsi que les coûts de développement. Pour atteindre cet objectif, nous proposons d’appliquer l’expertise en matière de sécurité sous forme de patrons de sécurité lors de la phase de conception de logiciels. Un patron de sécurité intègre des solutions éprouvées et génériques proposées par des experts en sécurité. Cependant, les patrons de sécurité sont souvent négligés au niveau de la conception et ne constituent pas une solution intuitive qui peut être utilisée par les concepteurs de logiciels. Cela peut être le résultat de l’inadaptation de ces patrons au contexte des systèmes, la non-expertise des concepteurs dans le domaine de la sécurité ou encore l’absence d’un processus d’intégration de ces patrons dans les modèles à un haut niveau d’abstraction.Afin de permettre aux concepteurs d’utiliser les solutions proposées par des patrons de sécurité, cette thèse propose une approche d’ingénierie dirigée par les modèles pour sécuriser des applications via l’intégration de patrons de sécurité. Nous avons choisi comme contexte d’application de notre approche, les applications à base de composants qui visent à faciliter le développement d’applications à partir de l’assemblage de briques logicielles préfabriquées appelées composants. Le processus proposé assure la séparation entre l’expertise du domaine d’application et l’expertise de sécurité, toutes les deux étant nécessaires pour construire une application sécurisée. La méthodologie proposée assure une intégration semi-automatique des patrons de sécurité dans le modèle initial. Cette intégration est réalisée tout d’abord lors de la modélisation de l’application à travers, dans un premier temps, l’élaboration de profils étendant les concepts du domaine avec les concepts de sécurité. Dans un second temps, l’intégration se fait à travers la définition de règles, qui une fois appliquées, génèrent une application sécurisée. Finalement, cette intégration est assurée aussi au niveau de la génération du code fonctionnel de l’application en intégrant le code non-fonctionnel relatif à la sécurité à travers l’utilisation des aspects. L’utilisation de l’approche orientée aspect garantit que l’application des patrons de sécurité est indépendante de toute application particulière. Le processus proposé est décrit avec le standard SPEM.Ce travail a été concrétisé par un outil nommé SCRI-TOOL pour SeCurity patteRn Integration Tool. Cet outil permet aux développeurs non experts en sécurité d’intégrer les différentes propriétés de sécurité (intégrées dans les patrons) dans une application à base de composants. Afin d’illustrer l’utilisation de SCRI-TOOL, nous proposons une étude de cas portant sur le domaine des systèmes de soins distribués. Le choix d’une telle étude de cas s’explique par l’importance des exigences en termes de sécurité requises pour le bon fonctionnement d’une telle application. En effet, vue le grand nombre d’acteurs pouvant interagir, la sécurité est une exigence critique dans de tels systèmes. Cette étude nous a permis de mettre en évidence l’importance de la gestion de la sécurité à un haut niveau d’abstraction et la façon d’appliquer la méthodologie proposée sur un cas réel

An engineering process for security patterns application in component based models

International audienceSecurity engineering with patterns is currently a very active area of research. Security patterns - an adaptation of Design Patterns to security - capture experts' experience in order to solve recurrent security problems in a structured and reusable way. In this paper, our objective is to describe an engineering process, called SCRIP (SeCurity patteRn Integration Process), which provides guidelines for integrating security patterns into component-based models. SCRIP defines activities and products to integrate security patterns in the whole development process, from UML component modeling until aspect code generation. The definition of SCRIP has been made using the OMG standard Software and System Process Engineering Meta-model (SPEM). We are developing a CASE tool to support that process

HaptiSole: Wearable Haptic System in Vibrotactile Guidance Shoes for Visually Impaired Wayfinding

During the last decade, several Electronic Orientation Aids devices have been proposed to solve the autonomy problems of visually impaired people. When hearing is considered the primary sense for Visually Impaired people (VI) and it is generally loaded with the environment, the use of tactile sense can be considered a solution to transmit directional information. This paper presents a new wearable haptic system based on four motors implemented in shoes, while six directions can be played. This study aims to introduce an interface design and investigate an appropriate means of spatial information delivery through haptic sense. The first experiment of the proposed system was performed with 15 users in an indoor environment. The results showed that the users were able to recognize, with high accuracy, the directions displayed on their feet. The second experiment was conducted in an outdoor environment with five blindfolded users who were guided along 120 meters. The users, guided only by the haptic system, successfully reached their destinations. The potential of tactile-foot stimulation to help VI understand Electronic Orientation Aids (EOA) instructions was discussed, and future challenges were defined

Phobia Exposure Therapy Using Virtual and Augmented Reality: A Systematic Review

A specific phobia is a common anxiety-related disorder that can be treated efficiently using different therapies including exposure therapy or cognitive therapy. One of the most famous methods to treat a specific phobia is exposure therapy. Exposure therapy involves exposing the target patient to the anxiety source or its context without the intention to cause any danger. One promising track of research lies in VR exposure therapy (VRET) and/or AR exposure therapy (ARET), where gradual exposure to a negative stimulus is used to reduce anxiety. In order to review existing works in this field, a systematic search was completed using the following databases: PubMed, ProQuest, Scopus, Web of Science, and Google Scholar. All studies that present VRET and/or ARET solutions were selected. By reviewing the article, each author then applied the inclusion and exclusion criteria, and 18 articles were selected. This systematic review aims to investigate the previous studies that used either VR and/or AR to treat any type of specific phobia in the last five years. The results demonstrated a positive outcome of virtual reality exposure treatment in the treatment of most phobias. In contrast, some of these treatments did not work for a few specific phobias in which the standard procedures were more effective. Besides, the study will also discuss the best of both technologies to treat a specific phobia. Furthermore, this review will present the limitations and future enhancements in this field

An MDE process for security pattern integration in component based application

La sécurité est devenue un enjeu important dans le développement des systèmes logiciels actuels. La majorité des concepteurs de ces systèmes manquent d’expertise dans le domaine de la sécurité. Il s’avère donc important de les guider tout au long des différentes phases de développement logiciel dans le but de produire des systèmes plus sécurisés. Cela permettra de réduire le temps ainsi que les coûts de développement. Pour atteindre cet objectif, nous proposons d’appliquer l’expertise en matière de sécurité sous forme de patrons de sécurité lors de la phase de conception de logiciels. Un patron de sécurité intègre des solutions éprouvées et génériques proposées par des experts en sécurité. Cependant, les patrons de sécurité sont souvent négligés au niveau de la conception et ne constituent pas une solution intuitive qui peut être utilisée par les concepteurs de logiciels. Cela peut être le résultat de l’inadaptation de ces patrons au contexte des systèmes, la non-expertise des concepteurs dans le domaine de la sécurité ou encore l’absence d’un processus d’intégration de ces patrons dans les modèles à un haut niveau d’abstraction.Afin de permettre aux concepteurs d’utiliser les solutions proposées par des patrons de sécurité, cette thèse propose une approche d’ingénierie dirigée par les modèles pour sécuriser des applications via l’intégration de patrons de sécurité. Nous avons choisi comme contexte d’application de notre approche, les applications à base de composants qui visent à faciliter le développement d’applications à partir de l’assemblage de briques logicielles préfabriquées appelées composants. Le processus proposé assure la séparation entre l’expertise du domaine d’application et l’expertise de sécurité, toutes les deux étant nécessaires pour construire une application sécurisée. La méthodologie proposée assure une intégration semi-automatique des patrons de sécurité dans le modèle initial. Cette intégration est réalisée tout d’abord lors de la modélisation de l’application à travers, dans un premier temps, l’élaboration de profils étendant les concepts du domaine avec les concepts de sécurité. Dans un second temps, l’intégration se fait à travers la définition de règles, qui une fois appliquées, génèrent une application sécurisée. Finalement, cette intégration est assurée aussi au niveau de la génération du code fonctionnel de l’application en intégrant le code non-fonctionnel relatif à la sécurité à travers l’utilisation des aspects. L’utilisation de l’approche orientée aspect garantit que l’application des patrons de sécurité est indépendante de toute application particulière. Le processus proposé est décrit avec le standard SPEM.Ce travail a été concrétisé par un outil nommé SCRI-TOOL pour SeCurity patteRn Integration Tool. Cet outil permet aux développeurs non experts en sécurité d’intégrer les différentes propriétés de sécurité (intégrées dans les patrons) dans une application à base de composants. Afin d’illustrer l’utilisation de SCRI-TOOL, nous proposons une étude de cas portant sur le domaine des systèmes de soins distribués. Le choix d’une telle étude de cas s’explique par l’importance des exigences en termes de sécurité requises pour le bon fonctionnement d’une telle application. En effet, vue le grand nombre d’acteurs pouvant interagir, la sécurité est une exigence critique dans de tels systèmes. Cette étude nous a permis de mettre en évidence l’importance de la gestion de la sécurité à un haut niveau d’abstraction et la façon d’appliquer la méthodologie proposée sur un cas réel.Security has become an important challenge in current software and system development. Most of designers are experts in software development but not experts in security. It is important to guide them to apply security mechanisms in the early phases of software development to reduce time and cost of development. To reach this objective, we propose to apply security expertise as security patterns at software design phase. A security pattern is a well-understood solution to a recurring information security problem. So, security patterns encapsulate the knowledge accumulated by security experts to secure a software system. Although well documented, patterns are often neglected at the design level and do not constitute an intuitive solution that can be used by software designers. This can be the result of the maladjustment of those patterns to systems context, the inexpertness of designers with security solutions and the need of integration process to let designers apply those pattern ? solutions in practical situations and to work with patterns at higher levels of abstraction. To enable designers to use solutions proposed by security patterns, this thesis proposes a model driven engineering approach to secure applications through the integration of security patterns. Component-based approach is a powerful means to develop and reuse complex systems. In this thesis, we take component based software systems as an application domain for our approach to facilitate the development of applications by assembling prefabricated software building blocks called components. The proposed process provides separation between domain expertise and application security expertise, both of which are needed to build a secure application. Our main goal is to provide a semi-automatic integrating of security patterns into component-based models, and producing an executable secure code. This integration is performed through a set of transformation rules. The result of this integration is a new model supporting security concepts. It is then automatically translated into aspect-oriented code related to security. These aspects are then woven in a modular way within the functional application code to enforce specified security properties. The use of aspect technology in the implementation phase guarantees that the application of security patterns is independent from any particular implementation. In order to provide a clear comprehension of the SCRIP process, we have described it using the standard SPEM . This work is implemented in a software tool called SCRI-TOOL (SeCurity patteRn Integration Tool). This tool allows not security experts developers to integrate different security properties throughout the development cycle of an component based application. To illustrate the use of SCRI-TOOL, we propose a case study regarding electronic healthcare systems. The choice of such a case study is motivated by the great attention archived for such systems from academia and industry and by the importance of security in such systems. Indeed, because of the large number of actors that can interact in such systems, security is a critical requirement. This case study will also allow us to illustrate the proposed methodology to highlight the importance of security management at a high level of abstraction. As results of the application of this process, we obtain a health care application completely secure and meeting the requirements of medical context

C-SCRIPT: Collaborative Security Pattern Integration Process

Collaboration is the act of working together, towards a common goal. Collaboration is essential to the success of construction project. In software engineering projects, understanding and supporting collaboration gives the broad impact on product quality. There appears that it is difficult to effectively interact and achieve a common project goals within the bounds of cost, quality and time. The purpose of the paper is to propose a collaborative engineering process, called Collaborative SeCurity patteRn Integration Process (C-SCRIP), and a tool that supports the full life-cycle of the development of a secure system from modeling to code

Architecture Exploration of Real-time Systems Based on Multi-Objective Optimization

11 ppInternational audienceThis article deals with real-time embedded system design and verification. Real-time embedded systems are frequentlydesigned according to multi-tasking architectures that have timing constraints to meet. The design of real-time embeddedsystems expressed as a set of tasks raises a major challenge since designers have to decide how functions of the system mustbe assigned to tasks. Assigning each function to a different task will result in a high number of tasks, and then in higherpreemption overhead. In contrast, mapping many functions on a limited number of tasks leads to a less flexible design whichis more expensive to change when the functions of the system evolve. This article presents a method based on an optimizationtechnique to investigate the assignment of functions to tasks. We propose a multi-objective evolution strategy formulation whichboth minimizes the number of preemptions and maximizes task laxities. Our method allows designers to explore the search spaceof all possible function to task assignments and to find good tradeoffs between the two optimization objectives among schedulablesolutions. After explaining our mapping approach, we present a set of experiments which demonstrates its effectiveness fordifferent system sizes

Multi-Objective Design Exploration Approach for Ravenscar Real-time Systems.

International audienceThis article deals with the design exploration and verification of real-time critical systems. Assigning the functions to the tasks of the target real-time operating system is a part of the design process. Finding a suitable design involves many important design decisions that have a strong impact on the system quality criteria. However, with the increasing complexity and scale of today’s systems and the large number of possible design solutions, making design decisions while balancing conflicting quality criteria becomes error-prone and unmanageable for designers. We propose an automated method using a multi-objective evolutionary algorithm guided by an architectural clustering technique. This method allows designers to search the design space for schedulable solutions with respect to multiple competing performance criteria. To assess our method, several evaluations were performed. One of them shows that we were able to produce the exact optimal solution sets for 55% of the studied problem instances