El autor Angel Jesus Varela Vaca ha publicado 12 artículo(s):

Dentro de las organizaciones, los problemas de optimización pueden encontrarse en numerosos ejemplos, tales como minimizar los costes de producción, los errores producidos, o maximizar la fidelidad de los clientes. La resolución de estos problemas es un reto que conlleva un esfuerzo extra. Hoy en día, los problemas de Big Data se suman a estos problems de optimización en dichas empresas. Desafortunadamente, afrontar estos problemas en la pequeña y mediana empresa es extremadamente difícil o incluso imposible. En este artículo, proponemos la arquitectura llamada Fabiola, que permite describir los datos distribuidos y estructurados en problemas de optimización que pueden ser paralelizados. Además, Fabiola aplica las técnicas de Programación con Restricciones para poder devolver la solución a dichos problemas de optimización.

Autores: Luisa Parody / Angel Jesus Varela Vaca / Rafael M. Gasca / 
Palabras Clave: big data - Estructura de Datos - Problemas de Optimización - Programación con Restricciones

Variability models are used to build configurators. Configurators are programs that guide users through the configuration process to reach a desired configuration that fulfils user requirements. The same variability model can be used to design different configurators employing different techniques. One of the elements that can change in a configurator is the configuration workflow, i.e., the order and sequence in which the different configuration elements are presented to the configuration stakeholders. When developing a configurator, a challenge is to decide the configuration workflow that better suites stakeholders according to previous configurations. For example, when configuring a Linux distribution, the configuration process start by choosing the network or the graphic card, and then other packages with respect to a given sequence. In this paper, we present COLOSSI, an automated technique that given a set of logs of previous configurations and a variability model can automatically assist to determine the configuration workflow that better fits the configuration logs generated by user activities. The technique is based on process discovery, commonly used in the process mining area, with an adaptation to configuration contexts. Our proposal is validated using existing data from an ERP configuration environment showing its feasibility. Furthermore, we open the door to new applications of process mining techniques in different areas of software product line engineering.

Autores: Angel Jesus Varela Vaca / José A. Galindo / Belén Ramos / Maria Teresa Gómez López / David Benavides / 
Palabras Clave: Clustering - configuration workflow - process discovery - Process Mining - Variability

Los procesos de negocio permiten la descripción de modelos colaborativos donde varios procesos y sus instancias se puedan coreografiar. Un ejemplo de la dificultad que implican dichos procesos se encuentra en los entornos logísticos, donde instancias de diferentes procesos y con diferentes cardinalidades deben de trabajar para alcanzar un objetivo común. En este trabajo se identifican el conjunto de retos a resolver para facilitar la incorporación de la ingeniería de los procesos de negocio a entornos logísticos. En el artículo se analizan además los trabajos previos, y se esboza una solución basada en el análisis de los artefactos de datos involucrados y la capacidad del modelado orientado a actividades de los procesos de negocios.

Autores: Kevin Daniel Cisneros Carreño / Angel Jesus Varela Vaca / Luisa Parody / María Teresa Gómez-López / 
Palabras Clave: Artefactos - Coreografia de Procesos de Negocio - Procesos de Log??stica

During the last years, blockchain and smart contracts are receiving substantial mainstream attention from academia and industry. Blockchain is a distributed database that can be seen as a ledger that records all transactions that have ever been executed. In this context, smart contracts are pieces of software used to facilitate, verify, and enforce the negotiation of a transaction on a blockchain platform. This study aims to (1) identify and categorise the state-of-the-art related to smart contract languages, in terms of the existing languages and their main features, and (2) identify new research opportunities. As a result of the review protocol, 4,119 papers were gathered, and 109 of them were selected for extraction. The contributions are twofold: (1) 101 different smart contract languages have been identified and classified according to a variety of criteria; (2) a discussion on the findings and their implications for future research have been outlined. At first, almost 36% of the studies have been collected from grey literature (GitHub, webpages, etc.), which proves the importance of the industry in this field. We have identified the current challenges to reveal several gaps and raise open problems within the field. The most interesting open problems include the need to improve the developer coding experience by providing tools to write smart contracts as human-readable as possible, and the need to deal with Oracles and trusted off-chain information and processes. We find out many smart contract languages and blockchain platforms, making the ecosystem rather chaotic. However, there is no common or standard language to specify smart contracts that are valid regardless of the blockchain platform. This multivocal mapping study provides a snapshot of the smart contract languages field that serves as a baseline and a tool for future work, e.g., future surveys or future literature reviews in which particular issues or aspects such as security and privacy might be studied in further detail. To do that, we provide a bundle with all the resources at http://www.idea.us.es/smart-contract-languages/.

Autores: Angel Jesus Varela Vaca / Antonia M. Reina-Quintero / 
Palabras Clave: Blockchain - Multivocal literature mapping study - Smart contract language - Systematic literature review

Organizations execute daily activities to meet their objectives. The performance of these activities can be fundamental for achieving a business objective, but they also imply the assumption of certain security risks that might go against a company’s security policies. A risk may be defined as the effects of uncertainty on the achievement of the goals of a company, some of which can be associated with security aspects (e.g., data corruption or data leakage). The execution of the activities can be choreographed using business processes models, in which the risk of the entire business process model derives from a combination of the single activity risks (executed in an isolated manner). In this paper, the problem of automatic security risk management in the current BPMS is addresses. First, a formalization of the risk elements according to process models is included. These elements are supported as a BPMN 2.0 extension of risk information that is analyzed to determine nonconformance regarding risk goals. In addition, a diagnosis of the risk associated with the activity responsible for the nonconformance is also carried out. To this end, the proposal applies mechanisms based on the model-based diagnosis in which activities are in nonconformance with regard to the acceptable level of risk. The automation of diagnosis is carried out using artificial intelligence techniques based on constraint programming. The proposal is supported by the implementation of a plug-in that enables the graphical specification of the extension and the automation of the verification and diagnosis process. To the best of our knowledge, this is the first published work that addresses the risk-aware design of business processes with automatic techniques.

Autores: Angel Jesus Varela Vaca / Luisa Parody / Rafael M. Gasca / Maria Teresa Gómez López / 
Palabras Clave: Business Process Management - Business Process Model - Constraint programming - Model-based Diagnosis - Security-Risk Assessment

Security policies constrain the behaviour of all users of an information system. In any non-trivial system, these security policies go beyond simple access control rules and must cover more complex and dynamic scenarios while providing, at the same time, a fine-grained level decision-making ability. The Usage Control model (UCON) was created for this purpose but so far integration of UCON in mainstream software engineering processes has been very limited, hampering its usefulness and popularity among the software and information systems communities. In this sense, this paper proposes a Domain-Specific Language to facilitate the modelling of UCON policies and their integration in (model-based) development processes. Together with the language, an exploratory approach for policy evaluation and enforcement of the modeled policies via model transformations has been introduced. These contributions have been defined on top of the Eclipse Modelling Framework, the de-facto standard MDE (Model-Driven Engineering) framework making them freely available and ready-to-use for any software designer interested in using UCON for the definition of security policies in their new development projects.

Autores: Antonia M. Reina-Quintero / Salvador Martínez Pérez / Ángel Jesús Varela Vaca / María Teresa Gómez López / Jordi Cabot Sagrera / 
Palabras Clave: Access control - cybersecurity - DSL - Model-Driven Engineering - UCON

En el desarrollo de un proyecto software actual es frecuente delegar parte de la funcionalidad en librerías o dependencias de terceros. Este uso extensivo de dependencias puede introducir problemas de seguridad en el software que estamos desarrollando y que cada vez afecta a más proyectos software dada la necesidad de conocer cada una de las vulnerabilidades de estas dependencias. Para aliviar este problema, presentamos Advisory, una herramienta que aplica técnicas de análisis automático de la variabilidad al análisis de seguridad de proyectos software.

Autores: Antonio Germán Márquez Trujillo / Angel Jesus Varela Vaca / José A. Galindo / 
Palabras Clave: analisis automático - Ciberseguridad - Variabilidad

Autores: Belén Ramos / Ángel Jesús Varela Vaca / José A. Galindo / María Teresa Gómez López / David Benavides / 
Palabras Clave: Clustering - configuration workflow - process discovery - Process Mining - Variability

The proper configuration of systems has become a fundamental factor to avoid cybersecurity risks. Thereby, the analysis of cybersecurity vulnerabilities is a mandatory task, but the number of vulnerabilities and system configurations that can be threatened is extremely high. In this paper, we propose a method that uses software product line techniques to analyse the vulnerable configuration of the systems. We propose a solution, entitled AMADEUS, to enable and support the automatic analysis and testing of cybersecurity vulnerabilities of configuration systems based on feature models. AMADEUS is a holistic solution that is able to automate the analysis of the specific infrastructures in the organisations, the existing vulnerabilities, and the possible configurations extracted from the vulnerability repositories. By using this information, AMADEUS generates automatically the feature models, that are used for reasoning capabilities to extract knowledge, such as to determine attack vectors with certain features. AMADEUS has been validated by demonstrating the capacities of feature models to support the threat scenario, in which a wide variety of vulnerabilities extracted from a real repository are involved. Furthermore, we open the door to new applications where software product line engineering and cybersecurity can be empowered.

Autores: Angel Jesus Varela Vaca / Rafael M. Gasca / José Antonio Carmona-Fombella / Maria Teresa Gómez López / 
Palabras Clave: cybersecurity - feature model - pentesting - reasoning - Testing - vulnerabilities - vulnerable configuration

Autores: Álvaro Valencia Parra / Angel Jesus Varela Vaca / Maria Teresa Gómez López / Josep Carmona / Robin Bergenthum / 
Palabras Clave: big data - Conformance checking - Decompositional techniques - MapReduce

Autores: Angel Jesus Varela Vaca / David Garcia Rosado / Luis Enrique Sanchez Crespo / Maria Teresa Gómez López / Rafael M. Gasca / Eduardo Fernandez-Medina / 
Palabras Clave: Configuration models - Cyber-physical system - cybersecurity - Diagnosis - security - Security requirements - Security verification