Resilient Shield: Reinforcing the Resilience of Vehicles Against Security Threats

Vehicles have become complex computer systems with multiple communication interfaces. In the future, vehicles will have even more connections to e.g., infrastructure, pedestrian smartphones, cloud, road-side-units and the Internet. External and physical interfaces, as well as internal communication buses have shown to have potential to be exploited for attack purposes. As a consequence, there is an increase in regulations which demand compliance with vehicle cyber resilience requirements. However, there is currently no clear guidance on how to comply with these regulations from a technical perspective.To address this issue, we have performed a comprehensive threat and risk analysis based on published attacks against vehicles from the past 10 years, from which we further derive necessary security and resilience techniques. The work is done using the SPMT methodology where we identify vital vehicle assets, threat actors, their motivations and objectives, and develop a comprehensive threat model. Moreover, we develop a comprehensive attack model by analyzing the identified threats and attacks. These attacks are filtered and categorized based on attack type, probability, and consequence criteria. Additionally, we perform an exhaustive mapping between asset, attack, threat actor, threat category, and required mitigation mechanism for each attack, resulting in a presentation of a secure and resilient vehicle design. Ultimately, we present the Resilient Shield a novel and imperative framework to justify and ensure security and resilience within the automotive domain

REMIND: A Framework for the Resilient Design of Automotive Systems

In the past years, great effort has been spent on enhancing the security and safety of vehicular systems. Current advances in information and communication technology have increased the complexity of these systems and lead to extended functionalities towards self-driving and more connectivity. Unfortunately, these advances open the door for diverse and newly emerging attacks that hamper the security and, thus, the safety of vehicular systems. In this paper, we contribute to supporting the design of resilient automotive systems. We review and analyze scientific literature on resilience techniques, fault tolerance, and dependability. As a result, we present the REMIND resilience framework providing techniques for attack detection, mitigation, recovery, and resilience endurance. Moreover, we provide guidelines on how the REMIND framework can be used against common security threats and attacks and further discuss the trade-offs when applying these guidelines

CONSERVE: A framework for the selection of techniques for monitoring containers security

Context:\ua0Container-based virtualization is gaining popularity in different domains, as it supports continuous development and improves the efficiency and reliability of run-time environments.\ua0Problem:\ua0Different techniques are proposed for monitoring the security of containers. However, there are no guidelines supporting the selection of suitable techniques for the tasks at hand.\ua0Objective:\ua0We aim to support the selection and design of techniques for monitoring container-based virtualization environments.\ua0Approach: First, we review the literature and identify techniques for monitoring containerized environments. Second, we classify these techniques according to a set of categories, such as technical characteristic, applicability, effectiveness, and evaluation. We further detail the pros and cons that are associated with each of the identified techniques.\ua0Result:\ua0As a result, we present CONSERVE, a multi-dimensional decision support framework for an informed and optimal selection of a suitable set of container monitoring techniques to be implemented in different application domains.\ua0Evaluation:\ua0A mix of eighteen researchers and practitioners evaluated the ease of use, understandability, usefulness, efficiency, applicability, and completeness of the framework. The evaluation shows a high level of interest, and points out to potential benefits

Evaluating the layout quality of UML class diagrams using machine learning

UML is the de facto standard notation for graphically representing software. UML diagrams are used in the analysis, construction, and maintenance of software systems. Mostly, UML diagrams capture an abstract view of a (piece of a) software system. A key purpose of UML diagrams is to share knowledge about the system among developers. The quality of the layout of UML diagrams plays a crucial role in their comprehension. In this paper, we present an automated method for evaluating the layout quality of UML class diagrams. We use machine learning based on features extracted from the class diagram images using image processing. Such an automated evaluator has several uses: (1) From an industrial perspective, this tool could be used for automated quality assurance for class diagrams (e.g., as part of a quality monitor integrated into a DevOps toolchain). For example, automated feedback can be generated once a UML diagram is checked in the project repository. (2) In an educational setting, the evaluator can grade the layout aspect of student assignments in courses on software modeling, analysis, and design. (3) In the field of algorithm design for graph layouts, our evaluator can assess the layouts generated by such algorithms. In this way, this evaluator opens up the road for using machine learning to learn good layouting algorithms. Approach.: We use machine learning techniques to build (linear) regression models based on features extracted from the class diagram images using image processing. As ground truth, we use a dataset of 600+ UML Class Diagrams for which experts manually label the quality of the layout. Contributions.: This paper makes the following contributions: (1) We show the feasibility of the automatic evaluation of the layout quality of UML class diagrams. (2) We analyze which features of UML class diagrams are most strongly related to the quality of their layout. (3) We evaluate the performance of our layout evaluator. (4) We offer a dataset of labeled UML class diagrams. In this dataset, we supply for every diagram the following information: (a) a manually established ground truth of the quality of the layout, (b) an automatically established value for the layout-quality of the diagram (produced by our classifier), and (c) the values of key features of the layout of the diagram (obtained by image processing). This dataset can be used for replication of our study and others to build on and improve on this work. Editor\u27s note: Open Science material was validated by the Journal of Systems and Software Open Science Board

Software engineering whispers: The effect of textual vs. graphical software design descriptions on software design communication

Context:\ua0Software\ua0engineering\ua0is a social and collaborative activity. Communicating and sharing knowledge between\ua0software\ua0developers requires much effort. Hence, the quality of\ua0communication\ua0plays an important role in influencing project success. To better understand the\ua0effect\ua0of\ua0communication\ua0on project success, more in-depth empirical studies investigating this phenomenon are needed. Objective: We investigate the\ua0effect\ua0of using a\ua0graphical\ua0versus\ua0textual\ua0design\ua0description\ua0on co-located\ua0software\ua0design\ua0communication. Method: Therefore, we conducted a family of experiments involving a mix of 240\ua0software\ua0engineering\ua0students from four universities. We examined how different\ua0design\ua0representations (i.e.,\ua0graphical\ua0vs.\ua0textual) affect the ability to Explain, Understand, Recall, and Actively Communicate knowledge. Results: We found that the\ua0graphical\ua0design\ua0description\ua0is better than the\ua0textual\ua0in promoting Active Discussion between developers and improving the Recall of\ua0design\ua0details. Furthermore, compared to its unaltered version, a well-organized and motivated\ua0textual\ua0design\ua0description–that is used for the same amount of time–enhances the recall of\ua0design\ua0details and increases the amount of active discussions at the cost of reducing the perceived quality of explaining

Dimensions of Consistency in GSD: Social Factors, Structures and Interactions

Peer reviewe

Assessing the effectiveness of goal-oriented modeling languages: A family of experiments

[EN] Context Several goal-oriented languages focus on modeling stakeholders' objectives, interests or wishes. However, these languages can be used for various purposes (e.g., exploring system solutions or evaluating alternatives), and there are few guidelines on how to use these models downstream to the software requirements and design artifacts. Moreover, little attention has been paid to the empirical evaluation of this kind of languages. In a previous work, we proposed value@GRL as a specialization of the Goal Requirements Language (GRL) to specify stakeholders' goals when dealing with early requirements in the context of incremental software development. Objective: This paper compares the value@GRL language with the i* language, with respect to the quality of goal models, the participants' modeling time and productivity when creating the models, and their perceptions regarding ease of use and usefulness. Method: A family of experiments was carried out with 184 students and practitioners in which the participants were asked to specify a goal model using each of the languages. The participants also filled in a questionnaire that allowed us to assess their perceptions. Results: The results of the individual experiments and the meta-analysis indicate that the quality of goal models obtained with value@GRL is higher than that of i*, but that the participants required less time to create the goal models when using i*. The results also show that the participants perceived value@GRL to be easier to use and more useful than i* in at least two experiments of the family. Conclusions: value@GRL makes it possible to obtain goal models with good quality when compared to i*, which is one of the most frequently used goal-oriented modeling languages. It can, therefore, be considered as a promising emerging approach in this area. Several insights emerged from the study and opportunities for improving both languages are outlined.This work was supported by the Spanish Ministry of Science, Innovation and Universities (Adapt@Cloud project, grant number TIN2017-84550-R) and the Programa de Ayudas de Investigación y Desarrollo (PAID-01-17) from the Universitat Politècnica de València.Abrahao Gonzales, SM.; Insfran, E.; González-Ladrón-De-Guevara, F.; Fernández-Diego, M.; Cano-Genoves, C.; Pereira De Oliveira, R. (2019). Assessing the effectiveness of goal-oriented modeling languages: A family of experiments. Information and Software Technology. 116:1-24. https://doi.org/10.1016/j.infsof.2019.08.003S12411

Understanding and Supporting Software Design in Model-Based Software Engineering

Model-Based Software Engineering (MBSE) is a software development approach in which models can serve a multitude of purposes. On the one hand, models can be used for ideation, to stimulate creative thinking, and facilitate communication. On the other hand, models can be used as guidelines for documentation, implementation, and code-generation. There is a discrepancy between empirical findings and developers' beliefs about MBSE. In this research, we address this discrepancy by contributing to the empirical understanding of software design. Moreover, we explore how to better support software design in MBSE. Our endeavor to understand design activities in MBSE resulted in the following: - Creating models while designing prompts significant thinking about the design. - Developers that work on different locations have fewer discussions about design decisions than co-located developers. - In MBSE projects, coordinating and knowledge sharing take more effort than technical engineering activities. - Graphical software design representations (GSD) promote more active discussion of design decisions between developers than textual software design representations (TSD). Also, developers have better recall of design details when using GSD than TSD. In our experience, usability and learning-effort of tools are the most encountered challenges in MBSE. Therefore, we research how to better support the design activities in MBSE by creating two software design environments: OctoUML and OctoBubbles. These tools implement new ways of transitioning from informal- to formal design representations, and novel ways to navigate between implementation-level and design-level in order to ease understanding of systems. Evaluations show enhanced efficiency of the design activities and positive perception of the usability of these environments

Understanding Software Design for Creating Better Design Environments

Context: Software design is considered an essential activity to analyze software requirements in order to produce a description of the software's internal structure that will serve as the basis for its construction. Models are a means to describe complex systems at several levels of abstraction and from a diversity of perspectives. Surprisingly, most of the current software design environments are not based on understanding of real needs of software designers in practice. Objective: As a first step towards supporting realistic software design processes, this thesis focuses on understanding software design practices, as well as on proposing and assessing of a new generation of software design environments. Method: To achieve the objective of this research, design science and empirical methods are employed. In particular, a new generation software design environment, called OctoUML, is created. Furthermore, to understand whether there is a need to improve modeling tools, the modeling process is analyzed in order to reveal how much effort is given to designing (i.e. thinking about the design of software systems), and how much effort is given to drawing the model (i.e. tool interaction). Result: This thesis describes two areas of contributions: On the one hand, OctoUML is perceived a usable environment in terms of ease of use, efficiency and user satisfaction. Moreover, it seems that OctoUML supports the design process by bridging the gap between early-phase design process and later on documentation and formalization process. Further results show that OctoUML was not only enjoyed by the designers, but also enhanced the efficiency of the software design process. On the other hand, we proposed experiments to increase our understanding of the software design process. We elicit many issues that need to be considered in such experiments. Our initial findings suggest that the majority of the modeling effort is devoted on design thinking. However, the effort spent on using modeling tools should be reduced by investigating better modeling-tool support

A Vision on a New Generation of Software Design Environments

In this paper we illustrate our vision for a new generation software design environment. This environment aims to generalize existing modeling tools in several ways – some key extensions are: integration of rigorous and informal notations, and support for multiple modes of interaction. We describe how we can consolidate the environment by integrating it with other software engineering tools. Furthermore, we describe some methods which could permit the environment to provide a flexible collaborative medium and have a practical and inspiring user experience