Formal Metamodeling for Secure Model-Driven Engineering

Systems and applications aligned with new paradigms such as cloud computing and internet of the things are becoming more complex and interconnected, expanding the areas in which they are susceptible to attacks. Their security can be addressed by using model-driven engineering (MDE). In this context, specific IoT or cloud computing metamodels emerged to support the systematic development of software. In general, they are specified through semiformal metamodels in MOF style. This article shows the theoretical foundations of a method for automatically constructing secure metamodels in the context of realizations of MDE such as MDA. The formal metamodeling language Nereus and systems of transformation rules to bridge the gap between formal specifications and MOF are described. The main contribution of this article is the definition of a system of transformation rules called NEREUStoMOF for transforming automatically formal metamodeling specifications in Nereus to semiformal-MOF metamodels annotated in OCL.

A Novel Iterated Function System-Based Model for Coloured Image Encryption

Chaotic cryptography has been a well-studied domain over the last few years. Many works have been done, and the researchers are still getting benefit from this incredible mathematical concept. This paper proposes a new model for coloured image encryption using simple but efficient chaotic equations. The proposed model consists of a symmetric encryption scheme in which it uses the logistic equation to generate secrete keys then an affine recursive transformation to encrypt pixels' values. The experimentations show good results, and theoretic discussion proves the efficiency of the proposed model.

Anomaly-Based Intrusion Detection Systems for Mobile Ad Hoc Networks

Ad hoc networks are used in heterogeneous environments like tactical military applications, where no centrally coordinated infrastructure is available. The network is required to perform self-configuration, dynamic topology management, and ensure the self-sustainability of the network. Security is hence of paramount importance. Anomaly-based intrusion detection system (IDS) is a distributed activity carried out by all nodes of the network in a cooperative manner along with other related network activities like routing, etc. Machine learning and its advances have found a promising place in anomaly detection. This paper describes the journey of defining the most suitable routing protocol for implementing IDS for tactical applications, along with the selection of the related suitable data set. The paper also reviews the latest machine learning techniques, implementation capabilities, and limitations.

Cloud Computing Virtual Machine Workload Prediction Method Based on Variational Autoencoder

The paper proposes a method for predicting the workload of virtual machines in the cloud infrastructure. Reconstruction probabilities of variational autoencoders were used to provide the prediction. Reconstruction probability is a probability criterion that considers the variability in the distribution of variables. In the proposed approach, the values of the reconstruction probabilities of the variational autoencoder show the workload level of the virtual machines. The results of the experiments showed that variational autoencoders gave better results in predicting the workload of virtual machines compared to simple deep neural networks. The generative characteristics of the variational autoencoders determine the workload level by the data reconstruction.

CSPM

Security and privacy in cloud systems are critical. To address security and privacy concerns, many security patterns, privacy patterns, and non-pattern-based knowledge have been reported. However, knowing which pattern or combination of patterns to use in a specific scenario is challenging due to the sheer volume of options and the layered cloud stack. To deal with security and privacy in cloud services, this study proposes the cloud security and privacy metamodel (CSPM). CSPM uses a consistent approach to classify and handle existing security and privacy patterns. In addition, CSPM is used to develop a security and privacy awareness process to develop cloud systems. The effectiveness and practicality of CSPM is demonstrated via several case studies.

Six-Assurance Case Patterns by Strengthening/Weakening Argument

Goal structuring notation (GSN) is widely used in safety cases and other methods for assuring reliability. Demonstrating the fulfillment of a claim in the GSN requires that its achievement be interpreted logically and structurally by the reader. This study proposes a typical pattern of interpreting these structural interpretations. Furthermore, the proposed patterns were verified for their application to actual GSN samples, and the applicability of these patterns was validated. In addition, these patterns were compared with the existing use of the so-called multi-legged arguments, and the differences between them were shown. Moreover, some of the proposed patterns show that there is a difference in the degree of certainty in the achievement of the converted claim, which indicates achievement of the claim from which it is derived.

A Composite Safety Assurance Method for Developing System Architecture Using Model Checking

Assurance case helps analyze the system dependability, but the relationships between system elements and assurance case are generally not clearly defined. In order to make system assurance more intuitive and reliable, this paper proposes an approach that clearly defines the relationships between safety issues and system elements and integrates them using ArchiMate. Also, the proposed method applies model checking to system safety assurance, and the checking results are regarded as evidence of assurance cases. This method consists of four steps: interaction visualization, processes model checking, assurance case creation, and composite safety assurance. The significance of this work is that it provides a formalized procedure for safety-critical system assurance, which could increase the confidence in system safety. It would be expected to make the safety of a system easier to explain to third parties and make the system assurance more intuitive and effective. Also, a case study on an automatic driving system is carried out to confirm the effectiveness of this approach.

CC-Case-Safety and Security Engineering Methodology

As the complexity of computer systems increases, assuring safety and security is significant. The authors aim to construct a new development methodology CC-Case that can assure the demands of complex systems, including IoT and AI, using safety and security technologies in an integrated manner. As a central framework of CC-Case, this manuscript shows requirements extraction by STAMP/STPA extension to safety and security (STAMP S & S) and assurance using GSN divided into a logical model and a concrete model. STAMP S & S makes it possible to model requirements based on system theory and extract more comprehensive safety and security requirements in a single model diagram. Besides, the GSN defines the overall picture of the assurance and verifies and validates the hazards and threats extracted by STAMP S & S. This paper presents the procedures of CC-Case with STAMP, GSN, and show examples of level 3 autonomous driving.

A Goal-Oriented Approach to Requirements Development and Quantitative Security Assurance

When deciding and evaluating system security strategies, there is a trade-off relationship between security assuring effect and constraint condition, which has been revealed by many qualitative security assurance methods. However, the existing methods cannot be used to make quantitative analysis on security assurance and constraint conditions to support project managers and system engineers to decide system development strategies. Therefore, a quantitative method which can consider both security strategies and constraints is necessary. This paper proposes a semi-automatic, quantitative system security assurance approach for developing security requirement and security assurance cases by extending the traditional GSN (goal structuring notation). Next, two greedy algorithms for quantitative system security assurance are implemented and evaluated. In addition, a case study and an experiment are carried out to verify the effectiveness and efficiency of the proposed approach and the proposed algorithms.

Enterprise Architecture-Based Project Assurance Model for the Proof-of-Concept of AI Service Systems

This research considers the common understanding of proof-of-concept (PoC) projects developing AI service systems between business and IT divisions. The authors propose an enterprise architecture (EA)-based project assurance model for the PoC of AI service systems, and represented elements of the developed application, development processes, and project goals with relations in the model. The proposed model provides two views, the “Why-What-Who View” representing the relationships between goals, processes and actors, and “Who-What-How View” representing the relationships between actors, processes and applications. Through these views, this paper shows that project members can understand the development activities in which they are involved, and the impact or significance of each activity on the project, and the project goal is assured by executing each activity in the process. Through a case study the authors show that one can use the proposed model as a reference model when proposing and executing AI service system development projects.