Aram Hovsepyan

Predicting Vulnerable Software Components via Text Mining

This paper presents an approach based on machine learning to predict which components of a software application contain security vulnerabilities. The approach is based on text mining the source code of the components. Namely, each component is characterized as a series of terms contained in its source code, with the associated frequencies. These features are used to forecast whether each component is likely to contain vulnerabilities. In an exploratory validation with 20 Android applications, we discovered that a dependable prediction model can be built. Such model could be useful to prioritize the validation activities, e.g., to identify the components needing special scrutiny.

Towards a transformation chain modeling language

The Model Driven Development (MDD) paradigm stimulates the use of models as the main artifacts for software development. These models can be situated at high levels of abstraction, close to the applications business domain. Many consecutive automatic transformations (a transformation chain) can be applied to these models to add the necessary details in order to generate a concrete implementation. This means that a large part of the total development effort is relocated to the development of transformations and hence we should have the necessary tooling support for designing transformation chains. In this paper we propose a metamodel for a transformation chain modeling language that enables implementation independent composition of transformations. We also propose a concrete syntax for this language that is based on UML activity diagrams.

From aspect-oriented models to aspect-oriented code?: the maintenance perspective

Aspect-Oriented Modeling (AOM) provides support for separating concerns at the design level. Even though most AOM approaches provide means to execute the composition of the modularized concerns to obtain a composed model, it is also possible to keep the concerns modularized at the implementation level by targeting an aspect-oriented platform. Model-driven approaches have emerged to support both alternatives via tools. Clearly, these choices are not equivalent. Rather, they have a direct impact on several dimensions, including maintainability. Hence, the main research problem addressed by this work is to figure out which alternative provides for shorter maintenance time. To answer this question, we have conducted a series of quantitative studies and experiments.

Key research challenges for successfully applying MDD within real-time embedded software development

Model-Driven Development (MDD) is a software development paradigm that promotes the use of models at different levels of abstraction and perform transformations between them to derive one or more concrete application implementations. In this paper we analyze the current status of MDD regarding its applicability for the development of Real-Time Embedded Software. We discuss different modeling framework approaches used to specify the various models, and compare OMG/MDA-based approaches (MOF, UML Profiles and executable UML) with a generic MDD-based approach (GME). Finally, we identify the key challenges for future MDD research in order to successfully apply MDD within RTES Development. These challenges are mainly situated in the field of modeling and standardization of abstraction levels, model transformations and code generation, traceability, and integration of existing software within the MDD development process

Towards managing variability in the safety design of an automotive hall effect sensor

This paper discusses the merits and challenges of adopting software product line engineering (SPLE) as the main development process for an automotive Hall Effect sensor. This versatile component is integrated into a number of automotive applications with varying safety requirements (e.g., windshield wipers and brake pedals). This paper provides a detailed explanation as to why the process of safety assessment and verification of the Hall Effect sensor is currently cumbersome and repetitive: it must be repeated entirely for every automotive application in which the sensor is to be used. In addition, no support is given to the engineer to select and configure the appropriate safety solutions and to explain the safety implications of his decisions. To address these problems, we present a tailored SPLE-based approach that combines model-driven development with advanced model composition techniques for applying and reasoning about specific safety solutions. In addition, we provide insights about how this approach can reduce the overall complexity, improve reusability, and facilitate safety assessment of the Hall Effect sensor.

Specifying and Composing Concerns Expressed in Domain-Specific Modeling Languages

Separation of concerns and levels of abstraction are key software engineering principles that can help master the increasing complexity of software applications. Aspect-oriented modeling (AOM) and domain-specific modeling languages (DSML) are two important and promising approaches in this context. However, little research is done to investigate the synergy between AOM and DSMLs. In this paper we present an asymmetric approach to compose modularized concerns expressed in different DSMLs with an application base model expressed in a general-purpose modeling language (GPML). This allows to specify each concern in the most appropriate modeling language. We introduce the concept of a concern interface, expressed in a GPML, that serves as a common language between a specific concern and the application base. In addition, we use an explicit composition model to specify the syntactic and the semantic links between entities from the different concerns. We explore these concepts using an application where we modularize the user interface modeled in WebML and the access control specified in XACML. The modularized concerns are then composed with an application base that has been specified in UML.

Design Churn as Predictor of Vulnerabilities

This paper evaluates a metric suite to predict vulnerable Java classes based on how much the design of an application has changed over time. It refers to this concept as design churn in analogy with code churn. Based on a validation on 10 Android applications, it shows that several design churn metrics are in fact significantly associated with vulnerabilities. When used to build a prediction model, the metrics yield an average precision of 0.71 and an average recall of 0.27.

Is Newer Always Better?: The Case of Vulnerability Prediction Models

Finding security vulnerabilities in the source code as early as possible is becoming more and more essential. In this respect, vulnerability prediction models have the potential to help the security assurance activities by identifying code locations that deserve the most attention. In this paper, we investigate whether prediction models behave like milk (i.e., they turn with time) or wine (i.e., the improve with time) when used to predict future vulnerabilities. Our findings indicate that the recall values are largely in favor of predictors based on older versions. However, the better recall comes at the price of much higher file inspection ratio values.

Effective and efficient privacy threat modeling through domain refinements

Privacy and security are crosscutting in the design of any software system or service, and thus a broad focus on the end-to-end system architecture is required. For this reason, systematic approaches to elicitate security and privacy threats and risks are gaining importance. Such approaches however are highly analytic, require substantial effort and rely extensively on domain expertise. Applying these methods in practice easily leads to the problem of threat explosion, where the effort required to prioritize and consider all threats starts exceeding the benefits of adopting these methods. To address this impediment to practical adoption, we present our approach to improve LINDDUN, an existing privacy engineering method. We create a domain refinement questionnaire, which involves activating and deactivating threat trees nodes by posing specific questions to the privacy engineer or software architect, leading to the a priori exclusion of non-applicable threats from the analysis exercise. The efficiency gain can be strengthened further by incorporating reusable domain knowledge in the approach to instantiate the questionnaire.

A shared multi-stakeholder platform for IoT: poster

The Internet of Things is connecting billions of devices and blurring the distinction between the physical and virtual world. However, to unlock the full potential and achieve economies-of-scale, focus should shift from IoT deployment aimed at a single use case or a single customer to a platform where multiple customers utilise a shared infrastructure provided by a distinct party. In this poster abstract, we describe the need for such a shared multi-stakeholder platform and the most challenging design requirements: virtualisation layer with resource abstraction and location-awareness, distributed access control, and support for the distributed application programming model. Furthermore, we propose an architecture and present a prototype of the platform.