Rainbow Project research area covers software engineering for ambient computing, from middleware to HCI. It is particularly active in the following topics:
- Composition and Adaptation Models
- Adaptation Consistency at design-time and run-time
- Context-Aware Adaptation Middleware
- Interactive Systems Architecture
- Ambient Intelligence
Activity Report 2006-2010
Rainbow's research domain
Rainbow research domain is in the field of Ambient Computing and Context Aware Computing. We work on
- event middleware for physical and software component
- component model for lightweight component
- dynamic composition and orchestrations validation
- human-machine interaction composition and adaptation
- model composition and transformation
- security and intrusion detection for distributed applications
The activity report of this finishing 4-year period has been written by the GLC team. The document is organized by research themes that are common and cooperation vectors between Modalis, Wimmic (ex Kewi), Mind (ex Keia) and Rainbow projects.
However, you could find here some extract of the mutual report here.
SoftWare Adaptation - Middleware
Many middlewares have appeared in the ambient computing world, and even more in pervasive or sensors networks, dedicated to adapt software architectures to context-changes at runtime. A first limitation of the existent solution is that the majority of the context-aware platforms are not taking into account the context dynamic discovery. A middleware must be able to integrate intelligent devices that may appear and disappear dynamically, at runtime. We introduce our WComp middleware to allow to design ambient computing applications and some kind of scheme of self-adaptation to maintain the main functionalities of the application (what we call service continuity) in spite of the evolution of the infrastructure of devices. WComp middleware model federates three main paradigms (see below): event based web services, a lightweight component-based approach to design dynamic composite services and an adaptation approach using the original concept called Aspect of Assembly. These paradigms lead to two ways to dynamically design ambient computing applications. The first implements a classical component-based compositional approach to design higher-level composite Web Services and then allow to increment the graph of cooperating services for the applications. This approach is well suited to design the applications in a known, common and usual context. The second way uses a compositional approach at runtime for adaptation using Aspect of Assembly, particularly well-suited to tune a set of composite services in reaction to a particular variation of the context or changing preferences of the users.
This activity gained significant visibility today. Lot of research laboratories used our WComp middleware platform in their own development. We can cite for example, in France, LIIHS research group of IRIT, HADAS et IIHM research groups of LIG (in CONTINUUM ANR VERSO project, we lead), and University of Cluj Napoca, TMSI of National University of Singapore (in Ubi-Flood project of ICT Asia program), University of Keraouan, and Lebanese University. This activity has also led a large number of collaborations with several industrial companies (MobileGov, GFI Informatique, Bewave).
Ambient Computing - Software Composition
Our goal is the dynamic composition of services for devices in Ambient Computing and dynamic adaptation of this type of application to change of the devices infrastructure by separation of concerns. The composition of services for devices is then based on assembly of lightweight components according to the architectural meta-model SLCA we defined in . The dynamic adaptation by separation of concerns corresponds to fragments of compositions of services for devices modeled as aspects of assembly that may be woven on SLCA architecture. This work is during the application runtime and then allows to adapt it to changes in the infrastructure of services for devices in a coherent (logical properties validated during weaving) and reactive (see below) (response time adaptation cycle to validate) manner.
Besides the articles mentioned below, we have developed a middleware for ambient computing WComp used in research contracts (CONTINUUM, GERHOME, UBIQUARIUM) and by several other research laboratories (IRIT, LIG. . . )
Human Computer Interface - Software Composition
Our objective is to compose all the aspects of an application from the functional core to its presentation. Composing applications impacts the composition of functional core (FC) (services, components) as well as User Interface (UI) elements and interactions. Our approach is based on the following separation of concerns assumption: architectural decoupling of the functional part and of the UI . This decomposition is the basis of complete composition of applications including UI. This decomposition underlines the interactions that exist between UI and FC. In order to deduce a UI composition corresponding to FC composition, the Alias approach relies on such interactions and on the way FC are composed to form a new application. This way former UI are reused instead of being dropped down and replaced by a brand new one built from scratch. All along the composition process we check the consistency within UI/FC interactions: the UI of the composed application must enable users to interact with the application without data loss, conflicts or redundancies. The results are based on logic deductions using merging composition operators and the composition process is sustained by metamodeling and transformation techniques. This work is applied to applications (interactive systems) built with components platforms or services for the FC part. Our case studies concern travel reservations and emergency alerts applications. Besides the articles mentioned previously, we have exploited our research results in the research contract (MPUB).
Software Reuse - Software Composition
Reuse for composition and adaptation in ambient computing
Reuse is based on two approaches used for composition and adaptation in ambient computing. The composition mechanisms allow local design and encapsulate composite services for reuse by other composition nodes. Similarly, aspects of assembly are designed to be reused as many adaptation schemes according to the configuration of the service infrastructure for devices.
Reuse and composition of UI from the functional core composition
In case of applications based on the Service-Oriented Architecture (SOA) for example, orchestrations of services manage the functional core but the presentation level is not considered. Composing services implies proposing a new User Interface (UI) for user interactions with the resulting application. In this context, developers usually need to apply a complete development cycle (from requirement analysis to tests through design and programming) to obtain the UI from scratch; they can’t use former UI or pieces of them [NJ-3]. Our goal is to reduce the reengineering efforts needed to build the UI by deducing it as a function of the way services are composed reusing each existing UI [IC-11, IC-132]. The nature of the reuse is about the UI first sketch design: the UI obtained by deduction is technically usable but not ergonomically usable already. This means that the UI designer gains some time because he does not have to redefine the models that express user interactions, application usage, UI structure skeleton and UI/FC interactions. Instead, he works directly on the deduced UI that defines all these aspects and he just has to define the layout of his choice and to choose the adequate interactor support for each UI element in order to create the final ergonomic UI.
Security management is a wide and complex research area. Thus, before summarizing the work we have done in this domain, we will explain briefly which part of security we are interested in and our vision for managing security.
In our work, we focus on protection of data (that can be documents, messages and data flow) and services (or applications) against attacks and more specifically we consider six security properties for protecting these data and services which are: confidentiality, integrity, authenticity, access control, nonrepudiation and availability.
In our project, we propose to manage security from a software engineering point of view, i.e. considering the point of view of a developer who is not expert in security. As software engineering researchers, we know that security is an important issue that must be taken into account in order to guarantee that a software application can’t be attacked by “bad” users or programs. Moreover, we know that powerful security mechanisms exist and are designed continuously by security experts. However, application designers have difficulties to reuse and integrate these mechanisms when developing secure applications. For these designers (or developers) it is not easy to model a system including security and/or to add security to a non-secure system/application because of:
- their lack of knowledge in security field
- the complexity of security
- the lack of time when designing and developing softwares
Our goal is not to develop new security solutions but to propose solutions that will allow non-security expert application designers to easily and efficiently add and integrate security during the development process. Thus, our approach is to offer a framework (or middleware) where security properties can be easily accessible and used by:
- adding and integrating them in the application as autonomous security components or aspect of assemblies
- embedding them in the software components (or resources) of the application to design
Now the first question is where security is important for a software application? In our work we consider that security and particularly the five first security properties (i.e. confidentiality, integrity, authenticity, access control and non-repudiation) are important at different steps of the life cycle (i.e. design, development, execution) of an application, depending on the kind of application to secure (and the kind of data managed by the application). Concerning the sixth security property, i.e. availability, we have taken into account this property for the execution environment of the application and in this context proposed some solutions for attack detection.
Now, the second question is what are the different solutions that we propose? To respond to this question, we have decided to describe our work by specifying which security properties have been used and how, more specifically by responding to four sub-questions: the application context, i.e. kind of application/data concerned, etc. the life cycle steps of the application, the security properties to add to the application and how these properties are added (i.e. the security properties design: autonomous security components, aspect of assemblies, embedded).
Secure electronic transfer of documents
Life cycle steps: design, development and execution; Security properties: integrity, confidentiality, authenticity, access control and non-repudiation; Design: autonomous components.
With the growth of the information society, different actors (companies, administrations and individuals) use the Internet to transfer their documents. To ensure a secure electronic transfer of these documents, several security properties (e.g. confidentiality, integrity, authenticity of the sender and recipient, access control, non-repudiation, traceability) can be required. These properties depend on the kind of entities involved in the transfer and more specifically on the application scenario that can be for instance C2C (Consumer to Consumer), B2B (Business to Business) and B2C (Business to Consumer) for material and digital goods. To satisfy these scenarios, numerous secure communication protocols have been developed. During their life cycles, the existing communication protocols can be managed (created, deployed, and used) by three user groups: end users, protocol developers and system administrators, each of them having different objectives and facing different problems such as selecting the right protocol for the end user, using the suitable security library for the developer knowing that there is no clear match between a security property and a cryptographic mechanism provided by a library or for the administrator modifying the security library implemented by the developer. The aim of this work that has been done in the context of Nicolas Nobelis’ PhD thesis was to help these three kinds of users find a solution to their problems by more precisely taking into account their needs and points of view. We propose an architecture called ADEPT (Architecture for electronic DocumEnt Plus their Transfers) that is oriented towards theses users and thus defined as a user-centric, architecture. In the context of this work, we focussed mainly on identifying the different problems that the developer, administrator and end user are faced with, defined the different elements of ADEPT and show how this architecture addresses the users’ problems.
Security for ambient computing from a context point of view
Life cycle steps: execution; Security properties: access control; Design: aspect of assembling
In ambient computing, context is key. Computer applications are then extending their interactions with the environment. New inputs and outputs are used, such as sensors and other mobile devices interacting with the physical environment. Middlewares, created in distributed computing to hide the complexity of lower layers, are then supported by new concerns, such as context awareness, adaptation of applications and security. During the preparation of the Vincent Hourdin Ph. D., in collaboration with MobileGov company, we have introduced a model taking into account the context both in security and distribution. Access control must evolve to incorporate a dynamic and reactive authorization, based on information related to environment or simply on the authentication information of entities. Contextual information evolves with its own dynamic, independently of the application. Thus, it is also necessary to detect context changes to reassess the authorization. We are experimenting this context-awareness targeting interaction control with the experimental framework WComp, derived from the SLCA/AA (Service Lightweight Component Architecture / Aspects of Assembly) model. SLCA allows to create dynamic middlewares and applications for which functional cutting is not translated into layers but into an interleaving of functionalities. Aspects of assembly are a mechanism for compositional adaptation of assemblies of components. We use them to express our non-functional concerns and to compose them with existing applications in a deterministic and reactive manner. For this purpose, we have introduced context-aware interaction control rules that will allow the middleware to adapt, according to context, the behavior of the application for the security concern.
Projects and Objectives(2011-2015)
The current focus on adaptable middleware for network of devices is put on the development of new weaver approaches for Aspects of Assembly and mechanisms to improve relevance of adaptation. These new weaver approaches aim at improving modularity (multi-cycle weaving techniques, PhD thesis started in 2008) and interaction between concerns of multiple domains (multiple weavers for Aspects of Assembly, PhD thesis started in 2009). Because the complexity of the resulting software architecture also needs to be tackled, we need to improve the relevance of adaptation. We aim at developing contextual filters before weaving aspects for that purpose (one PhD thesis started in 2010) or we use semantic information to select aspects more efficiently (part of ANR project Continuum started in 2008). The effort on software adaptation control will be completely redirected towards autonomic management and addressing challenges of large scale distributed systems. With the growth in scale of distributed systems, their complexity challenges all modern software development techniques, leading to non-fully stabilized middleware stacks. Moreover, hardware components are subject to failures and the Mean Time Between Failures becomes a critical metrics the impact of which is observed daily. Since failures cannot be completely avoided, their happening has to be taken into account in the design of such systems. Self-adaptation and principles to make software components autonomously resilient in case of failures will be developed. A challenge is to address all unknowns potentially leading to failure conditions. Generic methodologies to cope with broad class of failures are needed. In this perspective, relations with reasoning on software component-based adaptation will be investigated.
Our primary objective still remains to compose all the aspects of an application from the functional core to its presentation. We have already explored the case where the composition of functional core (FC) (services, components) impacts the User Interface (UI) elements and interactions. To complete the coverage of this objective, we explore the reverse case where the composition of interactions and UI impacts the composition of FC. The aim of this approach is to generate a new application by manipulating the former UI and their interactions. Composition mechanisms are based on ontologies to connect the different concerns: functional, interactions (tasks) and UI. Another objective is to study and deal with the multiplicity of models used in the engineering of interactive systems. Such models are involved in processes such as composition or plasticity management at design time as well as runtime. As these models share information and evolve rapidly today, there is a need to maintain collaboration links between them. We plan to explore the relationships that exist between these models and make explicit such “collaboration” in order to manage model evolution and keep them mutually consistent. Much work has already dealt with composition at the software engineering level in services and component architectures as well as at the User Interface (UI) level such as for Mashups. The two research communities have focused on their predilection domain and its respective level (software vs UI). However an interactive system is composed of both software and interactive building blocks. Hence, information about local compositions needs to be diffused in order to infer a sound global composition. We plan to study how to combine different composition approaches and how to deal with composition driven by different entry points simultaneously.
Low energy consuming and component-based security architectures for mobiles
The aim of this work is to propose another utilization of the ADEPT framework proposed by Nicolas Nobelis in the context of his PhD thesis. More specifically, we intend to use and extend some elements of ADEPT for mobile environments. Nowadays, different types of electronic data transfer are supported by applications due to the expansion of Internet. These applications may run on desktop machines (PCs, servers, etc.) or mobiles devices (mobiles phones, PDAs, smartphones, etc.). A prerequisite and a critical issue for these transfers is the assurance of security functionalities. Each communication may necessitate a number of security properties such as confidentiality, integrity, authenticity, etc. While these security properties may be offered by secure protocols such as SSL, a constraint persists: SSL is high-energy consuming and the properties are provided as a block. Energy consumption has an important impact on the battery life of mobile devices and solutions are therefore needed. We aim at proposing a security management architecture for mobile devices based on adaptable security components and externalizing security functionalities from mobile devices to save their energy resources while responding also to economical and environmental constraints. Within our work, we will treat two critical issues: 1) how we can inform the user about the applied security properties and 2) what could be done to let other parties trust our architecture.
A new security model for cloud computing security
This work started with the thesis of Christian Delettre in May 2010. The aim of this thesis is to propose a new security model for Cloud Computing and more specifically for e-commerce environments deployed in clouds platforms. The work of N. Nobelis on security components will be reused in particular to secure communications in e-commerce clouds according to the type of data exchanged. Furthermore, within an e-commerce environment many providers have the same structures of database easily available on Internet. Therefore, it is possible to realize statistics to obtain rough information even on encrypted data. To mitigate the problems of this practice, we shall develop two additional security components that will be added to those of N. Nobelis.
Impact of security on human user interfaces
Starting from the security components and security properties-based security policies proposed by Nicolas Nobelis, the goal of this work is to study the impact of security at the user interface (UI) level, from three different points of views:
- study the composition of UIs security components starting from their assembly specified through a security properties-based policy;
- study the composition of UIs security properties-based security policies;
- study the effects of applying security on a UI, by allowing a non-expert end user to specify her/his security wishes to add security properties through a user interface.
Adding security and privacy to a non-secure application
The goal of this work is to facilitate the integration of security (using and extending the security components proposed by Nicolas Nobelis) and privacy into an application even after the development phase by proposing a dynamic approach for code compilation and orchestration. To achieve this goal, we plan to design a component-based and user-centric (i.e. end-user and developer) architecture that will allow the: (i) designer to add security and privacy components in an application and (ii) user to tune and configure the privacy or security she/he needs for the application she/he uses. Security evolution from a user point of view. Keywords:application security, security policies When developing in a “spirale” manner, a designer can realize that she/he needs to secure her/his processes and data. Thus, the question is how to build an application by adding/removing security policies ? How to facilitate the construction of more secure applications in a flexible and “transparent” manner for the designer and end user?
Managing security at data flow level
The aim of this work is to allow for a control of securisation processes and flow analysis. To do this, we propose to use two approaches: (i) an improvement of the data flow allowing a composition of non-functional properties at workflow level; (ii) a simulation of the securisation
The goal of this work is to study and evaluate existing visualisation approaches used in the security area by comparing them to visualisation approaches used in other domains and taking into account the administrator point of view. Thus, again our study will be user-oriented in order to propose an improved approach of existing security visualisation tools or a new one.
Historique (in french)
* A partir du 1.1.09 : l'équipe Rainbow est une sous-partie de l'équipe 2007-2008.
* La description de nos activités 2007 et 2008 est décrite dans le rapport ci-joint (version pdf) écrit en octobre 2007.
* Le lecteur intéressé trouvera ici, la description des activités menées au cours de la période 2002 à 2006 rainbow.pdf écrite en octobre 2006.