Aspect-oriented security hardening of UML design models

© Springer International Publishing Switzerland 2015. This book comprehensively presents a novel approach to the systematic security hardening of software design models expressed in the standard UML language. It combines model-driven engineering and the aspect-oriented paradigm to integrate security practices into the early phases of the software development process. To this end, a UML profile has been developed for the specification of security hardening aspects on UML diagrams. In addition, a weaving framework, with the underlying theoretical foundations, has been designed for the systematic injection of security aspects into UML models. The work is organized as follows: chapter 1 presents an introduction to software security, model-driven engineering, UML and aspect-oriented technologies. Chapters 2 and 3 provide an overview of UML language and the main concepts of aspect-oriented modeling (AOM) respectively. Chapter 4 explores the area of model-driven architecture with a focus on model transformations. The main approaches that are adopted in the literature for security specification and hardening are presented in chapter 5. After these more general presentations, chapter 6 introduces the AOM profile for security aspects specification. Afterwards, chapter 7 details the design and the implementation of the security weaving framework, including several real-life case studies to illustrate its applicability. Chapter 8 elaborates an operational semantics for the matching/weaving processes in activity diagrams, while chapters 9 and 10 present a denotational semantics for aspect matching and weaving in executable models following a continuation-passing style. Finally, a summary and evaluation of the work presented are provided in chapter 11. The book will benefit researchers in academia and industry as well as students interested in learning about recent research advances in the field of software security engineering

Generating domain specific aspect code for navigation from platform specific models in MWACSL

MWACSL1 is an Aspect-Oriented and Model-Driven approach for software development in the context of web applications. MWACSL uses domain specific aspect languages for dealing with the different aspects of a system. In this context one application is composed of a primary model and a set of aspect models, each one expressed by means of a Domain Specific Aspect Language. Furthermore, MWACSL is also based on Model-Driven Architecture as a way of separating the technological details. If we look at the horizontal dimension of MWACSL, this paper is focused on the platform specific level, while looking at the vertical dimension, the focus is on the navigational aspect. The specific platform is Spring Web Flow, a framework that has been thought for defining navigation flows. The main contributions of the paper are the definition of a metamodel for Spring Web Flow and a set of model to text transformations to generate web flows. These contributions can be considered as part of the MWACSL approach.Ministerio de Ciencia y Tecnología TIN2007-64119Ministerio de Ciencia y Tecnología TIN-2007-67843-C06-0

Norms, organisations and semantic web services: The ALIVE approach

ALIVE is an EU FP7 STREP whose goal is the convergence of organisational and normative modelling with and service-oriented architectures (SOAs) using model-driven software engineering. The project provides a framework for designing and implementing systems, taking into account organisational, coordination and service perspectives. A key project aspect is the integration of normative systems with live SOAs, through the distributed monitoring of normative state. Here we give a brief overview of the project, explore of the domain from a service context, outline the architecture under construction and sketch the use-cases that illustrate and inform the project.Peer ReviewedPostprint (published version

Early aspects: aspect-oriented requirements engineering and architecture design

This paper reports on the third Early Aspects: Aspect-Oriented Requirements Engineering and Architecture Design Workshop, which has been held in Lancaster, UK, on March 21, 2004. The workshop included a presentation session and working sessions in which the particular topics on early aspects were discussed. The primary goal of the workshop was to focus on challenges to defining methodical software development processes for aspects from early on in the software life cycle and explore the potential of proposed methods and techniques to scale up to industrial applications

Quality-aware model-driven service engineering

Service engineering and service-oriented architecture as an integration and platform technology is a recent approach to software systems integration. Quality aspects ranging from interoperability to maintainability to performance are of central importance for the integration of heterogeneous, distributed service-based systems. Architecture models can substantially influence quality attributes of the implemented software systems. Besides the benefits of explicit architectures on maintainability and reuse, architectural constraints such as styles, reference architectures and architectural patterns can influence observable software properties such as performance. Empirical performance evaluation is a process of measuring and evaluating the performance of implemented software. We present an approach for addressing the quality of services and service-based systems at the model-level in the context of model-driven service engineering. The focus on architecture-level models is a consequence of the black-box character of services

An ontology of agile aspect oriented software development

Both agile methods and aspect oriented programming (AOP) have emerged in recent years as new paradigms in software development. Both promise to free the process of building software systems from some of the constraints of more traditional approaches. As a software engineering approach on the one hand, and a software development tool on the other, there is the potential for them to be used in conjunction. However, thus far, there has been little interplay between the two. Nevertheless, there is some evidence that there may be untapped synergies that may be exploited, if the appropriate approach is taken to integrating AOP with agile methods. This paper takes an ontological approach to supporting this integration, proposing ontology enabled development based on an analysis of existing ontologies of aspect oriented programming, a proposed ontology of agile methods, and a derived ontology of agile aspect oriented development

Incorporating Security Behaviour into Business Models Using a Model Driven Approach

There has, in recent years, been growing interest in Model Driven Engineering (MDE), in which models are the primary design artifacts and transformations are applied to these models to generate refinements leading to usable implementations over specific platforms. There is also interest in factoring out a number of non-functional aspects, such as security, to provide reusable solutions applicable to a number of different applications. This paper brings these two approaches together, investigating, in particular, the way behaviour from the different sources can be combined and integrated into a single design model. Doing so involves transformations that weave together the constraints from the various aspects and are, as a result, more complex to specify than the linear pipelines of transformations used in most MDE work to date. The approach taken here involves using an aspect model as a template for refining particular patterns in the business model, and the transformations are expressed as graph rewriting rules for both static and behaviour elements of the models

Ontology-based patterns for the integration of business processes and enterprise application architectures

Increasingly, enterprises are using Service-Oriented Architecture (SOA) as an approach to Enterprise Application Integration (EAI). SOA has the potential to bridge the gap between business and technology and to improve the reuse of existing applications and the interoperability with new ones. In addition to service architecture descriptions, architecture abstractions like patterns and styles capture design knowledge and allow the reuse of successfully applied designs, thus improving the quality of software. Knowledge gained from integration projects can be captured to build a repository of semantically enriched, experience-based solutions. Business patterns identify the interaction and structure between users, business processes, and data. Specific integration and composition patterns at a more technical level address enterprise application integration and capture reliable architecture solutions. We use an ontology-based approach to capture architecture and process patterns. Ontology techniques for pattern definition, extension and composition are developed and their applicability in business process-driven application integration is demonstrated

A Framework for Evaluating Model-Driven Self-adaptive Software Systems

In the last few years, Model Driven Development (MDD), Component-based Software Development (CBSD), and context-oriented software have become interesting alternatives for the design and construction of self-adaptive software systems. In general, the ultimate goal of these technologies is to be able to reduce development costs and effort, while improving the modularity, flexibility, adaptability, and reliability of software systems. An analysis of these technologies shows them all to include the principle of the separation of concerns, and their further integration is a key factor to obtaining high-quality and self-adaptable software systems. Each technology identifies different concerns and deals with them separately in order to specify the design of the self-adaptive applications, and, at the same time, support software with adaptability and context-awareness. This research studies the development methodologies that employ the principles of model-driven development in building self-adaptive software systems. To this aim, this article proposes an evaluation framework for analysing and evaluating the features of model-driven approaches and their ability to support software with self-adaptability and dependability in highly dynamic contextual environment. Such evaluation framework can facilitate the software developers on selecting a development methodology that suits their software requirements and reduces the development effort of building self-adaptive software systems. This study highlights the major drawbacks of the propped model-driven approaches in the related works, and emphasise on considering the volatile aspects of self-adaptive software in the analysis, design and implementation phases of the development methodologies. In addition, we argue that the development methodologies should leave the selection of modelling languages and modelling tools to the software developers.Comment: model-driven architecture, COP, AOP, component composition, self-adaptive application, context oriented software developmen

Aspect-Oriented Programming

Aspect-oriented programming is a promising idea that can improve the quality of software by reduce the problem of code tangling and improving the separation of concerns. At ECOOP'97, the first AOP workshop brought together a number of researchers interested in aspect-orientation. At ECOOP'98, during the second AOP workshop the participants reported on progress in some research topics and raised more issues that were further discussed. \ud \ud This year, the ideas and concepts of AOP have been spread and adopted more widely, and, accordingly, the workshop received many submissions covering areas from design and application of aspects to design and implementation of aspect languages