OVM2PN: Herramienta de análisis de configuraciones en Líneas de Productos de Software

Uno de los ejes centrales de una línea de producto de software (LPS) es la definición de su variabilidad. Esta prescribe las características a ser incluidas y las reglas de inclusión durante la derivación de productos individuales. Una forma de definir la variabilidad de una LPS es a través de un modelo de variabilidad ortogonal (OVM). Sin embargo, las familias de productos obtenidas pueden presentar ciertos problemas de inviabilidad, esto es, reglas de inclusión contradictorias que resultan en características imposibles de ser incorporadas en ningún producto. En este trabajo se propone una herramienta para representar, estudiar y detectar los problemas de inviabilidad en un OVM.Sociedad Argentina de Informática e Investigación Operativ

GitHub Considered Harmful? Analyzing Open-Source Projects for the Automatic Generation of Cryptographic API Call Sequences

GitHub is a popular data repository for code examples. It is being continuously used to train several AI-based tools to automatically generate code. However, the effectiveness of such tools in correctly demonstrating the usage of cryptographic APIs has not been thoroughly assessed. In this paper, we investigate the extent and severity of misuses, specifically caused by incorrect cryptographic API call sequences in GitHub. We also analyze the suitability of GitHub data to train a learning-based model to generate correct cryptographic API call sequences. For this, we manually extracted and analyzed the call sequences from GitHub. Using this data, we augmented an existing learning-based model called DeepAPI to create two security-specific models that generate cryptographic API call sequences for a given natural language (NL) description. Our results indicate that it is imperative to not neglect the misuses in API call sequences while using data sources like GitHub, to train models that generate code.Comment: Accepted at QRS 202

SoK: Security of Microservice Applications: A Practitioners' Perspective on Challenges and Best Practices

Cloud-based application deployment is becoming increasingly popular among businesses, thanks to the emergence of microservices. However, securing such architectures is a challenging task since traditional security concepts cannot be directly applied to microservice architectures due to their distributed nature. The situation is exacerbated by the scattered nature of guidelines and best practices advocated by practitioners and organizations in this field. This research paper we aim to shay light over the current microservice security discussions hidden within Grey Literature (GL) sources. Particularly, we identify the challenges that arise when securing microservice architectures, as well as solutions recommended by practitioners to address these issues. For this, we conducted a systematic GL study on the challenges and best practices of microservice security present in the Internet with the goal of capturing relevant discussions in blogs, white papers, and standards. We collected 312 GL sources from which 57 were rigorously classified and analyzed. This analysis on the one hand validated past academic literature studies in the area of microservice security, but it also identified improvements to existing methodologies pointing towards future research directions.Comment: Accepted at the 17th International Conference on Availability, Reliability and Security (ARES 2022

Miradas desde la historia social y la historia intelectual: América Latina en sus culturas: de los procesos independistas a la globalización

Fil: Benito Moya, Silvano G. A. Universidad Católica de Córdoba. Facultad de Filosofía y Humanidades; Argentina.Fil: Universidad Católica de Córdoba. Facultad de Filosofía y Humanidades; Argentina