Marta Olszewska, Y. Dajsuren, Harald Altinger, Alexander Serebrenik, M. Waldén, M. Brand
The size and complexity of Simulink models is constantly increasing, just as the systems which they represent. Therefore, it is beneficial to control them already at the design phase. In this paper we establish a set of complexity metrics for Simulink models to capture diverse aspects of complexity by proposing new and redefining existing metrics. To evaluate the applicability of our metrics, we compare them with the closed-source metric proposed by Mathworks. Moreover, through a case study from the automotive domain, we relate such metrics to quality attributes as determined by domain experts, and correlate them to known faults. Preliminary assessment suggests that complexity is closely related to analysability, understandability, and testability.
{"title":"Tailoring complexity metrics for simulink models","authors":"Marta Olszewska, Y. Dajsuren, Harald Altinger, Alexander Serebrenik, M. Waldén, M. Brand","doi":"10.1145/2993412.3004853","DOIUrl":"https://doi.org/10.1145/2993412.3004853","url":null,"abstract":"The size and complexity of Simulink models is constantly increasing, just as the systems which they represent. Therefore, it is beneficial to control them already at the design phase. In this paper we establish a set of complexity metrics for Simulink models to capture diverse aspects of complexity by proposing new and redefining existing metrics. To evaluate the applicability of our metrics, we compare them with the closed-source metric proposed by Mathworks. Moreover, through a case study from the automotive domain, we relate such metrics to quality attributes as determined by domain experts, and correlate them to known faults. Preliminary assessment suggests that complexity is closely related to analysability, understandability, and testability.","PeriodicalId":409631,"journal":{"name":"Proccedings of the 10th European Conference on Software Architecture Workshops","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127082936","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Manually proving software level Freedom From Interference is really difficult because it requires the identification of all code statements where an interference may happen. Static analysis enables the automatic identification of code statement leading to interferences and SafeRiver has developed a static tool for software level interferences identification.
{"title":"Automatic proof of freedom from interference with IFFree","authors":"C. Faure, V. Delebarre","doi":"10.1145/2993412.3007551","DOIUrl":"https://doi.org/10.1145/2993412.3007551","url":null,"abstract":"Manually proving software level Freedom From Interference is really difficult because it requires the identification of all code statements where an interference may happen. Static analysis enables the automatic identification of code statement leading to interferences and SafeRiver has developed a static tool for software level interferences identification.","PeriodicalId":409631,"journal":{"name":"Proccedings of the 10th European Conference on Software Architecture Workshops","volume":"175 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121723360","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Architectures of all application software that are developed by Sea Defense Systems Software Team in ASELSAN are created based on a predefined reference software architecture. In order to facilitate the process of transition from the software architectural design, which is created in conformance with the reference software architecture, to implementation a model driven software development approach is put forth. In this approach, based on a metamodel for the predefined reference software architecture, a domain specific language is defined. In the last stage, models that are created by using the domain specific language are automatically transformed to source code.
{"title":"Metamodeling of reference software architecture and automatic code generation","authors":"N. K. Turhan, Halit Oğuztüzün","doi":"10.1145/2993412.3004850","DOIUrl":"https://doi.org/10.1145/2993412.3004850","url":null,"abstract":"Architectures of all application software that are developed by Sea Defense Systems Software Team in ASELSAN are created based on a predefined reference software architecture. In order to facilitate the process of transition from the software architectural design, which is created in conformance with the reference software architecture, to implementation a model driven software development approach is put forth. In this approach, based on a metamodel for the predefined reference software architecture, a domain specific language is defined. In the last stage, models that are created by using the domain specific language are automatically transformed to source code.","PeriodicalId":409631,"journal":{"name":"Proccedings of the 10th European Conference on Software Architecture Workshops","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134195945","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Today, the interplay of security design and architecting is still poorly understood and architects lack knowledge about security and architectural security design. Yet, architectural knowledge on security design and its impact on other architectural properties is essential for making right decisions in architecture design. Knowledge is covered within solutions such as architectural patterns, tactics, and tools. Sharing it including the experience other architects gained using these solutions would enable better reuse of security solutions. In this paper, we present a repository for security solutions that supports architectural decisions including quality goal trade-offs. Its metamodel was adapted to special demands of security as a quality goal. The repository supports architecture decisions not only through populating approved solutions but through a recommender system that documents knowledge and experiences of architecture and security experts. We provide a case study to illustrate the repository's features and its application during architecture design.
{"title":"Reusing security solutions: a repository for architectural decision support","authors":"Stefanie Jasser, Matthias Riebisch","doi":"10.1145/2993412.3007556","DOIUrl":"https://doi.org/10.1145/2993412.3007556","url":null,"abstract":"Today, the interplay of security design and architecting is still poorly understood and architects lack knowledge about security and architectural security design. Yet, architectural knowledge on security design and its impact on other architectural properties is essential for making right decisions in architecture design. Knowledge is covered within solutions such as architectural patterns, tactics, and tools. Sharing it including the experience other architects gained using these solutions would enable better reuse of security solutions. In this paper, we present a repository for security solutions that supports architectural decisions including quality goal trade-offs. Its metamodel was adapted to special demands of security as a quality goal. The repository supports architecture decisions not only through populating approved solutions but through a recommender system that documents knowledge and experiences of architecture and security experts. We provide a case study to illustrate the repository's features and its application during architecture design.","PeriodicalId":409631,"journal":{"name":"Proccedings of the 10th European Conference on Software Architecture Workshops","volume":"91 11","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131829718","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The threat of DDOS and other cyberattacks has increased during the last decade. In addition to the radical increase in the number of attacks, they are also becoming more sophisticated with the targets ranging from ordinary users to service providers and even critical infrastructure. According to some resources, the sophistication of attacks is increasing faster than the mitigating actions against them. For example determining the location of the attack origin is becoming impossible as cyber attackers employ specific means to evade detection of the attack origin by default, such as using proxy services and source address spoofing. The purpose of this paper is to initiate discussion about effective Internet Protocol traceback mechanisms that are needed to overcome this problem. We propose an approach for traceback that is based on extensive use of security metrics before (proactive) and during (reactive) the attacks.
{"title":"Towards security metrics-supported IP traceback","authors":"R. Savola, Pekka T. Savolainen, J. Salonen","doi":"10.1145/2993412.2993416","DOIUrl":"https://doi.org/10.1145/2993412.2993416","url":null,"abstract":"The threat of DDOS and other cyberattacks has increased during the last decade. In addition to the radical increase in the number of attacks, they are also becoming more sophisticated with the targets ranging from ordinary users to service providers and even critical infrastructure. According to some resources, the sophistication of attacks is increasing faster than the mitigating actions against them. For example determining the location of the attack origin is becoming impossible as cyber attackers employ specific means to evade detection of the attack origin by default, such as using proxy services and source address spoofing. The purpose of this paper is to initiate discussion about effective Internet Protocol traceback mechanisms that are needed to overcome this problem. We propose an approach for traceback that is based on extensive use of security metrics before (proactive) and during (reactive) the attacks.","PeriodicalId":409631,"journal":{"name":"Proccedings of the 10th European Conference on Software Architecture Workshops","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133362925","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Security situational awareness is an essential building block in order to estimate security level of systems and to decide how to protect networked systems from cyber attacks. In this extended abstract we envision a model that combines results from security metrics to 3d network visualisation. The purpose is to apply security metrics to gather data from individual hosts. Simultaneously, the whole network is visualised in a 3d format, including network hosts and their connections. The proposed model makes it possible to offer enriched situational awareness for security administrators. This can be achieved by adding information pertaining to individual host into the network level 3d visualisation. Thus, administrator can see connected hosts and how the security of these hosts differs at one glance.
{"title":"Improved information security situational awareness by manifold visualisation","authors":"Antti Evesti, C. Wieser, Tiandu Zhao","doi":"10.1145/2993412.2993413","DOIUrl":"https://doi.org/10.1145/2993412.2993413","url":null,"abstract":"Security situational awareness is an essential building block in order to estimate security level of systems and to decide how to protect networked systems from cyber attacks. In this extended abstract we envision a model that combines results from security metrics to 3d network visualisation. The purpose is to apply security metrics to gather data from individual hosts. Simultaneously, the whole network is visualised in a 3d format, including network hosts and their connections. The proposed model makes it possible to offer enriched situational awareness for security administrators. This can be achieved by adding information pertaining to individual host into the network level 3d visualisation. Thus, administrator can see connected hosts and how the security of these hosts differs at one glance.","PeriodicalId":409631,"journal":{"name":"Proccedings of the 10th European Conference on Software Architecture Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130763278","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
S. Stevanetic, Konstantinos Plakidas, Tudor B. Ionescu, D. Schall, Uwe Zdun
System quality attributes (QAs) are often considered as the most important decision drivers. In this paper, motivated by the decision making in a smart-city software ecosystem, we extend our previous approach that integrates reusable architectural design decisions (ADDs) with the QAs, by integrating tactics that support quality-driven decision making. In addition, we present an approach that enables system evolution, based on controlled and adaptable decision making and utilizing real data obtained during system monitoring. The approach integrates the previous approach that uses tactics with the existing model-driven development paradigm and the corresponding tools.
{"title":"Supporting quality-driven architectural design decisions in software ecosystems","authors":"S. Stevanetic, Konstantinos Plakidas, Tudor B. Ionescu, D. Schall, Uwe Zdun","doi":"10.1145/2993412.3003383","DOIUrl":"https://doi.org/10.1145/2993412.3003383","url":null,"abstract":"System quality attributes (QAs) are often considered as the most important decision drivers. In this paper, motivated by the decision making in a smart-city software ecosystem, we extend our previous approach that integrates reusable architectural design decisions (ADDs) with the QAs, by integrating tactics that support quality-driven decision making. In addition, we present an approach that enables system evolution, based on controlled and adaptable decision making and utilizing real data obtained during system monitoring. The approach integrates the previous approach that uses tactics with the existing model-driven development paradigm and the corresponding tools.","PeriodicalId":409631,"journal":{"name":"Proccedings of the 10th European Conference on Software Architecture Workshops","volume":"1 3","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120900910","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
G. Pedraza-Garcia, René Noël, S. Matalonga, H. Astudillo, E. Fernández
Security Patterns and Architectural Tactics are two well-known techniques for designing secure software systems. There is little or no empirical evidence on their relative effectiveness for security threats mitigation. This study presents MUA (Misuse activities + Patterns), an extension of misuse activities that incorporates patterns, and reports on a controlled comparison of this method that incorporate these techniques for threat mitigation with regard to MAST (Methodology for Applying Security Tactics) which already incorporates tactics. A simple Tsunami Alert System design was analyzed and modified by 40 undergraduate students, and significant difference was found for security threats mitigation (averaging 3.0 for Patterns versus 1.9 for Tactics, in a 1-to-5 scale). This result is contrary to previous results with professional subjects, leading us to believe that novices benefit more of detailed advice than of high-level concepts.
{"title":"Mitigating security threats using tactics and patterns: a controlled experiment","authors":"G. Pedraza-Garcia, René Noël, S. Matalonga, H. Astudillo, E. Fernández","doi":"10.1145/2993412.3007552","DOIUrl":"https://doi.org/10.1145/2993412.3007552","url":null,"abstract":"Security Patterns and Architectural Tactics are two well-known techniques for designing secure software systems. There is little or no empirical evidence on their relative effectiveness for security threats mitigation. This study presents MUA (Misuse activities + Patterns), an extension of misuse activities that incorporates patterns, and reports on a controlled comparison of this method that incorporate these techniques for threat mitigation with regard to MAST (Methodology for Applying Security Tactics) which already incorporates tactics. A simple Tsunami Alert System design was analyzed and modified by 40 undergraduate students, and significant difference was found for security threats mitigation (averaging 3.0 for Patterns versus 1.9 for Tactics, in a 1-to-5 scale). This result is contrary to previous results with professional subjects, leading us to believe that novices benefit more of detailed advice than of high-level concepts.","PeriodicalId":409631,"journal":{"name":"Proccedings of the 10th European Conference on Software Architecture Workshops","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120957994","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Architecting for cost-effectiveness, longevity and endurance has multiple, often conflicting dimensions. For instance, agile practices emphasize the need for speed in software design, development and delivery, but do not necessarily prioritize mid- to long-term qualities such as extensibility and knowledge preservation. Risk- and cost-driven architecture design methods, pragmatic modeling, and technical debt management can help practicing architects to focus their efforts, but have to be tailored to be effective (e.g., according to project context, organizational constraints, and cultural factors). Architectural styles such as service-oriented architectures and its currently trending microservices incarnation promise to improve flexibility and maintainability through their principles and patterns, but still have to prove their cost-benefit efficiency in the long run (e.g., over the multi-decade lifetime of business information systems). This keynote presentation distills a set of open, lean and sustainable architecture practices and techniques from industrial experiences and existing work in the software architecture literature, and reports on the progress towards blending these practices and techniques into a comprehensive, yet comprehensible architecture framework. The featured assets include quality stories [1], C4 architecture modeling [2], decision sharing with Y-statements [3], architecturally evident coding styles [4], architectural refactoring [1], (micro-)services principles and patterns [5], and architecture roadmapping [6]. Examples drawn from actual case studies in multiple business sectors and industries demonstrate the applicability of these practices and techniques. The presentation concludes with a discussion of the changes to the role of the software architect in the digital age [7]. These ongoing changes drive the identification of research problems and challenges for the practical adoption and lasting impact of the practices and techniques in the framework (and other contributions to the body of knowledge on sustainable architectures).
{"title":"Designed and delivered today, eroded tomorrow?: towards an open and lean architecting framework balancing agility and sustainability","authors":"O. Zimmermann","doi":"10.1145/2993412.3014339","DOIUrl":"https://doi.org/10.1145/2993412.3014339","url":null,"abstract":"Architecting for cost-effectiveness, longevity and endurance has multiple, often conflicting dimensions. For instance, agile practices emphasize the need for speed in software design, development and delivery, but do not necessarily prioritize mid- to long-term qualities such as extensibility and knowledge preservation. Risk- and cost-driven architecture design methods, pragmatic modeling, and technical debt management can help practicing architects to focus their efforts, but have to be tailored to be effective (e.g., according to project context, organizational constraints, and cultural factors). Architectural styles such as service-oriented architectures and its currently trending microservices incarnation promise to improve flexibility and maintainability through their principles and patterns, but still have to prove their cost-benefit efficiency in the long run (e.g., over the multi-decade lifetime of business information systems). This keynote presentation distills a set of open, lean and sustainable architecture practices and techniques from industrial experiences and existing work in the software architecture literature, and reports on the progress towards blending these practices and techniques into a comprehensive, yet comprehensible architecture framework. The featured assets include quality stories [1], C4 architecture modeling [2], decision sharing with Y-statements [3], architecturally evident coding styles [4], architectural refactoring [1], (micro-)services principles and patterns [5], and architecture roadmapping [6]. Examples drawn from actual case studies in multiple business sectors and industries demonstrate the applicability of these practices and techniques. The presentation concludes with a discussion of the changes to the role of the software architect in the digital age [7]. These ongoing changes drive the identification of research problems and challenges for the practical adoption and lasting impact of the practices and techniques in the framework (and other contributions to the body of knowledge on sustainable architectures).","PeriodicalId":409631,"journal":{"name":"Proccedings of the 10th European Conference on Software Architecture Workshops","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125114659","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Assurance cases in form of structured arguments are often required by standards to show that a system is acceptable for its intended purpose with respect to a particular assurance viewpoint such as safety or security. The goal of such a case is to present an argument that connects the requirements of a particular viewpoint with the supporting evidence. Building a set of assurance cases for the different viewpoints can be time-consuming and costly. Means are needed to automate and reuse the assurance case artefacts between the assurance cases for the different viewpoints. In this paper we present how assumption/guarantee contracts can be used to facilitate reuse of assurance case artefacts by building multiple-viewpoint assurance cases from the contracts. More specifically, we build upon the previous work on argument-fragment generation from such contracts to allow for generating viewpoint specific argument-fragments. We illustrate the approach on a motivating case.
{"title":"Building multiple-viewpoint assurance cases using assumption/guarantee contracts","authors":"Irfan Šljivo, B. Gallina","doi":"10.1145/2993412.3007555","DOIUrl":"https://doi.org/10.1145/2993412.3007555","url":null,"abstract":"Assurance cases in form of structured arguments are often required by standards to show that a system is acceptable for its intended purpose with respect to a particular assurance viewpoint such as safety or security. The goal of such a case is to present an argument that connects the requirements of a particular viewpoint with the supporting evidence. Building a set of assurance cases for the different viewpoints can be time-consuming and costly. Means are needed to automate and reuse the assurance case artefacts between the assurance cases for the different viewpoints. In this paper we present how assumption/guarantee contracts can be used to facilitate reuse of assurance case artefacts by building multiple-viewpoint assurance cases from the contracts. More specifically, we build upon the previous work on argument-fragment generation from such contracts to allow for generating viewpoint specific argument-fragments. We illustrate the approach on a motivating case.","PeriodicalId":409631,"journal":{"name":"Proccedings of the 10th European Conference on Software Architecture Workshops","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123966126","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: