185,903 research outputs found

    Threats Management Throughout the Software Service Life-Cycle

    Full text link
    Software services are inevitably exposed to a fluctuating threat picture. Unfortunately, not all threats can be handled only with preventive measures during design and development, but also require adaptive mitigations at runtime. In this paper we describe an approach where we model composite services and threats together, which allows us to create preventive measures at design-time. At runtime, our specification also allows the service runtime environment (SRE) to receive alerts about active threats that we have not handled, and react to these automatically through adaptation of the composite service. A goal-oriented security requirements modelling tool is used to model business-level threats and analyse how they may impact goals. A process flow modelling tool, utilising Business Process Model and Notation (BPMN) and standard error boundary events, allows us to define how threats should be responded to during service execution on a technical level. Throughout the software life-cycle, we maintain threats in a centralised threat repository. Re-use of these threats extends further into monitoring alerts being distributed through a cloud-based messaging service. To demonstrate our approach in practice, we have developed a proof-of-concept service for the Air Traffic Management (ATM) domain. In addition to the design-time activities, we show how this composite service duly adapts itself when a service component is exposed to a threat at runtime.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

    Semantic model-driven development of web service architectures.

    Get PDF
    Building service-based architectures has become a major area of interest since the advent of Web services. Modelling these architectures is a central activity. Model-driven development is a recent approach to developing software systems based on the idea of making models the central artefacts for design representation, analysis, and code generation. We propose an ontology-based engineering methodology for semantic model-driven composition and transformation of Web service architectures. Ontology technology as a logic-based knowledge representation and reasoning framework can provide answers to the needs of sharable and reusable semantic models and descriptions needed for service engineering. Based on modelling, composition and code generation techniques for service architectures, our approach provides a methodological framework for ontology-based semantic service architecture

    CSP design model and tool support

    Get PDF
    The CSP paradigm is known as a powerful concept for designing and analysing the architectural and behavioural parts of concurrent software. Although the theory of CSP is useful for mathematicians, the programming language occam has been derived from CSP that is useful for any engineering practice. Nowadays, the concept of occam/CSP can be used for almost every object-oriented programming language. This paper describes a tree-based description model and prototype tool that elevates the use of occam/CSP concepts at the design level and performs code generation to Java, C, C++, and machine-readable CSP for the level of implementation. The tree-based description model can be used to browse through the generated source code. The tool is a kind of browser that is able to assist modern workbenches (like Borland Builder, Microsoft Visual C++ and 20-SIM) with coding concurrency. The tool will guide the user through the design trajectory using support messages and several semantic and syntax rule checks. The machine-readable CSP can be read by FDR, enabling more advanced analysis on the design. Early experiments with the prototype tool show that the browser concept, combined with the tree-based description model, enables a user-friendly way to create a design using the CSP concepts and benefits. The design tool is available from our URL, http://www.rt.el.utwente.nl/javapp

    Discovery and Selection of Certified Web Services Through Registry-Based Testing and Verification

    Get PDF
    Reliability and trust are fundamental prerequisites for the establishment of functional relationships among peers in a Collaborative Networked Organisation (CNO), especially in the context of Virtual Enterprises where economic benefits can be directly at stake. This paper presents a novel approach towards effective service discovery and selection that is no longer based on informal, ambiguous and potentially unreliable service descriptions, but on formal specifications that can be used to verify and certify the actual Web service implementations. We propose the use of Stream X-machines (SXMs) as a powerful modelling formalism for constructing the behavioural specification of a Web service, for performing verification through the generation of exhaustive test cases, and for performing validation through animation or model checking during service selection

    A Unified Approach for Representing Structurally-Complex Models in SBML Level 3

    Get PDF
    The aim of this document is to explore a unified approach to handling several of the proposed extensions to the SBML Level 3 Core specification. The approach is illustrated with reference to Simile, a modelling environment which appears to have most of the capabilities of the various SBML Level 3 package proposals which deal with model structure. Simile (http://www.simulistics.com) is a visual modelling environment for continuous systems modelling which includes the ability to handle complex disaggregation of model structure, by allowing the modeller to specify classes of object and the relationships between them.

The note is organised around the 6 packages listed on the SBML Level 3 Proposals web page (http://sbml.org/Community/Wiki/SBML_Level_3_Proposals) which deal with model structure, namely comp, arrays, spatial, geom, dyn and multi. For each one, I consider how the requirements which motivated the package can be handled using Simile's unified approach. Although Simile has a declarative model-representation language (in both Prolog and XML syntax), I use Simile diagrams and equation syntax throughout, since this is more compact and readable than large chunks of XML.

The conclusion is that Simile can indeed meet most of the requirements of these various packages, using a generic set of constructs - basically, the multiple-instance submodel, the concept of a relationship (association) between submodels, and array variables. This suggests the possibility of having a single SBML Level 3 extension package similar to the Simile data model, rather than a series of separate packages. Such an approach has a number of potential advantages and disadvantages compared with having the current set of discrete packages: these are discussed in this paper

    Embedding Requirements within the Model Driven Architecture

    Get PDF
    The Model Driven Architecture (MDA) brings benefits to software development, among them the potential for connecting software models with the business domain. This paper focuses on the upstream or Computation Independent Model (CIM) phase of the MDA. Our contention is that, whilst there are many models and notations available within the CIM Phase, those that are currently popular and supported by the Object Management Group (OMG), may not be the most useful notations for business analysts nor sufficient to fully support software requirements and specification. Therefore, with specific emphasis on the value of the Business Process Modelling Notation (BPMN) for business analysts, this paper provides an example of a typical CIM approach before describing an approach which incorporates specific requirements techniques. A framework extension to the MDA is then introduced; which embeds requirements and specification within the CIM, thus further enhancing the utility of MDA by providing a more complete method for business analysis
    corecore