Model-to-model transformation approach for systematic integration of security aspects into UML 2.0 design models

Security is a challenging task in software engineering. Traditionally, security concerns are considered as an afterthought to the development process and thus are fitted into pre-existing software without the consideration of whether this would jeopardize the main functionality of the software or even produce additional vulnerabilities. Enforcing security policies should be taken care of during early phases of the software development life cycle in order to decrease the development costs and reduce the maintenance time. In addition to cost saving, this way of development will produce more reliable software since security related concepts will be considered in each step of the design. Similarly, the implications of inserting such mechanisms into the existing system's requirements will be considered as well. Since security is a crosscutting concern that pervades the entire software, integrating security solutions at the software design level may result in the scattering and tangling of security features throughout the entire design. Additionally, traditional hardening approaches are tedious and error-prone as they involve manual modifications. In this context, the need for a systematic way to integrate security concerns into the process of developing software becomes crucial. In this thesis, we define an aspect-oriented modeling approach for specifying and integrating security concerns into UML design models. The proposed approach makes use of the expertise of the software security specialist by providing him with the means to specify generic UML aspects that are going to be incorporated "weaved" into the developers' models. Model transformation mechanisms are instrumented in order to have an efficient and a fully automatic weaving process

Understanding the Radical Mind: Identifying Signals to Detect Extremist Content on Twitter

The Internet and, in particular, Online Social Networks have changed the way that terrorist and extremist groups can influence and radicalise individuals. Recent reports show that the mode of operation of these groups starts by exposing a wide audience to extremist material online, before migrating them to less open online platforms for further radicalization. Thus, identifying radical content online is crucial to limit the reach and spread of the extremist narrative. In this paper, our aim is to identify measures to automatically detect radical content in social media. We identify several signals, including textual, psychological and behavioural, that together allow for the classification of radical messages. Our contribution is three-fold: (1) we analyze propaganda material published by extremist groups and create a contextual text-based model of radical content, (2) we build a model of psychological properties inferred from these material, and (3) we evaluate these models on Twitter to determine the extent to which it is possible to automatically identify online radical tweets. Our results show that radical users do exhibit distinguishable textual, psychological, and behavioural properties. We find that the psychological properties are among the most distinguishing features. Additionally, our results show that textual models using vector embedding features significantly improves the detection over TF-IDF features. We validate our approach on two experiments achieving high accuracy. Our findings can be utilized as signals for detecting online radicalization activities

Towards Designing a Multipurpose Cybercrime Intelligence Framework

With the wide spread of the Internet and the increasing popularity of social networks that provide prompt and ease of communication, several criminal and radical groups have adopted it as a medium of operation. Existing literature in the area of cybercrime intelligence focuses on several research questions and adopts multiple methods using techniques such as social network analysis to address them. In this paper, we study the broad state-of-the-art research in cybercrime intelligence in order to identify existing research gaps. Our core aim is designing and developing a multipurpose framework that is able to fill these gaps using a wide range of techniques. We present an outline of a framework designed to aid law enforcement in detecting, analysing and making sense out of cybercrime data

Identifying Key-Players in Online Activist Groups on Facebook Social Network

Online social media applications have become an integral part of our everyday life. Not only are they being utilised by individuals and legitimate businesses, but also recently several organised groups, such as activists, hactivists, and cyber-criminals have adopted them to communicate and spread their ideas. This represents a new source for intelligence gathering for law enforcement for instance, as it allows them an inside look at the behaviour of these previously closed, secretive groups. One possible opportunity with this online data source is to utilise the public exchange of social-media messages to identify key users in such groups. This is particularly important for law enforcement that wants to monitor or interrogate influential people in suspicious groups. In this paper, we utilise Social Network Analysis (SNA) techniques to understand the dynamics of the interaction between users in a Facebook-based activist group. Additionally, we aim to identify the most influential users in the group and infer their relationship strength. We incorporate sentiment analysis to identify users with clear positive and negative influences on the group; this could aid in facilitating a better understanding of the group.We also perform a temporal analysis to correlate online activities with relevant real-life events. Our results show that applying such data analysis techniques on users online behaviour is a powerful tool to predict levels of influence and relationship strength between group members. Finally, we validated our results against the ground truth and found that our approach is very promising at achieving its aims

Dynamic Matching and Weaving Semantics in \lambda -Calculus

In this chapter, we present a denotational semantics for aspect matching and weaving in lambda-calculus. The proposed semantics is based on the so-called Continuation-Passing Style (CPS) since this style of semantics provides a precise, accurate, and elegant description of aspect-oriented mechanisms. We first formalize semantics for a core language based on lambda-calculus. Afterwards, we extend the semantics by considering flow-based pointcuts, such as control flow and data flow that are important from a security perspective

Cybercrime Investigators are Users Too! Understanding the Socio-Technical Challenges Faced by Law Enforcement

Cybercrime investigators face numerous challenges when policing online crimes. Firstly, the methods and processes they use when dealing with traditional crimes do not necessarily apply in the cyber-world. Additionally, cyber criminals are usually technologically-aware and constantly adapting and developing new tools that allow them to stay ahead of law enforcement investigations. In order to provide adequate support for cybercrime investigators, there needs to be a better understanding of the challenges they face at both technical and socio-technical levels. In this paper, we investigate this problem through an analysis of current practices and workflows of investigators. We use interviews with experts from government and private sectors who investigate cybercrimes as our main data gathering process. From an analysis of the collected data, we identify several outstanding challenges faced by investigators. These pertain to practical, technical, and social issues such as systems availability, usability, and in computer-supported collaborative work. Importantly, we use our findings to highlight research areas where user-centric workflows and tools are desirable. We also define a set of recommendations that can aid in providing a better foundation for future research in the field and allow more effective combating of cybercrimes

Security Aspect Specification

In this chapter, we present the AOM profile proposed for the specification of security aspects on UML design models. The proposed profile covers the main UML diagrams that are used in software design, i.e., class diagrams, state machine diagrams, sequence diagrams, and activity diagrams. In addition, it covers most common AOP adaptations, i.e., adding new elements before, after, or around specific points, and removing existing elements. Moreover, we present a high-level and user-friendly pointcut language proposed to designate the locations where aspect adaptations should be injected into base models

Model-Based Security

In this chapter, we present the background related to security at the modeling level. We start by investigating security specification approaches for UML design: (1) using UML artifacts, (2) extending UML meta-language, and (3) creating a new meta-language. Afterwards, we evaluate the usability of these approaches for security specification according to a set of defined criteria. Finally, we overview the main design mechanisms that are adopted for security hardening at the modeling level. These are security design patterns, mechanism-directed meta-languages, and aspect-oriented modeling

Dynamic Matching and Weaving Semantics in Executable UML

In this chapter, we elaborate a denotational semantics for aspect matching and weaving in Executable UML (xUML). More precisely, we specify xUML models using the standard Action Language for Foundational UML (Alf). As we did in the previous chapter, we start by formalizing the matching and the weaving processes for basic pointcuts. Then, we elaborate the semantics for the dataflow pointcut, which is relevant from a security perspective

Static Matching and Weaving Semantics in Activity Diagrams

In this chapter, we present formal specifications for aspect matching and weaving in UML activity diagrams. We formalize both types of adaptations, i.e., add adaptations and remove adaptations. For the join point model, we consider not only executable nodes, i.e., action nodes, but also various control nodes. In addition, we derive algorithms for matching and weaving based on the semantic rules. Finally, we prove the correctness and the completeness of these algorithms with respect to the proposed semantics