Towards Model-Driven Development of Access Control Policies for Web Applications

We introduce a UML-based notation for graphically modeling systems’ security aspects in a simple and intuitive way and a model-driven process that transforms graphical specifications of access control policies in XACML. These XACML policies are then translated in FACPL, a policy language with a formal semantics, and the resulting policies are evaluated by means of a Java-based software tool

A Platform Independent Access Control Metamodel for Web Services

Web services provide platform independent communication through an XML-based standard family. The major software vendors released their own SOA products implementing these standards. However, the configuration of the WS-* protocols differs from product to product. Matching these configurations between different products can be a very tedious task. Security protocols are among the most complicated protocols to configure, especially if access control is also required. Although the XACML standard aims to solve this task, its rules and policies described in XML are not very user friendly, and XACML has a very poor support in the major SOA products. Therefore, we have developed a platform independent metamodel for describing distributed systems of web services. From models described in this metamodel the platform specific configurations and program codes can be easily generated for the various SOA products, increasing the productivity of the development. This article introduces an access control extension to this metamodel

Testing of xtUML Models across Auto-Reflexive Software Architecture

Application of MDA in the software development enables a synchronization of the system models and corresponding source files used for the building of the executable version of a software system. Because of often use of manual modifications of some parts of code without equivalent changes in connected models, there is no guarantee that the output of the process of building of the target application will be consistent with the relevant design and implementation models. Possibility of generating of the source files from the models is a necessity, but not a sufficient condition in the process of development and modification of software systems synchronously with the changes in all related models.  More safe approach is building the target application with the use of an automated building process with nested steps for consistency verifications of all critical models and related source files and the usage of model compilers. This article describes the method and tools for extending the software process of building the target system using special files with specification of dependencies between models and source files. Such dependencies represent the core of the critical knowledge, and it is possible to make this knowledge an integral part of the proposed new software architecture

Factors Contributing to Chlorine Decay and Microbial Presence in Drinking Water Following Stagnation in Premise Plumbing

Premise plumbing is the part of the drinking water distribution system closest to the point of use. Since premise plumbing is characterized by a long residence time, elevated temperature, and reduced levels of disinfectant residue, drinking water in premise plumbing typically experiences elevated levels of microbial presence as compared to finished water exiting water treatment utilities, particularly under stagnation conditions frequently encountered in premise plumbing. Thus, stagnant drinking water in premise plumbing may represent an important source of public health risk. Therefore, the objective of this study is to identify factors contributing to the deterioration of microbiological quality of stagnant drinking water in premise plumbing. Results from this study indicated that the service age of premise plumbing system is positively correlated to the concentration of microorganisms in stagnant drinking water; Another factor contributing to microbial contamination is the usage pattern, with systems experiencing lower levels of water consumption exhibiting greater microbial contamination than those having greater water usage patterns; Since disinfectant residue is an important determinant of microbial contamination, the loss of free chlorine as the most common disinfectant residue was further examined. My results demonstrate that pipe material has significant impact on the decay rate of free chlorine, with copper pipe showing the greatest chlorine decay rate, and PVC pipe showing the slowest. The deposits onto the pipe wall appear to reduce the rate of chlorine decay, likely forming a barrier between the pipe material and water, which slows down the reaction between the pipe wall and the disinfectant. Moreover, pipe diameter and temperature could significantly influence the rate of chlorine decay, with greater diameter leading to smaller surface-to-volume ratio and subsequently a slower chlorine decay rate. As expected, elevated temperature was shown to accelerate chlorine loss. These results provide important insights into the mechanisms of chlorine decay in premise plumbing and the factors contributing to the deterioration of the microbiological quality of drinking water in premise plumbing, which could facilitate the development of effective strategies for controlling water quality in premise plumbing and reducing public health risks from waterborne infectious diseases

1st doctoral symposium of the international conference on software language engineering (SLE) : collected research abstracts, October 11, 2010, Eindhoven, The Netherlands

The first Doctoral Symposium to be organised by the series of International Conferences on Software Language Engineering (SLE) will be held on October 11, 2010 in Eindhoven, as part of the 3rd instance of SLE. This conference series aims to integrate the different sub-communities of the software-language engineering community to foster cross-fertilisation and strengthen research overall. The Doctoral Symposium at SLE 2010 aims to contribute towards these goals by providing a forum for both early and late-stage Ph.D. students to present their research and get detailed feedback and advice from researchers both in and out of their particular research area. Consequently, the main objectives of this event are: – to give Ph.D. students an opportunity to write about and present their research; – to provide Ph.D. students with constructive feedback from their peers and from established researchers in their own and in different SLE sub-communities; – to build bridges for potential research collaboration; and – to foster integrated thinking about SLE challenges across sub-communities. All Ph.D. students participating in the Doctoral Symposium submitted an extended abstract describing their doctoral research. Based on a good set of submisssions we were able to accept 13 submissions for participation in the Doctoral Symposium. These proceedings present final revised versions of these accepted research abstracts. We are particularly happy to note that submissions to the Doctoral Symposium covered a wide range of SLE topics drawn from all SLE sub-communities. In selecting submissions for the Doctoral Symposium, we were supported by the members of the Doctoral-Symposium Selection Committee (SC), representing senior researchers from all areas of the SLE community.We would like to thank them for their substantial effort, without which this Doctoral Symposium would not have been possible. Throughout, they have provided reviews that go beyond the normal format of a review being extra careful in pointing out potential areas of improvement of the research or its presentation. Hopefully, these reviews themselves will already contribute substantially towards the goals of the symposium and help students improve and advance their work. Furthermore, all submitting students were also asked to provide two reviews for other submissions. The members of the SC went out of their way to comment on the quality of these reviews helping students improve their reviewing skills

1st doctoral symposium of the international conference on software language engineering (SLE) : collected research abstracts, October 11, 2010, Eindhoven, The Netherlands

The first Doctoral Symposium to be organised by the series of International Conferences on Software Language Engineering (SLE) will be held on October 11, 2010 in Eindhoven, as part of the 3rd instance of SLE. This conference series aims to integrate the different sub-communities of the software-language engineering community to foster cross-fertilisation and strengthen research overall. The Doctoral Symposium at SLE 2010 aims to contribute towards these goals by providing a forum for both early and late-stage Ph.D. students to present their research and get detailed feedback and advice from researchers both in and out of their particular research area. Consequently, the main objectives of this event are: – to give Ph.D. students an opportunity to write about and present their research; – to provide Ph.D. students with constructive feedback from their peers and from established researchers in their own and in different SLE sub-communities; – to build bridges for potential research collaboration; and – to foster integrated thinking about SLE challenges across sub-communities. All Ph.D. students participating in the Doctoral Symposium submitted an extended abstract describing their doctoral research. Based on a good set of submisssions we were able to accept 13 submissions for participation in the Doctoral Symposium. These proceedings present final revised versions of these accepted research abstracts. We are particularly happy to note that submissions to the Doctoral Symposium covered a wide range of SLE topics drawn from all SLE sub-communities. In selecting submissions for the Doctoral Symposium, we were supported by the members of the Doctoral-Symposium Selection Committee (SC), representing senior researchers from all areas of the SLE community.We would like to thank them for their substantial effort, without which this Doctoral Symposium would not have been possible. Throughout, they have provided reviews that go beyond the normal format of a review being extra careful in pointing out potential areas of improvement of the research or its presentation. Hopefully, these reviews themselves will already contribute substantially towards the goals of the symposium and help students improve and advance their work. Furthermore, all submitting students were also asked to provide two reviews for other submissions. The members of the SC went out of their way to comment on the quality of these reviews helping students improve their reviewing skills

Web services choreography testing using semantic service description

Web services have become popular due to their ability to integrate with and to interoperate heterogeneous applications. Several web services can be combined into a single application to meet the needs of users. In the course of web services selection, a web candidate service needs to conform to the behaviour of its client, and one way of ensuring this conformity is by testing the interaction between the web service and its user. The existing web services test approaches mainly focus on syntax-based web services description, whilst the semantic-based solutions mostly address composite process flow testing. The aim of this research is to provide an automated testing approach to support service selection during automatic web services composition using Web Service Modeling Ontology (WSMO). The research work began with understanding and analysing the existing test generation approaches for web services. Second, the weaknesses of the existing approaches were identified and addressed by utilizing the choreography transition rules of WSMO in an effort to generate a Finite State Machine (FSM). The FSM was then used to generate the working test cases. Third, a technique to generate an FSM from Abstract State Machine (ASM) was adapted to be used with WSMO. This thesis finally proposed a new testing model called the Choreography to Finite State Machine (C2FSM) to support the service selection of an automatic web service composition. It proposed new algorithms to automatically generate the test cases from the semantic description (WSMO choreography description). The proposed approach was then evaluated using the Amazon E-Commerce Web Service WSMO description. The quality of the test cases generated using the proposed approach was measured by assessing their mutation adequacy score. A total of 115 mutants were created based on 7 mutant operators. A mutation adequacy score of 0.713 was obtained. The experimental validation demonstrated a significant result in the sense that C2FSM provided an efficient and feasible solution. The result of this research could assist the service consumer agents in verifying the behaviour of the Web service in selecting appropriate services for web service composition