In this paper the authors show how software component design can affect security properties through different composition operators. The authors define software composition as the result of aggregating and/or associat...In this paper the authors show how software component design can affect security properties through different composition operators. The authors define software composition as the result of aggregating and/or associating a component to a software system. The component itself may be informational or functional and carry a certain level of security attribute. The authors first show that the security attributes or properties form a lattice structure when combined with the appropriate least upper bound and greatest lower bound type of operators. Three composition operators, named C l, C2 and C3 are developed. The system's security properties resulting from these compositions are then studied. The authors discuss how different composition operators maintain, relax and restrict the security properties. Finally, the authors show that C1 and C2 composition operators are order-sensitive and that C3 is order-insensitive.展开更多
This paper aims to present a role-based interaction model for dynamic service composition in Grid environments. Assigning roles to a service means to associate with it capabilities that describes all the operations th...This paper aims to present a role-based interaction model for dynamic service composition in Grid environments. Assigning roles to a service means to associate with it capabilities that describes all the operations the service intends to perform. When all of the services can be recognized by their roles, the appropriate services can be selected. Based on the interaction policy, a role-based interaction model not only facilitates access control, but also offers flexible interaction mechanism for adapting service-oriented applications. This interaction model adopts programmable reactive tuple space to facilitate context-dependent coordination.展开更多
Nowadays, many works are interested in adapting to the context without taking into account neither the responsiveness to adapt their solution, nor the ability of designers to model all the relevant concerns. Our paper...Nowadays, many works are interested in adapting to the context without taking into account neither the responsiveness to adapt their solution, nor the ability of designers to model all the relevant concerns. Our paper provides a new architecture for context management that tries to solve both problems. This approach is also based on the analysis and synthesis of context-aware frameworks proposed in literature. Our solution is focus on a separation of contextual concerns at the design phase and preserves it as much as possible at runtime. For this, we introduce the notion of independent views that allow designers to focus on their domain of expertise. At runtime, the architecture is splitted in 2 independent levels of adaptation. The highest is in charge of current context identification and manages each view independently. The lowest handles the adaptation of the application according to the rules granted by the previous level.展开更多
Vulnerabilities are a known problem in modern Open Source Software(OSS).Most developers often rely on third-party libraries to accelerate feature implementation.However,these libraries may contain vulnerabilities that...Vulnerabilities are a known problem in modern Open Source Software(OSS).Most developers often rely on third-party libraries to accelerate feature implementation.However,these libraries may contain vulnerabilities that attackers can exploit to propagate malicious code,posing security risks to dependent projects.Existing research addresses these challenges through Software Composition Analysis(SCA)for vulnerability detection and remediation.Nevertheless,current solutions may introduce additional issues,such as incompatibilities,dependency conflicts,and additional vulnerabilities.To address this,we propose Vulnerability Scan and Protection(VulnScanPro),a robust solution for detection and remediation vulnerabilities in Java projects.Specifically,VulnScanPro builds a finegrained method graph to identify unreachable methods.The method graph is mapped to the project’s dependency tree,constructing a comprehensive vulnerability propagation graph that identifies unreachable vulnerable APIs and dependencies.Based on this analysis,we propose three solutions for vulnerability remediation:(1)Removing unreachable vulnerable dependencies,thereby resolving security risks and reducing maintenance overhead.(2)Upgrading vulnerable dependencies to the closest non-vulnerable versions,while pinning the versions of transitive dependencies introduced by the vulnerable dependency,in order to mitigate compatibility issues and prevent the introduction of new vulnerabilities.(3)Eliminating unreachable vulnerable APIs,particularly when security patches are either incompatible or absent.Experimental results show that these solutions effectively mitigate vulnerabilities and enhance the overall security of the project.展开更多
文摘In this paper the authors show how software component design can affect security properties through different composition operators. The authors define software composition as the result of aggregating and/or associating a component to a software system. The component itself may be informational or functional and carry a certain level of security attribute. The authors first show that the security attributes or properties form a lattice structure when combined with the appropriate least upper bound and greatest lower bound type of operators. Three composition operators, named C l, C2 and C3 are developed. The system's security properties resulting from these compositions are then studied. The authors discuss how different composition operators maintain, relax and restrict the security properties. Finally, the authors show that C1 and C2 composition operators are order-sensitive and that C3 is order-insensitive.
文摘This paper aims to present a role-based interaction model for dynamic service composition in Grid environments. Assigning roles to a service means to associate with it capabilities that describes all the operations the service intends to perform. When all of the services can be recognized by their roles, the appropriate services can be selected. Based on the interaction policy, a role-based interaction model not only facilitates access control, but also offers flexible interaction mechanism for adapting service-oriented applications. This interaction model adopts programmable reactive tuple space to facilitate context-dependent coordination.
基金the U-Insither Project(collaborative project between the Universite Nice Sophia Antipolis and EDF R&D/STREP).
文摘Nowadays, many works are interested in adapting to the context without taking into account neither the responsiveness to adapt their solution, nor the ability of designers to model all the relevant concerns. Our paper provides a new architecture for context management that tries to solve both problems. This approach is also based on the analysis and synthesis of context-aware frameworks proposed in literature. Our solution is focus on a separation of contextual concerns at the design phase and preserves it as much as possible at runtime. For this, we introduce the notion of independent views that allow designers to focus on their domain of expertise. At runtime, the architecture is splitted in 2 independent levels of adaptation. The highest is in charge of current context identification and manages each view independently. The lowest handles the adaptation of the application according to the rules granted by the previous level.
基金supported by the National Natural Science Foundation of China(Grant No.62141210)the Fundamental Research Funds for the Central Universities(Grant No.N2217005)+1 种基金Open Fund of State Key Lab.for Novel Software Technology,Nanjing University(KFKT2021B01)111 Project(B16009).
文摘Vulnerabilities are a known problem in modern Open Source Software(OSS).Most developers often rely on third-party libraries to accelerate feature implementation.However,these libraries may contain vulnerabilities that attackers can exploit to propagate malicious code,posing security risks to dependent projects.Existing research addresses these challenges through Software Composition Analysis(SCA)for vulnerability detection and remediation.Nevertheless,current solutions may introduce additional issues,such as incompatibilities,dependency conflicts,and additional vulnerabilities.To address this,we propose Vulnerability Scan and Protection(VulnScanPro),a robust solution for detection and remediation vulnerabilities in Java projects.Specifically,VulnScanPro builds a finegrained method graph to identify unreachable methods.The method graph is mapped to the project’s dependency tree,constructing a comprehensive vulnerability propagation graph that identifies unreachable vulnerable APIs and dependencies.Based on this analysis,we propose three solutions for vulnerability remediation:(1)Removing unreachable vulnerable dependencies,thereby resolving security risks and reducing maintenance overhead.(2)Upgrading vulnerable dependencies to the closest non-vulnerable versions,while pinning the versions of transitive dependencies introduced by the vulnerable dependency,in order to mitigate compatibility issues and prevent the introduction of new vulnerabilities.(3)Eliminating unreachable vulnerable APIs,particularly when security patches are either incompatible or absent.Experimental results show that these solutions effectively mitigate vulnerabilities and enhance the overall security of the project.
