Design for Adaptation of Distributed Service-Based Systems

Martina De Sanctis

Distributed Adaptive Systems, Service Composition, Domain Object Model

Internet of Services applications need to cope with a continuously changing environment, both in terms of the context in which they operate, and of the services, users and providers involved. In this setting, adaptivity is to be considered an intrinsic characteristic of applications rather than an exception to be handled. We propose a design for adaptation approach that fully exploits the advantages of the service-oriented paradigm to support the development and operation of service-based applications operating in highly dynamic environments. The approach is based on dynamic and incremental service composition and re-configuration techniques and it will be evaluated on a real-world scenario in the Smart Cities domain.




Security Testing of Android Apps for Detecting Permission Re-delegation Vulnerabilities

Biniam Fisseha Demissie

android apps, security testing, software engineering, static analysis

Software systems are composed of multiple components. Components hold special privileges to perform different tasks. Controlled access to system resources is achieved through permission based security model. In order to gain privileges, a malicious component usually has to abuse a privileged component. This phenomenon is commonly known as the confused deputy attack. Confused deputy attack occurs when a privileged component performs an activity that needs special permission on behalf of other component that does not have the required permission. Static analysis is often used to detect existence of this vulnerability. However, reports of static analysis are vulnerability points rather than conditions that cause the vulnerability. Therefore, a developer that wishes to fix this vulnerability has to manually analyze the code in order to understand the conditions that cause the vulnerability. Similar to other permission based systems, the Android system also suffers from the confused deputy attack called permission re-delegation. In this work, we present our approach on how to automatically generate test case that reveal permission re-delegation vulnerability in Android apps. Previous results showed that not every reported permission re-delegation is a vulnerability as re-delegation is a feature of the Android framework. Therefore, we need to minimize the report to those potential permission re-delegation vulnerabilities. We propose an automated test oracle based on top applications from the official market and compare behaviors of vulnerable applications to similar applications in the market.




Efficient Modelling with Constrained Goal Models

Chi Mai Nguyen

Goal Models, Requirements Engineering, Software Engineering, SMT, SAT, OMT

Goal models have been widely used in Computer Science to represent software requirements, business objectives, and design qualities. Existing goal modelling techniques, however, have shown limitations of expressiveness and/or tractability in coping with complex real-world problem. In this work, we exploit advances in automated reasoning technologies, notably SMT solvers, to propose and formalize an extended notion of goal model, namely Constrained Goal Models.





Acceptance Requirements through Gamification Solutions

Luca Piras

Acceptance Requirements, Requirements Engineering, Gamification, Gamification Design, Software Engineering, Goal Modeling, Conceptual Modeling, Context Modeling, Human Behavior, Organizational Behaviors

We live in the days of social software where social interactions, from simple notifications to complex business processes, are supported by software platforms such as Facebook and Twitter. But for any social software to be successful, it must be used by a sizeable portion of its intended user community. Usage requirements are usually referred to as Acceptance Requirements and they have been studied in the literature both for general technology as well as software. Operationalization techniques for such requirements often consist of making a game out of software usage where users are rewarded/penalized depending on the degree of their participation. The game may be competitive or non-competitive, depending on the anticipated personality traits of intended users. Making a game out of usage is often referred to as Gamification, and gamification has attracted huge attention both in the literature and in the market for the past few years because it offers a novel approach to software technology usage. My research proposes a generic framework for designing gamified solutions for acceptance requirements. The framework, called Agon (Agon in Greek means “game” or “competition”, as in Olympic Games), consists of a generic acceptance goal model that characterizes the problem space by capturing possible refinements for acceptance requirements, and a generic gamification model that captures possible gamified operationalizations of acceptance requirements. These models have been extracted from the literature and they are highly dependent on context (cognitive and social) elements of the intended user community. The proposed Acceptance Requirements Framework is illustrated with the Meeting Scheduler exemplar and validated by the Horizon 2020 European Project called Participatory Architectural Change MAnagement in ATM Systems (PACAS,





Personal Data Protection Certification

Marco Robol

personal data; data protection; privacy requirements; data regulation; automatic reasoning

EU and national laws impose strict regulation on personal data. A massive quantity of data is processed everyday by socio-technical systems, whose need to comply with data regulation. We propose a comprehensive framework to model and analyse personal data protection in complex and evolving socio-technical systems.




Strategic Enterprise Analysis

Evellin Cristine Souza Cardoso

Strategic Analysis, Business Process Management, Strategic Enterprise Architectures, Goal Modeling, Business Process Modeling

Enterprise models are useful managerial tools for decision making and control, supporting the planning and design of enterprise strategic objectives as well as day-to-day operations. Although much research on the topic has been carried out since the 80s, most approaches offer rudimentary support for the representation of goal-related concepts, focusing either on the representation of strategic or operational goals, lacking a comprehensive ontology for goals. Further, there is not much support for the carrying out strategic analysis activities, such as strategy implementation and monitoring. This main aim of this thesis is to propose a modeling framework and reasoning techniques to perform strategic analysis. In particular, we propose the SIENA modeling framework which consists of a hierarchical architecture for strategic enterprise models that includes goals of various shades (mission, vision, strategic, tactical and operational goals) and operations and business processes through which they are operationalized. In its turn, operations and business processes can be represented using Azzurra, a specification language for modeling and enacting business processes founded on the concepts of social concepts, such as roles, agents and commitments among them.