TS News

News

Seminar 2015-08-25: Huan Nguyen on Rule-Based Extraction of Goal-Use Case Models from Text
Goal and use case modeling has been recognized as a key approach for understanding and analyzing requirements. However, in practice, goals and use cases are often buried among other content in requirements specifications documents and written in unstructured styles. It is thus a time-consuming and error-prone process to identify such goals and use cases. In addition, having them embedded in natural language documents greatly limits the possibility of formally analyzing the requirements for problems. To address these issues, we have developed a novel rule-based approach to automatically extract goal and use case models from natural language requirements documents. Our approach is able to automatically categorize goals and ensure they are properly specified. We also provide automated semantic parameterization of artifact textual specifications to promote further analysis on the extracted goal-use case models. Our approach achieves 85% precision and 82% recall rates on average for model extraction and 88% accuracy for the automated parameterization.

Seminar 2015-08-25: Huan Nguyen on Rule-Based Extraction of Goal-Use Case Models from Text

Goal and use case modeling has been recognized as a key approach for understanding and analyzing requirements. However, in practice, goals and use cases are often buried among other content in requirements specifications documents and written in unstructured styles. It is thus a time-consuming and error-prone process to identify such goals and use cases. In addition, having them embedded in natural language documents greatly limits the possibility of formally analyzing the requirements for problems. To address these issues, we have developed a novel rule-based approach to automatically extract goal and use case models from natural language requirements documents. Our approach is able to automatically categorize goals and ensure they are properly specified. We also provide automated semantic parameterization of artifact textual specifications to promote further analysis on the extracted goal-use case models. Our approach achieves 85% precision and 82% recall rates on average for model extraction and 88% accuracy for the automated parameterization.

Seminar 2015-08-20: Florian Daniel; Recommendation and Weaving of Reusable Mashup Model Patterns for Assisted Development
Mashups are composite applications developed starting from reusable data, application logic and/or user interfaces, for example, sourced from the Web. Mashup tools are IDEs for mashup development that aim to ease mashup development, typically via model-driven development paradigms. This talk reports on recent research outcomes that aim to answer one of the problems proper of the mashup domain, that is, the lack of modeling expertise. This kind of knowledge is generally neither intuitive nor standardized across different tools, and the consequent lack of modeling expertise affects both skilled programmers and end-user programmers alike. The talk shows how to effectively assist the users of mashup tools with contextual, interactive recommendations of composition knowledge in the form of reusable mashup model patterns. It describes the design and performance study of three different recommendation algorithms and a pattern weaving approach for the one-click reuse of model patterns inside model-driven mashup tools. It discusses the implementation of suitable pattern recommender plugins for three different mashup tools and demonstrates via user studies that recommending and weaving contextual mashup model patterns significantly reduces development times in all three cases. The approach is of general nature and can easily be tailored to other model-driven development environments.

Seminar 2015-08-20: Florian Daniel; Recommendation and Weaving of Reusable Mashup Model Patterns for Assisted Development

Mashups are composite applications developed starting from reusable data, application logic and/or user interfaces, for example, sourced from the Web. Mashup tools are IDEs for mashup development that aim to ease mashup development, typically via model-driven development paradigms. This talk reports on recent research outcomes that aim to answer one of the problems proper of the mashup domain, that is, the lack of modeling expertise. This kind of knowledge is generally neither intuitive nor standardized across different tools, and the consequent lack of modeling expertise affects both skilled programmers and end-user programmers alike. The talk shows how to effectively assist the users of mashup tools with contextual, interactive recommendations of composition knowledge in the form of reusable mashup model patterns. It describes the design and performance study of three different recommendation algorithms and a pattern weaving approach for the one-click reuse of model patterns inside model-driven mashup tools. It discusses the implementation of suitable pattern recommender plugins for three different mashup tools and demonstrates via user studies that recommending and weaving contextual mashup model patterns significantly reduces development times in all three cases. The approach is of general nature and can easily be tailored to other model-driven development environments.

Seminar;2015-08-19: Gorka Irazoqui on Prevention of microarchitectural side channel attacks in the cloud
Side channel attacks have shown to be a potential thread for co-resident virtual machines in cloud computing environments. Among all, last level cache side channel attacks have proved to be the most powerful ones, being able to extract fine grain information such as cryptographic keys. Due to the increasing success of these kind of attacks, protections have to be implemented against them. In this work, we are building a tool that can mitigate side channel attacks in cloud environments. This is implemented in two steps: first, an identification phase where we detect that a malicious VM is running a side channel attack, and second, mitigate the attack by changing the memory layout of the malicious VM. For the identification phase, Hardware Performance Counters will be analysed looking for expected patterns for cache side channel attacks. In the mitigation phase, we will move malicious VM's memory pages to form a moving target defence. Although the tool will be applied to detect cache based side channel attacks, we believe it could also be adapted to detect microarchitectural attacks that use different hardware resources. This is work in progress.

Seminar;2015-08-19: Gorka Irazoqui on Prevention of microarchitectural side channel attacks in the cloud

Side channel attacks have shown to be a potential thread for co-resident virtual machines in cloud computing environments. Among all, last level cache side channel attacks have proved to be the most powerful ones, being able to extract fine grain information such as cryptographic keys. Due to the increasing success of these kind of attacks, protections have to be implemented against them. In this work, we are building a tool that can mitigate side channel attacks in cloud environments. This is implemented in two steps: first, an identification phase where we detect that a malicious VM is running a side channel attack, and second, mitigate the attack by changing the memory layout of the malicious VM. For the identification phase, Hardware Performance Counters will be analysed looking for expected patterns for cache side channel attacks. In the mitigation phase, we will move malicious VM's memory pages to form a moving target defence. Although the tool will be applied to detect cache based side channel attacks, we believe it could also be adapted to detect microarchitectural attacks that use different hardware resources. This is work in progress.

Seminar 2015-08-19:Tom Allan; Mobile code cache-based side-channel attacks
Side-channel attacks have been shown to leak cryptographic keys. However, for the attack, the adversary needs access to the physical machine the victim executes on. So, the question is how does the adversary gets her code to the victim machine. Web-based mobile code provides an easy vector for getting code to the target machine, however there are several hurdles for implementing such attacks from mobile code. The first hurdle is that the attack code executes within a virtual address space which hides the mapping of the cache. Past research relies on huge pages to recover this mapping, however huge pages are not available to mobile code. We describe a cache profiling technique that allows us to profile the cache without the use of huge pages. Another hurdle is that cache-based attacks rely on a high-resolution timer. As a precaution against cache-based attacks, browsers are now moving towards disabling high-resolution timers. We demonstrate that we can create a high-resolution timer by using multiple threads. Lastly, prior cache-based attacks focused on statically-compiled languages. With the move to the Web, many programs are now written in dynamic languages. Consequently the memory layout of the program is unknown to the adversary. We show that implementations in dynamic languages are still vulnerable. We implement the attack code in both Javascript and as Google Chrome's Native Client. We use the attack against the Javascript ElGamal encryption as implemented in Openpgp.js and show that using the side channel information we can reduce the search space to 2^30 keys.

Seminar 2015-08-19:Tom Allan; Mobile code cache-based side-channel attacks

Side-channel attacks have been shown to leak cryptographic keys. However, for the attack, the adversary needs access to the physical machine the victim executes on. So, the question is how does the adversary gets her code to the victim machine. Web-based mobile code provides an easy vector for getting code to the target machine, however there are several hurdles for implementing such attacks from mobile code.

The first hurdle is that the attack code executes within a virtual address space which hides the mapping of the cache. Past research relies on huge pages to recover this mapping, however huge pages are not available to mobile code. We describe a cache profiling technique that allows us to profile the cache without the use of huge pages.

Another hurdle is that cache-based attacks rely on a high-resolution timer. As a precaution against cache-based attacks, browsers are now moving towards disabling high-resolution timers. We demonstrate that we can create a high-resolution timer by using multiple threads. Lastly, prior cache-based attacks focused on statically-compiled languages. With the move to the Web, many programs are now written in dynamic languages. Consequently the memory layout of the program is unknown to the adversary. We show that implementations in dynamic languages are still vulnerable.

We implement the attack code in both Javascript and as Google Chrome's Native Client. We use the attack against the Javascript ElGamal encryption as implemented in Openpgp.js and show that using the side channel information we can reduce the search space to 2^30 keys.

Seminar 2015-08-18: Harry Butterworth on Paxos In Production
The core of IBM's Spectrum Virtualize(TM) software is a Paxos-based, fault-tolerant cluster operating environment which has been in production use since 2003. In the context of multinational enterprise IT infrastructure, I will first introduce some current storage products powered by IBM Spectrum Virtualize(TM) software, then I will review fault-tolerance and the Paxos protocol and finally I will describe a programming model, protocol extensions, supporting features and optimizations used in this deployment of Paxos in production.

Seminar 2015-08-18: Harry Butterworth on Paxos In Production

The core of IBM's Spectrum Virtualize(TM) software is a Paxos-based, fault-tolerant cluster operating environment which has been in production use since 2003. In the context of multinational enterprise IT infrastructure, I will first introduce some current storage products powered by IBM Spectrum Virtualize(TM) software, then I will review fault-tolerance and the Paxos protocol and finally I will describe a programming model, protocol extensions, supporting features and optimizations used in this deployment of Paxos in production.

Show older articles

Trustworthy Systems

News