Publications

Campos JC, Harrison M.  2008.  Considering context and users in interactive systems analysis. 2nd Conference on Human-Centred Software Engineering - HCSE and 7th International Workshop on Task Models and Diagrams - TAMODIA. 4940:193-209. Abstracteis07contextvlncs.pdf

Although the take-up of formal approaches to modelling and reasoning about software has been slow, there has been recent interest and facility in the use of automated reasoning techniques such as model checking [5] on increasingly complex systems. In the case of interactive systems, formal methods can be particularly useful in reasoning about systems that involve complex interactions. These techniques for the analysis of interactive systems typically focus on the device and leave the context of use undocumented. In this paper we look at models that incorporate complexity explicitly, and discuss how they can be used in a formal setting. The paper is concerned particularly with the type of analysis that can be performed with them.
Guerreiro N, Mendes S, Pinheiro V, Campos JC.  2008.  AniMAL - a user interface prototyper and animator for MAL interactor models. Interac - International Conference on Human-Computer Interaction. :93-102. Abstract08gmpc-int08-versaopub.pdf

Engineering correct software is one of the grand challenges of computer science. Practical design and verification methodologies to ensure correct software can have a substantial impact on how programs are built by the industry. As human-machine systems become more functional, they also become more complex. Consequently, the interactions between the machine and its users becomes less predictable and more difficult to analyse. Using Model Checking it is possible to automatically analyse the behaviour of a modelled system. Hence, different authors have investigated the applicability of model checking to the analysis of human-machine interactions. The IVY workbench is a tool that supports system design and verification, by providing a model checking based integrated modelling and analysis environment. The tool is based around a plugin architecture, and although it features a verification results' analyser, it thus far lacked the ability to visually expose the sequence of events that lead to a system failure on a system's prototype. We propose the AniMAL plugin as an extension to the IVY workbench, providing automatic user interface prototyping and verification results' animation, while allowing thorough customisation.
Borges M, Campos JC, Ribeiro AN.  2008.  Framework de distribuição assíncrona de aplicações móveis situadas. Interac - International Conference on Human-Computer Interaction. :181-186. Abstractshort_paper_mborges_cameraready.pdf

Ao contrário das aplicações criadas para os computadores de secretária, as aplicações móveis podem tirar partido do facto de acompanharem o dispositivo em que estão a correr para diferentes locais. Estas localizações geográficas são um factor que permite que estas possam reagir e ajustar-se a realidades distintas. O trabalho apresentado neste artigo pretende ser um passo no sentido de aproximar as aplicações aos sítios físicos onde estas correm. É também uma aproximação ao problema da variabilidade dos dispositivos. Consiste numa framework para distribuição de aplicações que vão correr num gestor de aplicações pré- instalado em dispositivos móveis. Este gestor é responsável por actuar sobre a aplicação sempre que determinadas condições reais sejam atingidas. É também responsável por gerir o descarregamento das aplicações a partir das infraestruturas que as disponibilizam. Numa perspectiva qualitativa, e com base numa aplicação de teste desenvolvida, a framework revela-se adequada a distribuição de aplicações em ambientes móveis.

Campos JC, Machado J, Seabra E.  2008.  Property Patterns for the Formal Verification of Automated Production Systems. Proceedings of the 17th IFAC World Congress. :5107-5112. Abstract4192.pdf

In recent years, several approaches to the analysis of automation systems dependability through the application of formal verification techniques have been proposed. Much of the research has been concerned with the modelling languages used, and how best to express the automation systems, so that automated veri cation might be possible. Less attention, however, has been devoted to the process of writing properties that accurately capture the requirements that need veri cation. This is however a crucial aspect of the veri cation process. Writing appropriate properties, in a logic suitable for veri cation, is a skilful process, and indeed there have been reports of properties being wrongly expressed. In this paper we put forward a tool and a collection of property patterns that aim at providing help in this area.

Campos JC, Harrison M.  2008.  Systematic analysis of control panel interfaces using formal tools. 15th International Workshop on the Design, Verification and Specification of Interactive Systems - DSV-IS. :72-85. Abstract2012-dsvis08-ch.pdf

The paper explores the role that formal modeling may play in aiding the visualization and implementation of usability requirements of a control panel. We propose that this form of analysis should become a systematic and routine aspect of the development of such interfaces. We use a notation for describing the interface that is convenient to use by software engineers, and describe a set of tools designed to make the process systematic and exhaustive.
Doherty G, Campos JC, Harrison M.  2008.  Resources for Situated Actions. 15th International Workshop on the Design, Verification and Specification of Interactive Systems (DSV-IS 2008). Abstractdsvis08-preprint.pdf

In recent years, advances in software tools have made it easier to analyze interactive system specifications, and the range of their possible behaviors. However, the effort involved in producing the specifications of the system is still substantial, and a difficulty exists regarding the specification of plausible behaviors on the part of the user. Recent trends in technology towards more mobile and distributed systems further exacerbates the issue, as contextual factors come in to play, and less structured, more opportunistic behavior on the part of the user makes purely task-based analysis difficult. In this paper we consider a resourced action approach to specification and analysis. In pursuing this approach we have two aims - firstly, to facilitate a resource-based analysis of user activity, allowing resources to be distributed across a number of artifacts, and secondly to consider within the analysis a wider range of plausible and opportunistic user behaviors without a heavy specification overhead, or requiring commitment to detailed user models.
Barbosa MB, Farshim P.  2008.  Certificateless signcryption. ACM Symposium on Information, Computer and Communications Security, ASIACCS 2008. :369-372. Abstract143.pdf

Certificateless cryptography inherits a solution to the certificate management problem in public-key encryption from identity-based techniques, whilst removing the secret key escrow functionality inherent to the identity-based setting. Signcryption schemes achieve confidentiality and authentication simultaneously by combining public-key encryption and digital signatures, offering better overall performance and security. In this paper, we introduce the notion of certificateless signcryption and present an efficient construction which guarantees security under insider attacks, and therefore provides forward secrecy and non-repudiation.
Barbosa MB, Brouard T, Cauchie S, Sousa SM.  2008.  Secure Biometric Authentication with Improved Accuracy. 13th Australasian Conference on Information Security and Privacy - ACISP. 5107:21-36. Abstract302.pdf

We propose a new hybrid protocol for cryptographically secure biometric authentication. The main advantages of the proposed protocol over previous solutions can be summarised as follows: (1) potential for much better accuracy using different types of biometric signals, including behavioural ones; and (2) improved user privacy, since user identities are not transmitted at any point in the protocol execution. The new protocol takes advantage of state-of-the-art identification classifiers, which provide not only better accuracy, but also the possibility to perform authentication without knowing who the user claims to be. Cryptographic security is based on the Paillier public key encryption scheme.
Correia A, Pereira JO, Oliveira R.  2008.  AKARA: A Flexible Clustering Protocol for Demanding Transactional Workloads. OTM International Symposium on Distributed Objects, Middleware, and Applications - DOA. 5331:{691-708}. Abstractakara.pdf

Shared-nothing clusters are a well known and cost-effective approach to database server scalability, in particular, with highly intensive read-only workloads typical of many 3-tier web-based applications. The common reliance on a centralized component and a simplistic propagation strategy employed by mainstream solutions however conduct to poor scalability with traditional on-line transaction processing (OLTP), where the update ratio is high. Such approaches also pose an additional obstacle to high availability while introducing a single point of failure.
More recently, database replication protocols based on group communication have been shown to overcome such limitations, expanding the applicability of shared-nothing clusters to more demanding transactional workloads. These take simultaneous advantage of total order multicast and transactional semantics to improve on mainstream solutions. However, none has already been widely deployed in a general purpose database management system.
In this paper, we argue that a major hurdle for their acceptance is that these proposals have disappointing performance with specific subsets of real-world workloads. Such limitations are deep-rooted and working around them requires in-depth understanding of protocols and changes to applications. We address this issue with a novel protocol that combines multiple transaction execution mechanisms and replication techniques and then show how it avoids the identified pitfalls. Experimental results are obtained with a workload based on the industry standard TPC-C benchmark.
Pereira JO, Campos F.  2008.  Gossip-based service coordination for scalability and resilience. Proceedings of the 3rd workshop on Middleware for service oriented computing - MW4SOC. :55–60. Abstractcp08a.pdf

Many interesting emerging applications involve the coordination of a large number of service instances, for instance, as targets for dissemination or sources in information gathering. These applications raise hard architectural, scalability, and resilience issues that are not suitably addressed by centralized or monolithic coordination solutions.

In this paper we propose a lightweight approach to service coordination aimed at such application scenarios. It is based on gossiping and thus potentially fully decentralized, requiring that each participant is concerned only with a small number of peers. Although being obviously simple and scalable, it has been shown that gossip-based protocols lead to emergent strong resilience guarantees.

We illustrate the approach with WS--PushGossip, a proof-of-concept coordination protocol based upon the WS--Coordination framework. Besides presenting WS--PushGossip, we illustrate its usefulness with a sample application, and outline a middleware implementation based on Apache Axis2.
Campos F, Pereira JO.  2008.  WS-Gossip: Middleware for scalable service coordination. Companion '08: Proceedings of the ACM/IFIP/USENIX Middleware '08 Conference Companion. :116–117. Abstractcp08b.pdf

The evolution and growing adoption of service-oriented computing increases the demand for applications involving the coordination of very large numbers of services. The goal of WS–Gossip is to leverage gossiping in service-oriented computing as a high level structuring paradigm, thus inherently achieving scalability and resilience when coordinating large numbers of services.
Leitão J, Pereira JO, Rodrigues L.  2008.  On the Structure of Unstructured Overlay Networks. 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. Abstractdsn08fastabs_leitao.pdf

Unstructured overlay networks are a key component of many peer-to-peer systems. These overlays exhibit a set of interesting properties that derive from their inherent randomness. In this fast abstract we briefly discuss the key aspects that need to be considered when attempting to bias the structure of unstructured networks, such that it becomes possible to improve the efficiency of applications and services executed at the top level, without impairing the correctness of the overlay.
Matos M, Pereira JO, Oliveira R.  2008.  Self Tuning with Self Confidence. 38th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. Abstractdsnfastabstract-selftunning.pdf

Recent research on managing complex computing systems has focused on the autonomic computing vision: Systems should manage themselves according to an high level administrator’s goal [5]. As an example, system components should monitor the enviroment and self-tune to meet quality of service expectations, without requiring manual intervention in the selection of concrete configuration options or in coordinating the reconfiguration process.
Silva P, Oliveira JN.  2008.  'Galculator': functional prototype of a Galois-connection based proof assistant. Proceedings of 10th International ACM SIGPLAN Conference on Principles and Practice of Declarative Programming. :44-55. Abstractppdp08.pdf

Galculator is the name of the prototype of a proof assistant of a special brand: it is solely based on the algebra of Galois connections. When combined with the pointfree transform and tactics such as the indirect equality principle, Galois connections offer a very powerful, generic device to tackle the complexity of proofs in program verification. The paper describes the architecture of the current Galculator prototype, which is implemented in Haskell in order to steer types as much as possible. The prospect of integrating the Galculator with other proof assistants such as e.g. Coq is also discussed.
Oliveira R.  2008.  An Open Architecture for Scalable Database Clustering. Proceedings of 3th Enterprise Distributed Object Computing Conference Workshops (EDOC). Abstract

The Database Management System (DBMS) used to be a commodity software component, with well known standard interfaces and semantics. However, the performance, scalability and reliability expectations being placed on DBMS have increased the demand for a variety of add-ons, that augment the functionality of the database in a wide range of deployment scenarios, offering support for features such as clustering, replication, and self-management, among others. Recently, several such add-ons have been designed and implemented both in the academia and by leading commercial database providers. Each proposal tends to target certain goals and applications, therefore establishing specific tradeoffs that impair their flexibility. Moreover, it has been a common fundamental assumption that any add-ons should not be intrusive and that the DBMS should be kept unchanged and monolithically handled. While this is a very sensible and pragmatic view due to the complexity of DBMS and the critical role they play in existing information systems, emerging demands on scalability require greater flexibility of the whole data management system so that major functionalities can be realized as autonomous services with specific tradeoffs and quality of service. The GORDA project (EU 1ST FP6) proposed a general purpose DBMS reflection architecture and interface - GAPI, which supports a number of useful extensions while at the same time admitting efficient implementations. By exposing at the interface an abstract representation of the systems' inner functionality, the later can be inspected and manipulated, thus changing its behavior without loss of encapsulation. DBMS have long taken advantage of this - on the database schema, on triggers, and when exposing the log. In this talk we describe the various aspects and goals that led to GAPI and we illustrate the usefulness of the architecture and interface with concrete examples. GORDA fundamentally emphasizes the modularity of the add-ons, e.g. cluste- - ring, replication and management, the DBMS itself and fundamental building blocks such as reliable group communication. This effort clearly seems to be of major relevance for the emerging Cloud storage systems. By easing the development of different add-ons for database systems, it can be used to enrich the current products offered by key providers such as Amazon and Google and enable small providers to jump into this new trend. Cloud storage offers are touted as being able to deal with both very large data volumes as well as large numbers of clients with different storage needs. Per se, these two requirements call for highly scalable and flexible infrastructures. Current general tradeoffs however, favor minimal client interfaces with pretty relaxed consistency guarantees which are not adequate to general applications. Bringing transactional semantics and ACID guarantees to the Cloud appears as a major commercial trend and research challenge.