skip to main content
10.1145/2866614.2866629acmotherconferencesArticle/Chapter ViewAbstractPublication PagesvamosConference Proceedingsconference-collections
research-article

Variability Modeling of Cryptographic Components: Clafer Experience Report

Published: 27 January 2016 Publication History

Abstract

Software systems need to use cryptography to protect any sensitive data they collect. However, there are various classes of cryptographic components (e.g., ciphers, digests, etc.), each suitable for a specific purpose. Additionally, each class of such components comes with various algorithms and configurations. Finding the right combination of algorithms and correct settings to use is often difficult. We believe that using variability modeling to model these algorithms, their relationships, and restrictions can help non-experts navigate this complex domain. In this paper, we report on our experience modeling cryptographic components in Clafer, a modeling language that combines feature modeling and meta-modeling. We discuss design decisions we took as well as the challenges we ran into. Our work helps expand variability modeling into new domains and sheds lights on modeling requirements that appear in practice.

References

[1]
A. Murashkin. Automotive electronic/electric architecture modeling, design exploration and optimization using Clafer. Master's thesis, University of Waterloo, 2014.
[2]
M. Rosenmüller, N. Siegmund, T. Thüm, and G. Saake. Multi-dimensional variability modeling. In Proc. of the Workshop on Variability Modeling of Software-Intensive Systems (VaMoS). 2011.
[3]
T. Berger, S. She, R. Lotufo, A. Wąsowski, and K. Czarnecki. Variability modeling in the real: A perspective from the operating systems domain. In Proc. of the IEEE/ACM Int'l Conference on Automated Software Engineering (ASE). 2010.
[4]
K. Bąk, Z. Diskin, M. Antkiewicz, K. Czarnecki, and A. Wąsowski. Clafer: unifying class and feature modeling. Software & Systems Modeling, 2014.
[5]
M. Egele, D. Brumley, Y. Fratantonio, and C. Kruegel. An empirical study of cryptographic misuse in Android applications. In Proc. of the Conference on Computer and Communications Security (CCS), 2013.
[6]
S. Fahl, M. Harbach, T. Muders, M. Smith, L. Baumgärtner, and B. Freisleben. Why Eve and Mallory love Android: An analysis of android SSL (in)security. In Proc. of the Conference on Computer and Communications Security (CCS), 2012.
[7]
S. Arzt, S. Nadi, K. Ali, E. Bodden, S. Erdweg, and M. Mezini. Towards secure integration of cryptographic software. In Proc. of the SIGPLAN Symposium on New Ideas in Programming and Reflections on Software at SPLASH (Onward!), 2015.
[8]
A. J. Menezes, P. C. Van Oorschot, and S. A. Vanstone. Handbook of applied cryptography. 1996.
[9]
D. Menascé. Security performance. IEEE Internet Computing, 7(3):84--87, May 2003.
[10]
X. Wang and H. Yu. How to break md5 and other hash functions. In Advances in Cryptology--EUROCRYPT 2005. Springer, 2005.
[11]
K. Czarnecki, S. Helsen, and U. Eisenecker. Formalizing cardinality-based feature models and their specialization. Software Process: Improvement and Practice, 10(1):7--29, 2005.
[12]
Alloy. http://alloy.mit.edu.
[13]
Choco. http://www.emn.fr/z-info/choco-solver.
[14]
M. Antkiewicz, K. Bąk, A. Murashkin, R. Olaechea, J. H. J. Liang, and K. Czarnecki. Clafer tools for product line engineering. In Proc. of the Int'l Software Product Line Conference (SPLC) Co-located Workshops. 2013.
[15]
C. Percival and S. Josefsson. The scrypt password-based key derivation function. Internet Engineering Task Force (IETF), 2012.
[16]
National institute of standards and technology (NIST). secure hashing -- approved algorithms. http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html.
[17]
M. Antkiewicz. Clafer cheat sheet. http://t3-necsis.cs.uwaterloo.ca:8091/Clafer%20Cheat%20Sheet.
[18]
Accessing Clafer models programmatically. http://www.clafer.org/2014/08/accessing-clafer-models-programmatically.html.
[19]
U. Aßmann, S. Zschaler, and G. Wagner. Ontologies, meta-models, and the model-driven paradigm. In Ontologies for software engineering and software technology. Springer, 2006.
[20]
C. Atkinson, M. Gutheil, and K. Kiko. On the relationship of ontologies and models. In Proc. of the 2nd Workshop on MetaModelling (WoMM). 2006.
[21]
K. Czarnecki, C. Hwan, P. Kim, and K. Kalleberg. Feature models are views on ontologies. In Proc. of the Int'l Software Product Line Conference (SPLC), 2006.
[22]
D. Kalibatiene and O. Vasilecas. Survey on ontology languages. In Perspectives in Business Informatics Research. Springer, 2011.
[23]
K. Bąk. Modeling and Analysis of Software Product Line Variability in Clafer. PhD thesis, University of Waterloo, 2013.
[24]
A. Gyrard, C. Bonnet, and K. Boudaoud. An ontology-based approach for helping to secure the etsi machine-to-machine architecture. In Proc. of the IEEE Int'l Conference on the Internet of Things (iThings). IEEE, 2014.
[25]
L. Cleophas, B. W. Watson, D. G. Kourie, and A. Boake. TABASCO: A taxonomy-based domain engineering method. In Proceedings of the 2005 Annual Conference of the South African Institute of Computer Scientists and Information Technologists. 2005.
[26]
I. Schaefer, C. Seidl, L. Cleophas, and B. W. Watson. SPLicing TABASCO: Custom-tailored software product line variants from taxonomy-based toolkits. In Proceedings of the 2015 Annual Conference of the South African Institute of Computer Scientists and Information Technologists. 2015.
[27]
H. Eichelberger and K. Schmid. A systematic analysis of textual variability modeling languages. In Proc. of the Int'l Software Product Line Conference (SPLC). 2013.
[28]
A. Classen, Q. Boucher, and P. Heymans. A text-based approach to feature modelling: Syntax and semantics of TVL. Science of Computer Programming, 76(12):1130--1143, 2011. Special Issue on Software Evolution, Adaptability and Variability.
[29]
H. Eichelberger, S. E. Sharkawy, C. Kröher, and K. Shmid. INDENICA variability modeling language: Language specification (version 1.26). Technical report. http://projects.sse.uni-hildesheim.de/easy/docs/ivml_spec.pdf.
[30]
M.-O. Reiser. Core concepts of the Compositional Variability Management Framework (CVM) -- a practitioner's guide. Technical report. http://www.eecs.tu-berlin.de/fileadmin/f4/TechReports/2009/tr-2009-16.pdf.
[31]
Clafer example models. http://t3-necsis.cs.uwaterloo.ca:8091/.
[32]
M. H. ter Beek, A. Fantechi, and S. Gnesi. Applying the product lines paradigm to the quantitative analysis of collective adaptive systems. In Proceedings of the 19th Int'l Conference on Software Product Line, 2015.
[33]
T. Berger, R. Rublack, D. Nair, J. M. Atlee, M. Becker, K. Czarnecki, and A. Wąsowski. A survey of variability modeling in industrial practice. In Proc. of the Workshop on Variability Modeling of Software-Intensive Systems (VaMoS), 2013.
[34]
T. Berger, D. Nair, R. Rublack, J. M. Atlee, K. Czarnecki, and A. Wąsowski. Three cases of feature-based variability modeling in industry. In Model-Driven Engineering Languages and Systems. Springer, 2014.
[35]
M. Alférez, J. A. Galindo, M. Acher, and B. Baudry. Modeling variability in the video domain: Language and experience report. Technical report, 2014.
[36]
A. Hubaux, Q. Boucher, H. Hartmann, R. Michel, and P. Heymans. Evaluating a textual feature modelling language: Four industrial case studies. In Software Language Engineering. Springer, 2011.
[37]
D. R. Stinson. Cryptography: theory and practice. CRC press, 2005.

Cited By

View all
  • (2022)Empirical analysis of the tool support for software product linesSoftware and Systems Modeling10.1007/s10270-022-01011-222:1(377-414)Online publication date: 8-Jun-2022
  • (2020)Model-based security analysis of feature-oriented software product linesACM SIGPLAN Notices10.1145/3393934.327812653:9(93-106)Online publication date: 7-Apr-2020
  • (2020)CogniCrypt: generating code for the secure usage of crypto APIsProceedings of the 18th ACM/IEEE International Symposium on Code Generation and Optimization10.1145/3368826.3377905(185-198)Online publication date: 22-Feb-2020
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
VaMoS '16: Proceedings of the 10th International Workshop on Variability Modelling of Software-Intensive Systems
January 2016
116 pages
ISBN:9781450340199
DOI:10.1145/2866614
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

In-Cooperation

  • SBC: Sociedade Brasileira de Computação
  • FAPESB: Fundação de Amparo à Pesquisa do Estado da Bahia
  • University of Brasília: University of Brasília
  • Technische Universität Braunschweig

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 January 2016

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Clafer
  2. Cryptography
  3. Variability Modeling

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

VaMoS '16

Acceptance Rates

Overall Acceptance Rate 66 of 147 submissions, 45%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)6
  • Downloads (Last 6 weeks)0
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2022)Empirical analysis of the tool support for software product linesSoftware and Systems Modeling10.1007/s10270-022-01011-222:1(377-414)Online publication date: 8-Jun-2022
  • (2020)Model-based security analysis of feature-oriented software product linesACM SIGPLAN Notices10.1145/3393934.327812653:9(93-106)Online publication date: 7-Apr-2020
  • (2020)CogniCrypt: generating code for the secure usage of crypto APIsProceedings of the 18th ACM/IEEE International Symposium on Code Generation and Optimization10.1145/3368826.3377905(185-198)Online publication date: 22-Feb-2020
  • (2019)Modeling variability in the video domainSoftware Quality Journal10.1007/s11219-017-9400-827:1(307-347)Online publication date: 1-Mar-2019
  • (2018)Model-based security analysis of feature-oriented software product linesProceedings of the 17th ACM SIGPLAN International Conference on Generative Programming: Concepts and Experiences10.1145/3278122.3278126(93-106)Online publication date: 5-Nov-2018
  • (2017)CogniCrypt: supporting developers in using cryptographyProceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering10.5555/3155562.3155681(931-936)Online publication date: 30-Oct-2017
  • (2017)CogniCrypt: Supporting developers in using cryptography2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE)10.1109/ASE.2017.8115707(931-936)Online publication date: Oct-2017

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media