Cognitive effectiveness of visual instructional design languages

The introduction of learning technologies into education is making the design of courses and instructional materials an increasingly complex task. Instructional design languages are identified as conceptual tools for achieving more standardized and, at the same time, more creative design solutions, as well as enhancing communication and transparency in the design process. In this article we discuss differences in cognitive aspects of three visual instructional design languages (E²ML, PoEML, coUML), based on user evaluation. Cognitive aspects are of relevance for learning a design language, creating models with it, and understanding models created using it. The findings should enable language constructors to improve the usability of visual instructional design languages in the future. The paper concludes with directions with regard to how future research on visual instructional design languages could strengthen their value and enhance their actual use by educators and designers by synthesizing existing efforts into a unified modeling approach for VIDLs.     

The development of a specification language for a computer security system

The primary goal of this paper is to define an initial step towards the definition of ‘systems grammar’ based on the notion of formal languages which can be used as a ‘tool’ in the formal representation of computer security systems. Currently all modelling done on computer security systems is written up as mathematical models. These mathematical models are usually based on the mathematics of relations amongst objects, as opposed to the model described in this paper which is based on the theory of formal languages. This paper is aimed at people who are doing research on the logical aspects of computer security. It is the first of a series of two papers. This paper will give interim results and make more specific the definition of a ‘formal language’ which suits the computer security environment. The second paper will illustrate the actual use of the defined ‘formal language’ and show how to represent the characteristics of a computer security environment by using this ‘formal language’.     

Components of a multi-perspective modeling method for designing and managing IT security systems

Information technology (IT) security design and management are a major concern and substantial challenge for IT management. Today’s highly complex business and technological environments and the need to effectively communicate and justify IT security requirements and controls demand methodical support. The modeling method presented in this paper addresses this demand. The method is based on the assumption that enriched enterprise models integrating technological, business, organizational and strategic aspects provide an effective foundation for developing and managing IT security systems and facilitating communication and understanding between stakeholders. The proposed modeling method for designing and managing IT security in organizations accounts for different perspectives and is based on multi-perspective enterprise modeling. The core components of the method, based on analysis of requirements at different levels of abstraction, are: modeling language concepts specifically designed to address security issues, process models that guide the use of the resulting language, and a modeling environment. The method facilitates elaborate representations of the various aspects of IT security at different levels of abstraction and covers the entire lifecycle of IT security systems. It not only supports multi-perspective requirement analysis and design but also enables monitoring and analysis of IT security at runtime. The presented artifact is evaluated with recourse to a research method that enables the configuration of multi-criteria justification procedures.     

Activating networks: a progress report

Active networks-networks you can add programs to or customize to particular applications-are probably most familiar as Web proxy caches and firewalls. In their more sophisticated form, however, they have become customized infrastructures that let designers program control planes-the control software and network hardware used to manipulate the transport system's behavior. Programming mechanisms such as open signaling are becoming more widespread, for example. But research in active networks has taken a step beyond even these sophisticated infrastructures. Working systems now let designers modify packet-switching infrastructures on the fly using either a switch-like model, which mixes active packets with other packets, or in a capsule model, which regards all packets as programs. In surveying working systems and experimental results, the authors have found that first-generation systems have opted to use modern programming language technologies such as Caml and Java to provide usability and safety, and cryptographic techniques to provide security. The systems differ in the degree of flexibility and performance they offer. Many differences stem from the use of a particular security model. The paper discusses a general architecture for active networks     

Security types preserving compilation

Starting from the seminal work of Volpano and Smith, there has been growing evidence that type systems may be used to enforce confidentiality of programs through non-interference. However, most type systems operate on high-level languages and calculi, and “low-level languages have not received much attention in studies of secure information flow” (Sabelfeld and Myers, [Language-based information-flow security. IEEE Journal on Selected Areas in Communications 2003; 21:5–19]). Therefore, we introduce an information flow type system for a low-level language featuring jumps and calls, and show that the type system enforces termination-insensitive non-interference.Furthermore, information flow type systems for low-level languages should appropriately relate to their counterparts for high-level languages. Therefore, we introduce a compiler from a high-level imperative programming language to our low-level language, and show that the compiler preserves information flow types.     

A framework for evolution of modelling languages

In model-driven engineering, evolution is inevitable over the course of the complete life cycle of complex software-intensive systems and more importantly of entire product families. Not only instance models, but also entire modelling languages are subject to change. This is in particular true for domain-specific languages, whose language constructs are tightly coupled to an application domain.The most popular approach to evolution in the modelling domain is a manual process, with tedious and error-prone migration of artefacts such as instance models as a result. This paper provides a taxonomy for evolution of modelling languages and discusses the different evolution scenarios for various kinds of modelling artefacts, such as instance models, meta-models, and transformation models. Subsequently, the consequences of evolution and the required remedial actions are decomposed into primitive scenarios such that all possible evolutions can be covered exhaustively. These primitives are then used in a high-level framework for the evolution of modelling languages.We suggest that our structured approach enables the design of (semi-)automatic modelling language evolution solutions.     

A framework for evolution of modelling languages

In model-driven engineering, evolution is inevitable over the course of the complete life cycle of complex software-intensive systems and more importantly of entire product families. Not only instance models, but also entire modelling languages are subject to change. This is in particular true for domain-specific languages, whose language constructs are tightly coupled to an application domain.The most popular approach to evolution in the modelling domain is a manual process, with tedious and error-prone migration of artefacts such as instance models as a result. This paper provides a taxonomy for evolution of modelling languages and discusses the different evolution scenarios for various kinds of modelling artefacts, such as instance models, meta-models, and transformation models. Subsequently, the consequences of evolution and the required remedial actions are decomposed into primitive scenarios such that all possible evolutions can be covered exhaustively. These primitives are then used in a high-level framework for the evolution of modelling languages.We suggest that our structured approach enables the design of (semi-)automatic modelling language evolution solutions.     

Security patterns modeling and formalization for pattern-based development of secure software systems

Pattern-based development of software systems has gained more attention recently by addressing new challenges such as security and dependability. However, there are still gaps in existing modeling languages and/or formalisms dedicated to modeling design patterns and the way how to reuse them in the automation of software development. The solution envisaged here is based on combining metamodeling techniques and formal methods to represent security patterns at two levels of abstraction to fostering reuse. The goal of the paper is to advance the state of the art in model and pattern-based security for software and systems engineering in three relevant areas: (1) develop a modeling language to support the definition of security patterns using metamodeling techniques; (2) provide a formal representation and its associated validation mechanisms for the verification of security properties; and (3) derive a set of guidelines for the modeling of security patterns within the integration of these two kinds of representations.     

Opacity of discrete event systems and its applications

In this paper, we investigate opacity of discrete event systems. We define two types of opacities: strong opacity and weak opacity. Given a general observation mapping, a language is strongly opaque if all strings in the language are confused with some strings in another language and it is weakly opaque if some strings in the language are confused with some strings in another language. We show that security and privacy of computer systems and communication protocols can be investigated in terms of opacity. In particular, two important properties in security and privacy, namely anonymity and secrecy, can be studied as special cases of opacity. We also show that by properly specifying the languages and the observation mapping, three important properties of discrete event systems, namely observability, diagnosability, and detectability, can all be reformulated as opacity. Thus, opacity has a wide range of applications. Also in this paper we provide algorithms for checking strong opacity and weak opacity for systems described by regular languages and having a generalized projection as the observation mapping.     

基于Petri网的电子支付安全模型研究

Petri网兼顾了严格定义与图形语言两个方面,具有丰富而严格的模型语义,也是一种图形化的语言,具有直观与易懂的特点。电子支付是客户使用电子账户通过网络实施的支付。针对电子支付过程中的安全风险,给出了电子支付可以实施的安全措施。利用Petri网描述安全电子支付流程,采用一种基于逻辑的Petri网分析方法,探索建立了基于Petri网的电子支付安全模型。该模型对于指导电子支付安全项目的研究以及解决实际安全问题具有一定的理论价值和实践意义。对电子支付建立Petri网安全模型的另一个目的,就是为信息安全研究提供新的方法与思路。     

A dialogue system for creating and manipulating graphical symbols and structures

Conventional higher level programming languages have not been designed for effective application to the kind of problems which arise in interactive computer graphics. In order to correct this, efforts have been made to use conversational languages or to design command languages which allow the user to interact with the system via light buttons or teletype.This paper describes a conversational system — called DIGS — using a keyboard-oriented language. The language enables the user to construct models step-by-step with a minimum of typing effort. Intermediate results (graphic or non-graphic) may be controlled at each point of the construction process.The purpose is to provide a tool for easily creating and editing fairly complex symbols as well as hierarchic pictures. Data can be associated with the picture parts and relationships defined between them.     

Defining the abstract syntax of visual languages with advanced graph grammars—A case study based on behavior trees

Diagrammatic visual languages can increase the ability of engineers to model and understand complex systems. However, to effectively use visual models, the syntax and semantics of these languages should be defined precisely. Since most diagrammatic visual models that are currently used to specify systems can be described as (directed) typed graphs, graph grammars have been identified as a suitable formalism to describe the abstract syntax of visual modeling languages. In this article, we investigate how advanced graph-transformation techniques, such as conditional, structure-generic and type-generic graph-transformation rules, can help to improve and simplify the specification of the abstract syntax of a visual modeling language. To demonstrate the practicability of an approach that unifies these advanced graph-transformation techniques, we define the abstract syntax of behavior trees (BTs), a graphical specification language for functional requirements. Additionally, we provide a translational semantics of BTs by formalizing a translation scheme to the input language of the SAL model checking tool for each of the graph-transformation rules.     

Static use-based object confinement

The confinement of object references is a significant security concern for modern programming languages. We define a language that serves as a uniform model for a variety of confined object reference systems. A use-based approach to confinement is adopted, which we argue is more expressive than previous communication-based approaches. We then develop a readable, expressive type system for static analysis of the language, along with a type safety result demonstrating that run-time checks can be eliminated. The language and type system thus serve as a reliable, declarative, and efficient foundation for secure capability-based programming and object confinement .     

Java虚拟机异常处理机制的设计与实现

异常处理机制是程序设计语言的重要特征之一,它为开发可靠性软件系统提供了强有力的支持,介绍了不同语言的异常处理机制,对Ｊａｖａ语言的异常处理机制进行了详细论述,最后结合国产开放系统平台ＣＯＳＩＸ虚拟机异常处理的设计,深入探讨了在解释才及时编译执行两种不同的情况下,异常处理设计与实现的关键技术。     

Dynamic security labels and static information flow control

This paper presents a language in which information flow is securely controlled by a type system, yet the security class of data can vary dynamically. Information flow policies provide the means to express strong security requirements for data confidentiality and integrity. Recent work on security-typed programming languages has shown that information flow can be analyzed statically, ensuring that programs will respect the restrictions placed on data. However, real computing systems have security policies that cannot be determined at the time of program analysis. For example, a file has associated access permissions that cannot be known with certainty until it is opened. Although one security-typed programming language has included support for dynamic security labels, there has been no demonstration that a general mechanism for dynamic labels can securely control information flow. In this paper, we present an expressive language-based mechanism for reasoning about dynamic security labels. The mechanism is formally presented in a core language based on the typed lambda calculus; any well-typed program in this language is secure because it satisfies noninterference.     

用语义网技术建模特征识别和攻击模型

安全特征识别和攻击的预测是网络安全领域内必不可少的功能部分,而攻击模型和其他安全特征的描述和定义需要专门的语言。然而,目前此类语言存在诸多问题,如语言功能单一,适用性差;缺乏开放性,语义不一致和缺乏可重用性等。为了改善这种情况,利用本体建模方法,通过一个典型攻击行为的建模,证明本体语言具有的特点支持其作为安全特征描述语言。     

Advanced mobile and wearable systems

The recent spectacular progress in the microelectronic, information, communication, material and sensor technologies created a big stimulus towards development of smart communicating cyber-physical systems (CPS) and Internet of Things (IoT). CPS and IoT are undergoing an explosive growth to a large degree related to advanced mobile systems like smart automotive and avionic systems, mobile robots and wearable devices. The huge and rapidly developing markets of sophisticated mobile cyber-physical systems represent great opportunities, but these opportunities come with a price of unusual system complexity, as well as, stringent and difficult to satisfy requirements of many modern applications. Specifically, smart cars and various wearable systems to a growing degree involve big instant data from multiple complex sensors or other systems, and are required to provide continuous autonomous service in a long time. In consequence, they demand a guaranteed (ultra-)high performance and/or (ultra-)low energy consumption, while requiring a high reliability, safety and security. To adequately address these demands, sophisticated embedded computing and embedded design technologies are needed. After an introduction to modern mobile systems, this paper discusses the huge heterogeneous area of these systems, and considers serious issues and challenges in their design. Subsequently, it discusses the embedded computing and design technologies needed to adequately address the issues and overcome the challenges in order to satisfy the stringent requirements of the modern mobile systems.