The SSE group is active in two research areas: Software Engineering, and Information Security; in each area there are some research themes shared by some group members.
1. Software Engineering
1.a System Modelling
The specification of a programming language is defined by its grammar, such as a new XML dialect is specified by its XML-Schema. Similarly, a visual modelling language define many graphical concepts whose semantics are specified in a metamodel of the application domain, i.e. a domain-specific modeling language (DSML). The modeling paradigm contains all the syntactic, semantic, and presentation information regarding the domain: concepts used to build models, relationships among those concepts, concepts visualization, and model construction rules.
Paolo Falcarin used the Eclipse Modeling Framework (EMF) and Graphical Modeling Framework (GMF) to contribute to the development of different domain-specific languages: SPATEL, a service description language for integrated telecom web services which has been partially reused in the OMG standard TelcoML, and a service description language for integrated telecom services based on JAIN-SLEE standard.
Abdel Tawil uses OWL and semantic web technogies to design a domain-specific language for e-health applications, while Shareeful Islam contributed to the Secure Tropos visual notation for security requirements specification.
Paolo Falcarin has started a collaboration with John George and the IIRG group in the School of Health and Bioscience at UEL; the research collaboration spans over metabolic pathways modelling and analysis, and the integration, automation, and optimization of bioinformatics processes.
1.b Service Oriented Computing
Paolo Falcarin works on automated and reconfigurable service composition of telecom and web services, while in the past, he worked on service personalization, with particular focus on context-aware services and mobile services.
Andres Baravalle's research spans over web usability, open source, and cloud computing.
2. Information Security
2.a Software Protection
Software Protection aims at mitigating Man-At-The-End (MATE) attacks, by establishing trustworthy software execution on untrusted platforms. For example, in a malicious reverse engineering attack, an adversary violates the vendor's confidentiality rights by extracting intellectual property from the software; in a tampering attack, the adversary violates the software integrity by modifying in ways the software vendor did nto intend; in a cloning attack, he violates copyright laws by making and distributing illegal copies of the software.
Paolo Falcarin was one of the first researchers to use code mobility and a trusted server to create network-based software protections. Currently he is working with Alessandro Cabutto in designing and implementing client-server support for secure binary code updates in the ASPIRE project. Such diversified run-time code updates will serve different purposes: contrasting static analysis, reducing the attacker's time-frame and implementing network-based protections such as remote attestation.
Christophe Tartary has made important contributions to the construction and analysis of protocols for secure distributed computing. Recently, he has developed a block box construction based on list recoverable codes for authenticating streaming. In addition, he has showed how to tune internal parameters to satisfy several efficiency trade-offs such as computational power and throughput. This work has applications in a large scope of areas such as videoconferences, software update, air traffic control. Tartary has also made contributions to securing multiparty computation: this covers areas such as electronic auctions and database interactions for instance. He has targeted the problem of designing protocols for generic function evaluations. A key point in this work is that the communication complexity of our protocols is independent on the size of the Boolean circuit used to represent the functionality. This is a major improvement with respect to existing generic protocols in the area of multiparty computation.
2.c Security Analysis and Modelling
In this area Shareeful Islam developed a framework to support the consideration of laws and regulations during the development of secure software systems. In particular, the novelty of the framework is that it enables software developers to correctly elicit security requirements from the appropriate laws and regulations, and to trace these requirements throughout the development stages in order to ensure that the design indeed supports the required laws and regulations.
Paolo Falcarin and Gaofeng Zhang are developing a methodology to assess the effectiveness of software protections in terms of additional effort required to the attackers using system modelling techniques, such as Petri nets and Bayesian networks.