Towards Model-Driven Development of Access Control Policies for Web Applications

We introduce a UML-based notation for graphically modeling systems’ security aspects in a simple and intuitive way and a model-driven process that transforms graphical specifications of access control policies in XACML. These XACML policies are then translated in FACPL, a policy language with a formal semantics, and the resulting policies are evaluated by means of a Java-based software tool

Clafer: Lightweight Modeling of Structure, Behaviour, and Variability

Embedded software is growing fast in size and complexity, leading to intimate mixture of complex architectures and complex control. Consequently, software specification requires modeling both structures and behaviour of systems. Unfortunately, existing languages do not integrate these aspects well, usually prioritizing one of them. It is common to develop a separate language for each of these facets. In this paper, we contribute Clafer: a small language that attempts to tackle this challenge. It combines rich structural modeling with state of the art behavioural formalisms. We are not aware of any other modeling language that seamlessly combines these facets common to system and software modeling. We show how Clafer, in a single unified syntax and semantics, allows capturing feature models (variability), component models, discrete control models (automata) and variability encompassing all these aspects. The language is built on top of first order logic with quantifiers over basic entities (for modeling structures) combined with linear temporal logic (for modeling behaviour). On top of this semantic foundation we build a simple but expressive syntax, enriched with carefully selected syntactic expansions that cover hierarchical modeling, associations, automata, scenarios, and Dwyer's property patterns. We evaluate Clafer using a power window case study, and comparing it against other notations that substantially overlap with its scope (SysML, AADL, Temporal OCL and Live Sequence Charts), discussing benefits and perils of using a single notation for the purpose

Model Transformations in MT

Model transformations are recognised as a vital aspect of Model Driven Development,but current approaches cover only a small part of the possible spectrum. In this paper I present the MT model transformation which shows how a QVT-like language can be extended with novel pattern matching constructs, how tracing information can be automatically constructed and visualized, and how the transformed model is pruned of extraneous elements. As MT is implemented as a DSL within the Converge language, this paper also demonstrates how a general purpose language can be embedded in a model transformation language, and how DSL development can aid experimentation and exploration of new parts of the model transformation spectrum

Users Integrity Constraints in SOLAP Systems. Application in Agroforestry

SpatialData Warehouse and Spatial On-Line Analytical Processing are decision support technologies which offer the spatial and multidimensional analysis of data stored in multidimensional structure. They are aimed also at supporting geographic knowledge discovery to help decision-maker in his job related to make the appropriate decision . However, if we don’t consider data quality in the spatial hypercubes and how it is explored, it may provide unreliable results. In this paper, we propose a system for the implementation of user integrity constraints in SOLAP namely “UIC-SOLAP”. It corresponds to a methodology for guaranteeing results quality in an analytical process effectuated by different users exploiting several facts tables within the same hypercube. We integrate users Integrity Constraints (IC) by specifying visualization ICs according to their preferences and we define inter-facts ICs in this case. In order to validate our proposition, we propose the multidimensional modeling by UML profile to support constellation schema of a hypercube with several fact tables related to subjects of analysis in forestry management. Then, we propose implementation of some ICs related to users of such a system

Contracts and Behavioral Patterns for SoS: The EU IP DANSE approach

This paper presents some of the results of the first year of DANSE, one of the first EU IP projects dedicated to SoS. Concretely, we offer a tool chain that allows to specify SoS and SoS requirements at high level, and analyse them using powerful toolsets coming from the formal verification area. At the high level, we use UPDM, the system model provided by the british army as well as a new type of contract based on behavioral patterns. At low level, we rely on a powerful simulation toolset combined with recent advances from the area of statistical model checking. The approach has been applied to a case study developed at EADS Innovation Works.Comment: In Proceedings AiSoS 2013, arXiv:1311.319

Systematic engineering of mutation operators

In the context of software engineering, mutation consists in injecting small changes in artefacts – like models, programs, or data – for purposes like (mutation) testing, test data generation, and all sorts of search-based methods. These tasks typically require defining sets of mutation operators, which are often built ad-hoc because there is currently poor support for their development and testing. To improve this situation, we propose a methodology and corresponding tool support for the proper engineering of mutation operators. Our proposal is model-based, representing the artefacts to be mutated as models. It includes a domain-specific language to describe the mutation operators, facilities to synthesize models that can be used to test the operators, different metrics to analyse operator coverage, and services to generate operators when the coverage is insufficient. We show automated support atop the WODEL tool, and illustrate its use by defining mutation operators for UML Class Diagrams.This work has been partially funded by the Spanish Ministry of Science (RTI2018-095255-B-I00), by the R&D programme of the Madrid Region (S2018/TCS-4314) and by the Spanish MINECO-FEDER (grant number FAME RTI2018-093608-BC31

A Feature Model for an IDE4OCL

An Integrated OCL Development Environment (IDE4OCL) can significantly improve the pragmatics and practice of OCL. Therefore we started a comprehensive requirement analysis with the long term vision of a multisite IDE4OCL project. In this paper we present a feature model for the IDE4OCL vision based on this analysis. In an earlier work we identified domain concepts, tool–level interactions with IDE4OCL, and use cases for OCL developers including a set predefined features. In the second step, we asked the OCL community members for their feedback on our proposal. Around 100 researchers, tool developers and practitioners who gained experience with OCL have voted in an online–survey. The results gave us a valuable insight in the needs of OCL usage both in usual and advanced OCL applications. One of the important results is a collection of features that have been proposed additionally to our predefined features. We analysed all the comments of the participants of the survey and consolidated them into an extended set of IDE4OCL features and eventually into a feature model

A heuristic-based approach to code-smell detection

Encapsulation and data hiding are central tenets of the object oriented paradigm. Deciding what data and behaviour to form into a class and where to draw the line between its public and private details can make the difference between a class that is an understandable, flexible and reusable abstraction and one which is not. This decision is a difficult one and may easily result in poor encapsulation which can then have serious implications for a number of system qualities. It is often hard to identify such encapsulation problems within large software systems until they cause a maintenance problem (which is usually too late) and attempting to perform such analysis manually can also be tedious and error prone. Two of the common encapsulation problems that can arise as a consequence of this decomposition process are data classes and god classes. Typically, these two problems occur together – data classes are lacking in functionality that has typically been sucked into an over-complicated and domineering god class. This paper describes the architecture of a tool which automatically detects data and god classes that has been developed as a plug-in for the Eclipse IDE. The technique has been evaluated in a controlled study on two large open source systems which compare the tool results to similar work by Marinescu, who employs a metrics-based approach to detecting such features. The study provides some valuable insights into the strengths and weaknesses of the two approache

Towards Verification of UML Class Models using Formal Specification Methods: A Review

Abstract In today s world many elements of our lives are being affected by software and for that we are in greater need of high-quality software The Unified Modeling Language UML is considered the de facto standard for object-oriented software model development UML class diagram plays an important role in the design and specification of software systems A class diagram provides a static description of system component

Recursion Aware Modeling and Discovery For Hierarchical Software Event Log Analysis (Extended)

This extended paper presents 1) a novel hierarchy and recursion extension to the process tree model; and 2) the first, recursion aware process model discovery technique that leverages hierarchical information in event logs, typically available for software systems. This technique allows us to analyze the operational processes of software systems under real-life conditions at multiple levels of granularity. The work can be positioned in-between reverse engineering and process mining. An implementation of the proposed approach is available as a ProM plugin. Experimental results based on real-life (software) event logs demonstrate the feasibility and usefulness of the approach and show the huge potential to speed up discovery by exploiting the available hierarchy.Comment: Extended version (14 pages total) of the paper Recursion Aware Modeling and Discovery For Hierarchical Software Event Log Analysis. This Technical Report version includes the guarantee proofs for the proposed discovery algorithm