Distribution pattern-driven development of service architectures

Distributed systems are being constructed by composing a number of discrete components. This practice is particularly prevalent within the Web service domain in the form of service process orchestration and choreography. Often, enterprise systems are built from many existing discrete applications such as legacy applications exposed using Web service interfaces. There are a number of architectural configurations or distribution patterns, which express how a composed system is to be deployed in a distributed environment. However, the amount of code required to realise these distribution patterns is considerable. In this paper, we propose a distribution pattern-driven approach to service composition and architecting. We develop, based on a catalog of patterns, a UML-compliant framework, which takes existing Web service interfaces as its input and generates executable Web service compositions based on a distribution pattern chosen by the software architect

Actor perception in business use case modeling

Mainstream literature recognizes the validity and effectiveness of use cases as a technique for gathering and capturing system requirements. Use cases represent the driver of various modern development methods, mainly of object-oriented extraction, such as the Unified Process. Although the adoption of use cases proliferated in the context of software systems development, they are not as extensively employed in business modeling . The concept of business use case is not a novelty, but only recently did it begin to re-circulate in the literature and in case tools. This paper examines the issues involved in adopting business use cases for capturing the functionality of an organization and proposes guidelines for their identification, packaging, and mapping to system use cases. The proposed guidelines are based on the principle of actor perception described in the paper. The application of this principle is exemplified with a worked example aimed at demonstrating the utility of the proposed guidelines and at clarifying the application of the principle of actor perception. The worked example is based on a series of workshops run at a major UK financial institution

Modelling Security of Critical Infrastructures: A Survivability Assessment

Critical infrastructures, usually designed to handle disruptions caused by human errors or random acts of nature, define assets whose normal operation must be guaranteed to maintain its essential services for human daily living. Malicious intended attacks to these targets need to be considered during system design. To face these situations, defence plans must be developed in advance. In this paper, we present a Unified Modelling Language profile, named SecAM, that enables the modelling and security specification for critical infrastructures during the early phases (requirements, design) of system development life cycle. SecAM enables security assessment, through survivability analysis, of different security solutions before system deployment. As a case study, we evaluate the survivability of the Saudi Arabia crude-oil network under two different attack scenarios. The stochastic analysis, carried out with Generalized Stochastic Petri nets, quantitatively estimates the minimization of attack damages on the crude-oil network

MSUO Information Technology and Geographical Information Systems: Common Protocols & Procedures. Report to the Marine Safety Umbrella Operation

The Marine Safety Umbrella Operation (MSUO) facilitates the cooperation between Interreg funded Marine Safety Projects and maritime stakeholders. The main aim of MSUO is to permit efficient operation of new projects through Project Cooperation Initiatives, these include the review of the common protocols and procedures for Information Technology (IT) and Geographical Information Systems (GIS). This study carried out by CSA Group and the National Centre for Geocomputation (NCG) reviews current spatial information standards in Europe and the data management methodologies associated with different marine safety projects. International best practice was reviewed based on the combined experience of spatial data research at NCG and initiatives in the US, Canada and the UK relating to marine security service information and acquisition and integration of large marine datasets for ocean management purposes. This report identifies the most appropriate international data management practices that could be adopted for future MSUO projects

A Domain-Specific Modelling Language for Corporate Social Responsibility (CSR)

Corporate Social Responsibility (CSR) has become a strategic critical subject in many business processes, since enterprises not only need to provide good products or services, but they also have to demonstrate that they are environmentally and socially responsible. In this context, enterprises should use appropriate computer systems in order to manage CSR ensuring the adoption of best practices with the aim of obtaining competitive advantages. On the other hand, Model-Driven Engineering is a proven and accepted paradigm that provides sound mechanisms to develop quality and reliable computer systems in an efficient way starting from business models. The main results presented in this paper are a CSR Metamodel and a CSR UML profile that provide a Domain-Specific Modelling Language (DSML) to represent CSR. This DSML supports the design of CSR Computer Independent Models (CIM) that are the starting point for Model-Driven Engineering development. To propose this DSML to represent CSR we analysed international standards, guides and regulations on CSR and we reviewed CSR strategies developed by different companies in order to define the artifacts of the CSR Metamodel. Finally, a practical case study using this DSML is provided in order to improve and to validate the defined CSR Metamodel, and to show how to apply the proposal in an actual company

Self-Adaptive Role-Based Access Control for Business Processes

© 2017 IEEE. We present an approach for dynamically reconfiguring the role-based access control (RBAC) of information systems running business processes, to protect them against insider threats. The new approach uses business process execution traces and stochastic model checking to establish confidence intervals for key measurable attributes of user behaviour, and thus to identify and adaptively demote users who misuse their access permissions maliciously or accidentally. We implemented and evaluated the approach and its policy specification formalism for a real IT support business process, showing their ability to express and apply a broad range of self-adaptive RBAC policies

Verifying goal-oriented specifications used in model-driven development processes

[EN] Goal-oriented requirements engineering promotes the use of goals to elicit, elaborate, structure, specify, analyze, negotiate, document, and modify requirements. Thus, goal-oriented specifications are essential for capturing the objectives that the system to be developed should achieve. However, the application of goal oriented specifications into model-driven development (MDD) processes is still handcrafted, not aligned in the automated flow from models to code. In other words, the experience of analysts and designers is necessary to manually transform the input goal-oriented models into system models for code generation (models compilation). Some authors have proposed guidelines to facilitate and partially automate this translation, but there is a lack of techniques to assess the adequacy of goal-oriented models as starting point of MDD processes. In this paper, we present and evaluate a verification approach that guarantees the automatic, correct, and complete transformation of goal-oriented models into design models used by specific MDD solutions. In particular, this approach has been put into practice by adopting a well-known goal-oriented modeling approach, the i* framework, and an industrial MDD solution called Integranova.This work has been developed with the support of FONDECYT under the projects AMoDDI 11130583 and TESTMODE 11121395.This work is also supported by EOSSAC project, funded by the Ministry of Economy and Competitiveness of the Spanish government (TIN2013-44641-P).Giachetti Herrera, GA.; Marín, B.; López, L.; Franch, X.; Pastor López, O. (2017). Verifying goal-oriented specifications used in model-driven development processes. Information Systems. 64:41-62. https://doi.org/10.1016/j.is.2016.06.011S41626