Vers la sécurisation des systèmes d'informatique ubiquitaire par le design : une approche langage / Towards securing pervasive computing systems by design : a language approach

Jakob, Henner

27 June 2011

Dans de multiples domaines, un nombre grandissant d'applications interagissant avec des entités communicantes apparaissent dans l'environnement pour faciliter les activités quotidiennes~(domotique et télémédecine). Leur impact sur la vie de tous les jours des utilisateurs rend ces applications critiques: leur défaillance peut mettre en danger des personnes et leurs biens. Bien que l'impact de ces défaillances puisse être majeur, la sécurité est souvent considérée comme un problème secondaire dans le processus de développement et est traitée par des approches ad hoc.Cette thèse propose d'intégrer des aspects de sécurité dans le cycle de développement des systèmes d'informatique ubiquitaire. La sécurité est spécifiée à la conception grâce à des déclarations dédiées et de haut niveau. Ces déclarations sont utilisées pour générer un support de programmation afin de faciliter l'implémentation des mécanismes de sécurité, tout en séparant ces aspects de sécurité de la logique applicative. Notre approche se concentre sur le contrôle d'accès aux entités et la protection de la vie privée. Notre travail a été implémenté et fait levier sur une suite outillée existante couvrant le cycle de développement logiciel. / A growing number of environments is being populated with a range of networked devices. Applications leverage these devices to support everyday activities in a variety of areas (e.g., home automation and patient monitoring). As these devices and applications get woven into our everyday activities, they become critical: their failure can put people and assets at risk. Failures can be caused by malicious attacks and misbehaving applications. Although the impact of such situations can be major, security concerns are often considered a secondary issue in the development process, and treated with ad hoc approaches. This thesis proposes to address security concerns throughout the development lifecycle of a pervasive computing system. Security is addressed at design time thanks to dedicated, high-level declarations. These declarations are processed to implement security mechanisms, and to generate programming support to ease the development of the security logic, while keeping it separate from the application logic. Our approach is studied in the context of access control and privacy concerns. Our work has been implemented and leverages an existing software-design language and a suite of tools that covers the software development lifecycle.

Informatique ubiquitaire

Sécurité

Contrôle d'accès

Langage dédié

Génie logiciel

Ubiquitous computing

Security

Access control

Domain-specific language

Software engineering

Intégration de politiques de sécurité dans les systèmes ubiquitaires / Embedding security policies into pervasive computing systems

Liu, Pengfei

17 January 2013

Lors du développement des applications ubiquitaires, il est essentiel de définir des politiques de sécurité et de développerdes mécanismes de sécurité pour assurer la confidentialité et l’intégrité des applications. De nombreux langages de spécification de politiques se concentrent uniquement sur leur puissance d’expression. Les défis émergents dans les systèmes ubiquitaires ne peuvent pas être résolus par ces approches. Par exemple, la sensibilité au contexte est un élément central des systèmes ubiquitaires. Les approches existantes tiennent rarement compte des informations contextuelles dans leurs langages. Cette thèse propose une approche générative pour spécifier et implanter les politiques de sécurité dans les applications ubiquitaires. Pour définir une politique de sécurité, nous proposons un langage de spécification qui tient compte des informations contextuelles. Il permet aux développeurs de spécifier les règles de la politique et les entités requises (e.g. la description spatiale, les rôles, le contexte). Les politiques sont implémentés par des systèmes de réécriture, ce qui offre une grande puissance de vérification. Pour appliquer une politique, nous proposons une architecture qui intègre les concepts importants des politiques de sécurité (sujet, contexte, objet) dans des applications ubiquitaires. Pour mettre en oeuvre notre approche, nous avons enrichi une approche existante pour le développement des applications ubiquitaires. La spécification de la politique de sécurité et la description de l’application ubiquitaire enrichie sont utilisées pour générer un canevas de programmation qui facilite l’implémentation des mécanismes de sécurité, tout en séparant les aspects sécurités de la logique applicative. / When developing pervasive computing applications, it is critical to specify security policies and develop security mechanisms to ensure the confidentiality and integrity of the applications. Numerous policy specification languages only focus on their expressive power. The emerging challenges in pervasive computing systems can not be fulfilled by these approaches. For instance, context awareness is a central aspect of pervasive computing systems. Existing approaches rarely consider context information in their language.This thesis proposes a generative approach dedicated to specifying and enforcing security policies in pervasive computingapplications. To specify a policy, we propose a context-aware policy specification language which helps developers to specify policy rules and required entities (e.g. spatial description, roles, context information). Policies are implemented by term rewriting systems which offers great verification power. To enforce a policy, we propose an architecture that embeds important concepts of security policies (subject, object, security related context) into pervasive computing applications. To apply our approach, we enriched an existing approach which is dedicated to develop pervasive computing applications. Based on the policy specification and the enriched pervasive computing application descriptions, a dedicated programming framework is generated. This framework guides the implementation and raises the level of abstraction which can reduce the workloads of developers.

Architecture Logicielle

Langage Dédié

Systéme ubiquitaire

Politique de sécurité

Security policy

Domain-Specific Language

Pervasive computing system

Generative programming

Model-driven Pretty Printer for Xtext Framework / Model-driven Pretty Printer for Xtext Framework

Novotný, Marek

January 2013

The domain-specific language allows for describing problems of a concrete domain, for which the language is created. This fact implies that a number of languages of this kind grows with a number of problem domains. The use of domain-specific languages brings a necessity to pretty-print these languages, where the concept of pretty-printing consists of code formatting and syntax highlighting. One of tools that allow for creating domain-specific languages is the Xtext framework, which offers only a limited range of tools that are able to define a configuration for pretty-printing. Moreover, these tools are hardly understandable because they are confusing and requires knowledge of Xtext's internals. Thus this thesis introduces a new way of pretty-printing domain-specific languages. The way is based on declarative definition of formatting rules. Furthermore, this thesis helps a user to create formatting rules by utilizing nontrivial heuristics.

Domain-Specific Language for Learning Programming / Domain-Specific Language for Learning Programming

Klimeš, Jonáš

January 2016

In the scope of this thesis, we designed a language for programming education. At first, we described eight existing tools for learning programming and identified key features in the learning process. Second, we designed an educational domain-specific language Eddie. Eddie is suitable for teenagers and adults who want to learn programming. It uses a domain based on Karel the Robot language, where users can control a robot character in a two-dimensional grid. We implemented a prototype of Eddie using the MPS Language Workbench and its projectional editor. The Eddie language gradually introduces loops, conditionals, variables, functions, and objects. Eddie programs can be created, executed and visualized in the Eddie Studio IDE. Powered by TCPDF (www.tcpdf.org)

Développement et test d'applications d'informatique ubiquitaire : une méthodologie outillée / Developing and testing pervasive computing applications : a tool-based methodology

Bruneau, Julien

16 May 2012

Malgré des progrès récents, développer une application d'informatique ubiquitaire reste un défi à cause d'un manque de canevas conceptuels et d'outils aidant au développement. Ce défi implique de prendre en charge des objets communicants hétérogènes, de surmonter la complexité des technologies de systèmes distribués, de définir l'architecture d'une application, et d'encoder cela dans un programme. De plus, tester des applications d'informatique ubiquitaire est problématique car cela implique d'acquérir, de tester et d'interfacer une variété d'entités logicielles et matérielles. Ce procédé peut rapidement devenir coûteux en argent et en temps lorsque l'environment ciblé implique de nombreuses entités.Cette thèse propose une méthodologie outillée pour développer et tester des applications d'informatique ubiquitaire. Notre méthodologie fournit tout d'abord le langage de conception DiaSpec. Ce langage permet de définir une taxonomie d'entités spécifiques à un domaine applicatif, s'abstrayant ainsi de leur hétérogénéité. Ce langage inclut également une couche permettant de définir l'architecture d'une application. Notre suite outillée fournit un compilateur qui, à partir de descriptions DiaSpec, génère un canevas de programmation guidant les phases d'implémentation et de test. Afin d'aider à la phase de test, nous proposons une approche de simulation et un outil intégré dans notre méthodologie outillée : l'outil DiaSim. Notre approche utilise le support de test généré par DiaSpec pour tester les applications de manière transparente dans un environnement physique simulé. La simulation d'une application est rendue graphiquement dans un outil de visualisation 2D.Nous avons combiné DiaSim avec un langage dédié permettant de décrire les phénomènes physiques en tant qu'équations différentielles. Cette combinaison nous permet une simulation réaliste des applications d'informatique ubiquitaire. DiaSim a été utilisé pour simuler des applications dans des domaines applicatifs variés. Notre approche de simulation a également été appliquée à un système avionique, démontrant la généralité de notre approche de simulation. / Despite much progress, developing a pervasive computing application remains a challenge because of a lack of conceptual frameworks and supporting tools. This challenge involves coping with heterogeneous devices, overcoming the intricacies of distributed systems technologies, working out an architecture for the application, and encoding it into a program. Moreover, testing pervasive computing applications is problematic because it requires acquiring, testing and interfacing a variety of software and hardware entities. This process can rapidly become costly and time-consuming when the target environment involves many entities.This thesis proposes a tool-based methodology for developing and testing pervasive computing applications. Our methodology first provides the DiaSpec design language that allows to define a taxonomy of area-specific building-blocks, abstracting over their heterogeneity. This language also includes a layer to define the architecture of an application. Our tool suite includes a compiler that takes DiaSpec design artifacts as input and generates a programming framework that supports the implementation and testing stages.To address the testing phase, we propose an approach and a tool integrated in our tool-based methodology, namely DiaSim. Our approach uses the testing support generated by DiaSpec to transparently test applications in a simulated physical environment. The simulation of an application is rendered graphically in a 2D visualization tool.We combined DiaSim with a domain-specific language for describing physical environment phenomena as differential equations, allowing a physically-accurate testing. DiaSim has been used to simulate various pervasive computing systems in different application areas. Our simulation approach has also been applied to an avionics system, which demonstrates the generality of our parameterized simulation approach.

Architecture Logicielle

Langage Dédié

Programmation Générative

Test

Simulation

Software Architecture

Domain-Specific Language

Generative Programming

Testing

Simulation

Langages dédiés au développement de services de communications / Domain-Speci?c Languages for Developing Communication Services

Palix, Nicolas

17 September 2008

Les services de téléphonie IP automatisent le traitement des stimuli de communication en utilisant des ressources réseaux. Cependant, l'ajout de services rend vulnérable le système de téléphonie car certaines propriétés de fonctionnement des services déployés ne sont pas garanties. Aucune solution de développement de services ne permet de simultanément garantir des propriétés de fonctionnement et d'exploiter des ressources réseaux. Cette thèse propose une approche fondée sur le concept des langages dédiés pour développer des services de communications. Deux nouveaux langages dédiés au domaine des communications ont été développés : SPL et Pantaxou. Le premier sert à router des messages de signalisation tandis que le second, plus généraliste, permet la coordination d'entités communicantes. Dans cette thèse, nous démontrons, grâce à SPL et Pantaxou, que les services de communications peuvent être développés avec un langage de programmation expressif tout en préservant des propriétés critiques du domaine. / IP telephony services use network resources to automate communication stimuli processing. However, deploying services on a telephony system leads to safety issues and programmers need to ensure some safety properties on their services. Several approaches allowing service development have quickly emerged. However, none of them is both expressive and safe. This thesis proposes a new approach that relies on domain-specific languages (DSL) to develop communication services. Two new DSLs have been designed for communication services, namely SPL (Session Processing Language) and Pantaxou. The first one allows to route signaling messages while the second one, more generalist, enables to define coordination logics of communicating entities. In this thesis, we demonstrate thanks to SPL and Pantaxou that communication services could be developed with an expressive programming language that preserves some critical domain properties.

Langages dédiés

Services de communications

Téléphonie IP

Génie logiciel

Domain-Specific Languages

Communication Services

IP Telephony

Software Engineering

Multilayered analysis of co-development of business information systems

Aram, Michael, Neumann, Gustaf

01 July 2015

Business information systems (BIS) comprise technological (e.g. programs), informational (e.g. content) and social artifacts (e.g. collaboration structures). Typically, such systems are constantly and collectively developed (co-developed) further by a variety of individuals within the organization. By recognizing these varying types of actors (concerning their goals, technical expertise and language means) and their predominantly developed artifact type, one can distinguish two types of subsystems: technical subsystems wherein the development of the system behavior is conducted by software developers; and business subsystems dominated by end-users developing informational artifacts. So far, co-development structures within and between these subsystems are not well understood, especially the aspect that - potentially driven by appropriate measures such as the provision of domain-specific languages - co-development might shift between these subsystems. This paper presents an approach for characterizing the co-development of real-world BIS with respect to direct participation from different kinds of contributors. This multilayered approach allows us to analyze the co-development with programming languages, domain-specific languages and end-user tools. The approach is suited to assess the direct participation of individuals from different subsystems in the development of evolving BIS. We focus on the intersection of these subsystems, present appropriate metrics and a multilayered analysis scheme. Contributions to artifacts are analyzed using social network analysis to detect structural properties of continuous co-development. The application to Learn@WU, a real-world BIS, demonstrates how end-user enabling technologies have shifted the co-development effort of the system from a small group of developers to a several orders of magnitude larger group of contributors. We observed an increase of direct participation over time on both informational and executable artifacts, while the number of technical experts was more or less constant. Our approach may act as a trigger for the application and further development of rigorous instruments for assessing co-development of BIS. (authors' abstract)

CoMDD: uma abordagem colaborativa para auxiliar o desenvolvimento orientado a modelos / CoMDD: a collaborative model driven development approach

Fernandes Neto, David

01 June 2012

O desenvolvimento orientado a modelos (Model Driven Development - MDD) é uma abordagem que tem ganhado cada vez mais espaço na indústria e na academia, trazendo grandes benefícios, como o aumento de produtividade. Uma forma de se trabalhar usando MDD em equipe é usando uma IDE (Integrated Development Environment) associada a um sistema de versionamento. Entretanto, trabalhar colaborativamente usando uma IDE associada a um sistema de versionamento pode trazer algumas complicações para o desenvolvimento como: conflitos de modelos, documentação descontinuada, dificuldades por parte dos interessados em usar sistemas de versionamento, etc. Nesse contexto, este trabalho propõe uma abordagem de uso de wiki para desenvolvimento de MDD, de modo que o desenvolvedor seja capaz de criar modelos, gerar código fonte, compartilhar e versionar os modelos e ainda documentar colaborativamente, de maneira mais simples e fácil do que abordagens tradicionais. Isso possibilita que mais usuários não desenvolvedores possam participar mais no processo de desenvolvimento e ainda permite o aumento de produtividade. Para tentar evidenciar de que é possível uma wiki ser usada para desenvolver software, foi criada uma Domain Specific Language - DSL em uma wiki e foram realizados três estudos de caso: um com estudantes do ensino médio e que representam os não desenvolvedores, um com quatro alunos de pós-graduação com experiência de desenvolvimento na indústria e o último estudo de caso foi realizado com 48 participantes entre desenvolvedores e alunos de pósgraduação em Ciências da Computação. Os estudos de caso mostraram que é viável usar uma wiki para desenvolvimento, que não desenvolvedores se adaptam bem à abordagem e que 86% dos desenvolvedores usariam a abordagem proposta se tivessem que trabalhar com MDD. Os estudos de caso também levantaram as principais barreiras para aumentar a aceitação da abordagem. Com isso, este trabalho apresenta além de uma abordagem relativamente inédita na literatura, resultados sobre uso de sistemas de versionamento, de IDEs e de desenvolvimento colaborativo / The Model Driven Development (MDD) is an approach that has gained more space in industry and academia, bringing great benefits such as increased productivity. One way of working in teams with MDD is using an IDE (Integrated Development Environment) with a versioning system. However, to collaboratively work with an IDE and a versioning system may have implications and problems for the development as: conflicts of models, documentation discontinued, difficulties for stakeholders to use versioning systems, etc. In this context, this work proposes an approach to use a wiki to develop MDD, so that the developer is able to create models, generate source code, sharing and versioning models and also to collaboratively document, in a more simple and easy way than the traditional approaches. This enables non developers can participate more in the development process and also allows increasing productivity. To try to show that a wiki can be used to develop software, we created a Domain Specific Language (DSL) in a wiki and were performed three case studies: one with high school students and represent the non developers, another one with four graduate students with experience in software development in the industry, and the last case study was conducted with 48 participants among developers and graduate students in Computer Science. The case studies showed the feasibility of using a wiki for development, that non developers adapted well to the approach and 86 % of the developers would use a wiki to develop MDD. The study also raised the main barriers to increase the acceptance of the approach. Therefore, this work presents also a relatively new approach in the literature and results on the use of versioning systems, IDEs and collaboratively development

Desenvolvimento orientado a modelos

Domain specific languages

DSL

DSL

Linguagens específicas de domínio

MDD

MDD

Model driven development

Wiki

Wiki

Domain specific innovativeness and frugal behavior: a cross-cultural investigation of their impact on consumer’s behavioral intention in smartphone purchase

Du, Feng

16 September 2016

Submitted by Silvana Teresinha Dornelles Studzinski (sstudzinski) on 2016-12-20T16:23:34Z No. of bitstreams: 1 Feng Du_.pdf: 2029574 bytes, checksum: 4eb36acb7cf2e7ff3ef83c72262105ac (MD5) / Made available in DSpace on 2016-12-20T16:23:34Z (GMT). No. of bitstreams: 1 Feng Du_.pdf: 2029574 bytes, checksum: 4eb36acb7cf2e7ff3ef83c72262105ac (MD5) Previous issue date: 2016-09-16 / Nenhuma / The globally growth of smartphone sales seems inevitable, and it opens new challenges and opportunities for businesses. Understanding consumer behavior in smartphone purchase in a cross cultural context is important for both marketers and consumers. For the development of this research, a theoretical model was proposed and tested in order to understand the impact of consumer’s innovativeness and frugal behavior on smartphone purchase intention in a cross-cultural context. To this end, it was conducted a survey that covers analyzing the antecedents of innovativeness and frugal behavior, as well as understanding the cultural difference among consumer’s smartphone purchase intention. In detail, the survey was developed in Qualtrics and distributed to participants from three countries (Brazil, China and India). The valid sample size was 349 participants in total. We used structural equation modeling to verify the proposed model and analyze the collected data. After adjustment of theoretical model, the study results indicated satisfactory indexes. The final model showed that opinion leadership, product involvement and symbolic value are factors that positively lead to domain specific innovativeness; as well as intrinsic religiosity is positive antecedent of frugal behavior; materialism also positively related to frugal behavior under economic pressure background; both consumer’s domain specific innovativeness and frugal behavior are positively lead to smartphone purchase behavioral intention; the cultural orientation value such as collectivism, uncertainty avoidance and power distance have moderate effects on relations among consumer’s Innovativeness, frugal and behavioral intention; other moderators such as status consumption and economic strain also showed significant moderate effects in the final model.

Consumer behavior

Smartphone consumption

Domain specific innovativeness

Frugal behavior

Behavioral intention

Cultural relativity

The Creative Process: The Effects of Domain Specific Knowledge and Creative Thinking Techniques on Creativity

Kilgour, A.Mark

January 2007

As we move further into the 21st century there are few processes that are more important for us to understand than the creative process. The aim of this thesis is to assist in deepening that understanding. To achieve this a review of the literature is first undertaken. Combining the many different streams of research from the literature results in the development of a four-stage model of the creative thinking process. The four stages are problem definition, idea generation, internal evaluation, and idea expression. While a large range of factors influence the various stages in this model, two factors are identified for further analysis as their effect on creativity is unclear. These two factors are domain-specific knowledge and creative thinking techniques. The first of these factors relates to the first stage of the creative thinking process (problem definition), specifically the extent to which informational cues prime domain specific knowledge that then sets the starting point for the creative combination process. The second factor relates to stage two of the model (idea generation), and the proposition by some researchers and practitioners that creative output can be significantly improved through the use of techniques. While the semantics of these techniques differ, fundamentally all techniques encourage the use of divergent thinking by providing remote associative cues as the basis for idea generation. These creative thinking techniques appear to result in the opening of unusual memory categories to be used in the creative combination process. These two potential influences on the creative outcomes of individuals: 1) domain specific knowledge, and 2) creative thinking techniques, form the basis for an experimental design. Qualitative and quantitative research is undertaken at two of the world's leading advertising agencies, and with two student samples, to identify how creative thinking techniques and domain-specific knowledge, when primed, influence creative outcomes. In order to measure these effects a creative thinking measurement instrument is developed. Results found that both domain-specific knowledge and creative thinking techniques are key influences on creative outcomes. More importantly, results also found interaction effects that significantly extend our current understanding of the effects of both primed domain-specific knowledge and creativity techniques on different sample populations. Importantly, it is found that there is no 'one size fits all' for the use of creative thinking techniques, and to be effectively applied, creative thinking techniques must be developed based upon the respondent's current domain and technique expertise. Moreover, the influence of existing domain-specific knowledge on individual creativity is also dependent upon how that information is primed and the respondent's knowledge of cognitive thinking strategies.

creative

creative thinking

model of the creative thinking process

creativity

creative thinking process

advertising

domain specific knowledge

creative thinking techniques