Weaving Aspect Configurations for Managing System Variability

International audienceVariability management is a key concern in the software industry. It allows designers to rapidly propose applications that fit the environment and the user needs, with a certain Quality-of-Service level, by choosing adapted variants. While Aspect-Oriented Programming has been introduced for managing variability and complexity at the code level, the Software Product-Line community highlights the needs for variability in the earlier phases of the software lifecycle, where a system is generally described by means of models. In this paper, we propose a generic approach for weaving flexible and reusable aspects at a model level. By extending our generic Aspect-Oriented Modeling approach with variability, we can manage variability and complexity in the early phases of the software lifecycle

Uml-based modeling of non-functional requirements in telecommunication systems. In:

Abstract-Successful design of real-time embedded systems relies heavily on the successful satisfaction of their non-functional requirements. Model-driven engineering is a promising approach for coping with the design complexity of embedded systems. However, when it comes to modeling non-functional requirements and covering specific aspects of different domains and types of embedded systems, general modeling languages for real-time embedded systems may not be able to cover all of these aspects. One solution is to use a combination of modeling languages for modeling different non-functional requirements as is done in the definition of EAST-ADL modeling language for automotive domain. In this paper, we propose a UML-based solution, consisting of different modeling languages, to model non-functional requirements in telecommunication domain, and discuss different challenges and issues in the design of telecommunication systems that are related to these requirements

Framework for automatic verification of UML design models : application to UML 2.0 interactions

Software-intensive systems have become extremely complex and susceptible to defects and vulnerabilities. At the same time, the consequences of software errors have also become much more severe. In order to reduce the overall development cost and assure the security and reliability of the final product, it is of critical importance to investigate techniques able to detect defects as early as possible in the software development process, where the costs of repairing a software flaw are much lower than at the maintenance phase. In this research work, we propose an approach for detecting flaw at the design phase by combining two highly successful techniques in the information technology (IT) industry in the field of modeling languages and verification technologies. The first one is the Unified Modeling Language (UML). It has become the de facto language for software specification and design. UML is now used by a wide range of professionals with very different background. The second one is Model Checking , which is a formal verification technique that allows the desired properties to be verified through the inspection of all possible states of the model under consideration. Despite the fact that Model Checking gives significant capabilities to developers in order to create a secure design of the system, they are still not very popular in the UML community. There are many challenges faced by UML developers when it comes to combine UML with model checking (e.g., developer are not familiar with formal logics, the verification result is not in the UML notation, and the generation of the model checkers code from UML models is a problematic task). The proposed approach addresses these problems by implementing a new verification framework with support to property specification without using the complexity of formal languages, UML-like notation for the verification results, and a fully automatic verification proces

Dynamic matching and weaving semantics for executable UML models

To develop more secure software, security concerns should be considered as an essential part of all phases of software development lifecycle. It has been observed that incorporation of security concerns after the completion of software development may result in conflicts between functional and security requirements and leads to severe security vulnerabilities. On the other hand, security is a crosscutting concern and consequently the integration of security solutions at the software design phase may result in scattering and tangling of security features throughout the entire design. Therefore, in the case of large scale software (e.g., hundreds of UML classes), the resulting UML design models may become more complex and difficult to understand. Moreover, adding security manually is tedious and may lead to additional security flaws. Aspect-Oriented Modeling is an appropriate approach to systematically integrate security at the design phase as it allows the separation of crosscutting concerns from the core functionality. In this research work, we provide formal semantics for aspect matching and weaving on executable UML models, particularly for activity diagrams. The semantics is based on a defunctionalized continuation-passing style since it provides a concise and elegant description of aspect-oriented mechanisms. In addition, we have extended our framework and provided semantics for control and data flow pointcuts as these pointcuts are beneficial from a security perspective and are used to detect vulnerabilities related to information flow

Model-Driven Aspect-Oriented Software Security Hardening

Security is of paramount importance in software engineering. Nevertheless, security solutions are generally fitted into existing software as an afterthought phase of the development process. However, given the complexity and the pervasiveness of today's software systems, adding security as an afterthought leads to huge cost in retrofitting security into the software and further can introduce additional vulnerabilities. Furthermore, security is a crosscutting concern that pervades the entire software. Consequently, the manual addition of security solutions may result in the scattering and the tangling of security features throughout the entire software design. Additionally, adding security manually is tedious and generally may lead to other security flaws. In this context, the need for a systematic approach to integrate security practices into the early phases of the software development process becomes crucial. In this thesis, we elaborate an aspect-oriented modeling framework for software security hardening at the UML design level. More precisely, the main contributions of our research are the following: (i) We define a UML profile for the specification of security hardening mechanisms as aspects. (ii) We design and implement a weaving framework for the systematic injection of security aspects into UML design models. (iii) We explore the theoretical foundations for aspect matching and weaving. (iv) We conduct real-life case studies to demonstrate the viability and the scalability of the proposed framework

Component-Based Model-Driven Software Development

Model-driven software development (MDSD) and component-based software development are both paradigms for reducing complexity and for increasing abstraction and reuse in software development. In this thesis, we aim at combining the advantages of each by introducing methods from component-based development into MDSD. In MDSD, all artefacts that describe a software system are regarded as models of the system and are treated as the central development artefacts. To obtain a system implementation from such models, they are transformed and integrated until implementation code can be generated from them. Models in MDSD can have very different forms: they can be documents, diagrams, or textual specifications defined in different modelling languages. Integrating these models of different formats and abstraction in a consistent way is a central challenge in MDSD. We propose to tackle this challenge by explicitly separating the tasks of defining model components and composing model components, which is also known as distinguishing programming-in-the-small and programming-in-the-large. That is, we promote a separation of models into models for modelling-in-the-small (models that are components) and models for modelling-in-the-large (models that describe compositions of model components). To perform such component-based modelling, we introduce two architectural styles for developing systems with component-based MDSD (CB-MDSD). For CB-MDSD, we require a universal composition technique that can handle models defined in arbitrary modelling languages. A technique that can handle arbitrary textual languages is universal invasive software composition for code fragment composition. We extend this technique to universal invasive software composition for graph fragments (U-ISC/Graph) which can handle arbitrary models, including graphical and textual ones, as components. Such components are called graph fragments, because we treat each model as a typed graph and support reuse of partial models. To put the composition technique into practice, we developed the tool Reuseware that implements U-ISC/Graph. The tool is based on the Eclipse Modelling Framework and can therefore be integrated into existing MDSD development environments based on the framework. To evaluate the applicability of CB-MDSD, we realised for each of our two architectural styles a model-driven architecture with Reuseware. The first style, which we name ModelSoC, is based on the component-based development paradigm of multi-dimensional separation of concerns. The architecture we realised with that style shows how a system that involves multiple modelling languages can be developed with CB-MDSD. The second style, which we name ModelHiC, is based on hierarchical composition. With this style, we developed abstraction and reuse support for a large modelling language for telecommunication networks that implements the Common Information Model industry standard