Towards Flexible Evolution of Dynamically Adaptive Systems

in New Ideas & Emerging Results Track of the International Conference of Software Engineering (NIER@ICSE) (2012, June)

Modern software systems need to be continuously available under varying conditions. Their ability adapt to their execution context is thus increasingly seen as a key to their success. Recently, many ... [more ▼]

Modern software systems need to be continuously available under varying conditions. Their ability adapt to their execution context is thus increasingly seen as a key to their success. Recently, many approaches were proposed to design and support the execution of Dynamically Adaptive Systems (DAS). However, the ability of a DAS to evolve is limited to the addition, update or removal of adaptation rules or reconfiguration scripts. These artifacts are very specific to the control loop managing such a DAS and runtime evolution of the DAS requirements may affect other parts of the DAS. In this paper, we argue to evolve all parts of the loop. We suggest leveraging recent advances in model-driven techniques to offer an approach that supports the evolution of both systems and their adaptation capabilities. The basic idea is to consider the control loop itself as an adaptive system. [less ▲]

In-Vivo Bytecode Instrumentation for Improving Privacy on Android Smartphones in Uncertain Environments

E-print/Working paper (2012)

In this paper we claim that an efficient and readily applicable means to improve privacy of Android applications is: 1) to perform runtime monitoring by instrumenting the application bytecode and 2) in ... [more ▼]

In this paper we claim that an efficient and readily applicable means to improve privacy of Android applications is: 1) to perform runtime monitoring by instrumenting the application bytecode and 2) in-vivo, i.e. directly on the smartphone. We present a tool chain to do this and present experimental results showing that this tool chain can run on smartphones in a reasonable amount of time and with a realistic effort. Our findings also identify challenges to be addressed before running powerful runtime monitoring and instrumentations directly on smartphones. We implemented two use-cases leveraging the tool chain: BetterPermissions, a fine-grained user centric permission policy system and AdRemover an advertisement remover. Both prototypes improve the privacy of Android systems thanks to in-vivo bytecode instrumentation. [less ▲]

Comparing Six Modeling Approaches

in Kienzle, Joerg (Ed.) Models in Software Engineering (2012)

Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android

in IEEE/ACM International Conference on Automated Software Engineering (2012)

In the permission-based security model (used e.g. in An- droid and Blackberry), applications can be granted more permissions than they actually need, what we call a permission gap?. Malware can leverage ... [more ▼]

In the permission-based security model (used e.g. in An- droid and Blackberry), applications can be granted more permissions than they actually need, what we call a permission gap?. Malware can leverage the unused permissions for achieving their malicious goals, for instance using code injection. In this paper, we present an approach to detecting permission gaps using static analysis. Using our tool on a dataset of Android applications, we found out that a non negligible part of applications suffers from permission gaps, i.e. does not use all the permissions they declare. [less ▲]

Evolving Software - Introduction to the Special Theme

in ERCIM News (2012), 88

Pairwise testing for software product lines: Comparison of two approaches

in Software Quality Journal (2012), 20(3), 605-643

Software Product Lines (SPL) are difficult to validate due to combinatorics induced by variability, which in turn leads to combinatorial explosion of the number of derivable products. Exhaustive testing in ... [more ▼]

Software Product Lines (SPL) are difficult to validate due to combinatorics induced by variability, which in turn leads to combinatorial explosion of the number of derivable products. Exhaustive testing in such a large products space is hardly feasible. Hence, one possible option is to test SPLs by generating test configurations that cover all possible t feature interactions (t-wise). It dramatically reduces the number of test products while ensuring reasonable SPL coverage. In this paper, we report our experience on applying t-wise techniques for SPL with two independent toolsets developed by the authors. One focuses on generality and splits the generation problem according to strategies. The other emphasizes providing efficient generation. To evaluate the respective merits of the approaches, measures such as the number of generated test configurations and the similarity between them are provided. By applying these measures, we were able to derive useful insights for pairwise and t-wise testing of product lines. [less ▲]

A Metamodel-based Classification of Variability Modeling Approaches

in VARY, International Workshop affiliated with ACM/IEEE 14th International Conference on Driven Engineering Languages and Systems (2011)

Software Product Line Engineering (SPLE) is an emerging paradigm taking momentum that proposes to address flexibility and shorter time-to-market by maximizing software reuse. The key characteristic of ... [more ▼]

Software Product Line Engineering (SPLE) is an emerging paradigm taking momentum that proposes to address flexibility and shorter time-to-market by maximizing software reuse. The key characteristic of SPLE is the effective modelling and management of variability, for which a number of Variability Modeling (VM) techniques have been developed during the last two decades. Therefore, understanding their commonalities and differences is important for selecting the most suitable technique. In this paper, we propose a metamodel-based classification of VM techniques gathered through a survey of relevant literature. [less ▲]

Model Driven Mutation Applied to Adaptative Systems Testing

in 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation Workshops (2011)

Dynamically Adaptive Systems modify their behavior and structure in response to changes in their surrounding environment and according to an adaptation logic. Critical systems increasingly incorporate ... [more ▼]

Dynamically Adaptive Systems modify their behavior and structure in response to changes in their surrounding environment and according to an adaptation logic. Critical systems increasingly incorporate dynamic adaptation capabilities, examples include disaster relief and space exploration systems. In this paper, we focus on mutation testing of the adaptation logic. We propose a fault model for adaptation logics that classifies faults into environmental completeness and adaptation correctness. Since there are several adaptation logic languages relying on the same underlying concepts, the fault model is expressed independently from specific adaptation languages. Taking benefit from model-driven engineering technology, we express these common concepts in a metamodel and define the operational semantics of mutation operators at this level. Mutation is applied on model elements and model transformations are used to propagate these changes to a given adaptation policy in the chosen formalism. Preliminary results on an adaptive web server highlight the difficulty of killing mutants for adaptive systems, and thus the difficulty of generating efficient tests. [less ▲]

Flexible model element introduction policies for aspect-oriented modeling

in Abstract book of 13th IEEE/ACM International Conference on Model Driven Engineering Languages and Systems, MODELS 2010, LNCS (2010), 6395 LNCS(PART 2), 63-77

Aspect-Oriented Modeling techniques make it possible to use model transformation to achieve advanced separation of concerns within models. Applying aspects that introduce model elements into a base model ... [more ▼]

Aspect-Oriented Modeling techniques make it possible to use model transformation to achieve advanced separation of concerns within models. Applying aspects that introduce model elements into a base model in the context of large, potentially composite models is nevertheless tricky: when a pointcut model matches several join points within the base model, it is not clear whether the introduced element should be instantiated once for each match, once within each composite, once for the whole model, or based on a more elaborate criteria. This paper argues that in order to enable a modeler to write semantically correct aspects for large, composite models, an aspect weaver must support a flexible instantiation policy for model element introduction. Example models highlighting the need for such a mechanism are shown, and details of how such policies can be implemented are presented. © 2010 Springer-Verlag. [less ▲]

Automated and Scalable T-wise Test Case Generation Strategies for Software Product Lines

in International Conference on Software Test and Validation (2010)