DCENASE 2018 Abstracts


Short Papers
Paper Nr: 2
Title:

Software Architectural Model Discovery from Execution Data

Authors:

Cong Liu, Boudewijn van Dongen, Nour Assy and Wil M.P. van der Aalst

Abstract: During the execution of software systems, many crashes and exceptions may occur, and it is a real challenge to understand how a software system is behaving. By exploiting the data recorded during the execution of software systems, one can discover architectural models to describe the actual execution of software. An architectural model typically structures a software system in terms of components, interfaces and interactions. The discovered models provide extensive insights into the real usage of software, enable new forms of model-based testing and improvements. In addition, replaying execution data on such models helps to localize performance problems and architectural challenges.

Paper Nr: 3
Title:

A Security Framework in Model-driven Software Production Environments

Authors:

Lenin Javier Serrano Gil

Abstract: Too often the representation of software functionalities is made without facing security requirements rigorously. In this context, it is well-known that a set of security’s features are to be considered to identify and protect the assets, as well as reduce threats over the business model. This work presents a conceptual-modeling based method to include security concerns in a software production process from the earliest steps, facilitating support and intended to extend model-driven approaches by including security in all the different phases of development and design of information systems.

Paper Nr: 4
Title:

A Formal Approach for Risk Evaluation and Risk Analysis in Access Control Policy Management

Authors:

Pierrette Annie Evina, Faten Labbene Ayachi, Faouzi Jaidi and Adel Bouhoula

Abstract: In the field of risk management for access control systems, especially in database management systems, the access control policy is not too much explored as most researchers a priori hypothesize its reliability and validity. Access control policy is exposed to many irregularities throughout its evolution. During its lifecycle, it presents anomalies related to changes in its expression compared to what was initially established at an early stage or when it was designed. Our research leads to a risk management approach, with a particular focus on non-compliance anomalies found in the access control policy during its evolution. The correlation between these anomalies is also taken into consideration in order to optimize the proposed approach. Ultimately, we intend to produce a global and comprehensive risk management system based on the principles defined by the international standard. A system that manages the correlation between non-conformity anomalies is designed upstream to provide the necessary input for our new risk management approach that, as the main contribution, will also consider and overcome the effects induced by the correlation between anomalies found in the ACP expression.