Development of service-oriented architectures using model-driven development : a mapping study

Context: Model-Driven Development (MDD) and Service-Oriented Architecture (SOA) are two challenging research areas in software engineering. MDD is about improving software development whilst SOA is a service-based conceptual development style, therefore investigating the available proposals in the literature to use MDD when developing SOA may be insightful. However, no studies have been found with this purpose. Objective: This work aims at assessing the state of the art in MDD for SOA systems. It mainly focuses on: what are the characteristics of MDD approaches that support SOA; what types of SOA are supported; how do they handle non-functional requirements. Method: We conducted a mapping study following a rigorous protocol. We identified the representative set of venues that should be included in the study. We applied a search string over the set of selected venues. As result, 129 papers were selected and analysed (both frequency analysis and correlation analysis) with respect to the defined classification criteria derived from the research questions. Threats to validity were identified and mitigated whenever possible. Results: The analysis allows us to answer the research questions. We highlight: (1) predominance of papers from Europe and written by researchers only; (2) predominance of top-down transformation in software development activities; (3) inexistence of consolidated methods; (4) significant percentage of works without tool support; (5) SOA systems and service compositions more targeted than single services and SOA enterprise systems; (6) limited use of metamodels; (7) very limited use of NFRs; and (8) limited application in real cases. Conclusion: This mapping study does not just provide the state of the art in the topic, but also identifies several issues that deserve investigation in the future, for instance the need of methods for activities other than software development (e.g., migration) or the need of conducting more real case studies.Peer ReviewedPostprint (author's final draft

Automatic tactical network node configuration with XML and SNMP, Journal of Telecommunications and Information Technology, 2008, nr 2

In the paper, we describe a "plug-and-play" configuration of nodes of a tactical network on the basis of XML configuration templates and a network plan, developed during the network planning process. We present the concept of a configuration repository, an XML-based database that stores network structure and configuration data, and describe how the Simple Network Management Protocol is used to apply the settings to network devices. We also comment on a possible use of the next-generation NETCONF protocol for such a task

UML-SOA-Sec and Saleem's MDS Services Composition Framework for Secure Business Process Modelling of Services Oriented Applications

In Service Oriented Architecture (SOA) environment, a software application is a composition of services, which are scattered across enterprises and architectures. Security plays a vital role during the design, development and operation of SOA applications. However, analysis of today's software development approaches reveals that the engineering of security into the system design is often neglected. Security is incorporated in an ad-hoc manner or integrated during the applications development phase or administration phase or out sourced. SOA security is cross-domain and all of the required information is not available at downstream phases. The post-hoc, low-level integration of security has a negative impact on the resulting SOA applications. General purpose modeling languages like Unified Modeling Language (UML) are used for designing the software system; however, these languages lack the knowledge of the specific domain and "security" is one of the essential domains. A Domain Specific Language (DSL), named the "UML-SOA-Sec" is proposed to facilitate the modeling of security objectives along the business process modeling of SOA applications. Furthermore, Saleem's MDS (Model Driven Security) services composition framework is proposed for the development of a secure web service composition

UML-SOA-Sec and Saleem’s MDS Services Composition Framework for Secure Business Process Modelling of Services Oriented Applications

In Service Oriented Architecture (SOA) environment, a software application is a composition of services, which are scattered across enterprises and architectures. Security plays a vital role during the design, development and operation of SOA applications. However, analysis of today’s software development approaches reveals that the engineering of security into the system design is often neglected. Security is incorporated in an ad-hoc manner or integrated during the applications development phase or administration phase or out sourced. SOA security is cross-domain and all of the required information is not available at downstream phases. The post-hoc, low-level integration of security has a negative impact on the resulting SOA applications. General purpose modeling languages like Unified Modeling Language (UML) are used for designing the software system; however, these languages lack the knowledge of the specific domain and “security” is one of the essential domains. A Domain Specific Language (DSL), named the “UML-SOA-Sec” is proposed to facilitate the modeling of security objectives along the business process modeling of SOA applications. Furthermore, Saleem’s MDS (Model Driven Security) services composition framework is proposed for the development of a secure web service composition

A Privacy-Aware Access Control Model for Distributed Network Monitoring

International audienceIn this paper, we introduce a new access control model that aims at addressing the privacy implications surrounding network monitoring. In fact, despite its importance, network monitoring is natively leakage-prone and, moreover, this is exacerbated due to the complexity of the highly dynamic monitoring procedures and infrastructures, that may include multiple traffic observation points, distributed mitigation mechanisms and even inter-operator cooperation. Conceived on the basis of data protection legislation, the proposed approach is grounded on a rich in expressiveness information model, that captures all the underlying monitoring concepts along with their associations. The model enables the specification of contextual authorisation policies and expressive separation and binding of duty constraints. Finally, two key innovations of our work consist in the ability to define access control rules at any level of abstraction and in enabling a verification procedure, which results in inherently privacy-aware workflows, thus fostering the realisation of the Privacy by Design vision