A Model-driven Approach for Empowering Advance Web Augmentation From Client-side to Server-side Support

Websites augmentations have been adopted as a mean for improving the User Experience of applications that often are not owned by the user. The augmentations alter the page in order to add, modify and even remove its content pursuing the satisfaction of a user’s need. However, these augmentations are limited to page modification or transcluding content from another site on Internet. Moreover, advance server-side based augmentations have been released only by developers because of the required technical skill for the task. In this work, we have presented a novel approach for designing Web Augmentation coping client-side and server side using a Model-Driven Web Engineering approach. The approach rises the abstraction level for server side developments allowing end-users to design, and even implement the new functionalities. Additionally, the approach uses advance separation of concern principles thus we provide a set of tools for designing the composition of the core application and the augmentation. We show as running example an augmentation that introduces a site community’s review support upon an agriculture e-commerce site.European Union Horizon 2020 No.62149Ministerio de Ciencia e Innovación 2016-76956-C3-2-R (POLOLAS

Systematic Development of ERP Modules using a Model-Driven Strategy Focusing on the Users

ERP systems are composed of different functional modules on which each one addresses a different business area. Developments on these modules are managed independently on each one, which allow to handle and address the management of many related information requirements. In this context the startup G7Innovation works for its product iMEDEA. In this study we have combined two methodologies, Design Sprint and NDT 4.0; and systematized the development of ERP system modules. This combination allows you to use Design Sprint to generate and validate prototyping, and NDT 4.0 to do the study, analysis, and design of the software to be developed. In addition, according to the specifications defined in NDT, the code generation of the ERP module can be automated. This proposal has been validated in a case study in collaboration with the startup G7Innovation, where we have applied both methodologies on Odoo, an open source ERP system based in Python language. Thanks to the use of these two methodologies we have produced a module related to the needs of the clinic by reducing costs, times and human failures.Ministerio de Ciencia e Innovación TIN2016-76956-C3-2-

A Practical Experience Applying Security Audit Techniques in an Industrial e-Health System Which Uses an Open Source ERP

Healthcare institutions is an ever-innovative field, in which modernization is moving forward taking giant steps. This modernization, so called “digitization”, brings up some concerns that should be carefully consid ered. Currently, the most sensible concerning in this field is the management of Electronic Health Record and patients’ data privacy. Health-related data in healthcare systems are under strict regulations, such as the EU’s General Data Protection Regulation (GDPR), whose non-compliance imposes huge penalties and fines. Cy bersecurity in healthcare plays an important role at protecting these sensitive data, which are highly valuable for criminals. Security experts follow already existing security frameworks to orchestrate the security assess ment process, so that the auditing process is as complete and as organized as possible. This study extends the lifecycle of a security assessment framework and conducts an exploitation and vulnerabilities’ analysis on an actual industrial scenario. The results of this security audit shows that even if the system is heavily fortified, there can be still some vulnerabilities.Ministerio de Ciencia, Innovación y Universidades PID2019-105455GB-C31Junta de Andalucía US-125153

MaRIA: a process to model entity reconciliation problems

Within the development of software systems, the development of web applications may be one of the most widespread at present due to the great number of advantages they provide such as: multiplatform, speed of access or the not requiring extremely powerful hardware among others. The fact that so many web applications are being developed, makes enormous the volume of information that it is generated daily. In the management of all this information, the entity reconciliation (ER) problem occurs, which is to identify objects referring to the same real-world entity. This paper proposes to give a solution to this problem through a web perspective based on the Model-Driven Engineering paradigm. To this end, the Navigational Development Techniques (NDT) methodology, that provides a formal and complete set of processes that bring support to the software lifecycle management, has been taken as a reference and it has been extended adding new activities, artefacts and documents to cover the ER. All these elements are defined by a process named Model-Driven Entity ReconcilIAtion (MaRIA), that can be integrated in any software development methodology and allows one to define the ER problem from the early stages of the development. In addition, this proposal has been validated in a real-world case study helping companies to reduce costs when a software product that must give a solution to an ER problem has to be developedMinisterio de Economía y Competitividad TIN2013-46928-C3-3-RMinisterio de Economía y Competitividad TIN2016-76956-C3-2-R (POLOLAS)Ministerio de Economía y Competitividad TIN2015-71938-RED

EDUFYSoS: A Factory of Educational System of Systems Case Studies

We propose a factory of educational System of Systems (SoS) case studies that can be used for evaluating SoS research results, in particular in SoS testing. The factory includes a first set of constituent systems that can collaborate within different SoS architectures to accomplish different missions. In the paper, we introduce three possible SoSs and outline their missions. For more detailed descriptions, diagrams and the source code, we refer to the online repository of EDUFYSoS. The factory is meant to provide an extensible playground, which we aim to grow to include more systems and other missions with the support of the community.Ministero dell'Università e della Ricerca (Italia) SISMA 201752ENY

Security Assessment of Systems of Systems

Engineering Systems of Systems is one of the new chal-lenges of the last few years. This depends on the increasing number of systems that must interact one with another to achieve a goal. One peculiarity of Systems of Systems is that they are made of systems able to live on their own with well-established functionalities and requirements, and that are not necessarily aware of the joint mission or prepared to collaborate. In this emergent scenario, securi-ty is one crucial aspect that must be considered from the very beginning. In fact, the security of a System of Sys-tems is not automatically granted even if the security of each constituent system is guaranteed. The aim of this paper is to address the problem of assessing security properties in Systems of Systems. We discuss the specific security aspects of such emergent systems, and propose the TeSSoS approach, which includes modelling and testing security properties in Systems of Systems and introduces the Red and Blue Requirements Specification concepts.Ministerio dell'Universitá e della Ricerca (Italia) GAUSS 2015KWREMXMinisterio de Economía y Competitividad TIN2016-76956-C3-2-R (POLOLAS

Digital persona portrayal: Identifying pluridentity vulnerabilities in digital life

The increasing use of the Internet for social purposes enriches the data available online about all of us and promotes the concept of the Digital Persona. Actually, most of us are represented online by more than one identity, what we define here as a Pluridentity . This trend brings increased risks: it is well known that the security of a Digital Persona can be exploited if its data and security are not effectively managed. In this paper, we focus specifically on a new type of digital attack that can be perpetrated by combining pieces of data belonging to one same Pluridentity in order to profile their target. Some victims can be so accurately depicted when looking at their Pluridentity that by using the gathered information attackers can execute very personalized social engineering attacks, or even bypass otherwise safe security mecha- nisms. We characterize these Pluridentity attacks as a security issue of a virtual System of Systems, whose constituent systems are the individual identities and the humans themselves. We present a strategy to identify vulnerabilities caused by overexposure due to the combination of data from the constituent iden- tities of a Pluridentity. To this end we introduce the Digital Persona Portrayal Metamodel, and the related Digital Pluridentity Persona Portrayal Analysis process that supports the architecting of data from differ- ent identities: such model and process can be used to identify the vulnerabilities of a Pluridentity due to its exploitation as a System of Systems. The approach has been validated on the Pluridentities of seven- teen candidates selected from a data leak, by retrieving the data of their Digital Personae, and matching them against the security mechanisms of their Pluridentities. After analyzing the results for some of the analyzed subjects we could detect several vulnerabilities.Ministerio dell'Universitá e della Ricerca (Italia) GAUSS 2015KWREMXMinisterio de Economía y Competitividad TIN2016-76956-C3-2-R (POLOLAS

A Delphi study to recognize and assess systems of systems vulnerabilities

Context: System of Systems (SoS) is an emerging paradigm by which independent systems collaborate by sharing resources and processes to achieve objectives that they could not achieve on their own. In this context, a number of emergent behaviors may arise that can undermine the security of the constituent systems. Objective: We apply the Delphi method with the aims to improve our understanding of SoS security and related problems, and to investigate their possible causes and remedies. Method: Experts on SoS expressed their opinions and reached consensus in a series of rounds by following a structured questionnaire. Results: The results show that the experts found more consensus in disagreement than in agreement about some SoS characteristics, and on how SoS vulnerabilities could be identified and prevented. Conclusions: From this study we learn that more work is needed to reach a shared understanding of SoS vul nerabilities, and we leverage expert feedback to outline some future research directions.Ministerio de Ciencia, Innovación y Universidades PID2019-105455GB-C3

Applying Model-Driven Web Engineering to the Testing Phase of the ADAGIO Project

The Model-Driven Engineering (MDE) has been used in recent years to promote better results in the development of Web Applications, in the field that has been called Model-Driven Web Engineering (MDWE). One of the advantages of applying MDWE is that it offers a solution to reduce the cost of the tests without affecting their quality execution. This paper presents the application of a MDWE methodology (Navigational Development Techniques, NDT) that provides support for all the phases of the lifecycle of a software project development proposing transformations between these phases, to manage the test phase of a real-world case study named ADAGIO. This project, among other goals, proposes the development of a web application whose main objective is to offer researchers the possibility of integrating and consolidating heterogeneous data sources, showing a unified vision of them, allowing to simplify the search task in different repositories as well as the relationship between the sources found.Ministerio de Economía y Competitividad TIN2016- 76956-C3-2-

Una estrategia centrada en el usuario y guiada por modelos para el desarrollo sistemático de módulos ERP

Los sistemas ERP están compuestos por diferentes módulos funciona les en el que cada uno aborda un área de negocio distinta. Los desarrollos que se llevan a cabo sobre estos módulos se gestionan de manera independiente por cada uno, lo que permite abordar de forma controlada un gran número de requisitos de información relacionados. En este contexto trabaja la startup G7Innovation para su producto iMEDEA. En este estudio hemos combinado dos metodologías, De sign Sprint y NDT 4.0; consiguiendo sistematizar el desarrollo de módulos de sistemas ERP. Esta combinación permite usar Design Sprint para generar y vali dar el prototipado, y NDT 4.0 para hacer el estudio, análisis y diseño del software a desarrollar. Además, de acuerdo a las especificaciones definidas en NDT, se puede automatizar la generación de código del módulo ERP. Esta propuesta se ha validado en un caso de estudio en colaboración con la startup G7Innovation donde hemos aplicado ambas metodologías sobre Odoo, un sistema ERP de có digo abierto escrito en lenguaje Python. Gracias al uso de estas dos metodologías hemos producido un módulo afín a las necesidades de la clínica reduciendo cos tos, tiempos y fallos humanos.Ministerio de Economía y Competitividad TIN2016-76956-C3-2-R (POLOLAS