Tech-Trends

Introduction to NDepend : Static Code Analysis Tool

June 16, 2018 .NET, .NET Core, .NET Framework, ASP.NET, Best Practices, C#.NET, Code Analysis, Code Quality, Dynamic Analysis, Emerging Technologies, Help Articles, Microsoft, Static Analysis, Tech-Trends, Tools, Tools, Visual Studio 2017, VisualStudio, Windows No comments , , , , , ,

As a developer, you always have to take the pain of getting adapted to the best practices and coding guidelines to be followed as per the organizational or industrial standards.  Easy way to ensure your coding style follows certain standard is to manually analyze your code or use a static code analyzer like FxCop, StyleCop etc. Earlier days I have been a fan of FxCop as it was free and it provides me all necessary general guidelines in terms  of improving my solution.

In this modern world of programming everything needs to be automated, as it saves time and money in terms of automating repetitive tasks and improves efficiency. This is where static code analysers coming effective.

What is Static Code Analysis?

Static program analysis is the analysis of computer software that is performed without actually executing programs, on some version of the program source code, and in the other cases, some form of the object code or intermediate compiled code .

Sophistication of static program analysis increases is based on how deep they analyze in terms of behavior of individual statements and declarations, to analyzing the entire source code.

PS: Analysis performed on executing programs is known as dynamic analysis.

In this article I will give you an overview of one such premier static code analysis tool that can be used for your daily development routine plus use it for CI integration for DevOps efficiency.

NDepend:

NDepend is a static analysis tool for .NET, specifically for managed code:  NDepdend supports a large number of code metrics, allowing to visualize dependencies using directed graphs and dependency matrix. It also performs code base snapshots comparisons, and validation of architectural and quality rules.

The important capabilities of NDepend are:

  • Dependency Visualization through dependency matrix and graphs.
  • Analyse and generate software quality metrics – as per the documentation it supports 82 quality metrices.
  • Declarative rule support through LINQ queries, and it is called CQLinq and comes with a large number of predefined CQLinq rules.
  • Integration support for Cruise Control.Net, SonarCube, am City. Code rules can be configured to be checked automatically in Visual Studio or during continuous integration(CI).

License: NDepend is a commercial tool with licensing options as below:

  1. Developer seats – $477 approx. / per seat.
  2. Build Machine seats  – $955 approx. / per seat.

** You could get volume discount if you bulk procure your licenses.

Installation: 

Once you obtained license you will able to download NDepend_2018.1.1.9041.zip, is latest version available while I write this article. Extract the zip file into your local folder, you could see the different packages/executables within the package.

image

1.) NDepend.Console    – Command line program to execute NDepend analysis.  You would be mostly using this component on CI Build server Help

2.) NDepend.PowerTools –  Helps write your own static analyzer based on NDepend.API, or tweak existing open-source Power Tools. Help

image

3.) NDepend.VisualStudioExtension.Installer – To install NDepend extension as part of Visual studio

image

4.) VisualNDepend – Independent visual environment for managing your NDepend tasks.

image

Visual Tool gives you different options to choose from:

  • You can analyse a Visual Studio Solution or project.
  • Analyse .NET assemblies in a folder.

image

image

image

For the demo purpose our analysis target would be one of the starter project from github –  ContosoUniversity by @alimon808.

image

image

Demo: Summary Report

image

Demo: Application Metrics

image

Demo: Dependency Dashboard:

image

Demo: Interactive Graph

image

Demo: Code Matrix View

image

Demo: Quality Gates Summary

image

Demo: Rules Summary

image

Conclusion:

NDepend is one of the best enterprise grade commercial static analyser seen so far.  There are Visual Studio Code Analysis, FxCop and Stylecop Analyzer tools available but they do not provide extensive level of analysis reports NDepend provides. Being a commercial tool it gives value for money for customers by what they need.  In terms of a day to day developer  or devops lifecycle, you can integrate NDepend in your build process, which could be simple as executing the NDepend Console and reviewing the output. With NDepend’s API it is easy to develop your own custom analysis tools based on CQLinq and NDepend.PowerTools(which is open source). You could find all the detailed help in NDepend documentation.

References:

IoT Security–Essentials–Part 01

February 1, 2017 Cloud to Device, Communication Protocols, Connected, Connectivity, Contrained Networks/Devices, Device to Cloud, Geolocation, Identity of Things (IDoT), Internet Appliance, Internet of Things, IoT, IoT Privacy, IoT Security, machine-to-machine (M2M), Machines, Tech-Trends No comments , , , , ,

Security(Cyber Security) is an essential requirement for any IoT platform or devices or end users and the communication infrastructure.  In order to achieve or design best possible security solutions,  to avoid some external entity or hacker gaining access to your IoT device or infrastructure, every architect or system designer should do Threat Modeling exercise.  As the system is designed and architected, we can minimize the exposure to external threats to our IoT architecture.

With this article I am trying to provide you relevant bits and pieces essential for your understanding:

What is Cyber Security?

As per WhatIs.com – “Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. In a computing context, security includes both cybersecurity and physical security.”

To make it more clear and simpler – Cyber Security also known as Computer security, or IT security, is the protection of computer systems from the theft or damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide. Cyber security includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection.

What is Threat Modeling?

The objective of threat modeling is to understand how an attacker might be able to compromise a system and then make sure appropriate mitigations are in place. Threat modeling forces the design team to consider mitigations as the system is designed rather than after a system is deployed. This fact is critically important, because retrofitting security defenses to a myriad of devices in the field is infeasible, error prone and will leave customers at risk.

[Content courtesy:  Microsoft]

In order to optimize security best practices, it is recommended that a proposed IoT architecture be divided into several component/zones as part of the threat modeling exercise.

Relevant Important  Zones  for an IoT architecture  :

  • Device,
  • Field Gateway,
  • Cloud gateways, and
  • Services.

Each zone is separated by a Trust Boundary, which is noted as the dotted red line in the diagram below. It represents a transition of data/information from one source to another. During this transition, the data/information could be subject to Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege (STRIDE).

[Content courtesy:  Microsoft]

This diagram like below provides a full 360 view you any proposed solution:

iot-security-architecture-fig1

Summary of important Sections/Zones:

  1. The Device Zonerepresents a thing or device where device to device or local user physical access is possible.
  2. The Field Gateway Zone –  Field gateway is a device/appliance (Embedded/Hardware) or some general-purpose software that runs on a Physical Server, and acts as communication enabler and potentially, as a device control system and device data processing hub.
  3. The Cloud Gateway ZoneCloud gateway is a system that enables remote communication from and to devices or field gateways from several different sites across public network space, typically towards a cloud-based control and data analysis system, a federation of such systems.
  4. The Services Zone –  A “service” is  any software component or module that is interfacing with devices through a field- or cloud gateway for data collection and analysis, as well as for command and control. Services are mediators.

Once we identified threat boundaries we should be able to provide fail safe security measures each associated zones, to meet the business needs and global information exchange and data compliance  standards.  It is also important to design the product from the start with security in mind because understanding how an attacker might be able to compromise a system helps make sure appropriate mitigations are in place from the beginning.

In next session, we will go through Microsoft’s IoT Reference architecture and associated security measures been put together across each zones. 

Additional Resources:

Microsoft Azure IoT Suite–Provisioned solutions for Faster Time to Market IoT enabled solutions

January 7, 2017 Analytics, Azure, Azure SDK, Cloud Computing, Communication Protocols, Contrained Networks/Devices, Data Collection, Data Integration, Emerging Technologies, Identity of Things (IDoT), Internet of Things, Interoperability, IoT, PaaS, Performance, Predictive Analytics, Predictive Maintenance, Realtime Analytics, Reliability, Scalability, Self Driven Cars, Solutions, Stream Analytics, Tech-Trends, Windowz Azure No comments

Microsoft Azure IoT Suite Provisioned solutions will help you create your own fully integrated solutions tailored for your specific needs in the following 3 sections. Using these ready to consume solutions will accelerate your time to market IoT(Internet of Things) requirements.

image

  1. Remote Monitoring  – Connect and monitor your devices to analyze untapped data and improve business outcomes by automating processes.  For ex: As a car  manufacturing company, provide an option to customer to remotely monitor their car condition, and suggest if they need a re-fuel or oil change.
  2. Connected Factory – Anticipate maintenance needs and avoid unscheduled downtime by connecting and monitoring your devices. For ex: As a car manufacturing  factory and spare parts are essential for car manufacturing. Automated solutions can ensure timely availability of necessary spare parts inventory to meet daily, weekly or monthly manufacturing needs.
  3. Predictive Maintenance – Connect and monitor your factory industrial devices for insights using OPC UA to drive operational productivity.  For ex: As a car service support, you can get near real-time performance data from the cars manufactured by your company, predict the health of each components in a car and offer timely maintenance to their cars.  Send real-time reminders and notifications to customers. Their by ensuring higher satisfaction levels for customers and more business value to the organization as it attracts more sales and good customer feedback.

image

These solutions will help you to:

  1. Connect and scale quickly – Use preconfigured solutions, and accelerate the development of your Internet of Things (IoT) solution.

  2. Analyze and process dataCollect previously untapped data from devices and sensors, and use built-in capabilities to visualize—and act on—that data.

  3. Integration and Digital TransformationEasily integrate with your systems and applications, including Salesforce, SAP, Oracle Database, and Microsoft Dynamics, making it simple to access your data and keep your disparate systems up to date.

  4. Enhanced security Set up individual identities and credentials for each of your connected devices—and help retain the confidentiality of both cloud-to-device and device-to-cloud messages.

Useful Links:

IoT Jargons – Identity of Things (IDoT)

January 6, 2017 Communication Protocols, Connected, Connectivity, Emerging Technologies, futuristic, Geolocation, Human Computer Interation, Identity of Things (IDoT), Internet Appliance, Internet of Things, IoT, IoT Privacy, IoT Security, machine-to-machine (M2M), Machines, Programs, Robotics, Tech-Trends No comments

The Identity of Things (IDoT) is an area involves assigning universal unique identifiers (UUID) with associated metadata to devices and objects (things), to identify, connect and communicate effectively with other machines over the internet or within constrained local network.

The metadata included with the UUID characterizes the identity of an endpoint. Identity is an essential part of the Internet of Things (IoT), in which nearly anything conceivable can be tended to and organized for exchange of information on the web. In this specific cases, a thing can be anything – including both physical and sensible articles – that has a specific own identifier and the capacity to exchange information over a network.

Addressability and Reachability makes it possible for things/devices to be targeted and found. To make it addressable for  the Internet of Things, a thing must be globally uniquely identifiable(no other thing with same identity).

To make communication among things effective and secure, following are some of the essential considerations for identities of things:

  • Maintaining a Lifecycle:  IoT Devices should be capable of maintain a lifecyle depending on the use and duration of sustainability of the device. Hence IDoT should be capable of maintaining a history of changes happening to the device over its lifespan.
  • Maintaining Relationships:Identify also should provide a basic necessity to relate the device to other devices in the context as well as
  • Context-awareness: Identity and access management (IAM) for IoT entities should be context aware and grant access only limited to a specific context as required. This would avoid exploitation of devices incase of any cyber attack. 
  • Adequate Authentication: provide means of securely authenticating IoT identities.  This would ensure only authenticated entities can gain access to the IoT device.

All these essential features should help in obtaining a unique naming standards for IoT devices  or projects in your organization.

IoT Protocols–Quick Comparison

January 5, 2017 Communication Protocols, Connectivity, Contrained Networks/Devices, Internet of Things, Interoperability, IoT, Performance, Reliability, Scalability, Tech-Trends No comments

The table below contains a quick summary of the IoT protocols:

Protocol CoAP XMPP RESTful HTTP MQTT AMQP
Transport UDP TCP TCP TCP TCP
Messaging Request/Response Publish/Subscribe Request/Response Request/Response Publish/Subscribe Request/Response Topic based Publish/Subscribe
2G, 3G, 4G Suitability (1000s nodes) Excellent Excellent Excellent Excellent Excellent
LLN Suitability (1000s nodes) Excellent Fair Fair Fair Excellent
Compute Resources 10Ks RAM/Flash 10Ks RAM/Flash 10Ks RAM/Flash 10Ks RAM/Flash 10Ks RAM/Flash
Success Stories Utility Field Area Networks Remote management of consumer white goods Smart Energy Profile 2 (premise energy management, home services) Extending enterprise messaging into IoT applications Extending enterprise messaging into IoT applications
designed for resource-constrained devices and low bandwidth, high latency networks interoperability
reliable queuing, flexible routing, transactions, and security

Source: Beyond MQTT: A Cisco View on IoT Protocols, Paul Duffy, April 30 2013

Internet of Things (IoT)–Introduction

January 5, 2017 Communication Protocols, Connected, Connectivity, Emerging Technologies, Geolocation, Human Computer Interation, Hype vs. reality, Identity of Things (IDoT), Internet Appliance, Internet of Things, IoT, IoT Privacy, IoT Security, machine-to-machine (M2M), Machines, Tech-Trends No comments

The Internet of things (IoT) is the inter-networking of physical devices, vehicles (also referred to as “connected devices” and “smart devices”), buildings, and other items embedded with electronics, software, sensors, actuators, and network connectivity which enable these objects to collect and exchange data.

  • The IoT allows objects to be sensed or controlled remotely across existing network infrastructure, creating opportunities for more direct integration of the physical world into computer-based systems, and resulting in improved efficiency, accuracy and economic benefit in addition to reduced human intervention.

IoT

“ Forecasts show an expected IoT universe with between 20 and 30 billion connected devices by 2020 “

Image result for Internet of Things

[Image Source: https://www.i-scoop.eu/internet-of-things-guide/]

IoT is expected to offer advanced connectivity of devices, systems, and services that goes beyond machine-to-machine (M2M) communications and covers a variety of protocols, domains, and applications.

Some of the important IoT messaging protocols are:

  1. AMQP(Advanced Message Queuing Protocol) – An open standard application layer protocol for message-oriented middleware. The defining features of AMQP are message orientation, queuing, routing (including point-to-point and publish-and-subscribe), reliability and security.
  2. MQTT (Message Queueing Telemetry  Transport)- or MQ Telemetry Transport is a lightweight connectivity protocol geared for IoT applications. It is based on the TCP/IP stack which uses the publish/subscribe method for transportation of data. It is open-ended and supports a high level of scaling, which makes it an ideal platform for development of Internet of Things (IoT) solutions.
  3. HTTP/2 – Enables a more efficient use of network resources and a reduced perception of latency by introducing header field compression and allowing multiple concurrent exchanges on the same connection.
  4. CoAP(Constrained Application Protocol) – CoAP is a web transfer protocol based on the REST model. It is mainly used for lightweight M2M communication owing to its small header size. It is designed especially for constrained networks and systems withing the Internet of Things paradigm, hence the name, Constrained Application Protocol.
    CoAP mimics HTTP in terms of user visibility, and from that standpoint, reading sensor values is essentially like making an HTTP request.
  5. XMPP(Extensible Messaging and Presence Protocol) – An open technology for real-time communication, which powers a wide range of applications including instant messaging, presence, multi-party chat, voice and video calls, collaboration, lightweight middleware, content syndication, and generalized routing of XML data.

We will go through about them in detail in later posts.

That’s all for now. Keep reading.

Sources: