4 research outputs found
OVM2PN: Herramienta de análisis de configuraciones en Líneas de Productos de Software
Uno de los ejes centrales de una línea de producto de software (LPS) es la definición de su variabilidad. Esta prescribe las características a ser incluidas y las reglas de inclusión durante la derivación de productos individuales. Una forma de definir la variabilidad de una LPS es a través de un modelo de variabilidad ortogonal (OVM). Sin embargo, las familias de productos obtenidas pueden presentar ciertos problemas de inviabilidad, esto es, reglas de inclusión contradictorias que resultan en características imposibles de ser incorporadas en ningún producto. En este trabajo se propone una herramienta para representar, estudiar y detectar los problemas de inviabilidad en un OVM.Sociedad Argentina de Informática e Investigación Operativ
GitHub Considered Harmful? Analyzing Open-Source Projects for the Automatic Generation of Cryptographic API Call Sequences
GitHub is a popular data repository for code examples. It is being
continuously used to train several AI-based tools to automatically generate
code. However, the effectiveness of such tools in correctly demonstrating the
usage of cryptographic APIs has not been thoroughly assessed. In this paper, we
investigate the extent and severity of misuses, specifically caused by
incorrect cryptographic API call sequences in GitHub. We also analyze the
suitability of GitHub data to train a learning-based model to generate correct
cryptographic API call sequences. For this, we manually extracted and analyzed
the call sequences from GitHub. Using this data, we augmented an existing
learning-based model called DeepAPI to create two security-specific models that
generate cryptographic API call sequences for a given natural language (NL)
description. Our results indicate that it is imperative to not neglect the
misuses in API call sequences while using data sources like GitHub, to train
models that generate code.Comment: Accepted at QRS 202
SoK: Security of Microservice Applications: A Practitioners' Perspective on Challenges and Best Practices
Cloud-based application deployment is becoming increasingly popular among
businesses, thanks to the emergence of microservices. However, securing such
architectures is a challenging task since traditional security concepts cannot
be directly applied to microservice architectures due to their distributed
nature. The situation is exacerbated by the scattered nature of guidelines and
best practices advocated by practitioners and organizations in this field. This
research paper we aim to shay light over the current microservice security
discussions hidden within Grey Literature (GL) sources. Particularly, we
identify the challenges that arise when securing microservice architectures, as
well as solutions recommended by practitioners to address these issues. For
this, we conducted a systematic GL study on the challenges and best practices
of microservice security present in the Internet with the goal of capturing
relevant discussions in blogs, white papers, and standards. We collected 312 GL
sources from which 57 were rigorously classified and analyzed. This analysis on
the one hand validated past academic literature studies in the area of
microservice security, but it also identified improvements to existing
methodologies pointing towards future research directions.Comment: Accepted at the 17th International Conference on Availability,
Reliability and Security (ARES 2022
Miradas desde la historia social y la historia intelectual: América Latina en sus culturas: de los procesos independistas a la globalización
Fil: Benito Moya, Silvano G. A. Universidad Católica de Córdoba. Facultad de Filosofía y Humanidades; Argentina.Fil: Universidad Católica de Córdoba. Facultad de Filosofía y Humanidades; Argentina