http://iknow.seforge.org These are the search results for the query, showing results 1 to 15. http://iknow.seforge.org/classic_bib/classic_paper/672a52067c7b76846587732e/inproceedingsreference.2010-08-07.4712529725 Systems based on the service-oriented architecture (SOA) principles have become an important cornerstone of the development of enterprise-scale software applications. They are characterized by separating functions into distinct software units, called services, which can be published, requested and dynamically combined in the production of business applications. Service-oriented systems (SOSs) promise high flexibility, improved maintainability, and simple re-use of functionality. Achieving these properties requires an understanding not only of the individual artifacts of the system but also their integration. In this context, non-functional aspects play an important role and should be analyzed and modeled as early as possible in the development cycle. In this paper, we discuss modeling of non-functional aspects of service-oriented systems, and the use of these models for analysis and deployment. Our contribution in this paper is threefold. First, we show how services and service compositions may be modeled in UML by using a profile for SOA (UML4SOA) and how non-functional properties of service-oriented systems can be represented using the non-functional extension of UML4SOA (UML4SOA-NFP) and the MARTE profile. This enables modeling of performance, security and reliable messaging. Second, we discuss formal analysis of models which respect this design, in particular we consider performance estimates and reliability analysis using the stochastically timed process algebra PEPA as the underlying analytical engine. Last but not least, our models are the source for the application of deployment mechanisms which comprise model-to-model and model-to-text transformations implemented in the framework VIATRA. All techniques presented in this work are illustrated by a running example from an eUniversity case study. No publisher liuyi07@sei.pku.edu.cn 软件建模 2010-08-06T17:52:33Z Inproceedings Reference http://iknow.seforge.org/classic_bib/classic_paper/97006c425de57a0b/conferencereference.2010-08-07.7633110829 Although the term ?non-functional requirement? has been in use for more than 20 years, there is still no consensus in the requirements engineering community what non-functional requirements are and how we should elicit, document, and validate them. On the other hand, there is a unanimous consensus that nonfunctional requirements are important and can be critical for the success of a project. This paper surveys the existing definitions of the term, highlights and discusses the problems with the current definitions, and contributes concepts for overcoming these problems. No publisher liuyi07@sei.pku.edu.cn 2010-08-06T17:47:19Z Conference Reference http://iknow.seforge.org/classic_bib/classic_paper/8f6f4ef68d2891cf/articlereference.2010-08-07.5240731596 This paper gives the main definitions relating to dependability, a generic concept including as special case such attributes as reliability, availability, safety, integrity, maintainability, etc. Security brings in concerns for confidentiality, in addition to availability and integrity. Basic definitions are given first. They are then commented upon, and supplemented by additional definitions, which address the threats to dependability and security (faults, errors, failures), their attributes, and the means for their achievement (fault prevention, fault tolerance, fault removal, fault forecasting). The aim is to explicate a set of general concepts, of relevance across a wide range of situations and, therefore, helping communication and cooperation among a number of scientific and technical communities, including ones that are concentrating on particular types of system, of system failures, or of causes of system failures. No publisher liuyi07@sei.pku.edu.cn 2010-08-06T17:45:11Z Article Reference http://iknow.seforge.org/classic_bib/classic_paper/672a52067c7b76846587732e/inproceedingsreference.2010-08-07.9975887378 Service-oriented computing promotes the idea of assembling application components into a network of services that can be loosely coupled to create flexible, dynamic business processes and agile applications that span organizations and computing platforms. An SOC research road map provides a context for exploring ongoing research activities. The service-oriented computing (SOC) paradigm uses services to support the development of rapid, low-cost, interoperable, evolvable, and massively distributed applications. Services are autonomous, platform-independent entities that can be described, published, discovered, and loosely coupled in novel ways. They perform functions that range from answering simple requests to executing sophisticated business processes requiring peer-to-peer relationships among multiple layers of service consumers and providers. Any piece of code and any application component deployed on a system can be reused and transformed into a network-available service. Services reflect a “service-oriented ” approach to programming that is based on the idea of composing applications by discovering and invoking network-available services to accomplish some task. 1 This approach is independent of specific programming languages or operating systems. It lets organizations expose their core competencies programmatically over the Internet or various networks such as cable, the Universal Mobile Telecommunications System (UMTS), xDSL, and Bluetooth using standard XML-based languages and protocols and a self-describing interface. Web services are currently the most promising SOCbased technology. 2 They use the Internet as the communication medium and open Internet-based standards, No publisher liuyi07@sei.pku.edu.cn 2010-08-06T17:39:45Z Inproceedings Reference http://iknow.seforge.org/classic_bib/classic_paper/8f6f4ef68c038bd5-1/inproceedingsreference.2010-08-06.6473396201 No publisher shaojin07@sei.pku.edu.cn 2010-08-06T09:32:31Z Inproceedings Reference http://iknow.seforge.org/classic_bib/classic_paper/8f6f4ef68c038bd5-1/inproceedingsreference.2010-08-06.0978192019 Developing robust web services is a difficult task. Field studies show that a large number of web services are deployed with robustness problems (i.e., presenting unexpected behaviors in the presence of invalid inputs). Several techniques for the identification of robustness problems have been proposed in the past. This paper proposes a mechanism that automatically fixes the problems detected. The approach consists of using robustness testing to detect robustness issues and then mitigate those issues by applying inputs verification based on well-defined parameter domains, including domain dependencies between different parameters. This integrated and fully automatable methodology has been used to improve three different implementations of the TPC-App web services. Results show that this tool can be easily used by developers to improve the robustness of web services implementations. No publisher shaojin07@sei.pku.edu.cn 2010-08-06T09:22:50Z Inproceedings Reference http://iknow.seforge.org/classic_bib/classic_paper/8f6f4ef68c038bd5-1/articlereference.2010-08-06.6575418913 Addressing the need for a more formal account of service descriptions and service contracts with a mobile process algebra. No publisher shaojin07@sei.pku.edu.cn 2010-08-06T09:10:11Z Article Reference http://iknow.seforge.org/classic_bib/classic_paper/8f6f4ef68c038bd5-1/articlereference.2010-08-06.3797551775 Web applications are required to follow an interface contract that specifies their expected behaviour when they communicate with a web service. Using the Amazon E-Commerce Service as an example, we show how we can automatically test an implementation for conformance as well as monitor at runtime that each partner fulfils its part of the contract. No publisher shaojin07@sei.pku.edu.cn 2010-08-06T09:05:38Z Article Reference http://iknow.seforge.org/classic_bib/classic_paper/copy_of_software_system/7cfb7edf5b895168/inproceedingsreference.2010-08-04.3698699471 We propose SecVisor, a tiny hypervisor that ensures code integrity for commodity OS kernels. In particular, SecVisor ensures that only approved code can execute in kernel mode over the entire system lifetime. This protects the kernel against code injection attacks, such as kernel rootkits. SecVisor can achieve this property even against an attacker who controls everything but the CPU, the memory controller, and system memory. Further, SecVisor the attacker could have the knowledge of zero-day kernel exploits. Our design goals for SecVisor are small code size, small external interface, and ease of porting OS kernels. We rely onmemory virtualization to build SecVisor and implement two versions, one using software memory virtualization and the other using CPU-supported memory virtualization. The code sizes of the runtime portions of these versions measure 1739 and 1112 lines, respectively. The size of the external interface for both versions of SecVisor is 2 hypercalls. We also port the Linux kernel version 2.6.20 to execute on SecVisor. This requires us to add 12 lines of code to the kernel and delete 81 lines, out of a total of approximately 4.3 million lines of code. No publisher guliang05@sei.pku.edu.cn 2010-08-04T09:51:21Z Inproceedings Reference http://iknow.seforge.org/classic_bib/classic_paper/copy_of_software_system/7cfb7edf5b895168/inproceedingsreference.2010-08-04.2047064494 We present Flicker, an infrastructure for executing securitysensitive code in complete isolation while trusting as few as 250 lines of additional code. Flicker can also provide meaningful, ne-grained attestation of the code executed (as well as its inputs and outputs) to a remote party. Flicker guarantees these properties even if the BIOS, OS and DMAenabled devices are all malicious. Flicker leverages new commodity processors from AMD and Intel and does not require a new OS or VMM. We demonstrate a full implementation of Flicker on an AMD platform and describe our development environment for simplifying the construction of Flicker-enabled code. No publisher guliang05@sei.pku.edu.cn 2010-08-04T09:48:40Z Inproceedings Reference http://iknow.seforge.org/classic_bib/classic_paper/copy_of_software_system/7cfb7edf5b895168/inproceedingsreference.2010-08-04.5756775955 In this paper we describe bugs and ways to attack trusted computing systems based on a static root of trust such as Microsoft’s Bitlocker. We propose to use the dynamic root of trust feature of newer x86 processors as this shortens the trust chain, can minimize the Trusted Computing Base of applications and is less vulnerable to TPM and BIOS attacks. To support our claim we implemented the Open Secure LOader (OSLO), the first publicly available bootloader based on AMDs skinit instruction. No publisher guliang05@sei.pku.edu.cn 2010-08-04T09:43:59Z Inproceedings Reference http://iknow.seforge.org/classic_bib/classic_paper/copy_of_software_system/7cfb7edf5b895168/inproceedingsreference.2010-08-04.3923780132 Commodity operating systems entrusted with securing sensitive data are remarkably large and complex, and consequently, frequently prone to compromise. To address this limitation, we introduce a virtual-machine-based system called Overshadow that protects the privacy and integrity of application data, even in the event of a total OS compromise. Overshadow presents an application with a normal view of its resources, but the OS with an encrypted view. This allows the operating system to carry out the complex task of managing an application’s resources, without allowing it to read or modify them. Thus, Overshadow offers a last line of defense for application data. Overshadow builds on multi-shadowing, a novel mechanism that presents different views of “physical” memory, depending on the context performing the access. This primitive offers an additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processor architectures. We present the design and implementation of Overshadow and show how its new protection semantics can be integrated with existing systems. Our design has been fully implemented and used to protect a wide range of unmodified legacy applications running on an unmodified Linux operating system. We evaluate the performance of our implementation, demonstrating that this approach is practical. No publisher guliang05@sei.pku.edu.cn 2010-08-04T09:35:39Z Inproceedings Reference http://iknow.seforge.org/classic_bib/classic_paper/copy_of_software_system/7cfb7edf5b895168/inproceedingsreference.2010-08-04.0645436870 An important security challenge is to protect the execution of security-sensitive code on legacy systems from malware that may infect the OS, applications, or system devices. Prior work experienced a tradeoff between the level of security achieved and efficiency. In this work, we leverage the features of modern processors from AMD and Intel to overcome the tradeoff to simultaneously achieve a high level of security and high performance. We present TrustVisor, a special-purpose hypervisor that provides code integrity as well as data integrity and secrecy for selected portions of an application. TrustVisor achieves a high level of security, first because it can protect sensitive code at a very fine granularity, and second because it has a very small code base (only around 6K lines of code) that makes verification feasible. TrustVisor can also attest the existence of isolated execution to an external entity. We have implemented TrustVisor to protect security-sensitive code blocks while imposing less than 7% overhead on the legacy OS and its applications in the common case. No publisher guliang05@sei.pku.edu.cn 2010-08-04T09:32:17Z Inproceedings Reference http://iknow.seforge.org/classic_bib/classic_paper/672a52067c7b76846587732e/inproceedingsreference.2010-08-04.8141481831 No publisher guliang05@sei.pku.edu.cn 2010-08-04T09:23:35Z Inproceedings Reference http://iknow.seforge.org/classic_bib/classic_paper/8f6f4ef68d2891cf/articlereference.2010-05-07.8319341751 No publisher lianggt08@sei.pku.edu.cn 2010-05-07T13:10:32Z Article Reference