A Taxonomy Of Aspect-Oriented Security

Aspect-Oriented Programming is gaining prominence,  particularly in the area of security. There are however no taxonomies available, that classify the proliferation of research done in the area of Aspect-Oriented Security. This paper attempts to categorize research outputs conducted in this area, and evaluate the usability of the aspect-oriented paradigm in terms of software security

Towards interoperability of i* models using iStarML

Goal-oriented and agent-oriented modelling provides an effective approach to the understanding of distributed information systems that need to operate in open, heterogeneous and evolving environments. Frameworks, firstly introduced more than ten years ago, have been extended along language variants, analysis methods and CASE tools, posing language semantics and tool interoperability issues. Among them, the i* framework is one the most widespread. We focus on i*-based modelling languages and tools and on the problem of supporting model exchange between them. In this paper, we introduce the i* interoperability problem and derive an XML interchange format, called iStarML, as a practical solution to this problem. We first discuss the main requirements for its definition, then we characterise the core concepts of i* and we detail the tags and options of the interchange format. We complete the presentation of iStarML showing some possible applications. Finally, a survey on the i* community perception about iStarML is included for assessment purposes.Preprin

Early aspects: aspect-oriented requirements engineering and architecture design

This paper reports on the third Early Aspects: Aspect-Oriented Requirements Engineering and Architecture Design Workshop, which has been held in Lancaster, UK, on March 21, 2004. The workshop included a presentation session and working sessions in which the particular topics on early aspects were discussed. The primary goal of the workshop was to focus on challenges to defining methodical software development processes for aspects from early on in the software life cycle and explore the potential of proposed methods and techniques to scale up to industrial applications

Using formal methods to support testing

Formal methods and testing are two important approaches that assist in the development of high quality software. While traditionally these approaches have been seen as rivals, in recent years a new consensus has developed in which they are seen as complementary. This article reviews the state of the art regarding ways in which the presence of a formal specification can be used to assist testing

A framework for defining and analysing access policies in requirements models

Enforcing access policies derived from management control principles is a way by which organisations protect their information assets. The minimum privileges principle is an example of a management control principle, which specifies that users should only have access to resources they require to carry out their duties. Requirements models use actors to specify their access policies. Actors normally represent roles that users adopt, however a role can have different meanings, such as a position in an organisation or the assignment of a task, and can therefore be misleading. Current requirements modelling approaches do not provide a systematic way of defining roles for incorporation into access policies, and therefore we can not ensure that they satisfy management control principles. In this thesis we address the need to provide precise role definitions by developing a framework that facilitates the derivation of roles from the organisational context. The framework consists of a metamodel, which enables the organisational context to be represented and related to actors; a set of heuristics for deriving the organisational context; and a set of language constructs for formulating access policies, and verifying them using scenarios. We use the meta-model and language constructs that we developed to extend an existing requirements modelling language, the i* framework, and in particular a formal version of it, formal Tropos, to define and verify access policies definitions satisfying the minimum privileges principle. We also investigate the use of automated tool checking by translating the formal Tropos definitions into the specification language Alloy, which is supported by a tool that automatically checks assertions, to ensure consistency of the access policy definitions. We carry out a detailed case study taken from the literature to verify the extensions to the i* framework and the tool supported analysis. The framework presented in this thesis makes a novel contribution to the modelling of access policies as requirements, enabling us to define access policies using actors derived from the organisational context, that satisfy the minimum privileges principle

Expectation Management in a Global Collaboration Project Using a Deterministic Design Approach

Expectation management in product engineering design aims at setting achievable goals for both customers and designers, while leaving room for creativity and passion. This is especially challenging in the global workplace. Using an example of a design project, the Dental Headrest project (DHR), this paper reviews how expectations were managed in a successful, collaborative project between the University of Tokushima (UT) and Massachusetts Institute of Technology (MIT). The goal of the project was to design an innovative mechanism for the positioning a dental chair headrest so satisfy both the needs of a patient for comfort and a clinician for flexibility and access. The design team was formed with six students from the MIT MechE’s Precision Machine Design class, while the challenge proposed by a UT team of dentists and design engineers. The team followed a deterministic design procedure inducing understating the challenge and reviewing prior art, strategy and concept generation, detailed module design and fabrication and testing, culminating in presentation and documentation. Through the process was coordinated by online communication and collaborative working spaces which ensured real-time information transfer between the continents. The conclusion was a face-to-face meeting between the two institutions. This DHR project resulted in an innovative design of headrest adjusting mechanism that was implemented in a prototype. Moreover, the students, faculty and clinicians benefitted from the experience of innovative design collaboration in a multidisciplinary, global team.CIMIT: Center for Integration of Medicine and Innovative TechnologyJ. Morita Corporatio

A socio-technical-based process for questionnaire development in requirements elicitation via interviews

Software development is the process of building systems that solve users’ need and satisfy stakeholders’ objectives. Such needs are determined through requirements elicitation, which is considered an intensive, complex, and multi-disciplinary process. Traditional methods of elicitation often fail to uncover requirements that are critical for successful and wide-scale user adoption because these methods primarily focus on the technical aspects and constraints of the systems rather than considering a socio-technical perspective. The success of information system development involves the identification of the social, organizational and technical features of the systems, which in turn can result in a more acceptable system by users. In this paper, we propose a requirements elicitation process based on socio-technical (ST) systems theory. The process leverages ST system components to help identify a set of ST imbalances, which in turn help in requirements elicitation. The applicability of the process is demonstrated using empirical investigation with a randomized two-group experimental design, where the objective is to see the potential of the proposed process to enhance analysts’ understanding of socio-technical aspects of a domain, interview readiness, and questionnaire quality

Monitoring Java Programs with Java PathExplorer

AbstractWe present recent work on the development of Java PathExplorer (JPaX), a tool for monitoring the execution of Java programs. JPaX can be used during program testing to gain increased information about program executions, and can potentially furthermore be applied during operation to survey safety critical systems. The tool facilitates automated instrumentation of a program's byte code, which will then emit events to an observer during its execution. The observer checks the events against user provided high level requirement specifications, for example temporal logic formulae, and against lower level error detection procedures, usually concurrency related such as deadlock and data race algorithms. High level requirement specifications together with their underlying logics are defined in rewriting logic using Maude, and then can either be directly checked using Maude rewriting engine, or be first translated to efficient data structures and then checked in Java