Refactoring OCL annotated UML class diagrams

Refactoring of UML class diagrams is an emerging research topic and heavily inspired by refactoring of program code written in object-oriented implementation languages. Current class diagram refactoring techniques concentrate on the diagrammatic part but neglect OCL constraints that might become syntactically incorrect by changing the underlying class diagram. This paper formalizes the most important refactoring rules for class diagrams and classifies them with respect to their impact on attached OCL constraints. For refactoring rules that have an impact on OCL constraints, we formalize the necessary changes of the attached constraints. Our refactoring rules are specified in a graph-grammar inspired formalism. They have been implemented as QVT transformation rules. We finally discuss for our refactoring rules the problem of syntax preservation and show, by using the KeY-system, how this can be resolve

Model refactoring using transformations

Modern software is reaching levels of complexity encountered in biological systems; sometimes comprising systems of systems each of which may include tens of millions of lines of code. Model Driven Engineering (MDE) advocates raising the level of abstraction as an instrument to deal with software complexity. It promotes usage of software models as primary artifacts in a software development process. Traditionally, these MDE models are specified by Unified Modeling Language (UML) or by a modeling language created for a specific domain. However, in the vast area of software engineering there are other techniques used to improve quality of software under development. One of such techniques is refactoring which represents introducing structured changes in software in order to improve its readability, extensibility, and maintainability, while preserving behavior of the software. The main application area for refactorings is still programming code, despite the fact that modeling languages and techniques has significantly gained in popularity, in recent years. The main topic of this thesis is making an alliance between the two virtually orthogonal techniques: software modeling and refactoring. In this thesis we have investigated how to raise the level of abstraction of programming code refactorings to the modeling level. This resulted in a catalog of model refactorings each specified as a model transformation rule. In addition, we have investigated synchronization problems between different models used to describe one software system, i.e. when one model is refactored what is the impact on all dependent models and how this impact can be formalized. We have concentrated on UML class diagrams as domain of refactorings. As models dependent on class diagrams, we have selected Object Constraint Language (OCL) annotations, and object diagrams. This thesis formalizes the most important refactoring rules for UML class diagrams and classifies them with respect to their impact on object diagrams and annotated OCL constraints. For refactoring rules that have an impact on dependent artifacts we formalize the necessary changes of these artifacts. Moreover, in this thesis, we present a simple criterion and a proof technique for the semantic preservation of refactoring rules that are defined for UML class and object diagrams, and OCL constraints. In order to be able to prove semantic preservation, we propose a model transformation approach to specify the semantics of constraint languages

A program logic for higher-order procedural variables and non-local jumps

Relying on the formulae-as-types paradigm for classical logic, we define a program logic for an imperative language with higher-order procedural variables and non-local jumps. Then, we show how to derive a sound program logic for this programming language. As a by-product, we obtain a non-dependent type system which is more permissive than what is usually found in statically typed imperative languages. As a generic example, we encode imperative versions of delimited continuations operators shift and reset

Deductive Verification of Concurrent Programs and its Application to Secure Information Flow for Java

Formal verification of concurrent programs still poses a major challenge in computer science. Our approach is an adaptation of the modular rely/guarantee methodology in dynamic logic. Besides functional properties, we investigate language-based security. Our verification approach extends naturally to multi-threaded Java and we present an implementation in the KeY verification system. We propose natural extensions to JML regarding both confidentiality properties and multi-threaded programs

Implementation-level analysis of cryptographic protocols and their applications to e-voting systems

Formal verification of security properties of both cryptographic operations, such as encryption, and protocols based on them, such as TLS, has been the goal of a substantial research effort in the last three decades. One fundamental limitation in the verification of these security properties is that analyses are typically carried out at the design level and hence they do not provide reliable guarantees on the implementations of these operations/protocols. To overcome this limitation, in this thesis we aim at establishing formally justified cryptographic guarantees directly at the implementation level for systems that are coded in Java and use cryptography. Our approach is based on a general framework for the cryptographic verification of Java programs (the CVJ framework) which formally links cryptographic indistinguishability properties and noninterference properties. In this way, it enables existing tools that can check standard noninterference properties, but a priori cannot deal with cryptography, to also establish cryptographic privacy properties for Java systems. The CVJ framework is stated and proven for a Java-like formal language which however does not cover all the data types and features commonly used in Java programs. Moreover, the framework originally supports only one cryptographic operation, namely public-key encryption. The first contribution of this thesis is hence to extend and to instantiate the CVJ framework in order to make it more widely applicable. We extend the underlying formal language with some features of Java which have not been captured yet, such as concurrency, and we restate and prove all the results of the framework to carry them over into this extended language. We then further instantiate the framework with additional cryptographic operations: digital signatures and public-key encryption, both now also including a public-key infrastructure, (private) symmetric encryption, and nonce generation. The methods and techniques developed within the CVJ framework are relevant and applicable independently of any specific tool employed. However, to illustrate the usefulness of this approach, we apply the framework along with two verification tools for Java programs, namely the fully automated static checker Joana and the interactive theorem prover KeY, to establish strong cryptographic privacy properties for systems which use cryptography, such as client-server applications and e-voting systems. In this context, the second major contribution of this thesis is the design, the implementation, and the deployment of a novel remote voting system called sElect (secure/simple elections). sElect is designed to be particularly simple and lightweight in terms of its structure, the cryptography it uses, and the user experience. One of its unique features is a fully automated procedure which does not require any user interaction and it is triggered as soon as voters look at the election result, allowing them to verify that their vote has been properly counted. The component of sElect which provides vote privacy is implemented in Java such that we can establish cryptographic guarantees directly on its implementation: by combining the techniques of the CVJ framework with a hybrid approach for proving noninterference, we are able to show that the Java implementation ensures strong cryptographic privacy of the votes cast with our proposed voting system. sElect is therefore the first full-fledged e-voting system with strong cryptographic security guarantees not only at the design level, but also on its implementation

Automatisches Klassifizieren : Verfahren zur Erschliessung elektronischer Dokumente

Automatic classification of text documents refers to the computerized allocation of class numbers from existing classification schemes to natural language texts by means of suitable algorithms. Based upon a comprehensive literature review, this thesis establishes an informed and up-to-date view of the applicability of automatic classification for the subject approach to electronic documents, particularly to Web resources. Both methodological aspects and the experiences drawn from relevant projects and applications are covered. Concerning methodology, the present state-of-the-art comprises a number of statistical approaches that rely on machine learning; these methods use pre-classified example documents for establishing a model - the "classifier" - which is then used for classifying new documents. However, the four large-scale projects conducted in the 1990s by the Universities of Lund, Wolverhampton and Oldenburg, and by OCLC (Dublin, OH), still used rather simple and more traditional methodological approaches. These projects are described and analyzed in detail. As they made use of traditional library classifications their results are significant for LIS, even if no permanent quality services have resulted from these endeavours. The analysis of other relevant applications and projects reveals a number of attempts to use automatic classification for document processing in the fields of patent and media documentation. Here, semi-automatic solutions that support human classifiers are preferred, due to the yet unsatisfactory classification results obtained by fully automated systems. Other interesting implementations include Web portals, search engines and (commercial) information services, whereas only little interest has been shown in the automatic classification of books and bibliographic records. In the concluding part of the study the author discusses the most significant applications and projects, and also addresses several problems and issues in the context of automatic classification

An investigation of interoperability issues between authorisation systems within web services

The existing authorisation systems within the context of Web Services mainly apply two access control approaches – Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). The RBAC approach links an authenticated Web Service Requester to its specific access control permission through roles, but RBAC is not flexible enough to cater for some cases where extra attribute information is needed in addition to the identity. By contrast, the ABAC approach has more flexibility, as it allows a Web Service Requester to submit necessary credentials containing extra attribute information that can fulfil the policies declared by a Web Service Provider, which aims to protect the sensitive resources/services.RBAC and ABAC can only help to establish a unilateral trust relationship between two Web Services to enable a Web Service Provider to make an access control decision. Unfortunately, the nature of Web Services presents a high probability that two Web Services may not know each other. Therefore, successful authorisation may fail, if the Web Service Requester does not trust the Web Service Provider.Trust Negotiation (TN) is also an access control approach, which can provide a bilateral trust relationship between two unknown entities, so it sometimes can enable authorisation success in situations where success is not possible through RBAC or ABAC approaches. However, interoperability issues will arise between authorisation systems within Web Services, where a bilateral trust-based authorisation solution is applied. In addition, a lack of a unified approach that can address the interoperability issues remains as a research problem. This research aims to explore possible factors causing the lack of interoperability first, and then to explore an approach that can address the interoperability issues. The main contributions of this research are an improved interoperability model illustrating interoperability issues at different layers of abstraction, and a novel interoperability-solution design along with an improved TN protocol as an example of utilising this design to provide interoperability between authorisation systems within Web Services

Normalisierung und partielle Auswertung von funktional-logischen Programmen

This thesis deals with the development of a normalization scheme and a partial evaluator for the functional logic programming language Curry. The functional logic programming paradigm combines the two most important fields of declarative programming, namely functional and logic programming. While functional languages provide concepts such as algebraic data types, higher-order functions or demanddriven evaluation, logic languages usually support a non-deterministic evaluation and a built-in search for results. Functional logic languages finally combine these two paradigms in an integrated way, hence providing multiple syntactic constructs and concepts to facilitate the concise notation of high-level programs. However, both the variety of syntactic constructs and the high degree of abstraction complicate the translation into efficient target programs. To reduce the syntactic complexity of functional logic languages, a typical compilation scheme incorporates a normalization phase to subsequently replace complex constructs by simpler ones until a minimal language subset is reached. While the individual transformations are usually simple, they also have to be correctly combined to make the syntactic constructs interact in the intended way. The efficiency of normalized programs can then be improved by means of different optimization techniques. A very powerful optimization technique is the partial evaluation of programs. Partial evaluation basically anticipates the execution of certain program fragments at compile time and computes a semantically equivalent program, which is usually more efficient at run time. Since partial evaluation is a fully automatic optimization technique, it can also be incorporated into the normal compilation scheme of programs. Nevertheless, this also requires termination of the optimization process, which establishes one of the main challenges for partial evaluation besides semantic equivalence. In this work we consider the language Curry as a representative of the functional logic programming paradigm. We develop a formal representation of the normalization process of Curry programs into a kernel language, while respecting the interference of different language constructs. We then define the dynamic semantics of this kernel language, before we subsequently develop a partial evaluation scheme and show its correctness and termination. Due to the previously described normalization process, this scheme is then directly applicable to arbitrary Curry programs. Furthermore, the implementation of a practical partial evaluator is sketched based on the partial evaluation scheme, and its applicability and usefulness is documented by a variety of typical partial evaluation examples