Injection Pattern for Inserting Privacy Patterns and Services in Software

Total Page:16

File Type:pdf, Size:1020Kb

Injection Pattern for Inserting Privacy Patterns and Services in Software PIP: A (Privacy) Injection Pattern for Inserting Privacy Patterns and Services in Software by Naureen Ali Submitted in partial fulfilment of the requirements for the degree of Master of Computer Science at Dalhousie University Halifax, Nova Scotia November 2015 © Copyright by Naureen Ali, 2015 Table of Contents List of Tables ................................................................................................................................. v List of Figures ............................................................................................................................... vi Abstract ......................................................................................................................................... ix List of Abbreviations Used ........................................................................................................... x Acknowledgement ........................................................................................................................ xi Chapter 1 : Introduction .............................................................................................................. 1 1.1 Research Problem ........................................................................................................ 2 1.2 Research Objectives ..................................................................................................... 3 1.3 Outline .......................................................................................................................... 3 Chapter 2 : Background and Related Work .............................................................................. 4 2.1 Privacy Overview ......................................................................................................... 4 2.1.1 Privacy .......................................................................................................... 4 2.1.2 Privacy Policy .............................................................................................. 6 2.1.3 Privacy Standards and Laws ........................................................................ 7 2.2 Privacy Research .......................................................................................................... 8 2.2.1 Privacy Engineering: .................................................................................... 8 2.2.2 Patterns on Privacy ..................................................................................... 13 2.2.3 De-identification through Data Transformation Techniques ..................... 14 2.2.3.1 Character Masking Method ........................................................................ 14 2.2.3.2 The Randomization Method ....................................................................... 15 2.2.3.3 The k-anonymity Model ............................................................................. 15 2.2.3.4 The l-diversity Model ................................................................................. 17 2.2.3.5 The t-closeness Model ................................................................................ 19 2.2.4 Aspect Oriented Programming ................................................................... 21 2.2.4.1 Core Concerns and Cross-Cutting Concerns .............................................. 21 2.2.4.2 Aspect Oriented Programming Key Terminologies ................................... 23 2.2.4.3 AOP and Privacy ........................................................................................ 24 2.2.5 Dependency Injection ................................................................................. 31 2.2.6 Mocking ..................................................................................................... 38 2.3 Discussion .................................................................................................................. 40 Chapter 3 : Privacy Services Injection Pattern ........................................................................ 42 ii 3.1 Design Criteria ........................................................................................................... 42 3.2 The Privacy Injection Pattern (PIP) ........................................................................... 42 3.3 Architecture of the Privacy Injection Pattern (PIP) ................................................... 44 3.4 Software Engineer’s Learning Curve Perspective ..................................................... 47 3.4.1 Dependency Injection (DI) ......................................................................... 47 3.4.2 Mocking ..................................................................................................... 49 3.4.3 Aspect oriented programming .................................................................... 52 Chapter 4 : Prototype for Proof of Concept ............................................................................. 56 4.1 Banking System Use Case ......................................................................................... 56 4.2 Hospital System Use Case ......................................................................................... 64 Chapter 5 : Results and Evaluation .......................................................................................... 74 5.1 Evaluation Methodology ............................................................................................ 74 5.1.1 Survey Objectives ...................................................................................... 76 5.1.2 Survey Questions........................................................................................ 76 5.1.3 Survey Approach ........................................................................................ 76 5.1.3.1 Survey protocol .......................................................................................... 77 5.1.3.2 Survey instrument ...................................................................................... 77 5.1.3.3 Survey Design ............................................................................................ 77 5.1.3.4 Intended Data Analysis .............................................................................. 79 5.1.3.5 Recruitment ................................................................................................ 80 5.1.3.6 Participants ................................................................................................. 80 5.2 Participants ................................................................................................................. 80 5.3 Perceived Usefulness and Perceived Ease of Use ...................................................... 81 5.3.1 Qualitative Analysis ................................................................................... 83 5.3.1.1 Reliability ................................................................................................... 83 5.3.1.2 Validity ....................................................................................................... 85 5.4 Results for Perceived Usefulness and Ease of Use .................................................... 88 5.5 Improvements in PIP Pattern ..................................................................................... 92 5.6 Overall Motivation to Use the Pattern ....................................................................... 93 5.7 Limitations ................................................................................................................. 94 Chapter 6 : Conclusions and Future Work .............................................................................. 95 iii Bibliography ................................................................................................................................ 97 Appendix A – Letter of Approval ............................................................................................ 107 Appendix B – Recruitment Script ........................................................................................... 108 Appendix C – Informed Consent ............................................................................................. 109 Appendix D – Signature Page .................................................................................................. 112 Appendix E – Survey Questions .............................................................................................. 113 iv List of Tables Table 2.1 Seven Types of Privacy [adopted from (Finn et al., 2013)] ............................... 5 Table 2.2. Approaches of Aspect Weaving [adopted from (Sommerville, 2011)] ........... 24 Table 5.1. Demographics of the participants .................................................................... 81 Table 5.2. Mean, Standard Deviation and Cronbach's Alpha for Variables ..................... 84 Table 5.3. Cronbach’s Alpha of Perceived Usefulness and Perceived Ease of Use ......... 84 Table 5.4. Correlation Matrix for Perceived Usefulness .................................................. 86 Table 5.5. Correlation Matrix for Perceived Ease of Use ................................................. 86 Table 5.6. Factor loadings after Varimax rotation ............................................................ 87 Table 5.7. Average of Scale of Perceived Usefulness and Perceived Ease of Use........... 89 v List of Figures Figure 2.1. Health related data [adopted from Zhong et al. (2005)] ................................. 15
Recommended publications
  • What Is Spring Framework?
    Software Engineering a.a. 2019-2020 Introduction to Spring Framework Prof. Luca Mainetti Università del Salento Roadmap ■ Introduction to Spring ■ Dependency Injection and IoC ■ Bean ■ AoP ■ Module Architecture Introduction to Spring Framework 2 Luca Mainetti What Is Spring Framework? ■ Spring is the most popular application development framework for Java enterprise ■ Open source Java platform since 2003. ■ Spring supports all main application servers and JEE standards ■ Spring handles the infrastructure so you can focus on your application ■ Current version: 5.0.X Introduction to Spring Framework 3 Luca Mainetti What does Spring offer? ■ Dependency Injection – Also known as IoC (Inversion of Control) ■ Aspect Oriented Programming – Runtime injection-based ■ Portable Service Abstractions – The rest of spring • ORM, DAO, Web MVC, Web, etc. • Allows access to these without knowing how they actually work Introduction to Spring Framework 4 Luca Mainetti Dependency Injection ■ The technology that actually defines Spring (Heart of Spring). ■ Dependency Injection helps us to keep our classes as indepedent as possible. – Increase reuse by applying low coupling – Easy testing – More understandable An injection is the passing of a dependency (a service) to a dependent object (a client). Passing the service to the client, rather than allowing a client to build or find the service, is the fundamental requirement of the pattern. Introduction to Spring Framework 5 Luca Mainetti Dependency Injection and Inversion of Control (IoC) In software engineering, inversion of control (IoC) describes a design in which custom-written portions of a computer program receive the flow of control from a generic, reusable library. ■ The Inversion of Control (IoC) is a general concept, and it can be expressed in many different ways and dependency Injection is merely one concrete example of Inversion of Control.
    [Show full text]
  • Ioc Containers in Spring
    301AA - Advanced Programming Lecturer: Andrea Corradini [email protected] http://pages.di.unipi.it/corradini/ AP-2018-11: Frameworks and Inversion of Control Frameworks and Inversion of Control • Recap: JavaBeans as Components • Frameworks, Component Frameworks and their features • Frameworks vs IDEs • Inversion of Control and Containers • Frameworks vs Libraries • Decoupling Components • Dependency Injection • IoC Containers in Spring 2 Components: a recap A software component is a unit of composition with contractually specified interfaces and explicit context dependencies only. A software component can be deployed independently and is subject to composition by third party. Clemens Szyperski, ECOOP 1996 • Examples: Java Beans, CLR Assemblies • Contractually specified interfaces: events, methods and properties • Explicit context dependencies: serializable, constructor with no argument • Subject to composition: connection to other beans – Using connection oriented programming (event source and listeners/delegates) 3 Towards Component Frameworks • Software Framework: A collection of common code providing generic functionality that can be selectively overridden or specialized by user code providing specific functionality • Application Framework: A software framework used to implement the standard structure of an application for a specific development environment. • Examples: – GUI Frameworks – Web Frameworks – Concurrency Frameworks 4 Examples of Frameworks Web Application Frameworks GUI Toolkits 5 Examples: General Software Frameworks – .NET – Windows platform. Provides language interoperability – Android SDK – Supports development of apps in Java (but does not use a JVM!) – Cocoa – Apple’s native OO API for macOS. Includes C standard library and the Objective-C runtime. – Eclipse – Cross-platform, easily extensible IDE with plugins 6 Examples: GUI Frameworks • Frameworks for Application with GUI – MFC - Microsoft Foundation Class Library.
    [Show full text]
  • Inversion of Control in Spring – Using Annotation
    Inversion of Control in Spring – Using Annotation In this chapter, we will configure Spring beans and the Dependency Injection using annotations. Spring provides support for annotation-based container configuration. We will go through bean management using stereotypical annotations and bean scope using annotations. We will then take a look at an annotation called @Required, which allows us to specify which dependencies are actually required. We will also see annotation-based dependency injections and life cycle annotations. We will use the autowired annotation to wire up dependencies in the same way as we did using XML in the previous chapter. You will then learn how to add dependencies by type and by name. We will also use qualifier to narrow down Dependency Injections. We will also understand how to perform Java-based configuration in Spring. We will then try to listen to and publish events in Spring. We will also see how to reference beans using Spring Expression Language (SpEL), invoke methods using SpEL, and use operators with SpEL. We will then discuss regular expressions using SpEL. Spring provides text message and internationalization, which we will learn to implement in our application. Here's a list of the topics covered in this chapter: • Container configuration using annotations • Java-based configuration in Spring • Event handling in Spring • Text message and internationalization [ 1 ] Inversion of Control in Spring – Using Annotation Container configuration using annotation Container configuration using Spring XML sometimes raises the possibility of delays in application development and maintenance due to size and complexity. To solve this issue, the Spring Framework supports container configuration using annotations without the need of a separate XML definition.
    [Show full text]
  • Dependency Injection with Unity
    D EPEN DEPENDENCY INJECTION WITH UNITY Over the years software systems have evolutionarily become more and more patterns & practices D ENCY complex. One of the techniques for dealing with this inherent complexity Proven practices for predictable results of software systems is dependency injection – a design pattern that I allows the removal of hard-coded dependencies and makes it possible to Save time and reduce risk on your NJECT assemble a service by changing dependencies easily, whether at run-time software development projects by or compile-time. It promotes code reuse and loosely-coupled design which incorporating patterns & practices, I leads to more easily maintainable and flexible code. Microsoft’s applied engineering ON guidance that includes both production The guide you are holding in your hands is a primer on using dependency quality source code and documentation. W I injection with Unity – a lightweight extensible dependency injection TH DEPENDENCY INJECTION container built by the Microsoft patterns & practices team. It covers The guidance is designed to help U software development teams: various styles of dependency injection and also additional capabilities N I of Unity container, such as object lifetime management, interception, Make critical design and technology TY and registration by convention. It also discusses the advanced topics of selection decisions by highlighting WITH UNITY enhancing Unity with your custom extensions. the appropriate solution architectures, technologies, and Microsoft products The guide contains plenty of trade-off discussions and tips and tricks for for common scenarios managing your application cross-cutting concerns and making the most out of both dependency injection and Unity. These are accompanied by a Understand the most important Dominic Betts real world example that will help you master the techniques.
    [Show full text]
  • From Zero to 1000 Tests in 6 Months
    From Zero to 1000 tests in 6 months Or how not to lose your mind with 2 week iterations Name is Max Vasilyev Senior Developer and QA Manager at Solutions Aberdeen http://tech.trailmax.info @trailmax Business Does Not Care • Business does not care about tests. • Business does not care about internal software quality. • Business does not care about architecture. • Some businesses don’t care so much, they even don’t care about money. Don’t Tell The Business Just do it! Just write your tests, ask no one. Honestly, tomorrow in the office just create new project, add NUnit package and write a test. That’ll take you 10 minutes. Simple? Writing a test is simple. Writing a good test is hard. Main questions are: – What do you test? – Why do you test? – How do you test? Our Journey: Stone Age Started with Selenium browser tests: • Recording tool is OK to get started • Boss loved it! • Things fly about on the screen - very dramatic But: • High maintenance effort • Problematic to check business logic Our Journey: Iron Age After initial Selenium fever, moved on to integration tests: • Hook database into tests and part-test database. But: • Very difficult to set up (data + infrastructure) • Problematic to test logic Our Journey: Our Days • Now no Selenium tests • A handful of integration tests • Most of the tests are unit-ish* tests • 150K lines of code in the project • Around 1200 tests with 30% coverage** • Tests are run in build server * Discuss Unit vs Non-Unit tests later ** Roughly 1 line of test code covers 2 lines of production code Testing Triangle GUI Tests GUI Tests Integration Tests Integration Tests Unit Tests Unit Tests Our Journey: 2 Week Iterations? The team realised tests are not optional after first 2-week iteration: • There simply was no time to manually test everything at the end of iteration.
    [Show full text]
  • Designpatternsphp Documentation Release 1.0
    DesignPatternsPHP Documentation Release 1.0 Dominik Liebler and contributors Jul 18, 2021 Contents 1 Patterns 3 1.1 Creational................................................3 1.1.1 Abstract Factory........................................3 1.1.2 Builder.............................................8 1.1.3 Factory Method......................................... 13 1.1.4 Pool............................................... 18 1.1.5 Prototype............................................ 21 1.1.6 Simple Factory......................................... 24 1.1.7 Singleton............................................ 26 1.1.8 Static Factory.......................................... 28 1.2 Structural................................................. 30 1.2.1 Adapter / Wrapper....................................... 31 1.2.2 Bridge.............................................. 35 1.2.3 Composite............................................ 39 1.2.4 Data Mapper.......................................... 42 1.2.5 Decorator............................................ 46 1.2.6 Dependency Injection...................................... 50 1.2.7 Facade.............................................. 53 1.2.8 Fluent Interface......................................... 56 1.2.9 Flyweight............................................ 59 1.2.10 Proxy.............................................. 62 1.2.11 Registry............................................. 66 1.3 Behavioral................................................ 69 1.3.1 Chain Of Responsibilities...................................
    [Show full text]
  • Monadic Functional Reactive Programming
    Monadic Functional Reactive Programming Atze van der Ploeg Centrum Wiskunde & Informatica [email protected] Abstract FRP is based on the notion of a reactive computation: a monadic Functional Reactive Programming (FRP) is a way to program reac- computation which may require the occurrence of external events tive systems in functional style, eliminating many of the problems to continue. The Monadic FRP variant of a signal is a signal that arise from imperative techniques. In this paper, we present an computation: a reactive computation that may also emit values alternative FRP formulation that is based on the notion of a reac- during the computation. tive computation: a monadic computation which may require the This novel formulation has two differences with other FRP occurrence of external events to continue. A signal computation approaches: is a reactive computation that may also emit values. In contrast to • In contrast to signals in other FRP formulations, signal compu- signals in other FRP formulations, signal computations can end, tations can end. This leads to a simple, monadic interface for leading to a monadic interface for sequencing behavioral changes. sequencing behavioral changes. This interface has several advantages: routing is implicit, sequencing • behaviors is easier and more intuitive than the switching combina- In other FRP approaches, either the entire FRP expression is tors found in other FRP approaches, and dynamic lists require much re-evaluated on each external stimulus, or impure techniques less boilerplate code. In other FRP approaches, either the entire are used to prevent redundant re-computations: re-computing FRP expression is re-evaluated on each external stimulus, or impure the current value of signal while the input it depends on has not techniques are used to prevent redundant re-computations.
    [Show full text]
  • Stream-Based Verification with Junit
    Stream-Based Verification with JUnit Strombasierte Verifikation mit JUnit Masterarbeit Im Rahmen des Studiengangs Vorgelegt von Ausgegeben und betreut von Informatik Denis-Michael Lux Prof. Dr. Martin Leucker der Universität zu Lübeck mit Unterstützung von Malte Schmitz, M.Sc. Dipl.-Inf. Daniel Thoma Lübeck, den 14. Juni 2019 Selbstständigkeitserklärung Der Verfasser versichert an Eides statt, dass er die vorliegende Arbeit selbständig, ohne fremde Hilfe und ohne Benutzung anderer als der angegebenen Hilfsmittel angefertigt hat. Die aus fremden Quellen (einschließlich elektronischer Quellen) direkt oder indirekt über- nommenen Gedanken sind ausnahmslos als solche kenntlich gemacht. Die Arbeit ist in gle- icher oder ähnlicher Form oder auszugsweise im Rahmen einer anderen Prüfung noch nicht vorgelegt worden. Ort/Datum Unterschrift des Verfassers Contents Introduction 1 1 Unit Testing and Mocking in JUnit 3 1.1 Unit Testing ................................... 4 1.2 The JUnit Testing Framework ......................... 4 1.3 Assertions .................................... 8 1.4 Mocks and Stubs ................................ 10 2 Stream Runtime Verification 13 2.1 Runtime Verfication .............................. 13 2.2 Stream Processing ............................... 14 2.3 Temporal Stream-based Specification Language (TeSSLa) .......... 20 3 TeSSLa-Based Monitoring and Mocking in JUnit 25 3.1 Application Code Instrumentation ...................... 25 3.2 Monitors for Test Cases and Test Suites .................... 28 3.3 Class and Interface
    [Show full text]
  • Autonomic Test Case Generation of Failing Code Using AOP By
    Autonomic Test Case Generation of Failing Code Using AOP by Giovanni Murguia B.Sc., Instituto Tecnol´ogicoy de Estudios Superiores de Monterrey, Mexico 2008 A Thesis Submitted in Partial Fulfillment of the Requirements for the Degree of Master of Science in the Department of Computer Science c Giovanni Murguia, 2020 University of Victoria All rights reserved. This thesis may not be reproduced in whole or in part, by photocopying or other means, without the permission of the author. ii Autonomic Test Case Generation of Failing Code Using AOP by Giovanni Murguia B.Sc., Instituto Tecnol´ogicoy de Estudios Superiores de Monterrey, Mexico 2008 Supervisory Committee Dr. Hausi A. M¨uller,Supervisor (Department of Computer Science) Dr. Alex I. Thomo, Departamental Member (Department of Computer Science) iii Supervisory Committee Dr. Hausi A. M¨uller,Supervisor (Department of Computer Science) Dr. Alex I. Thomo, Departamental Member (Department of Computer Science) ABSTRACT As software systems have grown in size and complexity, the costs of maintaining such systems increases steadily. In the early 2000's, IBM launched the autonomic com- puting initiative to mitigate this problem by injecting feedback control mechanisms into software systems to enable them to observe their health and self-heal without human intervention and thereby cope with certain changes in their requirements and environments. Self-healing is one of several fundamental challenges addressed and includes software systems that are able to recover from failure conditions. There has been considerable research on software architectures with feedback loops that allow a multi-component system to adjust certain parameters automatically in response to changes in its environment.
    [Show full text]
  • Test-‐Driven Development Step Patterns for Designing Objects
    Test-Driven Development Step Patterns For Designing Objects Dependencies EDUARDO GUERRA, National Institute for Space Research, Brazil JOSEPH YODER, Refactory Inc., USA MAURÍCIO FINAVARO ANICHE, University of São Paulo, Brazil MARCO AURÉLIO GEROSA, University of São Paulo, Brazil Test-driven development (TDD) is a development technique often used to design classes in a software system by creating tests before their actual code. The dependency management and class APIs decisions, that emerge during the practice of TDD, does not "just happen": the way that the tests are created should be used in this process to make decisions and drive the design in the desired direction. This paper introduces four patterns that document the kinds of TDD cycles that can be performed to guide the design in the desired direction. These patterns are part of a pattern language that intends to present recurrent solutions that are used in a TDD process. Categories and Subject Descriptors: D.1.5 [Programming Techniques]: Object-oriented Programming; D.2.11 [Software Architectures]: Patterns General Terms: Test driven development Additional Key Words and Phrases: TDD, softWare design, patterns ACM Reference Format: Guerra, E., Yoder, J., Aniche, M. and Gerosa, M.. 2013. Test-Driven Development Step Patterns For Designing Objects Dependencies. Proceedings of the 20th Conference on Pattern Languages of Programs (PLoP). October 2013, 15 pages. 1. INTRODUCTION Test-driven development (TDD) is a technique in Which the tests are Written before the production code (Beck 2002). By using it, the development occurs in cycles, comprised of the creation of an automated test, an update on the developed softWare to make the test pass, and a code refactoring to improve the solution.
    [Show full text]
  • Simple Injector Documentation Release 5
    Simple Injector Documentation Release 5 Simple Injector Contributors Jul 27, 2021 Contents 1 Quick Start 3 1.1 Overview.................................................3 1.2 Getting started..............................................3 1.3 A Quick Example............................................4 1.3.1 Dependency Injection......................................4 1.3.2 Introducing Simple Injector...................................5 1.4 More information.............................................6 2 Using Simple Injector 7 2.1 Resolving instances...........................................9 2.2 Configuring Simple Injector....................................... 10 2.2.1 Auto-Registration/Batch-registration.............................. 13 2.3 Collections................................................ 14 2.3.1 Collection types......................................... 16 2.3.2 Auto-registering collections.................................. 16 2.3.3 Adding registrations to an existing collection......................... 17 2.4 Verifying the container’s configuration................................. 17 2.5 Automatic constructor injection / auto-wiring.............................. 18 2.6 More information............................................. 19 3 Object Lifetime Management 21 3.1 Transient Lifestyle............................................ 22 3.2 Singleton Lifestyle............................................ 22 3.3 Scoped Lifestyle............................................. 23 3.3.1 Disposing a Scope......................................
    [Show full text]
  • The Spring Framework: an Open Source Java Platform for Developing Robust Java Applications
    International Journal of Innovative Technology and Exploring Engineering (IJITEE) ISSN: 2278-3075, Volume-3 Issue-2, July 2013 The Spring Framework: An Open Source Java Platform for Developing Robust Java Applications Dashrath Mane, Ketaki Chitnis, Namrata Ojha Abstract— The fundamental concepts of Spring Framework is Supported deployment platforms range from standalone presented in this paper.Spring framework is an open source Java applications to Tomcat and Java EE servers such as platform that provides comprehensive infrastructure support for WebSphere. Spring is also a first-class citizen on major developing robust Java applications very easily and very rapidly. cloud platforms with Java support, e.g. on Heroku, Google The Spring Framework is a lightweight solution and a potential App Engine, Amazon Elastic Beanstalk and VMware's one-stop-shop for building your enterprise-ready applications. Cloud Foundry.[1] IndexTerms— Aspect Oriented Programming, Dependency Injection, IoC Container, ORM. II. SPRING FRAMEWORK ARCHITECTURE Spring could potentially be a one-stop shop for all your I. INTRODUCTION enterprise applications; however, Spring is modular, Spring is the most popular application development allowing you to pick and choose which modules are framework for enterprise Java. Millions of developers applicable to you, without having to bring in the rest. around the world use Spring Framework to create high The Spring Framework provides about 20 modules which performing, easily testable, reusable code. Spring can be used based on an application requirement. framework is an open source Java platform and it was initially written by Rod Johnson and was first released under the Apache 2.0 license in June 2003.
    [Show full text]