Stephen Quirolgico

Toward a Formal Common Information Model Ontology

Self-managing systems will be highly dependent upon information acquired from disparate applications, devices, components and subsystems. To be effectively managed, such information will need to conform to a common model. One standard that provides a common model for describing disparate computer and network information is the Common Information Model (CIM). Although CIM defines the models necessary for inferring properties about distributed systems, its specification as a semi-formal ontology limits its ability to support important requirements of a self-managing distributed system including knowledge interoperability and aggregation, as well as reasoning. To support these requirements, there is a need to model, represent and share CIM as a formal ontology. In this paper, we propose a framework for constructing a CIM ontology based upon previous research that identified mappings from Unified Modeling Language (UML) constructs to ontology language constructs. We extend and apply these mappings to a UML representation of the CIM Schema in order to derive a semantically valid and consistent formal CIM ontology.

An autonomic failure-detection algorithm

Designs for distributed systems must consider the possibility that failures will arise and must adopt specific failure detection strategies. We describe and analyze a self-regulating failure-detection algorithm that bounds resource usage and failure-detection latency, while automatically reassigning resources to improve failure-detection latency as system size decreases. We apply the algorithm to (1) Jini leasing, (2) service registration in the Service Location Protocol (SLP), and (3) SLP service polling

Vetting Mobile Apps

Billions of copies of apps for mobile devices have been purchased in recent years. With this growth, however, comes an increase in the spread of potentially dangerous security vulnerabilities. Because of an apps low cost and high proliferation, the threat of these vulnerabilities could be far greater than that of traditional computers. Thus, purchasing organizations or third-party labs should vet the apps before selling them, and consumers need to understand the risks of apps and the prospects for ensuring their security.

Understanding failure response in service discovery systems

Service discovery systems enable distributed components to find each other without prior arrangement, to express capabilities and needs, to aggregate into useful compositions, and to detect and adapt to changes. First-generation discovery systems can be categorized based on one of three underlying architectures and on choice of behaviors for discovery, monitoring, and recovery. This paper reports a series of investigations into the robustness of designs that underlie selected service discovery systems. The paper presents a set of experimental methods for analysis of robustness in discovery systems under increasing failure intensity. These methods yield quantitative measures for effectiveness, responsiveness, and efficiency. Using these methods, we characterize robustness of alternate service discovery architectures and discuss benefits and costs of various system configurations. Overall, we find that first-generation service discovery systems can be robust under difficult failure environments. This work contributes to better understanding of failure behavior in existing discovery systems, allowing potential users to configure deployments to obtain the best achievable robustness at the least available cost. The work also contributes to design improvements for next-generation service discovery systems.

Vetting the Security of Mobile Applications

The purpose of this document is to help organizations (1) understand the process for vetting the security of mobile applications, (2) plan for the implementation of an app vetting process, (3) develop app security requirements, (4) understand the types of app vulnerabilities and the testing methods used to detect those vulnerabilities, and (5) determine if an app is acceptable for deployment on the organizations mobile devices.

Presentation 4. App vetting systems: Issues and challenges

Summary form only given. Increasingly, attention is being paid to security vulnerabilities of mobile apps, and with good reason. Such vulnerabilities, if exploited, could be used to wreak havoc on users by stealing their information or controlling their mobile device. Given the billions of mobile apps in use today, security breaches threaten to occur on a very large scale. This presentation discusses the issues and challenges surrounding app vetting systems and provides lessons learned during the development and deployment of an app vetting system for the DARPA TransApps program.