My past research activities have been guided by the belief that in developing software systems that are increasingly complex, a well balanced blend of mathematical and engineering foundations is required to tackle most of the development challenges. Today, complex software systems are often produced by brute force, with managers assigning more and more resources to the development effort. Since the nineties, the so-called system maintenance may take up to 75% of a system’s cost over its lifetime. I think that we can do better by building these systems correct from the start and by reducing the maintenance to deal only with unpredictable changes. Software engineering leaders are beginning to call for more systematic approaches: more mathematics, science, and engineering are needed. The evolution of the Internet and the openness of the systems that we build on diverse multidimensional environments add new challenges. Among these challenges is information security .
I anticipate that we collectively will make a major change in the way software systems are built when we provide appropriate solutions to deal with the relentless change of requirements and all of its ripple effects. Dealing with non-functional requirements such as security is extremely challenging.
Highlights of Previous and Ongoing Work
My conducted and supervised research work has revolved around issues related to software requirements, feature modelling, architecture design derivation, aspect orientation at the feature modelling level, and mathematical approaches to specify and discuss information confidentiality. To take on all these research issues, I use algebras as a common formal tool. I find the calculational feature of algebras [1] very appealing as it transforms verification tasks into a usually simple calculational tasks that can be easily automated.
My work on software requirements tackled problems related to the formal verification of software requirements. Working on software requirements for many years showed me that it is challenging to fully grasp non-functional requirements such as security. I conjecture that fully understanding at least one facet of information security (such as confidentiality) gives insights on tackling other non-functional requirements such as dependability. In particular, with the help of my students and collaborators, I was able to provide approaches to the formalisation and integration of requirements scenarios and the use of tabular expression to document them.
Regarding feature modelling, my collaborators and I proposed an algebraic framework for formal specification of software product families. The proposed technique uses an algebra commonly denoted by feature algebra or product family algebra, which is an idempotent, commutative semiring. The proposed algebra not only allows expressing the basic notions used by the product family community, but also enables algebraic manipulations of families of specifications, which enhance the generation of new knowledge about them. The notions and relationships introduced in feature modeling techniques (e.g., FODA) and expressed with graphical notations can easily be stated within product family algebra. I proposed the mathematical properties of a requirement relation that is used to deal with conflict resolution among specification views. This theoretical work led to the development of a tool for the specification and the verification of product families that is extremely powerful as it can handle product families with as much as 215 features, using less than 160MB of memory (other techniques in the literature reach state-space explosion with about 50 features). Due to the simplicity of the mathematical framework, the reasoning on product families as well as on view integration has been automated in provers such as Prover9. My students and I developed the only (to the best of my knowledge) formal setting that allows the handling of feature models and their aspects to automate the handling of requirements changes that are related to an aspect such as security. Putting the algebraic foundation for the specification of feature models and their aspects, and proposing techniques for the analysis of product families is a work that extended over more than six years.
I articulated an algebraic framework to discuss the combination of cryptographic keys, their cyphers, and the messages to be encrypted. The framework takes into consideration a new perspective in tackling the cryptographic-key distribution problem. My students and I proposed an algebraic approach to the analysis of cryptographic-key distribution schemes and generalisations to several known schemes. We also pointed to several other applications related to measures ensuring information confidentiality such as the analysis of information confidentiality policies.
I proposed a covert channel detection technique based on relational algebra, which offers a high degree of simplicity. In the literature, covert channels detection techniques rely on heuristics to uncover the use of covert channels. My technique gives a formal and rigorous approach to the detection of confidential information leakage through covert channel communication. It provides simple relational tests to verify the existence of an abstraction relation between the observed communicated information and confidential information. These tests are extensible and allow the technique to handle complex scenarios, which may involve, for example, modulating the confidential information. The technique has also several usages in cryptanalysis. A tool based on the proposed mathematics was developed to aid in the automation of the proposed technique and its applications in forensic analysis of information leakage via covert channels.
Future Research Direction
My research will be drifting towards focusing more on issues related to information confidentiality and the specification of security requirements. During the years I spent studying the analysis of confidentiality policies, covert channels, or cryptographic protocols, I had observed that getting accurate answers to the most relevant questions requires the modelling of the relationships between the concepts used in the domain of application (i.e., a domain ontology). I anticipate that efficiently addressing confidentiality related problems requires the use of domain ontologies to assess the real scope of confidentiality policies and information leakage. Security analysts need to compose information from multiple sources or from several communicating agents to adequately connect the dots between information and get accurate answers to their questions. To compose information from diverse sources, the analyst needs to resolve any semantic heterogeneity among them. Such heterogeneity arises due to mismatches in the semantics of terms used in information sources or by the involved communicating agents.
I will be seeking algebraic machinery for the update and composition of ontologies. The application of this machinery will be in detecting covert channels, analysing confidentiality policies, data cleansing, and in software requirements analysis. My early experimentation with mathematical structures that capture some elements of an ontology and their successful use in policy analysis gives me insights on how to approach the general problem.
References
[1] William S. Hatcher. Calculus is algebra. Americain Mathematical Monthly, 89(6), June-July 1982.