Computer-Aided Validation of Formal Conceptual Models

Conceptual modelling is the process of the software life cycle concerned with the identification and specification of requirements for the system to be built. The use of formal specification languages provides more precise and concise specifications. Nevertheless, there is still a need for techniques to support the validation of formal specifications against the informal user requirements. A limitation of formal specifications is that they cannot readily be understood by users unless they have been specially trained. However, user validation can be facilitated by exploiting the executable aspects of formal specification languages. This thesis presents a systematic approach and workbench environment to support the construction and validation through animation of TROLL specifications. Our approach is an iterative requirements definition process consisting of the formal specification of requirements, the automatic transformation of the specification into an executable form, and the interactive animation of the executable version to validate user requirements. To provide objects with persistence in the animation environment, we analyse how the static structure of TROLL objects can be mapped into relational tables. In order to execute the specification, we analyse the operational meaning of state transitions in TROLL, determine an execution model, and describe the transformation of the specifications into C++ code. We present a prototype implementation of the workbench environment.Die konzeptionelle Modellierung ist die Phase im Softwareentwurf, die sich mit der Identifikation und der Spezifikation von Systemanforderungen befasst. Formale Spezifikationssprachen ermöglichen präzisere und eindeutigere Spezifikationen. Trotzdem werden Techniken zur Validierung von formalen Spezifikationen bezüglich der informellen Benutzeranforderungen weiterhin benötigt. Ein Nachteil von formalen Spezifikationen ist, dass sie für Benutzer ohne entsprechende Vorkenntnisse nicht leicht verständlich sind. Die Einbeziehung der Benutzer in den Validierungsprozess kann jedoch durch die Ausführung der Spezifikation vereinfacht werden. Diese Arbeit liefert einen systematischen Ansatz und eine Entwicklungsumgebung für die Konstruktion von TROLL-Spezifikationen und deren Validierung durch Animation. Unser Ansatz basiert auf einem iterativen Prozess zur Anforderungsdefinition bestehend aus der formalen Spezifikation von Anforderungen, der automatischen Übersetzung der Spezifikation in eine ausführbare Form, und der interaktiven Animation um die Benutzeranforderungen zu validieren. Um die Objektzustände in der Animationsumgebung persistent zu halten, wird untersucht, wie die statische Struktur von TROLL-Objekten in relationale Tabellen umgesetzt werden kann. Um die Spezifikationen auszuführen, wird die operationale Bedeutung von TROLL-Zustandsübergängen analysiert und ein Ausführungsmodell festgelegt. Anschließend wird die Übersetzung von den Spezifikationen in C++ beschrieben. Wir zeigen eine prototypische Implementierung der Animationsumgebung

On the construction of decentralised service-oriented orchestration systems

Modern science relies on workflow technology to capture, process, and analyse data obtained from scientific instruments. Scientific workflows are precise descriptions of experiments in which multiple computational tasks are coordinated based on the dataflows between them. Orchestrating scientific workflows presents a significant research challenge: they are typically executed in a manner such that all data pass through a centralised computer server known as the engine, which causes unnecessary network traffic that leads to a performance bottleneck. These workflows are commonly composed of services that perform computation over geographically distributed resources, and involve the management of dataflows between them. Centralised orchestration is clearly not a scalable approach for coordinating services dispersed across distant geographical locations. This thesis presents a scalable decentralised service-oriented orchestration system that relies on a high-level data coordination language for the specification and execution of workflows. This system’s architecture consists of distributed engines, each of which is responsible for executing part of the overall workflow. It exploits parallelism in the workflow by decomposing it into smaller sub-workflows, and determines the most appropriate engines to execute them using computation placement analysis. This permits the workflow logic to be distributed closer to the services providing the data for execution, which reduces the overall data transfer in the workflow and improves its execution time. This thesis provides an evaluation of the presented system which concludes that decentralised orchestration provides scalability benefits over centralised orchestration, and improves the overall performance of executing a service-oriented workflow

On the Development and Use of a Formal Object Oriented Methodology Based on an Application Case Study

The objective of this thesis is to evaluate the object oriented specification language Troll for industry. We used Troll from analysis to implementation for an information system which is located at the Physical Technical Federal Board (PTB) in Germany. This information system assists different users who deal with the certification and testing of electrical equipment in an explosive atmosphere. The main part of this thesis therefore describes the advantages and the disadvantages of using Troll in various software engineering phases and different problem domains, such as in the safety critical part. When we started this project it was clear that Troll was not suited for all aspects which we had to deal with. However, due to the well-defined semantics of Troll it was straightforward to extend it as needed. Limits, however, had to be accepted in certain areas such as those with real-time aspects. In this thesis, we will also demonstrate how formal techniques that include the object oriented paradigm can be made profitable in software engineering practice. Software engineers should not be asking how to use formal methods, but how to benefit from them as part of a complete software engineering approach. We will give some rules and advice based on practical experience which can provide benefits in similar settings.In der vorliegenden Dissertation wird die objektorientiert Spezifikationssprache TROLL im industriellen Bereich evaluiert. Hierzu wurde TROLL für die Entwicklung eines Informationssystem der PTB (Physikalisch Technischen Bundesanstalt Braunschweig) von der Analysephase bis zur Implementierung eingesetzt. Das Informationssystem unterstützt unterschiedliche Benutzer bei der Zertifizierung und dem Test von elektrischen Geräten, die in explosiven Umgebungen eingesetzt werden. Der Hauptteil dieser Dissertation beschreibt die Vor- und Nachteile von TROLL beim Einsatz in den verschiedenen Software Engineering Phasen und den unterschiedlichen Anwendungsgebieten, wie etwa im sicherheitskritischen Bereich. Beim Start des Projektes stand bereits fest, dass die Sprache TROLL nicht alle Aspekte der Entwicklung abdecken konnte. Es war jedoch aufgrund der strengen semantischen Definition der Sprache einfach, TROLL um neue Konzepte zu erweitern. An einigen Stellen, wie z.B. bei der Realzeit muußten aber die Grenzen der Erweiterbarkeit aktzeptiert werden. Zusätzlich zeigt diese Dissertation, wie eine Kombination aus formalen Techniken und objektorientierten Ansätzen effektiv im Software Engineering eingesetzt werden kann. Softwareentwickler sollten in Zukunft nicht mehr fragen, ob sie eine formale Methode benutzen sollen, sondern eher wie sie diese in der Softwarentwicklung optimal einsetzen können. Die Arbeit gibt Ratschläge und Regeln weiter, die auf den positiven Erfahrungen bei der Entwicklung des Informationssystems der PTB basieren

A Formal Engineering Approach for Interweaving Functional and Security Requirements of RESTful Web APIs

RESTful Web API adoption has become ubiquitous with the proliferation of REST APIs in almost all domains with modern web applications embracing the micro-service architecture. This vibrant and expanding adoption of APIs, has made an increasing amount of data to be funneled through systems which require proper access management to ensure that web assets are secured. A RESTful API provides data using the HTTP protocol over the network, interacting with databases and other services and must preserve its security properties. Currently, practitioners are facing two major challenges for developing high quality secure RESTful APIs. One, REST is not a protocol. Instead, it is a set of guidelines that define how web resources can be designed and accessed over HTTP endpoints. There are a set of guidelines which stipulate how related resources should be structured using hierarchical URIs as well as how specific well-defined actions on those resources should be represented using different HTTP verbs. Whereas security has always been critical in the design of RESTful APIs, there are no clear formal models utilizing a secure-by-design approach that interweaves both the functional and security requirements. The other challenge is how to effectively utilize a model driven approach for constructing precise requirements and design specifications so that the security of a RESTFul API is considered as a concern that transcends across functionality rather than individual isolated operations.This thesis proposes a novel technique that encourages a model driven approach to specifying and verifying APIs functional and security requirements with the practical formal method SOFL (Structured-Object-Oriented Formal Language). Our proposed approach provides a generic 6 step model driven approach for designing security aware APIs by utilizing concepts of domain models, domain primitives, Ecore metamodel and SOFL. The first step involves generating a flat file with APIs resource listings. In this step, we extract resource definitions from an input RESTful API documentation written in RAML using an existing RAML parser. The output of this step is a flat file representing API resources as defined in the RAML input file. This step is fully automated. The second step involves automatic construction of an API resource graph that will work as a blue print for creating the target API domain model. The input for this step is the flat file generated from step 1 and the output is a directed graph (digraph) of API resource. We leverage on an algorithm which we created that takes a list of lists of API resource nodes and the defined API root resource node as an input, and constructs a digraph highlighting all the API resources as an output. In step 3, we use the generated digraph as a guide to manually define the API’s initial domain model as the target output with an aggregate root corresponding to the root node of the input digraph and the rest of the nodes corresponding to domain model entities. In actual sense, the generated digraph in step 2 is a barebone representation of the target domain model, but what is missing in the domain model at this stage in the distinction between containment and reference relationship between entities. The resulting domain model describes the entire ecosystem of the modeled API in the form of Domain Driven Design Concepts of aggregates, aggregate root, entities, entity relationships, value objects and aggregate boundaries. The fourth step, which takes our newly defined domain model as input, involves a threat modeling process using Attack Defense Trees (ADTrees) to identify potential security vulnerabilities in our API domain model and their countermeasures. aCountermeasures that can enforce secure constructs on the attributes and behavior of their associated domain entities are modeled as domain primitives. Domain primitives are distilled versions of value objects with proper invariants. These invariants enforce security constraints on the behavior of their associated entities in our API domain model. The output of this step is a complete refined domain model with additional security invariants from the threat modeling process defined as domain primitives in the refined domain model. This fourth step achieves our first interweaving of functional and security requirements in an implicit manner. The fifth step involves creating an Ecore metamodel that describes the structure of our API domain model. In this step, we rely on the refined domain model as input and create an Ecore metamodel that our refined domain model corresponds to, as an output. Specifically, this step encompasses structural modeling of our target RESTful API. The structural model describes the possible resource types, their attributes, and relations as well as their interface and representations. The sixth and the final step involves behavioral modeling. The input for this step is an Ecore metamodel from step 5 and the output is formal security aware RESTful API specifications in SOFL language. Our goal here is to define RESTful API behaviors that consist of actions corresponding to their respective HTTP verbs i.e., GET, POST, PUT, DELETE and PATCH. For example, CreateAction creates a new resource, an UpdateAction provides the capability to change the value of attributes and ReturnAction allows for response definition including the Representation and all metadata. To achieve behavioral modelling, we transform our API methods into SOFL processes. We take advantage of the expressive nature of SOFL processes to define our modeled API behaviors. We achieve the interweaving of functional and security requirements by injecting boolean formulas in post condition of SOFL processes. To verify whether the interweaved functional and security requirements implement all expected functions correctly and satisfy the desired security constraints, we can optionally perform specification testing. Since implicit specifications do not indicate algorithms for implementation but are rather expressed with predicate expressions involving pre and post conditions for any given specification, we can substitute all the variables involved a process with concrete values of their types with results and evaluate their results in the form of truth values true or false. When conducting specification testing, we apply SOFL process animation technique to obtain the set of concrete values of output variables for each process functional scenario. We analyse test results by comparing the evaluation results with an analysis criteria. An analysis criteria is a predicate expression representing the properties to be verified. If the evaluation results are consistent with the predicate expression, the analysis show consistency between the process specification and its associated requirement. We generate the test cases for both input and output variables based on the user requirements. The test cases generated are usually based on test targets which are predicate expressions, such as the pre and post conditions of a process. when testing for conformance of a process specification to its associated service operation, we only need to observe the execution results of the process by providing concrete input values to all of its functional scenarios and analyze their defining conditions relative to user requirements. We present an empirical case study for validating the practicality and usability of our model driven formal engineering approach by applying it in developing a Salon Booking System. A total of 32 services covering functionalities provided by the Salon Booking System API were developed. We defined process specifications for the API services with their respective security requirements. The security requirements were injected in the threat modeling and behavioral modeling phase of our approach. We test for the interweaving of functional and security requirements in the specifications generated by our approach by conducting tests relative to original RAML specifications. Failed tests were exhibited in cases where injected security measure like requirement of an object level access control is not respected i.e., object level access control is not checked. Our generated SOFL specification correctly rejects such case by returning an appropriate error message while the original RAML specification incorrectly dictates to accept such request, because it is not aware of such measure. We further demonstrate a technique for generating SOFL specifications from a domain model via model to text transformation. The model to text transformation technique semi-automates the generation of SOFL formal specification in step 6 of our proposed approach. The technique allows for isolation of dynamic and static sections of the generated specifications. This enables our technique to have the capability of preserving the static sections of the target specifications while updating the dynamic sections in response to the changes of the underlying domain model representing the RESTful API in design. Specifically, our contribution is provision of a systemic model driven formal engineering approach for design and development of secure RESTful web APIs. The proposed approach offers a six-step methodology covering both structural and behavioral modelling of APIs with a focus on security. The most distinguished merit of the model to text transformation is the utilization of the API’s domain model as well as a metamodel that the domain model corresponds to as the foundation for generation of formal SOFL specifications that is a representation of API’s functional and security requirements.博士(理学)法政大学 (Hosei University

Langley Aerospace Research Summer Scholars

The Langley Aerospace Research Summer Scholars (LARSS) Program was established by Dr. Samuel E. Massenberg in 1986. The program has increased from 20 participants in 1986 to 114 participants in 1995. The program is LaRC-unique and is administered by Hampton University. The program was established for the benefit of undergraduate juniors and seniors and first-year graduate students who are pursuing degrees in aeronautical engineering, mechanical engineering, electrical engineering, material science, computer science, atmospheric science, astrophysics, physics, and chemistry. Two primary elements of the LARSS Program are: (1) a research project to be completed by each participant under the supervision of a researcher who will assume the role of a mentor for the summer, and (2) technical lectures by prominent engineers and scientists. Additional elements of this program include tours of LARC wind tunnels, computational facilities, and laboratories. Library and computer facilities will be available for use by the participants

Building information modeling – A game changer for interoperability and a chance for digital preservation of architectural data?

Digital data associated with the architectural design-andconstruction process is an essential resource alongside -and even past- the lifecycle of the construction object it describes. Despite this, digital architectural data remains to be largely neglected in digital preservation research – and vice versa, digital preservation is so far neglected in the design-and-construction process. In the last 5 years, Building Information Modeling (BIM) has seen a growing adoption in the architecture and construction domains, marking a large step towards much needed interoperability. The open standard IFC (Industry Foundation Classes) is one way in which data is exchanged in BIM processes. This paper presents a first digital preservation based look at BIM processes, highlighting the history and adoption of the methods as well as the open file format standard IFC (Industry Foundation Classes) as one way to store and preserve BIM data

Ultra High Strength Steels for Roll Formed Automotive Body in White

One of the more recent steel developments is the quenching and partitioning process, first proposed by Speer et al. in 2003 on developing 3rd generation advanced high-strength steel (AHSS). The quenching and partitioning (Q&P) process set a new way of producing martensitic steels with enhanced austenite levels, realised through controlled thermal treatments. The main objective of the so-called 3rd generation steels was to realise comparable properties to the 2nd generation but without high alloying additions. Generally, Q&P steels have remained within lab-scale environments, with only a small number of Q&P steels produced industrially. Q&P steels are produced either by a one-step or two-step process, and the re-heating mechanism for the two-step adds additional complexities when heat treating the material industrially. The Q&P steels developed and tested throughout this thesis have been designed to achieve the desired microstructural evolution whilst fitting in with Tata’s continuous annealing processing line (CAPL) capabilities. The CALPHAD approach using a combination of thermodynamics, kinetics, and phase transformation theory with software packages ThermoCalc and JMatPro has been successfully deployed to find novel Q&P steels. The research undertaken throughout this thesis has led to two novel Q&P steels, which can be produced on CAPL without making any infrastructure changes to the line. The two novel Q&P steels show an apparent reduction in hardness mismatch, illustrated visually and numerically after nano-indentation experiments. The properties realised after Q&P heat treatments on the C-Mn-Si alloy with 0.2 Wt.% C and the C-Mn-Si alloy with the small Cr addition is superior to the commercially available QP980/1180 steels by BaoSteel. Both novel alloys had comparable levels of elongation and hole expansion ratio to QP1180 but are substantially stronger with a > 320MPa increase in tensile stress. The heat treatment is also less complex as there is no requirement to heat the steel back up after quenching due to one-step quenching and partitioning being employed on the novel alloys

NASA Tech Briefs, January 1991

Topics: New Product Ideas; NASA TU Services; Electronic Components and Circuits; Electronic Systems; Physical Sciences; Materials; Computer Programs; Mechanics; Machinery; Fabrication Technology; Mathematics and Information Sciences;Life Sciences