Massimiliano Zilli

Supporting evolving security models for an agile security evaluation

At present, security-related engineering usually requires a big up-front design (BUFD) regarding security requirements and security design. In addition to the BUFD, at the end of the development, a security evaluation process can take up to several months. In todays volatile markets customers want to influence the software design during the development process. Agile processes have proven to support these demands. Nevertheless, there is a clash with traditional security design and evaluation processes. In this paper, we propose an agile security evaluation method for the Common Criteria standard. This method is complemented by an implementation of a change detection analysis for model-based security requirements. This system facilitates the agile security evaluation process to a high degree.

Embedding research in the industrial field: a case of a transition to a software product line

Java Cards [4, 5] are small resource-constrained embedded systems that have to fulfill rigorous security requirements. Multiple application scenarios demand diverse product performance profiles which are targeted towards markets such as banking applications and mobile applications. In order to tailor the products to the customers needs we implemented a Software Product Line (SPL). This paper reports on the industrial case of an adoption to a SPL during the development of a highly-secure software system. In order to provide a scientific method which allows the description of research in the field, we apply Action Research (AR). The rationale of AR is to foster the transition of knowledge from a mature research field to practical problems encountered in the daily routine. Thus, AR is capable of providing insights which might be overlooked in a traditional research approach. In this paper we follow the iterative AR process, and report on the successful transfer of knowledge from a research project to a real industrial application.

Patterns of Software Modeling

Software systems start small and grow in complexity and size. The larger a software system is, the more it is distributed over organizational and geographical confines. Thus, the modeling of software systems is necessary at a certain level of complexity because it can be used for communication, documentation, configuration and certification purposes. We came to the conclusion that several patterns of software modeling exist. The existence of such patterns is dependent on the history and the evolution of the system under consideration. We will show that a software system in its lifecycle has to face several crises. Such a crisis is a watershed in the application of new patterns. We provide an evolutionary view of software systems and models which helps understanding of current problems and prospective solutions.

On the dictionary compression for Java card environment

Java Card is a Java running environment developed for low-end embedded systems such as smart cards. In this context of scarce resources, ROM size plays a very important role and compression techniques help reducing program sizes as much as possible. Dictionary compression is the most promising technique and has been taken in consideration in this field by several authors. Java Card can adopt a dictionary compression scheme, substituting repeated sequences of bytecodes with new macros stored into a dictionary. This approach does not break the Java Card standard, but requires the use of an ad hoc Java virtual machine and an additional custom component in the converted applet (CAP) file. This paper presents two derived compaction techniques and discusses two scenarios: the first adopts an adaptive (dynamic) dictionary, while the second uses a static one. Although the base dictionary compression technique performs better with an adaptive dictionary, the two proposed techniques perform very close to the base one with a static dictionary. Moreover, we present a different compression mechanism based on re-engineering the CAP file through subroutines. This last technique achieves a higher compression rate, but it is fully compliant with the existing Java Card environments.

Hardware/software co-design for a high-performance Java Card interpreter in low-end embedded systems

Java Card is a Java running environment specific for smart cards. In such low-end embedded systems, the execution time of the applications is an issue of first order. One of the components of the Java Card Virtual Machine (JCVM) playing an important role in the execution speed is the bytecode interpreter. In Java systems the main technique for speeding-up the interpreter execution is the Just-In-Time compilation (JIT), but this resource consuming technique is inapplicable in systems with as restricted resources available as in smart cards.This paper presents a hardware/software co-design solution for the performance improvement of the interpreter. In the software domain, we adopted a pseudo-threaded code interpreter that allows a better run-time performance with a small amount of additional code. In the hardware domain, we proceeded moving parts of the interpreter into hardware, giving origin to a Java Card interpreter based on an application specific instruction set processor.

Where does all this waste come from

Agile development processes are more flexible than conventional ones. They emphasize iterative development and learning over feedback loops. Nevertheless, we experienced some pitfalls in the application of agile processes in dependable software systems. We present here the experiences we gathered in the construction of high‐quality industrial software. Moreover, we will digest our experiences into a conceptual model of waste creation. This model will be refined to a case study where we take appropriate measurements in order to provide empirical evidence for it. Finally, we discuss the implications of the developed model, which helps to estimate the trade‐off between agile and traditional software processes. Copyright

Test-driven migration towards a hardware-abstracted platform

Platform-based development is one of the most successful paradigms in software engineering. In embedded systems, the reuse of software on several processor families is often abandoned due to the multitude of compilers, processor architectures and instruction sets. In practice, we experienced that a lack of hardware abstraction leads to non-reusable test cases. We will demonstrate a re-engineering process that follows test-driven development practices which fits perfectly for migration activities. Moreover, we will introduce a process that provides trust for the test cases on a new hardware.

Balancing Product and Process Assurance for Evolving Security Systems

At present, security-related engineering usually requires a big up-front design BUFD regarding security requirements and security design. In addition to the BUFD, at the end of the development, a security evaluation process can take up to several months. In todays volatile markets customers want to be able to influence the software design during the development process. Agile processes have proven to support these demands. Nevertheless, there is a clash between traditional security design and evaluation processes. In this paper, the authors propose an agile security evaluation method for the Common Criteria standard. This method is complemented by an implementation of a change detection analysis for model-based security requirements. This system facilitates the agile security evaluation process to a high degree. However, the application of the proposed evaluation method is limited by several constraints. The authors discuss these constraints and show how traditional certification schemes could be extended to better support modern industrial software development processes.

A light-weight compression method for Java card technology

Java Card is a Java running environment tailored for smart cards. In such small systems, resources are limited, and keeping application size as small as possible is a first order issue. Dictionary compression is a promising technique taken into consideration by several authors. The main drawback of this technique is a degradation in the execution speed. In this paper we propose combining the dictionary compression with another compression technique based on the folding mechanism; the latter is less effective in terms of space savings, but has the advantage of speeding up the execution. A combination of the two techniques leads to higher space savings with a very low decrease in execution time compared with the plain dictionary compression.

Patterns for hardware-independent development for embedded systems

In embedded systems, different hardware architectures require additional effort for writing portable software. Generally, a Hardware Abstraction Layer (HAL) provides an abstraction for portable software. However, a HAL is a layer and does not support an abstraction of cross-cutting issues, such as data types. Such cross-cutting issues provide often some possibility for optimization parameters. In this paper we provide some patterns which help to mask such platform-dependent parameters. In this way, there is a defined point, where these platform-dependent parameters are inserted. The rest of the code is then abstracted and coded platform-independently. The platform-dependent parameters are then resolved during pre-processing and compilation. The described patterns have been mined and also applied in a large-scale industrial embedded software project. They have shown to cover most of the concerns that appear when platform-dependent optimizations shall be combined with platform-independent coding.