Roberto Silveira Silva Filho

In the eye of the beholder: a visualization-based approach to information system security

Computer system security is traditionally regarded as a primarily technological concern; the fundamental questions to which security researchers address themselves are those of the mathematical guarantees that can be made for the performance of various communication and computational challenges. However, in our research, we focus on a different question. For us, the fundamental security question is one that end-users routinely encounter and resolve for themselves many times a day--the question of whether a system is secure enough for their immediate needs.In this paper, we will describe our explorations of this issue. In particular, we will draw on three major elements of our research to date. The first is empirical investigation into everyday security practices, looking at how people manage security as a practical, day-to-day concern, and exploring the context in which security decisions are made. This empirical work provides a foundation for our reconsideration of the problems of security to a large degree as an interactional problem. The second is our systems approach, based on visualization and event-based architectures. This technical approach provides a broad platform for investigating security and interaction, based on a set of general principles. The third is our initial experiences in a prototype deployment of these mechanisms in an application for peer-to-peer file sharing in face-to-face collaborative settings. We have been using this application as the basis of an initial evaluation of our technology in support of everyday security practices in collaborative workgroups.

The design of a configurable, extensible and dynamic notification service

Publish/subscribe infrastructures, specifically notification servers, are used in a large spectrum of distributed applications as their basic communication and integration infrastructure. With their recent popularization, notification servers are being developed to support specific application domains. At the same time, general-purpose notification servers provide a large set of functionality for a broad set of applications. With so many options, developers face the dilemma of choosing between application-specific or general-purpose notification servers. In both cases, however, the set of features provided by the servers are usually neither extensible nor configurable, making their customization to specific application domains a difficult task. In this work, a more flexible approach is proposed - a customizable, extensible and dynamic architecture for notification services - which allows the customization of the notification service to different application domains. The extensi-bility model is presented according to the design framework proposed by Rosemblum and Wolf. A preliminary implementation of the prototype is also discussed, as well as configuration examples.

Seeing further: extending visualization as a basis for usable security

The focus of our approach to the usability considerations of privacy and security has been on providing people with information they can use to understand the implications of their interactions with a system, as well as, to assess whether or not a system is secure enough for their immediate needs. To this end, we have been exploring two design principles for secure interaction: visualizing system activity and integrating configuration and action. Here we discuss the results of a user study designed as a broad formative examination of the successes and failures of an initial prototype based around these principles. Our response to the results of this study has been twofold. First, we have fixed a number of implementation and usability problems. Second, we have extended our visualizations to incorporate new considerations regarding the temporal and structural organization of interactions.

E-learning program for medical students in dermatology

INTRODUCTION: Dermatological disorders are common in medical practice. In medical school, however, the time devoted to teaching dermatology is usually very limited. Therefore, online educational systems have increasingly been used in medical education settings to enhance exposure to dermatology. OBJECTIVE: The present study was designed to develop an e-learning program for medical students in dermatology and evaluate the impact of this program on learning. METHODS: This prospective study included second year medical students at the University of Technology and Science, Salvador, Brazil. All students attended discussion seminars and practical activities, and half of the students had adjunct online seminars (blended learning). Tests were given to all students before and after the courses, and test scores were evaluated. RESULTS: Students who participated in online discussions associated with face-to-face activities (blended learning) had significantly higher posttest scores (9.0±0.8) than those who only participated in classes (7.75±1.8, p <0.01). CONCLUSIONS: The results indicate that an associated online course might improve the learning of medical students in dermatology.

A Fully Distributed Architecture for Large Scale Workflow Enactment

Standard client-server workflow management systems are usually designed as client-server systems. The central server is responsible for the coordination of the workflow execution and, in some cases, may manage the activities database. This centralized control architecture may represent a single point of failure, which compromises the availability of the system. We propose a fully distributed and configurable architecture for workflow management systems. It is based on the idea that the activities of a case (an instance of the process) migrate from host to host, executing the workflow tasks, following a process plan. This core architecture is improved with the addition of other distributed components so that other requirements for Workflow Management Systems, besides scalability, are also addressed. The components of the architecture were tested in different distributed and centralized configurations. The ability to configure the location of components and the use of dynamic allocation of tasks were effective for the implementation of load balancing policies.

Supporting Concern-Based Regression Testing and Prioritization in a Model-Driven Environment

Traditional regression testing and prioritization approaches are bottom-up (or white-box). They rely on the analysis of the impact of changes in source code artifacts, identifying corresponding parts of software to retest. While effective in minimizing the amount of testing required to validate code changes, they do not leverage on specification-level design and requirements concerns that motivated these changes. Model-based testing approaches support a top-down (or black box) testing approach, where design and requirements models are used in support of test generation. They augment code-based approaches with the ability to test from a higher-level design and requirements perspective. In this paper, we present a model-based regression testing and prioritization approach that efficiently selects test cases for regression testing based on different concerns. It relies on traceability links between models, test cases and code artifacts, together with user-defined properties associated to model elements. In particular we describe how to support concern-based regression testing and prioritization using TDE/UML, an extensible model-based testing environment.

Striving for versatility in publish/subscribe infrastructures

Publish/subscribe infrastructures are used as the basic communication and integration framework in many application domains. The majority of those infrastructures, however, fall short of mechanisms that allow their customization and configuration to comply with the requirements of those application domains. In other words, they are not versatile enough to support new and evolving requirements demanded by different applications. The YANCEES (Yet ANother Configurable Extensible Event Service) addresses these versatility issues by relying on a combination of plug-in oriented architecture and extensible languages decomposed over different design dimensions of a publish/subscribe infrastructure. We demonstrate our approach, showing how the YANCEES platform can be useful in reducing the customization, extension and implementation effort of different publish/subscribe infrastructures to attend the demands of many application domains.

An Integrated Model-Driven Approach for Mechatronic Systems Testing

Mechatronic systems integrate mechanical, electrical and software subsystems. They are increasingly important in mission-critical infrastructures in different domains including automotive, healthcare, energy and transportation sectors. As such, the adequate testing and validation of such infrastructures are of prime importance. Mechatronic systems testing has been supported by different isolated industrial and research approaches including automated test infrastructures, model-based testing, and test execution engines. While these approaches have individual benefits, they are usually applied in isolation, suffering from different weaknesses. This paper reports on an integrated model-driven approach for mechatronic systems testing, where existing approaches are combined and enhanced. The result is unprecedented levels of automation and testability. We discuss the design and implementation of our approach, illustrating its use with a hybrid calculator example.

Design Principles for Integration of Model-Driven Quality Assurance Tools

The engineering of software systems is supported by tools in different phases of the software development. The integration of these tools is crucial to assure the trace ability of existing models and artifacts, and to support the automation of critical software development phases such as software testing and validation. In particular, the integration of novel software quality assurance tools into existing environments must be performed in a way that minimizes its impact on existing software process, while the benefits of the tool are leveraged. This guarantees the adoption of new methodologies with minimal interference in existing production workflow. In this paper we discuss our experience in integrating a model-driven software testing tool developed within SIEMENS with a widely-adopted model-driven design tool. In particular, we establish a set of design principles from the lessons learned in this integration. We conclude showing a design that prioritizes data integration over control and presentation that achieves a high degree of tool integration while minimizing the integration development effort.

Experiences documenting and preserving software constraints using aspects

Software systems are increasingly being built as compositions of reusable artifacts (components, frameworks, toolkits, plug-ins, APIs, etc) that have non-trivial usage constraints in the form of interface contracts, underlying assumptions and design composition rules. Satisfying these constraints is challenging: they are often not well documented; or they are difficult to integrate into the software development process in ways that allow their identification by developers; or they may not be enforced by existing tools and development environments. Aspect-Oriented Programming has been advocated as an approach to represent and enforce software constraints in code artifacts. Aspects can be used to detect constraint violations, or more pro-actively, to ensure that the constraints are satisfied without requiring the developers attention. This paper discusses our experience using aspects to document and enforce software constraints in an industrial application, specifically TDE/UML, a model-driven software testing tool developed at SIEMENS. We present an analysis of common constraints found in our case study, a set of primitive aspects developed to help the enforcement of software constraints, and show how AOP has been incorporated into existing software development and governance approaches in the TDE/UML project. We conclude with a discussion of strengths and limitations of AspectJ in supporting these constraints.