76 research outputs found
Security Assurance Cases -- State of the Art of an Emerging Approach
Security Assurance Cases (SAC) are a form of structured argumentation used to
reason about the security properties of a system. After the successful adoption
of assurance cases for safety, SACs are getting significant traction in recent
years, especially in safety-critical industries (e.g., automotive), where there
is an increasing pressure to be compliant with several security standards and
regulations. Accordingly, research in the field of SAC has flourished in the
past decade, with different approaches being investigated. In an effort to
systematize this active field of research, we conducted a systematic literature
review (SLR) of the existing academic studies on SAC. Our review resulted in an
in-depth analysis and comparison of 51 papers. Our results indicate that, while
there are numerous papers discussing the importance of security assurance cases
and their usage scenarios, the literature is still immature with respect to
concrete support for practitioners on how to build and maintain a SAC. More
importantly, even though some methodologies are available, their validation and
tool support is still lacking
A Rapid Prototyping Language Workbench for Textual DSLs based on Xtext: Vision and Progress
Metamodel-based DSL development in language workbenches like Xtext allows
language engineers to focus more on metamodels and domain concepts rather than
grammar details. However, the grammar generated from metamodels often requires
manual modification, which can be tedious and time-consuming. Especially when
it comes to rapid prototyping and language evolution, the grammar will be
generated repeatedly, this means that language engineers need to repeat such
manual modification back and forth. Previous work introduced GrammarOptimizer,
which automatically improves the generated grammar using optimization rules.
However, the optimization rules need to be configured manually, which lacks
user-friendliness and convenience. In this paper, we present our vision for and
current progress towards a language workbench that integrates
GrammarOptimizer's grammar optimization rules to support rapid prototyping and
evolution of metamodel-based languages. It provides a visual configuration of
optimization rules and a real-time preview of the effects of grammar
optimization to address the limitations of GrammarOptimizer. Furthermore, it
supports the inference of a grammar based on examples from model instances and
offers a selection of language styles. These features aim to enhance the
automation level of metamodel-based DSL development with Xtext and assist
language engineers in iterative development and rapid prototyping. Our paper
discusses the potential and applications of this language workbench, as well as
how it fills the gaps in existing language workbenches.Comment: 6 pages, 3 figure
The state of adoption and the challenges of systematic variability management in industry
Handling large-scale software variability is still a challenge for many organizations. After decades of research on variability management concepts, many industrial organizations have introduced techniques known from research, but still lament that pure textbook approaches are not applicable or efficient. For instance, software product line engineeringâan approach to systematically develop portfolios of productsâis difficult to adopt given the high upfront investments; and even when adopted, organizations are challenged by evolving their complex product lines. Consequently, the research community now mainly focuses on re-engineering and evolution techniques for product lines; yet, understanding the current state of adoption and the industrial challenges for organizations is necessary to conceive effective techniques. In this multiple-case study, we analyze the current adoption of variability management techniques in twelve medium- to large-scale industrial cases in domains such as automotive, aerospace or railway systems. We identify the current state of variability management, emphasizing the techniques and concepts they adopted. We elicit the needs and challenges expressed for these cases, triangulated with results from a literature review. We believe our results help to understand the current state of adoption and shed light on gaps to address in industrial practice.This work is supported by Vinnova Sweden, Fond Unique InterministÂŽeriel (FUI) France, and the Swedish Research Council.
Open access funding provided by University of Gothenbur
Involving External Stakeholders in Project Courses
Problem: The involvement of external stakeholders in capstone projects and
project courses is desirable due to its potential positive effects on the
students. Capstone projects particularly profit from the inclusion of an
industrial partner to make the project relevant and help students acquire
professional skills. In addition, an increasing push towards education that is
aligned with industry and incorporates industrial partners can be observed.
However, the involvement of external stakeholders in teaching moments can
create friction and could, in the worst case, lead to frustration of all
involved parties. Contribution: We developed a model that allows analysing the
involvement of external stakeholders in university courses both in a
retrospective fashion, to gain insights from past course instances, and in a
constructive fashion, to plan the involvement of external stakeholders. Key
Concepts: The conceptual model and the accompanying guideline guide the
teachers in their analysis of stakeholder involvement. The model is comprised
of several activities (define, execute, and evaluate the collaboration). The
guideline provides questions that the teachers should answer for each of these
activities. In the constructive use, the model allows teachers to define an
action plan based on an analysis of potential stakeholders and the pedagogical
objectives. In the retrospective use, the model allows teachers to identify
issues that appeared during the project and their underlying causes. Drawing
from ideas of the reflective practitioner, the model contains an emphasis on
reflection and interpretation of the observations made by the teacher and other
groups involved in the courses. Key Lessons: Applying the model retrospectively
to a total of eight courses shows that it is possible to reveal hitherto
implicit risks and assumptions and to gain a better insight into the
interaction...Comment: Abstract shortened since arxiv.org limits length of abstracts. See
paper/pdf for full abstract. Paper is forthcoming, accepted August 2017.
Arxiv version 2 corrects misspelled author nam
Collaborative traceability management: a multiple case study from the perspectives of organization, process, and culture
Traceability is crucial for many activities in software and systems engineering including monitoring the development progress, and proving compliance with standards. In practice, the use and maintenance of trace links are challenging as artifacts undergo constant change, and development takes place in distributed scenarios with multiple collaborating stakeholders. Although traceability management in general has been addressed in previous studies, there is a need for empirical insights into the collaborative aspects of traceability management and how it is situated in existing development contexts. The study reported in this paper aims to close this gap by investigating the relation of collaboration and traceability management, based on an understanding of characteristics of the development effort. In our multiple exploratory case study, we conducted semi-structured interviews with 24 individuals from 15 industrial projects. We explored which challenges arise, how traceability management can support collaboration, how collaboration relates to traceability management approaches, and what characteristics of the development effort influence traceability management and collaboration. We found that practitioners struggle with the following challenges: (1) collaboration across team and tool boundaries, (2) conveying the benefits of traceability, and (3) traceability maintenance. If these challenges are addressed, we found that traceability can facilitate communication and knowledge management in distributed contexts. Moreover, there exist multiple approaches to traceability management with diverse collaboration approaches, i.e., requirements-centered, developer-driven, and mixed approaches. While traceability can be leveraged in software development with both agile and plan-driven paradigms, a certain level of rigor is needed to realize its benefits and overcome challenges. To support practitioners, we provide principles of collaborative traceability management. The main contribution of this paper is empirical evidence of how culture, processes, and organization impact traceability management and collaboration, and principles to support practitioners with collaborative traceability management. We show that collaboration and traceability management have the potential to be mutually beneficialâwhen investing in one, also the other one is positively affected
SoK: Security of Microservice Applications: A Practitioners' Perspective on Challenges and Best Practices
Cloud-based application deployment is becoming increasingly popular among
businesses, thanks to the emergence of microservices. However, securing such
architectures is a challenging task since traditional security concepts cannot
be directly applied to microservice architectures due to their distributed
nature. The situation is exacerbated by the scattered nature of guidelines and
best practices advocated by practitioners and organizations in this field. This
research paper we aim to shay light over the current microservice security
discussions hidden within Grey Literature (GL) sources. Particularly, we
identify the challenges that arise when securing microservice architectures, as
well as solutions recommended by practitioners to address these issues. For
this, we conducted a systematic GL study on the challenges and best practices
of microservice security present in the Internet with the goal of capturing
relevant discussions in blogs, white papers, and standards. We collected 312 GL
sources from which 57 were rigorously classified and analyzed. This analysis on
the one hand validated past academic literature studies in the area of
microservice security, but it also identified improvements to existing
methodologies pointing towards future research directions.Comment: Accepted at the 17th International Conference on Availability,
Reliability and Security (ARES 2022
Large-Scale Open Self-Organising Systems: Managing Complexity with Hierarchies, Monitoring, Adaptation, and Principled Design
Systems of a very large scale â including several thousand independent components interacting and working together â become increasingly ubiquitous in mission-critical operations. A prominent example for this development are power management systems that have grown tremendously in size and complexity with the increased installation of distributed energy resources such as small solar installations and biogas plants. Other examples include civil protection and disaster management systems as well as planet-wide logistics systems. Centralised control in such systems is unable to process the amount of data that is produced and to make timely control decisions. The key to handling the complexity is thus increasing their autonomy, i.e., the ability of the individual component to make decisions on its own, based on its locally available information and in coordination with other components in the system. Full decentralisation, however, means that it becomes impossible to make optimal decisions since the limited knowledge of the decision maker forces it to ignore over-arching issues.
This thesis thus proposes to use hierarchical system structures in which agents have regional knowledge and are able to delegate decisions to superiors if their information is insufficient. For this purpose, it introduces methods for hierarchical self-organisation that create a hierarchical structure that is suitable to make timely, yet good decisions. It further details a monitoring infrastructure for hierarchically structured systems that can be automatically transformed from system requirements models and allows to detect misbehaviour in a hierarchical system. For this purpose, the correct behaviour of the system is defined in the same requirements, using hard constraints that define a corridor of correct behaviour and soft constraints â specified with constraint relationships â that define optimal behaviour. This monitoring infrastructure is coupled to controllers that can reconfigure a hierarchical system by solving constraint satisfaction problems â based on the same constraints as the monitoring infrastructure â and use model synthesis and abstraction to propagate information and control decisions through a hierarchical system. Finally, an agent-oriented software engineering process allows the development of open self-organising multi-agent systems in an agile, iterative-incremental way by incorporating important aspects of these systems into the process and providing important guidelines.Sehr groĂe Systeme â d.h., solche, in denen mehrere tausend unabhĂ€ngige Komponenten miteinander interagieren und zusammenarbeiten â werden immer wichtiger in missions-kritischen Umgebungen. Ein prominentes Beispiel hierfĂŒr sind Energiemanagementsysteme, die durch die starke Verbreitung dezentraler Energieerzeuger auf Basis erneuerbarer Energien einen enormen GröĂen- und KomplexitĂ€tszuwachs erfahren haben. Weitere Beispiele sind Zivilschutz und Katastrophenmanagementsysteme sowie globale Logistiksysteme. In solchen Systemen ist die bisherige, zentralisierte Kontrolle nicht mehr oder nur noch stark eingeschrĂ€nkt in der Lage, die anfallenden Daten zu verarbeiten und rechtzeitig Kontrollentscheidungen zu treffen.
Der SchlĂŒssel, um mit dieser KomplexitĂ€t umzugehen, ist die Erhöhung der Autonomie der Systeme, also der FĂ€higkeit der einzelnen Komponenten, eigene Entscheidungen auf Basis der lokal verfĂŒgbaren Informationen und auf Basis von Koordination mit anderen Komponenten im System zu treffen. Eine vollstĂ€ndige Dezentralisierung bedeutet allerdings, dass es unmöglich wird, optimale Entscheidungen zu treffen, da die eingeschrĂ€nkte Information, die bei dem einzelnen Entscheider vorliegen, dazu fĂŒhrt, dass ĂŒbergeordnete Themen unter UmstĂ€nden ignoriert werden.
Im Rahmen dieser Dissertation wird daher vorgeschlagen, hierarchische Systemstrukturen einzusetzen, in denen die einzelne Komponente â im folgenden auch Agent genannt â regionales Wissen ĂŒber die Umgebung besitzt und in der Lage ist, Entscheidungen an ĂŒbergeordnete Instanzen abzutreten, wenn die eigene Informationslage ungenĂŒgend ist. Zu diesem Zweck wird ein hierarchisches Selbstorganisationsverfahren eingefĂŒhrt, das hierarchische Strukturen etabliert, in denen Entscheidungen zeitnah und mit hoher QualitĂ€t getroffen werden können. Weiterhin wird eine Infrastruktur zur Systembeobachtung entwickelt, die auf Basis der Hierarchie Fehlverhalten des Systems entdecken kann. Diese Infrastruktur kann automatisch per Modelltransformation aus den zuvor erhobenen Anforderungen abgeleitet werden. In diesen wird das korrekte Verhalten des Systems spezifiziert, indem ein Verhaltenskorridor angegeben wird, bestehend aus harten Constraints â also Nebenbedingungen â und aus weichen Constraints, die wiederum mit Hilfe von Constraint Relationships ausgedrĂŒckt werden und optimales Verhalten angeben. Diese Infrastruktur wird gekoppelt mit Kontrollverfahren, die das System zur Laufzeit umkonfigurieren und adaptieren, indem sie Constraint Satisfaction Probleme lösen, die auf den selben Nebenbedingungen basieren wie die Verhaltenskorridore. Modellsynthese und -abstraktion propagieren diese Informationen und Kontrollentscheidungen dabei in der Hierarchie, so dass der richtige EntscheidungstrĂ€ger immer die notwendigen Daten vorliegen hat. Ein agentenorientierter Software-Entwicklungsprozess erlaubt es schlieĂlich, offene selbstorganisierende Multiagentensysteme in einer agilen, iterativ-inkrementellen Art und Weise zu erstellen, bei der die wichtigen und einmaligen Aspekte dieser Systemklasse berĂŒcksichtigt werden und entsprechende Hilfsmittel und Richtlinien zur VerfĂŒgung stellt
- âŠ