2,062 research outputs found
UML-SOA-Sec and Saleem's MDS Services Composition Framework for Secure Business Process Modelling of Services Oriented Applications
In Service Oriented Architecture (SOA) environment, a software application is a
composition of services, which are scattered across enterprises and architectures.
Security plays a vital role during the design, development and operation of SOA
applications. However, analysis of today's software development approaches reveals
that the engineering of security into the system design is often neglected. Security is
incorporated in an ad-hoc manner or integrated during the applications development
phase or administration phase or out sourced. SOA security is cross-domain and all of
the required information is not available at downstream phases. The post-hoc, low-level
integration of security has a negative impact on the resulting SOA applications. General
purpose modeling languages like Unified Modeling Language (UML) are used for
designing the software system; however, these languages lack the knowledge of the
specific domain and "security" is one of the essential domains. A Domain Specific
Language (DSL), named the "UML-SOA-Sec" is proposed to facilitate the modeling of
security objectives along the business process modeling of SOA applications.
Furthermore, Saleem's MDS (Model Driven Security) services composition framework
is proposed for the development of a secure web service composition
Embedding Requirements within the Model Driven Architecture
The Model Driven Architecture (MDA) brings benefits to software development, among them the potential for connecting software models with the business domain. This paper focuses on the upstream or Computation Independent Model (CIM) phase of the MDA. Our contention is that, whilst there are many models and notations available within the CIM Phase, those that are currently popular and supported by the Object Management Group (OMG), may not be the most useful notations for business analysts nor sufficient to fully support software requirements and specification.
Therefore, with specific emphasis on the value of the Business Process Modelling Notation (BPMN) for business analysts, this paper provides an example of a typical CIM approach before describing an approach which incorporates specific requirements techniques. A framework extension to the MDA is then introduced; which embeds requirements and specification within the CIM, thus further enhancing the utility of MDA by providing a more complete method for business analysis
A Catalog of Reusable Design Decisions for Developing UML/MOF-based Domain-specific Modeling Languages
In model-driven development (MDD), domain-specific modeling languages (DSMLs) act as a communication vehicle for aligning the requirements of domain experts with the needs of software engineers. With the rise of the UML as a de facto standard, UML/MOF-based DSMLs are now widely used for MDD. This paper documents design decisions collected from 90 UML/MOF-based DSML projects. These recurring design decisions were gained, on the one hand, by performing a systematic literature review (SLR) on the development of UML/MOF-based DSMLs. Via the SLR, we retrieved 80 related DSML projects for review. On the other hand, we collected decisions from developing ten DSML projects by ourselves. The design decisions are presented in the form of reusable decision records, with each decision record corresponding to a decision point in DSML development processes. Furthermore, we also report on frequently observed (combinations of) decision options as well as on associations between options which may occur within a single decision point or between two decision points. This collection of decision-record documents targets decision makers in DSML development (e.g., DSML engineers, software architects, domain experts).Series: Technical Reports / Institute for Information Systems and New Medi
Protocol for a Systematic Literature Review on Design Decisions for UML-based DSMLs
Series: Technical Reports / Institute for Information Systems and New Medi
Non-functional properties in the model-driven development of service-oriented systems
Systems based on the service-oriented architecture (SOA) principles have become an important cornerstone of the development of enterprise-scale software applications. They are characterized by separating functions into distinct software units, called services, which can be published, requested and dynamically combined in the production of business applications. Service-oriented systems (SOSs) promise high flexibility, improved maintainability, and simple re-use of functionality. Achieving these properties requires an understanding not only of the individual artifacts of the system but also their integration. In this context, non-functional aspects play an important role and should be analyzed and modeled as early as possible in the development cycle. In this paper, we discuss modeling of non-functional aspects of service-oriented systems, and the use of these models for analysis and deployment. Our contribution in this paper is threefold. First, we show how services and service compositions may be modeled in UML by using a profile for SOA (UML4SOA) and how non-functional properties of service-oriented systems can be represented using the non-functional extension of UML4SOA (UML4SOA-NFP) and the MARTE profile. This enables modeling of performance, security and reliable messaging. Second, we discuss formal analysis of models which respect this design, in particular we consider performance estimates and reliability analysis using the stochastically timed process algebra PEPA as the underlying analytical engine. Last but not least, our models are the source for the application of deployment mechanisms which comprise model-to-model and model-to-text transformations implemented in the framework VIATRA. All techniques presented in this work are illustrated by a running example from an eUniversity case study
Modelling Security of Critical Infrastructures: A Survivability Assessment
Critical infrastructures, usually designed to handle disruptions caused by human errors or random acts of nature, define assets whose normal operation must be guaranteed to maintain its essential services for human daily living. Malicious intended attacks to these targets need to be considered during system design. To face these situations, defence plans must be developed in advance. In this paper, we present a Unified Modelling Language profile, named SecAM, that enables the modelling and security specification for critical infrastructures during the early phases (requirements, design) of system development life cycle. SecAM enables security assessment, through survivability analysis, of different security solutions before system deployment. As a case study, we evaluate the survivability of the Saudi Arabia crude-oil network under two different attack scenarios. The stochastic analysis, carried out with Generalized Stochastic Petri nets, quantitatively estimates the minimization of attack damages on the crude-oil network
Threat Modelling with Stride and UML
Threat modelling as part of risk analysis is seen as an essential part of secure systems development. Microsoftâs Security Development Lifecycle (SDL) is a well-known software development method that places security at the forefront of product initiation, design and implementation. As part of SDL, threat modelling produces data flow diagrams (DFDs) as key artefacts and uses those diagrams as mappings with STRIDE to identify threats. This paper uses a standard case study to illustrate the effects of using an alternative process model (UML activity diagrams) with STRIDE and suggests that using a more modern process diagram can generate a more effective threat model
- âŠ