Transparent interface composition in web applications

In this paper we present an approach for oblivious composition of Web user interfaces, particularly for volatile functionality. Our approach, which is inspired on well-known techniques for advanced separation of concerns such as aspect-oriented software design, allows to clearly separate the design of the core's interface from the one corresponding to more volatile services, i.e. those that are offered for short periods of time. Both interfaces are oblivious from each other and can be seamlessly composed using a transformation language. We show that in this way we simplify the application's evolution by preventing intrusive edition of the interface code. Using some illustrative examples we focus both on design and implementation issues, presenting an extension of the OOHDM design model which supports modular design of volatile functionality.Publicado en Lecture Notes in Computer Science book series (LNCS, vol. 4607).Laboratorio de Investigación y Formación en Informática Avanzad

Metodología dirigida por modelos para el diseño de funcionalidad volátil en aplicaciones web

La popularidad y facilidad de acceso de las aplicaciones Web expone a una aplicación Web a exigencias de nuevas características realizadas por sus usuarios que ésta debe proveer para mantener cautivo al usuario implantando un estado de constante evolución. La evolución requiere usualmente modificaciones de funcionalidad existente o nueva funcionalidad para mejorar la experiencia del usuario en la aplicación Web. Muchas veces estos cambios son requeridos para mantener vigente a la aplicación, es decir acompañar a las tendencias del mercado. Los cambios introducidos pueden corresponder a un tipo de funcionalidad llamado volátil caracterizado por ser temporal, surgir de improviso y muchas veces por deber ser incorporada a la brevedad. Cuando esta funcionalidad es temporal, se incorpora al sistema para luego ser retirada de forma planificada en base a una fecha determinada o de forma espontanea en base a un evento de negocio. En este escenario, entre otras variables, se ve comprometida la mantenibilidad y estabilidad de la aplicación. Por otro lado, su inesperado surgimiento usualmente no permite una adopción fácil y económica ya que la aplicación no fue diseñada teniendo en cuenta esta nueva funcionalidad. En esta tesis se presenta una metodología modular para dar solución a los requerimientos volátiles en aplicaciones Web. La metodología abordará el problema desde las etapas análisis brindando herramientas conceptuales para su adecuado diseño y posterior implementación. Es modular ya que puede complementar las metodologías de ingeniería Web más maduras; en esta tesis se utilizara como metodología de referencia OOHDM. En la etapa de análisis de requerimientos, se proveerán herramientas que permitan identificar, aislar, y gestionar inconsistencias de requerimientos volátiles. Para las tareas de diseño se proveerán herramientas teóricas que faciliten el modelado de los requerimientos de las aplicaciones Web brindando instrumentos para los diferentes modelos involucrados: conceptual, navegacional, y de interfaz. Finalmente, se proveerá una guía de implementación de éste tipo de funcionalidad con un análisis comparativo con la implementación de funcionalidad volátil ad-hoc.Facultad de Informátic

Middle-out domain-specific aspect languages and their application in agent-based modelling runtime inspection

Domain-Specific Aspect Languages (DSALs) are a valuable tool for separating cross-cutting concerns, particularly within fields with endemic cross-cutting practices. Agent-Based Modelling (ABM) runtime inspection, which cuts across the core concern of model development, serves as a prime example. Despite their usefulness, DSALs face multiple adoption issues: the literature regarding their development and use is incohesive, coupling to a weave target hinders re-use, and available tooling is immature compared to Domain-Specific Languages (DSLs). We believe these issues can be aided by furthering DSL middle-out techniques for DSALs.We first define the background of what a DSAL is and how they may be used, moving onto how we can use DSL techniques to further DSALs. We develop a middle-out semantic model approach for developing domain-level DSALs with transparent aspect orientation using adaptions of DSL techniques. We have implemented the approach for model-specific DSALs for the in-house framework Animaux, and as middleware-specific DSAL for agent messages in the JADE framework, which can be specialised to models using extension DSALs. We give illustrative result cases using our implementations to provide a base of the user development costs and performance of this approach.In conclusion, we believe the adoption of these technologies aids ABM applications and encourage future work in similar fields. This thesis has given a base philosophy toward DSLs, a novel approach for the development of middle-out DSALs and illustrative cases of this approach

Abstraction over non-local object information in aspect-oriented programming using path expression pointcuts

Aspect-oriented software development (AOSD) consists of a number of technologies that promise a better level of modularization of concerns that cannot be separated in individual modules by using conventional techniques. Aspect-oriented programming (AOP) is one of these technologies. It allows the modularization at the level of software application code. It provides programmers with means to quantify over specific points in the base application code, called join points, at which the crosscutting concern code must be triggered. The quantification is achieved by special selection constructs called pointcuts, while the triggered code that is responsible for adapting the selected join point is provided by special construct called advice. The selection and adaptation mechanisms in aspect-oriented programming depend heavily on the distinguishing properties of the join points. These properties can either be derived from the local execution context at the join point or they are considered to be non-local to the join point. Aspect-oriented systems provide a plenty of pointcut constructs that support accessing the local join point properties, while they rarely support the non-local properties. A large research effort has been achieved to extend current aspectoriented systems in order to solve the problem of non-locality. However, none of these proposals support the non-local object relationships. There are many situations where a good abstraction over nonlocal object information is needed, otherwise, the developers will be obliged to provide complex and error-prone workarounds inside advice body that conceptually do not reflect the semantics of join point selection and mix it with the semantics of join point daptation. Such recurrent situations occur when trying to modularize the object persistence concern. Object persistence, the process of storing and retrieving objects to and from the datastore, is a classical example of crosscutting concern. Orthogonal object persistence meets the obliviousness property of AOP: The base code should not be prepared upfront for persistence. This thesis addresses the shortcomings in current aspect-oriented persistence systems. It shows that the reason for such shortcomings is due to the lack of supporting non-local object information by the used aspect-oriented languages. To overcome this problem, this thesis proposes a new extension to the current pointcut languages called path expression pointcuts that operate on object graphs and make relevant object information available to the aspects. As an explicit and complete construct, a formal semantics and type system have provided. Moreover, an implementation of path expression pointcuts is discussed in the thesis along with its usage to show how the aforementioned problems are resolved

Modularisation de la sécurité informatique dans les systèmes distribués

Addressing security in the software development lifecycle still is an open issue today, especially in distributed software. Addressing security concerns requires a specific know-how, which means that security experts must collaborate with application programmers to develop secure software. Object-oriented and component-based development is commonly used to support collaborative development and to improve scalability and maintenance in software engineering. Unfortunately, those programming styles do not lend well to support collaborative development activities in this context, as security is a cross-cutting problem that breaks object or component modules. We investigated in this thesis several modularization techniques that address these issues. We first introduce the use of aspect-oriented programming in order to support secure programming in a more automated fashion and to minimize the number of vulnerabilities in applications introduced at the development phase. Our approach especially focuses on the injection of security checks to protect from vulnerabilities like input manipulation. We then discuss how to automate the enforcement of security policies programmatically and modularly. We first focus on access control policies in web services, whose enforcement is achieved through the instrumentation of the orchestration mechanism. We then address the enforcement of privacy protection policies through the expert-assisted weaving of privacy filters into software. We finally propose a new type of aspect-oriented pointcut capturing the information flow in distributed software to unify the implementation of our different security modularization techniques.Intégrer les problématiques de sécurité au cycle de développement logiciel représente encore un défi à l’heure actuelle, notamment dans les logiciels distribués. La sécurité informatique requiert des connaissances et un savoir-faire particulier, ce qui implique une collaboration étroite entre les experts en sécurité et les autres acteurs impliqués. La programmation à objets ou à base de composants est communément employée pour permettre de telles collaborations et améliorer la mise à l’échelle et la maintenance de briques logicielles. Malheureusement, ces styles de programmation s’appliquent mal à la sécurité, qui est un problème transverse brisant la modularité des objets ou des composants. Nous présentons dans cette thèse plusieurs techniques de modularisation pour résoudre ce problème. Nous proposons tout d’abord l’utilisation de la programmation par aspect pour appliquer de manière automatique et systématique des techniques de programmation sécurisée et ainsi réduire le nombre de vulnérabilités d’une application. Notre approche se focalise sur l’introduction de vérifications de sécurité dans le code pour se protéger d’attaques comme les manipulations de données en entrée. Nous nous intéressons ensuite à l’automatisation de la mise en application de politiques de sécurité par des techniques de programmation. Nous avons par exemple automatisé l’application de règles de contrôle d’accès fines et distribuées dans des web services par l’instrumentation des mécanismes d’orchestration de la plate-forme. Nous avons aussi proposé des mécanismes permettant l’introduction d’un filtrage des données à caractère privée par le tissage d’aspects assisté par un expert en sécurité

AspectJ2EE = AOP J2EE: Towards An Aspect Based, Programmable and Extensible Middleware Framework

J2EE is a middleware architecture augmented with supporting tools for developing large scale client/server and multi-tier applications. J2EE uses Enterprise JavaBeans as its component model. The realization of these components by a J2EE application server can be conceptually decomposed into distinct aspects such as persistence, transaction management, security, and load balancing. However, current servers do not employ aspect-oriented programming in their implementation. In this paper, we describe a new aspect language, AspectJ2EE, geared towards the generalized implementation of J2EE application servers, and applications within this framework. AspectJ2EE can be easily employed to extend the fixed set of services that these servers provide with new services such as logging and performance monitoring. Even tier-cutting concerns like encryption, data compression, and memoization can be added while avoiding the drags of cross-cutting and scattered code. AspectJ2EE is less general (and hence less complicated) than AspectJ, yet demonstrably powerful enough for the systematic development of large scale (and distributed) applications. The introduction of parameterized aspects makes aspects in AspectJ2EE more flexible and reusable than aspects in AspectJ. AspectJ2EE also generalizes the process of binding services to user applications in the application server into a novel deploy-time weaving of aspects. Deploytime weaving is superior to traditional weaving mechanisms, in that it preserves the object model, has a better management of aspect scope, and presents a more understandable and maintainable semantic model