Jose Miguel Horcas

An automatic process for weaving functional quality attributes using a software product line approach

We define a family of FQAs ready to be reused in many software architectures.We define an Aspect-Oriented SPL to inject customized FQAs into the applications.Two different implementations of the SPL are provided and compared.Modelling FQAs separately from the applications increases reusability.The final architectures exhibit a high degree of separation of concerns. Some quality attributes can be modelled using software components, and are normally known as Functional Quality Attributes (FQAs). Applications may require different FQAs, and each FQA (e.g., security) can be composed of many concerns (e.g., access control or authentication). They normally have dependencies between them and crosscut the system architecture. The goal of the work presented here is to provide the means for software architects to focus only on application functionality, without having to worry about FQAs. The idea is to model FQAs separately from application functionality following a Software Product Line (SPL) approach. By combining SPL and aspect-oriented mechanisms, we will define a generic process to model and automatically inject FQAs into the application without breaking the base architecture. We will provide and compare two implementations of our generic approach using different variability and architecture description languages: (i) feature models and an aspect-oriented architecture description language; and (ii) the Common Variability Language (CVL) and a MOF-compliant language (e.g., UML). We also discuss the benefits and limitations of our approach. Modelling FQAs separately from the base application has many advantages (e.g., reusability, less coupled components, high cohesive architectures).

Dynamic reconfiguration of security policies in wireless sensor networks.

Providing security and privacy to wireless sensor nodes (WSNs) is very challenging, due to the heterogeneity of sensor nodes and their limited capabilities in terms of energy, processing power and memory. The applications for these systems run in a myriad of sensors with different low-level programming abstractions, limited capabilities and different routing protocols. This means that applications for WSNs need mechanisms for self-adaptation and for self-protection based on the dynamic adaptation of the algorithms used to provide security. Dynamic software product lines (DSPLs) allow managing both variability and dynamic software adaptation, so they can be considered a key technology in successfully developing self-protected WSN applications. In this paper, we propose a self-protection solution for WSNs based on the combination of the INTER-TRUST security framework (a solution for the dynamic negotiation and deployment of security policies) and the FamiWare middleware (a DSPL approach to automatically configure and reconfigure instances of a middleware for WSNs). We evaluate our approach using a case study from the intelligent transportation system domain.

An Aspect-Oriented Model transformation to weave security using CVL

In this paper, we combine the Common Variability Language (CVL) and the ATL Transformation Language to customize and incorporate a generic security model into any application that requires security. Security spans a large set of concerns such as integrity, encryption or authentication, among others, and each concern needs to be incorporated into the base application in a different way and at different points of the application. We propose a set of weaving patterns using model transformations in ATL to automatically weave the security concerns with the base application in an aspect-oriented way. Since different applications require different security requirements, the security model needs to be customized before its incorporation into the application. We resolve the variability of the security properties and implement the weaving process in CVL. We use an e-voting case study to illustrate our proposal using the CVL approach.

Injecting quality attributes into software architectures with the common variability language

Quality attributes that add new behavior to the functional software architecture are known as functional quality attributes (FQAs). These FQAs are applied to pieces of software from small components to entire systems, usually crosscutting some of them. Due to this crosscutting nature, modeling them separately from the base application has many advantages (e.g. reusability, less coupled architectures). However, different applications may require different configurations of an FQA (e.g. different levels of security), so we need a language that: (i) easily expresses the variability of the FQAs at the architectural level; and that (ii) also facilitates the automatic generation of architectural configurations with custom-made FQAs. In this sense, the Common Variability Language (CVL) is extremely suited for use at the architectural level, not requiring the use of a particular architectural language to model base functional requirements. In this paper we propose a method based on CVL to: (i) model separately and generate FQAs customized to the application requirements; (ii) automatically inject customized FQA components into the architecture of the applications. We quantitatively evaluate our approach and discuss its benefits with a case study.

Runtime Enforcement of Dynamic Security Policies

The security policies of an application can change at runtime due to several reasons, as for example the changes on the user preferences, the lack of enough resources in mobile environments or the negotiation of security levels between the interacting parties. As these security policies change, the application code that copes with the security functionalities should be adapted in order to enforce at runtime the changing security policies. In this paper we present the design, implementation and evaluation of a runtime security adaptation service. This service is based on the combination of autonomic computing and aspect-oriented programming, where the security functionalities are implemented as aspects that are dynamically configured, deployed or un-deployed by generating and executing a security adaptation plan. This service is part of the INTER-TRUST framework, a complete solution for the definition, negotiation and run-time enforcement of security policies.

Extending the Common Variability Language (CVL) Engine: A practical tool

The Common Variability Language (CVL) has become a reference in the specification and resolution of variability in the last few years. Despite the multiple advantages of CVL (orthogonal variability, architecture variability resolution, MOF-compliant, standard proposed,...), several approaches require extending and/or modifying the CVL approach in different ways in order to fulfill the industrial needs for variability modeling in Software Product Lines. However, the community lacks a tool that would enable proposed extensions and the integration of novel approaches to be put into practice. Existing tools that provide support for CVL are incomplete or are mainly focused on the variability models editor, instead of executing the resolution of the variability over the base models. Moreover, there is no API that allows direct interaction with the CVL engine to extend or use it in an independent application. In this paper, we identify the extension points of the CVL approach with the goal of making the CVL engine more flexible, and to help software architects in the task of resolving the variability of their products. The practical tool presented here is a working implementation of the CVL engine, that can be extended through a proposed API.

Variability models for generating efficient configurations of functional quality attributes

Abstract Context: Quality attributes play a critical role in the architecture elicitation phase. Software Sustainability and energy efficiency is becoming a critical quality attribute that can be used as a selection criteria to choose from among different design or implementation alternatives. Energy efficiency usually competes with other non-functional requirements, like for instance, performance. Objective: This paper presents a process that helps developers to automatically generate optimum configurations of functional quality attributes in terms of energy efficiency and performance. Functional quality attributes refer to the behavioral properties that need to be incorporated inside a software architecture to fulfill a particular quality attribute (e.g., encryption and authentication for the security quality attribute, logging for the usability quality attribute). Method: Quality attributes are characterized to identify their design and implementation variants and how the different configurations influence both energy efficiency and performance. A usage model for each characterized quality attribute is defined. The variability of quality attributes, as well as the energy efficiency and performance experiment results, are represented as a constraint satisfaction problem with the goal of formally reasoning about it. Then, a configuration of the selected functional quality attributes is automatically generated, which is optimum with respect to a selected objective function. Results: Software developers can improve the energy efficiency and/or performance of their applications by using our approach to perform a richer analysis of the energy consumption and performance of different alternatives for functional quality attributes. We show quantitative values of the benefits of using our approach and discuss the threats to validity. Conclusions: The process presented in this paper will help software developers to build more energy efficient software, whilst also being aware of how their decisions affect other quality attributes, such as performance.

Using Models at Runtime to Adapt Self-managed Agents for the IoT

One of the most important challenges of this decade is the Internet of Things (IoT) that pursues the integration of real-world objects in the virtual world of the Internet. One property that characterises IoT systems is that they have to react to variable and continuous changes. This means that IoT systems need to work as self-managed systems to effectively manage context changes. The autonomy property inherent to software agents makes them a suitable choice for developing self-managed IoT systems. By embedding agents in the devices that compose the IoT is possible to realize a decentralized system with self-management capacities. However, in this scenario new problems arise. Firstly, current agent development approaches lack mechanisms to deal with the heterogeneity present in the IoT domain. Secondly, agents must simultaneously deal with potentially conflicting changes in their behaviour, concerning self-management and application goals. In order to afford these challenges we propose to use an approach based on Dynamic Software Product Lines (D-SPL) and preference-based reasoning. The D-SPL provides to the preference-based reasoning of the agent with the necessary information to adapt its behaviour at runtime making a trade-off between the self-management of the system and the accomplishment of its application goals.

Product Line Architecture for Automatic Evolution of Multi-Tenant Applications

Cloud computing is becoming the predominant mechanism to seamlessly deploy applications with special requirements such as massive storage sharing or load balancing, usually provided as services by cloud platforms. A developer can improve the applications delivery and productivity by following a multi tenancy approach, where variants of the same application can be quickly customized to the necessities of each tenant. However, managing the inherent variability existing in multi-tenant applications and, even more importantly, managing the evolution of a multi-tenant application with hundreds of tenants and thousands of different valid architectural configurations can become intractable if performed manually. In this paper we propose a product line architecture approach in which: (1) we use cardinality-based variability models to model each tenant as a clonable feature, (2) we automate the process of evolving the multi- tenant application architecture, and (3) we demonstrate that the implemented process is correct and efficient for a high number of tenants in a reasonable time. We use a running case study in the domain of medical software.

Variability and Dependency Modeling of Quality Attributes

Functional Quality Attributes (FQAs) are quality attributes that have strong functional implications and so can be easily modeled by software components. Thus, we use an aspect-oriented software product line approach, to model the commonalities and variabilities of FQAs from the early stages of the software development. However, FQAs cannot be modeled in isolation since they usually have dependencies and interactions between them. In this paper we focus on identifying and modeling the dependencies among different FQAs. These dependencies are automatically incorporated into the final software architecture of the system under development, even when the software architect may be unaware of them.