Research Project Collaboration Program
March 17
17:00 - 17:30 pm
Group and Individual Discussions on project collaboration
18:30 - 19:30 pm
Group and Individual Discussions on project collaboration
Research Projects description
DiVA: Dynamic Variability in Complex Adaptive Systems
DiVA project works on development of a tool-supported methodology with an integrated framework for managing dynamic variability in adaptive systems. This goal is being addressed by combining aspect-oriented and model-driven techniques.
In DiVA an adaptive system is perceived as a dynamic product line, where the adaptation points are considered as variability dimensions. Each variability dimension contains a set of variants: for instance, if the system can be accessed via mobile phone, PC, or smart phone, the access Device can be modeled as a dimension, with each of the devices acting as variants for this dimension. Here each variant is designed as an aspect model and is linked to the run-time representation of its architectural design to drive the run-time adaptation.

The Advanced-dispatching Language-Implementation Architecture for Java (ALIA4J)
Programming-language research has introduced---and will continue to do so---a considerable number of advanced dispatching mechanisms to improve the modularity of source code. In all these mechanisms function calls are late-bound to meaning; which meaning is ultimately executed upon a call is determined at runtime. Since alternative meanings can be added to a function without modifying the call sites themselves, the modularity of code increases. The advanced dispatching mechanisms share numerous concepts, therefore, the Advanced-dispatching Language-Implementation Architecture (ALIA) aims to provide means for letting them also share their implementation and optimization techniques. In particular, we have realized this architecture for languages extending Java in the ALIA4J project. Many language concepts can be mapped to a dispatching problem; we have successfully done this for a variety of programming languages, including JPred (predicate dispatching), the pointcut-advice as well as inter-type member declarations of AspectJ, ConSpec (policy enforcement), JaSCo and parts of Compose*.
An open topic is, for instance, the static verification, comparable to Java bytecode verification, of ALIA4J models. Other topics can be discussed based on interest.

The ALIA4J project is jointly lead by the Universiteit Twente, the Netherlands (Christoph Bockisch) and the Techische Universität Darmstadt, Germany (Andreas Sewe and Mira Mezini).

CESSA: Compositional Evolutions of Secure Services with Aspects
The partners of the CESSA research project will provide solutions for the evolution of secure service-oriented architectures (SOA) by providing an aspect-oriented structuring and programming model that allows security functionalities to be modularized. By means of security aspects and a new notion of aspect-aware service interfaces, CESSA will enable the synthesis of SOA-based applications that are correct by construction and will allow the formal analysis of security properties of SOAs. Furthermore, the partners will demonstrate that security aspects support the secure horizontal (i.e., orchestration and choreography of services) and vertical composition (i.e., service implementation) of real-world industrial SOAs in the context of (i) an extension of an enterprise information system, extension that is motivated by needs for evolution of software in the financial sector due to regulatory requirements, and (ii) the integration into a commercial SOA of embedded devices using customized virtual machines.

CESSA is a project supported by the ANR, the French national research organization.

Project relevant questions:
1. How to define and implement evolutions of cross-boundary security functionalities in service-oriented architectures?
2. How to ensure correctness guarantees for such evolutions?


Security of Software for Distributed Applications (SEC SODA)
The project starts from the observation that many high quality security building blocks, such as authentication technologies, authorization engines or data protection protocols are widely available. These building blocks are an essential but not sufficient enabler for building secure distributed software: most of the vulnerabilities in software systems are not directly related to these (traditional) security specific components.
The SEC SODA project addresses complenentary facets of distributed software development that have a substantial impact on the global security of the software product.

More specifically, the project consists of research activities to :
1) support the systematic development of security-aware software architectures in which security properties can be accommodated, as well as verified for their effectiveness
2) enable the trustworthy deployment of secure software via techniques of self-protecting code, encrypted execution and remote attestation
3) enhance the implementation experience for developers of secure software by providing programming models that provably guarantee the absence of particular security problems, as well as by improving the integration of specialized security measures into a security-unaware, or even untrusted software artefact.

The latter activity includes the application of AOP and AOSD to impose security measures on business logic, but also the protection of aspects and components from negative interference by untrusted components and aspects. This work has lead to the creation of an aspect permission system that increases the security level of software that is subject to composition with third party aspects. This topic is a potential avenue of collaboration with PhD students that prefer to work on AOSD.