Model-driven generative programming for BIS mobile applications

The burst on the availability of smart phones based on the Android platform calls for cost-effective techniques to generate mobile apps for general purpose, distributed business information systems (BIS). To mitigate this problem our research aims at applying model-driven techniques to automatically generate usable prototypes with a sound, maintainable, architecture. Following three base principles: model-based generation, separation of concerns, paradigm seamlessness, we try to answer the main guiding question – how to reduce development time and cost by transforming a given domain model into an Android application? To answer this question we propose to develop an application that follows a generative approach for mobile BIS apps that will mitigate the identified problems. Its input is a platform independent model (PIM), with business rules specified in OCL (Object Constraint Language). We adopted the Design Science Research methodology, that helps gaining problem understanding, identifying systemically appropriate solutions, and in effectively evaluating new and innovative solutions. To better evaluate our solution, besides resorting to third party tools to test specific components integration, we demonstrated its usage and evaluated how well it mitigates a subset of the identified problems in an observational study (we presented our generated apps to an outside audience in a controlled environment to study our model-based centered and, general apps understandability) and communicated its effectiveness to researchers and practitioners.O grande surto de disponibilidade de dispositivos móveis para a plataforma Android requer, técnicas generativas de desenvolvimento de aplicações para sistemas comuns e/ou distribuídos de informação empresariais/negócio, que otimizem a relação custo-benefício. Para mitigar este problema, esta investigação visa aplicar técnicas orientadas a modelos para, automaticamente, gerar protótipos funcionais de aplicações com uma arquitetura robusta e fácil de manter. Seguindo para tal três princípios base: geração baseada no modelo, separação de aspetos, desenvolvimento sem soturas (sem mudança de paradigma), tentamos dar resposta à pergunta orientadora – como reduzir o tempo e custo de desenvolvimento de uma aplicação Android por transformação de um dado modelo de domínio? De modo a responder a esta questão nós propomos desenvolver uma aplicação que segue uma abordagem generativa para aplicações de informação empresariais/negócio móveis de modo a mitigar os problemas identificados. Esta recebe modelos independentes de plataforma (PIM), com regras de negócio especificadas em OCL (Object Constraint Language). Seguimos a metodologia Design Science Research que ajuda a identificar e perceber o problema, a identificar sistematicamente soluções apropriadas aos problemas e a avaliar mais eficientemente soluções novas e inovadoras. Para melhor avaliar a nossa solução, apesar de recorrermos a ferramentas de terceiros para testar a integração de componentes específicos, também demonstramos a sua utilização, através de estudos experimentais (em um ambiente controlado, apresentamos as nossas aplicações geradas a uma audiência externa que nos permitiu estudar a compreensibilidade baseada e centrada em modelos e, de um modo geral, das aplicações) avaliamos o quanto esta mitiga um subconjunto de problemas identificados e comunicamos a sua eficácia para investigadores e profissionais

Proceedings of the 22nd Conference on Formal Methods in Computer-Aided Design – FMCAD 2022

The Conference on Formal Methods in Computer-Aided Design (FMCAD) is an annual conference on the theory and applications of formal methods in hardware and system verification. FMCAD provides a leading forum to researchers in academia and industry for presenting and discussing groundbreaking methods, technologies, theoretical results, and tools for reasoning formally about computing systems. FMCAD covers formal aspects of computer-aided system design including verification, specification, synthesis, and testing

Proceedings of the 22nd Conference on Formal Methods in Computer-Aided Design – FMCAD 2022

The Conference on Formal Methods in Computer-Aided Design (FMCAD) is an annual conference on the theory and applications of formal methods in hardware and system verification. FMCAD provides a leading forum to researchers in academia and industry for presenting and discussing groundbreaking methods, technologies, theoretical results, and tools for reasoning formally about computing systems. FMCAD covers formal aspects of computer-aided system design including verification, specification, synthesis, and testing

Combining SOA and BPM Technologies for Cross-System Process Automation

This paper summarizes the results of an industry case study that introduced a cross-system business process automation solution based on a combination of SOA and BPM standard technologies (i.e., BPMN, BPEL, WSDL). Besides discussing major weaknesses of the existing, custom-built, solution and comparing them against experiences with the developed prototype, the paper presents a course of action for transforming the current solution into the proposed solution. This includes a general approach, consisting of four distinct steps, as well as specific action items that are to be performed for every step. The discussion also covers language and tool support and challenges arising from the transformation

Evaluating & engineering

On a regular basis, we learn about well-known online services that have been misused or compromised by data theft. As insecure applications pose a threat to the users' privacy as well as to the image of companies and organizations, it is absolutely essential to adequately secure them from the start of the development process. Often, reasons for vulnerable applications are related to the insufficient knowledge and experience of involved parties, such as software developers. Unfortunately, they rarely (a) have a comprehensive view of the security-related decisions that should be made, or (b) know how these decisions precisely affect the implementation. A vital decision is the selection of tools and methods that can best support a particular situation in order to shield an application from vulnerabilities. Despite of the level of security that arises from complying with security standards, both reasons inadvertently lead to software that is not secured sufficiently. This thesis tackles both problems. Firstly, in order to know which decision should be made, it is crucial to be aware of security properties, vulnerabilities, threats, security engineering methods, notations, and tools (so-called knowledge objects). Thereby, it is not only important to know which knowledge objects exist, but also how they are related to each other and which attributes they have. Secondly, security decisions made for web applications can have an effect on source code of various components as well as on configuration files of web servers or external protection measures like firewalls. The impact of chosen security measures (i.e., employed methods) can be documented using a modeling approach that provides web-specific modeling elements. Our approach aims to support the conscious construction of secure web applications. Therefore, we develop modeling techniques to represent knowledge objects and to design secure web applications. Our novel conceptual framework SecEval is the foundation of this dissertation. It provides an expandable structure for classifying vulnerabilities, threats, security properties, methods, notations and tools. This structure, called Security Context model, can be instantiated to express attributes and relations, as e.g., which tools exist to support a certain method. Compared with existing approaches, we provide a finer-grained structure that considers security and adapts to the phases of the software development process. In addition to the Security Context model, we define a documentation scheme for the collection and analysis of relevant data. Apart from this domain-independent framework, we focus on secure web applications. We use SecEvalsSecContextM as a basis for a novel Secure Web Applications' Ontology (SecWAO), which serves as a knowledge map. By providing a systematic overview, SecWAO supports a common understanding and supports web engineers who want to systematically specify security requirements or make security-related design decisions. Building on our experience with SecWAO, we further extend the modeling approach UML-based Web Engineering (UWE) by means to model security aspects of web applications. We develop UWE in a way that chosen methods, such as (re)authentication, secure connections, authorization or Cross-Site-Request-Forgery prevention, can be linked to the model of a concrete web application. In short, our approach supports software engineers throughout the software development process. It comprises (1) the conceptual framework SecEval to ease method and tool evaluation, (2) the ontology SecWAO that gives a systematic overview of web security and (3) an extension of UWE that focuses on the development of secure web applications. Various case studies and tools are presented to demonstrate the applicability and extensibility of our approach.Regelmäßig wird von erfolgreichen Angriffen auf Daten und Funktionen bekannter Onlinedienste berichtet. Da unsichere Anwendungen nicht nur eine Bedrohung für die Privatsphäre ihrer Nutzer, sondern auch eine Gefahr für das Image der betroffenen Unternehmen und Organisationen darstellen, ist es unverzichtbar, Anwendungen von Anfang an ausreichend zu schützen. Zwei Gründe für unsichere Anwendungen sind, dass die Beteiligten, wie z.B. Softwareentwickler, nur selten (a) vollständig überblicken, welche sicherheitsbezogenen Entscheidungen getroffen werden müssten oder (b) wissen, welche Auswirkungen diese konkret auf die Implementierung haben. Eine kritische Entscheidung ist die Auswahl von Werkzeugen und Methoden, die in einer bestimmten Situation von Nutzen sein könnten, um die Anwendung vor Schwachstellen zu schützen. Diese Gründe führen - trotz punktuellem Schutz durch das Vorgehen nach IT-Sicherheitsstandards - ungewollt zu Software, die nicht entsprechend ihres Schutzbedarfs abgesichert ist. Die vorliegende Arbeit nimmt sich beider Probleme an. Einerseits ist für die Entscheidungsfindung ein Verständnis von sogenannten "Wissensobjekten", wie Schwachstellen, Bedrohungen, Sicherheitseigenschaften, sicherheitsrelevanten Methoden, Notationen und Werkzeugen essentiell. Dafür ist nicht nur eine Bestandsaufnahme existierender Wissensobjekte wichtig, sondern auch deren Eigenschaften und Zusammenhänge untereinander. Andererseits können sicherheitsrelevante Entscheidungen für Webanwendungen sowohl Auswirkungen auf Quellcodes verschiedener Softwarekomponenten haben, als auch auf Konfigurationsdateien von Webservern oder auf Schutzmaßnahmen wie Firewalls. Mit einem Modellierungsansatz, der webspezifische Modellierungselemente beinhaltet, ist es möglich Sicherheitsmaßnahmen zu dokumentieren. Das Ziel der vorliegenden Arbeit ist es, die bewusste Absicherung sicherheitskritischer Webanwendungen zu unterstützen. Dazu werden Modellierungstechniken zur Darstellung von Wissensobjekten und zum sicheren Webanwendungsdesign entwickelt. Die Basis bildet unser konzeptionelles Framework SecEval. Es beinhaltet eine erweiterbare Struktur für Schwachstellen, Bedrohungen, Sicherheitseigenschaften, Methoden, Notationen und Werkzeuge. Diese Struktur (das sog. Kontextmodell) kann instanziiert werden, um Eigenschaften und Zusammenhänge darzustellen, z.B. Werkzeuge, die eine bestimmte Methode unterstützen. Im Vergleich zu existierenden Arbeiten wird eine detailliertere Struktur aufgebaut, die Sicherheit berücksichtigt und die Phasen des Softwareentwicklungsprozesses mit einbezieht. Zusätzlich zu dem Kontextmodell wird ein Dokumentationsschema zur Sammlung und Analyse passender Daten definiert. Abgesehen von SecEval, das nicht domänenspezifisch ist, liegt der Fokus auf dem Bereich sicherer Webanwendungen. Genutzt wird SecEvals Kontextmodell unter anderem als Basis für die SecWAO-Ontologie - einer Art Wissenslandkarte der Webanwendungssicherheit. SecWAO bietet eine einheitliche Kommunikationsgrundlage und unterstützt Webentwickler, die systematisch Sicherheitsanforderungen spezifizieren oder Designentscheidungen treffen wollen. Aufbauend auf der Struktur von SecWAO wird der Modellierungsansatz UML-based Web Engineering (UWE) mit Elementen zur Dokumentation von Sicherheitsaspekten erweitert. Auf diese Art können ausgewählte Methoden wie z.B. (Re)authentifikation, sichere Verbindungen, Autorisierung oder die Verhinderung von Cross-Site-Request-Forgery direkt in Bezug zur modellierten Webanwendung gesetzt werden. Zusammengefasst unterstützt der vorgestellte Ansatz Softwareentwickler während des Entwicklungsprozesses und umfasst (1) das konzeptionelle Framework SecEval, das die Evaluation von Methoden und Werkzeugen vereinfacht, (2) die Ontologie SecWAO, die einen systematischen Überblick über Websicherheit gibt und (3) eine Erweiterung von UWE für sichere Webanwendungen. Verschiedene Fallstudien und Werkzeuge werden vorgestellt, die die Anwendbarkeit und Erweiterbarkeit des Ansatzes zu veranschaulichen

Elide : an interactive development environment for Erasmus language

The process-oriented programming language Erasmus is being developed by Peter Grogono at Concordia University, Canada and Brian Shearing at The Software Factory in England. Erasmus is based on communicating processes. The latest version of the compiler is operating in command-line mode. As the compiler evolved, we recognized that there was a lack of an editor or an integrated development environment (IDE) for this new language. Our objective is to construct a suitable IDE for the Erasmus language called ELIDE by understanding the features of Erasmus language such as cells, processes, ports, protocols, messages, and message passing, which are the main heart of this programming language. At the same time we wanted to enable ELIDE with the features that are available in IDEs of languages like Ruby and Erlang. In this respect, after detailed studies on current text editors, IDEs and their features and evolution of IDEs, we designed and implemented an integrated development environment for Erasmus language. To speed up the implementation process, we decided to choose one of the existing platforms as our base and develop Erasmus-specific features on top of it. There were many platforms available. Some of these platforms were under investigation and test. Among them we finally chose NetBeans. This thesis describes the development of this new tool for Erasmus programmers. It must be noted that the design of the ELIDE was an iterative process though what we present is the final result. ELIDE is a strong environment for a complete programming support for Erasmus language with built-in compile/debug/run ability. The most important features included in ELIDE are syntax coloring, Code folding, Code completion, Brace matching, Coding tips, Indentation and Annotations. ELIDE is capable of adding more features later in case there is a need. Furthermore ELIDE can be used for an easy integration of editing and visualising support for Erasmus language building block such as cells, processes, ports, protocols, messages, and message passing. We also conducted a preliminary user survey of Erasmus and ELIDE involving a number of graduate students. The results were quite encouraging with respect to the group surveyed and current capabilities of Erasmus and newly designed ELIDE. This study confirmed that It was a must for the Erasmus language to have a customized IDE to empower Erasmus language capabilities as a process-oriented language teaching and research purpose

Emerging research directions in computer science : contributions from the young informatics faculty in Karlsruhe

In order to build better human-friendly human-computer interfaces, such interfaces need to be enabled with capabilities to perceive the user, his location, identity, activities and in particular his interaction with others and the machine. Only with these perception capabilities can smart systems ( for example human-friendly robots or smart environments) become posssible. In my research I\u27m thus focusing on the development of novel techniques for the visual perception of humans and their activities, in order to facilitate perceptive multimodal interfaces, humanoid robots and smart environments. My work includes research on person tracking, person identication, recognition of pointing gestures, estimation of head orientation and focus of attention, as well as audio-visual scene and activity analysis. Application areas are humanfriendly humanoid robots, smart environments, content-based image and video analysis, as well as safety- and security-related applications. This article gives a brief overview of my ongoing research activities in these areas