Model-to-model transformation approach for systematic integration of security aspects into UML 2.0 design models

Security is a challenging task in software engineering. Traditionally, security concerns are considered as an afterthought to the development process and thus are fitted into pre-existing software without the consideration of whether this would jeopardize the main functionality of the software or even produce additional vulnerabilities. Enforcing security policies should be taken care of during early phases of the software development life cycle in order to decrease the development costs and reduce the maintenance time. In addition to cost saving, this way of development will produce more reliable software since security related concepts will be considered in each step of the design. Similarly, the implications of inserting such mechanisms into the existing system's requirements will be considered as well. Since security is a crosscutting concern that pervades the entire software, integrating security solutions at the software design level may result in the scattering and tangling of security features throughout the entire design. Additionally, traditional hardening approaches are tedious and error-prone as they involve manual modifications. In this context, the need for a systematic way to integrate security concerns into the process of developing software becomes crucial. In this thesis, we define an aspect-oriented modeling approach for specifying and integrating security concerns into UML design models. The proposed approach makes use of the expertise of the software security specialist by providing him with the means to specify generic UML aspects that are going to be incorporated "weaved" into the developers' models. Model transformation mechanisms are instrumented in order to have an efficient and a fully automatic weaving process

Model-Driven Aspect-Oriented Software Security Hardening

Security is of paramount importance in software engineering. Nevertheless, security solutions are generally fitted into existing software as an afterthought phase of the development process. However, given the complexity and the pervasiveness of today's software systems, adding security as an afterthought leads to huge cost in retrofitting security into the software and further can introduce additional vulnerabilities. Furthermore, security is a crosscutting concern that pervades the entire software. Consequently, the manual addition of security solutions may result in the scattering and the tangling of security features throughout the entire software design. Additionally, adding security manually is tedious and generally may lead to other security flaws. In this context, the need for a systematic approach to integrate security practices into the early phases of the software development process becomes crucial. In this thesis, we elaborate an aspect-oriented modeling framework for software security hardening at the UML design level. More precisely, the main contributions of our research are the following: (i) We define a UML profile for the specification of security hardening mechanisms as aspects. (ii) We design and implement a weaving framework for the systematic injection of security aspects into UML design models. (iii) We explore the theoretical foundations for aspect matching and weaving. (iv) We conduct real-life case studies to demonstrate the viability and the scalability of the proposed framework

Generic reusable concern compositions

The increasing complexity of software applications requires improved software development techniques in order to cope with, a.o., software reuse and evolution, the management of heterogeneous concerns, and the retargeting of systems towards new software platforms. The introduction of AOSD (aspect-oriented software development) and the support for MDD (model-driven development) are two important and promising evolutions that can contribute to better control of software complexity. In this paper we present an AOM (Aspect-Oriented Modeling) based framework to promote and enhance the reuse of concerns expressed in UML. We have developed a prototype composition engine implemented in ATL that can be used to compose concern models specified in UML. © 2008 Springer-Verlag Berlin Heidelberg.status: publishe

Generic reusable concern compositions (GReCCo)

status: publishe

Generic reusable concern compositions (GReCCo): Description and case study

This report presents the GReCCo approach to Aspect Oriented Modeling (AOM) using Generic Reusable Concern Compositions. GReCCo offers an AOM-based framework to promote and enhance the reuse of concern models. We focus on software design patterns, which represent complete solutions to recurring concern-specific problems. We have developed a prototype generic transformation engine written in ATL that can be used to compose two concern models specified in UML. We first describe the GReCCo approach and the offered composition types. In the second part, we illustrate the GReCCo approach on a case study in the domain of Electronic Health Information and Privacy (EHIP). We start from a description of the base part of the application. On top of this application, we apply several reusable concerns using the GReCCo methodology.nrpages: 28status: publishe

Generic Reusable Concern Compositions (GReCCo): Description and Case Study

This report presents the GReCCo approach to Aspect Oriented Modeling (AOM) using Generic Reusable Concern Compositions. GReCCo offers an AOM-based framework to promote and enhance the reuse of oblivious concern models. We focus on software design patterns, which represent complete solutions to recurring concernspecific problems. We have developed a prototype generic transformation engine written in ATL that can be used to compose two concern models specified in UML. We first describe the GReCCo approach and the offered composition types. In the second part, we illustrate the GReCCo approach on a case study in the domain of Electronic Health Information and Privacy (EHIP). We start from a description of the base part of the application. On top of this application, we apply several reusable concerns using the GReCCo methodology