58 research outputs found
Recommended from our members
A systematic mapping study of API usability evaluation methods
An Application Programming Interface (API) provides a programmatic interface to a software component that is often offered publicly and may be used by programmers who are not the API’s original designers. APIs play a key role in software reuse. By reusing high quality components and services, developers can increase their productivity and avoid costly defects. The usability of an API is a qualitative characteristic that evaluates how easy it is to use an API. Recent years have seen a considerable increase in research efforts aiming at evaluating the usability of APIs. An API usability evaluation can identify problem areas and provide recommendations for improving the API. In this systematic mapping study, we focus on 47 primary studies to identify the aim and the method of the API usability studies. We investigate which API usability factors are evaluated, at which phases of API development is the usability of API evaluated and what are the current limitations and open issues in API usability evaluation. We believe that the results of this literature review would be useful for both researchers and industry practitioners interested in investigating the usability of API and new API usability evaluation methods
Thwarting Code-Reuse and Side-Channel Attacks in Embedded Systems
Nowadays, embedded devices are increasingly present in everyday life, often
controlling and processing critical information. For this reason, these devices
make use of cryptographic protocols. However, embedded devices are particularly
vulnerable to attackers seeking to hijack their operation and extract sensitive
information. Code-Reuse Attacks (CRAs) can steer the execution of a program to
malicious outcomes, leveraging existing on-board code without direct access to
the device memory. Moreover, Side-Channel Attacks (SCAs) may reveal secret
information to the attacker based on mere observation of the device. In this
paper, we are particularly concerned with thwarting CRAs and SCAs against
embedded devices, while taking into account their resource limitations.
Fine-grained code diversification can hinder CRAs by introducing uncertainty to
the binary code; while software mechanisms can thwart timing or power SCAs. The
resilience to either attack may come at the price of the overall efficiency.
Moreover, a unified approach that preserves these mitigations against both CRAs
and SCAs is not available. This is the main novelty of our approach, Secure
Diversity by Construction (SecDivCon); a combinatorial compiler-based approach
that combines software diversification against CRAs with software mitigations
against SCAs. SecDivCon restricts the performance overhead in the generated
code, offering a secure-by-design control on the performance-security
trade-off. Our experiments show that SCA-aware diversification is effective
against CRAs, while preserving SCA mitigation properties at a low, controllable
overhead. Given the combinatorial nature of our approach, SecDivCon is suitable
for small, performance-critical functions that are sensitive to SCAs. SecDivCon
may be used as a building block to whole-program code diversification or in a
re-randomization scheme of cryptographic code
On rigorous design and implementation of fault tolerant ambient systems
Developing fault tolerant ambient systems requires many challenging factors to be considered due to the nature of such systems, which tend to contain a lot of mobile elements that change their behaviour depending on the surrounding environment, as well as the possibility of their disconnection and re-connection. It is therefore necessary to construct the critical parts of fault tolerant ambient systems in a rigorous manner. This can be achieved by deploying formal approach at the design stage, coupled with sound framework and support at the implementation stage. In this paper, we briefly describe a middleware that we developed to provide system structuring through the concepts of roles, agents, locations and scopes, making it easier for the developers to achieve fault tolerance. We then outline our experience in developing an ambient lecture system using the combination of formal approach and our middleware
A framework for open distributed system design
Building open distributed systems is an even more challenging task than building distributed systems, as their components are loosely synchronised, can move, become disconnected, and their behaviour may depend on the changing context. The approach we are putting forward relies on using a combination of formal methods applied for rigorous development of the critical parts of the system and a set of design abstractions proposed specifically for the open context-aware applications and supported by a special middleware. Our middleware provides system structuring through the concepts of roles, agents, locations and scopes, making it easier for application developers to achieve fault tolerance. We demonstrate our approach using a case study, in which we show the whole process of developing an ambient campus application - an example of open distributed systems - including its formal specification, refinement, and implementation
- …