Software product line for web-based geographic information systems

Programa Oficial de Doutoramento en Computación . 5009V01[Abstract] Software Product Line Engineering (SPLE) is a research field that seeks to industrialize software development using techniques such as mass-production and mass-customization or reusing software components. A geographic information system (GIS) is an information system that works, in some way, with geographic information. Although each GIS is used in a particular area, there are many features common to all of them. In addition, strong standardization has been carried out so that most GIS software components are interoperable. Consequently, the application of SPLE in this domain is a feasible and interesting problem. Applying SPLE to a new domain is a complex process and, in order to guarantee the validity of the final design of the SPL and its evolution, it is important to strictly follow a methodology appropriate to the specific domain. Considering that it does not exist a suitable methodology for the context of our work (i.e., web-based GIS applications developed in a software company with several products in the market), we have decided to combine several existing methodologies and extend their scope with additional tasks that will are very useful in our context. After defining our SPL following this methodology, we found that the traditional techniques to implement SPL are not suitable for our domain, due to the peculiarities and requirements in the development of web-based GIS applications. Therefore, we have defined and implemented a new derivation engine for automatic software generation that maintains the formalities behind SPLE but at the same time provides a new degree of flexibility thanks to the use of a well-known industrial technique: scaffolding.[Resumen] La ingeniería de líneas de producto software (LPS) es un campo de investigación que pretende industrializar el desarrollo de software usando técnicas como la producción y customización en masa, o la reutilización de componentes software. Un sistema de información geográfica (SIG) es un sistema de información que trabaja, de alguna manera, con información de carácter geográfico. A pesar de que cada SIG se utiliza en un área en particular, hay muchas características comunes a todos ellos. Además, se ha llevado a cabo una fuerte estandarización de forma que la mayor parte de componentes software SIG son interoperables. En consecuencia, la aplicación de la ingenería de LPS en este dominio es un problema factible e interesante. Aplicar ingenería de LPS a un nuevo dominio es un proceso complejo y, para garantizar la validez del diseño final de la LPS y su evolución, es importante seguir de manera estricta una metodología adecuada al dominio concreto. Considerando que no existe una metodología adecuada para el contexto de nuestro trabajo (es decir, aplicaciones SIG basadas en web desarrolladas en una compañía de desarrollo de software con varios productos en el mercado), hemos decidido combinar varias metodologías existentes y extender su alcance con determinadas tareas que servirán para sacar el máximo provecho a nuestro contexto. Tras la definición de nuestra LPS siguiendo esta metodología, hemos encontrado que las técnicas tradicionales para implementar LPS no son adecuadas para nuestro dominio, debido a las particularidades y requerimientos en el desarrollo de aplicaciones GIS basadas en la web. Por lo tanto hemos definido e implementado un nuevo motor de derivación para la generación automática de software que mantiene las formalidades detrás de las LPS pero, al mismo tiempo, proporciona un nuevo grado de flexibilidad gracias al uso de una conocida técnica industrial: scaffolding.[Resumo] A enxeñería de liñas de produto software (LPS) é un campo de investigación que pretende industrializar o desenvolvemento de software usando técnicas como a producción e customización en masa, ou a reutilización de componentes software. Un sistema de información xeográfica (SIX) é un sistema de información que traballa, de algún modo, con información de carácter xeográfico. Aínda que cada SIX utilízase nun área en particular, existen moitas características comúns a todos eles. Ademáis, levouse a cabo unha forte estandarización de xeito que a maior parte dos componentes software SIX son interoperables. Polo tanto, a aplicación da inxeñería de LPS neste dominio é un problema factible e interesante. Aplicar enxeñería de LPS a un novo dominio é un proceso complexo e, para garantizar a validez do deseño final da LPS e a súa evolución, é importante seguir de maneira estricta unha metodoloxía adecuada ao dominio concreto. Tendo en conta que non existe ningunha metodoloxía adecuada para o contexto do noso traballo (é dicir, aplicacións SIX baseadas na web desenvoltas nunha compañía de desarrollo de software con varios productos no mercado), decidimos combinar varias metodoloxías existentes e extender o seu alcance con determinadas tarefas que servirán para sacar o máximo aproveitamento ao noso contexto. Tras a definición da nosa LPS seguindo esta metodoloxía, encontramos que as técnicas tradicionais para implementar LPS non son axeitadas para o noso dominio, debido ás particularidades e requerimentos no desenvolvemento de aplicacións SIX basadas na web. Polo tanto deseñamos e implementamos un novo motor de derivación para a xeración automática de software que mantén as formalidades das LPS pero, ó mesmo tempo, proporciona un novo grado de flexibilidade grazas ó uso dunha coñecida técnica industrial: scaffolding

INTELLIGENT VIRTUAL ASSISTANT FOR GAMIFIED ENVIRONMENTS

As the body of Information Systems (IS) research on social media grows, it faces increasing challenges of staying relevant to real world contexts. In this research-in-progress paper, we analyze and contrast research on social media in the e-government field and in IS research, by reviewing and categorizing 63 studies published in key journal outlets, in order to identify and complement research foci and gaps. We find that in comparison with e-government social media research, IS studies tend to adopt an abstract view of the individual user, focus on a monetary view of value added by social media, and overlook the role of contextual factors. We thus propose an extended framework for mapping social media research, by including a focus on the role of context and environment, and identify a research agenda for future studies on social media-related phenomena relevant to real world contexts

The malSource dataset: quantifying complexity and code reuse in malware development

During the last decades, the problem of malicious and unwanted software (malware) has surged in numbers and sophistication. Malware plays a key role in most of today's cyberattacks and has consolidated as a commodity in the underground economy. In this paper, we analyze the evolution of malware from 1975 to date from a software engineering perspective. We analyze the source code of 456 samples from 428 unique families and obtain measures of their size, code quality, and estimates of the development costs (effort, time, and number of people). Our results suggest an exponential increment of nearly one order of magnitude per decade in aspects such as size and estimated effort, with code quality metrics similar to those of benign software. We also study the extent to which code reuse is present in our dataset. We detect a significant number of code clones across malware families and report which features and functionalities are more commonly shared. Overall, our results support claims about the increasing complexity of malware and its production progressively becoming an industry.This work was supported in part by the Spanish Government through MINECO grants SMOG-DEV (TIN2016-79095-C2-2-R) and DEDETIS (TIN2015-7013-R), and in part by the Regional Government of Madrid through grantsCIBERDINE (S2013/ICE-3095) and N-GREENS (S2013/ICE-2731)

Combining Multiple Granularity Variability in a Software Product Line Approach for Web Engineering

[Abstract] Context: Web engineering involves managing a high diversity of artifacts implemented in different languages and with different levels of granularity. Technological companies usually implement variable artifacts of Software Product Lines (SPLs) using annotations, being reluctant to adopt hybrid, often complex, approaches combining composition and annotations despite their benefits. Objective: This paper proposes a combined approach to support fine and coarse-grained variability for web artifacts. The proposal allows web developers to continue using annotations to handle fine-grained variability for those artifacts whose variability is very difficult to implement with a composition-based approach, but obtaining the advantages of the composition-based approach for the coarse-grained variable artifacts. Methods: A combined approach based on feature modeling that integrates annotations into a generic composition-based approach. We propose the definition of compositional and annotative variation points with custom-defined semantics, which is resolved by a scaffolding-based derivation engine. The approach is evaluated on a real-world web-based SPL by applying a set of variability metrics, as well as discussing its quality criteria in comparison with annotations, compositional, and combined existing approaches. Results: Our approach effectively handles both fine and coarse-grained variability. The mapping between the feature model and the web artifacts promotes the traceability of the features and the uniformity of the variation points regardless of the granularity of the web artifacts. Conclusions: Using well-known techniques of SPLs from an architectural point of view, such as feature modeling, can improve the design and maintenance of variable web artifacts without the need of introducing complex approaches for implementing the underlying variability.The work of the authors from the Universidad de Málaga is supported by the projects Magic P12-TIC1814 (post-doctoral research grant), MEDEA RTI2018-099213-B-I00 (co-financed by FEDER funds), Rhea P18-FR-1081 (MCI/AEI/FEDER, UE), LEIA UMA18-FEDERIA-157, TASOVA MCIU-AEI TIN2017-90644-REDT and, European Union’s H2020 research and innovation program under grant agreement DAEMON 101017109. The work of the authors from the Universidade da Coruña has been funded by MCIN/AEI/10.13039/501100011033, NextGenerationEU/PRTR, FLATCITY-POC: PDC2021-121239-C31 ; MCIN/AEI/10.13039/501100011033 EXTRACompact: PID2020-114635RB-I00 ; GAIN/Xunta de Galicia/ERDF CEDCOVID: COV20/00604 ; Xunta de Galicia/FEDER-UE GRC: ED431C 2021/53 ; MICIU/FEDER-UE BIZDEVOPSGLOBAL: RTI-2018-098309-B-C32 ; MCIN/AEI/10.13039/501100011033 MAGIST: PID2019-105221RB-C41Junta de Andalucía; P12-TIC-1814Universidad de Málaga; UMA18-FEDERIA-157Xunta de Galicia; COV20/00604Xunta de Galicia; ED431C 2021/53Junta de Andalucía; P18-FR-108

An Architecture for Software Engineering Gamification

[Abstract] Gamification has been applied in software engineering to improve quality and results by increasing people's motivation and engagement. A systematic mapping has identified research gaps in the field, one of them being the difficulty of creating an integrated gamified environment comprising all the tools of an organization, since most existing gamified tools are custom developments or prototypes. In this paper, we propose a gamification software architecture that allows us to transform the work environment of a software organization into an integrated gamified environment, i.e., the organization can maintain its tools, and the rewards obtained by the users for their actions in different tools will mount up. We developed a gamification engine based on our proposal, and we carried out a case study in which we applied it in a real software development company. The case study shows that the gamification engine has allowed the company to create a gamified workplace by integrating custom-developed tools and off-the-shelf tools such as Redmine, TestLink, or JUnit, with the gamification engine. Two main advantages can be highlighted: (i) our solution allows the organization to maintain its current tools, and (ii) the rewards for actions in any tool accumulate in a centralized gamified environment

Multilevel Modeling of Geographic Information Systems Based on International Standards

Financiado para publicación en acceso aberto: Universidade da Coruña/CISUG[Abstract] Even though different applications based on Geographic Information Systems (GIS) provide different features and functions, they all share a set of common concepts (e.g., spatial data types, operations, services), a common architecture, and a common set of technologies. Furthermore, common structures appear repeatedly in different GIS, although they have to be specialized in specific application domains. Multilevel modeling is an approach to model-driven engineering (MDE) in which the number of metamodel levels is not fixed. This approach aims at solving the limitations of a two-level metamodeling approach, which forces the designer to include all the metamodel elements at the same level. In this paper, we address the application of multilevel modeling to the domain of GIS, and we evaluate its potential benefits. Although we do not present a complete set of models, we present four representative scenarios supported by example models. One of them is based on the standards defined by ISO TC/211 and the Open Geospatial Consortium. The other three are based on the EU INSPIRE Directive (territory administration, spatial networks, and facility management). These scenarios show that multilevel modeling can provide more benefits to GIS modeling than a two-level metamodeling approach.Xunta de Galicia; IN852A 2018/14Xunta de Galicia; ED431G 2019/01This work has been partially funded by grants: MICIU/FEDER-UE, MAGIST: PID2019-105221RB-C41; MICIU/FEDER-UEBIZDEVOPSGLOBAL: RTI-2018-098309-B-C32, Xunta de Galicia/FEDER-UE, ConectaPeme, GEMA: IN852A 2018/14; MINECOAEI/FEDER-UE Datos 4.0: TIN2016-78011-C4-1-R; MINECOAEI/FEDER-UE Velocity: TIN2016-77158-C4-3-R; CITIC research center funded by XUNTA and EU through the European Regional Development Fund- Galicia 2014-2020 Program, grant ED431G 2019/01. Funding for open access charge: Universidade da Coruña/CISUG

Experiencias y resultados para facilitar la compatibilización de un máster interuniversitario con un trabajo a tiempo completo

Presentamos un Máster interuniversitario en Geoinformática, impartido por las universidades de A Coruña y Vigo, y diseñado para que el alumno trabajador pueda seguir las clases. El máster se basa en el uso de una plataforma online que permite la visualización de las clases tanto en tiempo real como en diferido y en el esfuerzo del profesorado para transformar sus materias. La visualización de una clase incluye la interacción entre el profesorado y el alumnado, así como la compartición de documentos, pantalla o pizarra. Hemos realizado encuestas tanto al alumnado como al profesorado y analizado los resultados de satisfacción. Como punto negativo, se ha observado la reticencia de una parte menor del profesorado a emplear este nuevo sistema.We present an interuniversity master degree in Geoinformatics, offered by the universities of A Coruña and Vigo, and designed to allow working students to follow the lessons. The master is based on the use of a digital platform that allows both live and on-demand visualization of lectures, and on the effort of the faculty to transform the subjects. The visualization of a lecture includes the interaction between professors and students, as well as the possibility of sharing documents, screens or digital blackboards. We have conducted surveys to professors and students and analyzed the results. As a negative point, we have observed that a small part of the faculty have reservations to use the system

Extracción de información semántica en redes inalámbricas

Desde hace unos años, los dispositivos móviles y en particular los Smartphone y tablets se han consolidado como el producto estrella en el mundo de la electrónica de consumo para el gran público. Un estudio publicado en el verano de 2013 por la consultora Gartner asegura que las ventas de teléfonos móviles inteligentes superaron a las ventas de teléfonos móviles convencionales por primera vez y a nivel mundial durante el segundo trimestre de 2013. Uno de los principales motivos que hacen que este tipo de dispositivos sea tan popular entre los usuarios es que ofrece la oportunidad de disfrutar de un ordenador en la palma de la mano. Permiten navegar por Internet, enviar y recibir correos, chatear con nuestros contactos o compartir las últimas novedades en las redes sociales, esto unido al hecho de que las redes WiFi cada vez tienen más presencia en los lugares de ocio, han hecho posible que estemos conectados las 24h del día con nuestro entorno digital. Sin embargo, para la gran mayoría de los usuarios la seguridad de estos dispositivos no supone un tema preocupante. A pesar de esto, es un aspecto que no conviene olvidar dado que a través de nuestros dispositivos compartimos gran cantidad de información privada y de carácter personal, información que pude acabar en manos de terceras personas si no se presta atención a la seguridad de los dispositivos y de las redes En este documento se detallará el proceso de desarrollo de dos nuevos módulos para la aplicación dSploit, orientada a la auditoría y a pruebas de penetración en redes inalámbricas. Además, se expondrán los mecanismos en los que se sustentan las comunicaciones móviles a través de Internet y como una red insegura puede poner en riesgo nuestra privacidad en la red.In recent years, mobile devices and, in particular, smartphones and tablets have emerged as the star product in the market of consumer electronics for the general public. A study published in the summer of 2013 by technological consultancy Gartner says smartphone sales have surpassed sales of conventional mobile phones for the first time and worldwide in the second quarter of 2013. One of the main reasons why these devices are so popular is that they offer users the opportunity to enjoy a computer in their hands, as it enables you to browse the Internet, send and receive emails, chat with your contacts or share the latest news in social networks. This coupled with the fact that wireless networks are increasingly present in our entertainment places have allow us to be online all long the day. However, for most of the people, the security on mobile devices is not a serious matter. Despite of this, this is an issue that should not be unnoticed about because while using our mobile devices, we share a lot of private information which could be available to third persons if you don’t take care about security on devices and networks. In this document, it’s detailed the development process of two new modules for the dSploit app, used for network analysis and penetration testing. Besides, the mechanisms behind the security of mobile networks will be explained and how an unsecured network could put our online privacy on a jeopardy situation.Ingenieria Informátic

Securing Asynchronous Exceptions

Language-based information-flow control (IFC) techniques often rely on special purpose, ad-hoc primitives to address different covert channels that originate in the runtime system, beyond the scope of language constructs. Since these piecemeal solutions may not compose securely, there is a need for a unified mechanism to control covert channels. As a first step towards this goal, we argue for the design of a general interface that allows programs to safely interact with the runtime system and the available computing resources. To coordinate the communication between programs and the runtime system, we propose the use of asynchronous exceptions (interrupts), which, to the best of our knowledge, have not been considered before in the context of IFC languages. Since asynchronous exceptions can be raised at any point during execution—often due to the occurrence of an external event—threads must temporarily mask them out when manipulating locks and shared data structures to avoid deadlocks and, therefore, breaking program invariants. Crucially, the naive combination of asynchronous exceptions with existing features of IFC languages (e.g., concurrency and synchronization variables) may open up new possibilities of information leakage. In this paper, we present MACasync, a concurrent, statically enforced IFC language that, as a novelty, features asynchronous exceptions. We show how asynchronous exceptions easily enable (out of the box) useful programming patterns like speculative ex- ecution and some degree of resource management. We prove that programs in MACasync satisfy progress-sensitive non-interference and mechanize our formal claims in the Agda proof assistant