UML-SOA-Sec and Saleem's MDS Services Composition Framework for Secure Business Process Modelling of Services Oriented Applications

In Service Oriented Architecture (SOA) environment, a software application is a composition of services, which are scattered across enterprises and architectures. Security plays a vital role during the design, development and operation of SOA applications. However, analysis of today's software development approaches reveals that the engineering of security into the system design is often neglected. Security is incorporated in an ad-hoc manner or integrated during the applications development phase or administration phase or out sourced. SOA security is cross-domain and all of the required information is not available at downstream phases. The post-hoc, low-level integration of security has a negative impact on the resulting SOA applications. General purpose modeling languages like Unified Modeling Language (UML) are used for designing the software system; however, these languages lack the knowledge of the specific domain and "security" is one of the essential domains. A Domain Specific Language (DSL), named the "UML-SOA-Sec" is proposed to facilitate the modeling of security objectives along the business process modeling of SOA applications. Furthermore, Saleem's MDS (Model Driven Security) services composition framework is proposed for the development of a secure web service composition

Variable-Based Analysis for Traceability in Models Transformation

Model-driven development (MDD) is a software engineering approach consisting of models and their transformations. MDD gives the basic principles to visualize a software system as a set of models that are repeatedly refined until reaching a model with enough details to implement. Model-driven architecture (MDA) is the MDD view of Object Management Group. MDA main goal is to separate the system functional specification from the implementation specification on an given platform. Traceability, as a desired feature of transformations, has a major role within the paradigm since it allows the possibility to evaluate the impact at advanced stages of changes in requirement specification that were elicited early, and keeping consistency between models that guide the development, among other benefits. This paper proposes a mechanism to get traceability information from a transformation definition written in QVT language using a trace inference strategy defined ad hoc. This process is fully automated and does not depend on the execution of the transformation.Sociedad Argentina de Informática e Investigación Operativ

Traceability of Requirements and Software Architecture for Change Management

At the present day, software systems get more and more complex. The requirements of software systems change continuously and new requirements emerge frequently. New and/or modified requirements are integrated with the existing ones, and adaptations to the architecture and source code of the system are made. The process of integration of the new/modified requirements and adaptations to the software system is called change management. The size and complexity of software systems make change management costly and time consuming. To reduce the cost of changes, it is important to apply change management as early as possible in the software development cycle. Requirements traceability is considered crucial in change management for establishing and maintaining consistency between software development artifacts. It is the ability to link requirements back to stakeholders’ rationales and forward to corresponding design artifacts, code, and test cases. When changes for the requirements of the software system are proposed, the impact of these changes on other requirements, design elements and source code should be traced in order to determine parts of the software system to be changed. Determining the impact of changes on the parts of development artifacts is called change impact analysis. Change impact analysis is applicable to many development artifacts like requirements documents, detailed design, source code and test cases. Our focus is change impact analysis in requirements and software architecture. The need for change impact analysis is observed in both requirements and software architecture. When a change is introduced to a requirement, the requirements engineer needs to find out if any other requirement related to the changed requirement is impacted. After determining the impacted requirements, the software architect needs to identify the impacted architectural elements by tracing the changed requirements to software architecture. It is hard, expensive and error prone to manually trace impacted requirements and architectural elements from the changed requirements. There are tools and approaches that automate change impact analysis like IBM Rational RequisitePro and DOORS. In most of these tools, traces are just simple relations and their semantics is not considered. Due to the lack of semantics of traces in these tools, all requirements and architectural elements directly or indirectly traced from the changed requirement are candidate impacted. The requirements engineer has to inspect all these candidate impacted requirements and architectural elements to identify changes if there are any. In this thesis we address the following problems which arise in performing change impact analysis for requirements and software architecture. Explosion of impacts in requirements after a change in requirements. In practice, requirements documents are often textual artifacts with implicit structure. Most of the relations among requirements are not given explicitly. There is a lack of precise definition of relations among requirements in most tools and approaches. Due to the lack of semantics of requirements relations, change impact analysis may produce high number of false positive and false negative impacted requirements. A requirements engineer may have to analyze all requirements in the requirements document for a single change. This may result in neglecting the actual impact of a change. Manual, expensive and error prone trace establishment. Considerable research has been devoted to relating requirements and design artifacts with source code. Less attention has been paid to relating Requirements (R) with Architecture (A) by using well-defined semantics of traces. Designing architecture based on requirements is a problem solving process that relies on human experience and creativity, and is mainly manual. The software architect may need to manually assign traces between R&A. Manual trace assignment is time-consuming, expensive and error prone. The assigned traces might be incomplete and invalid. Explosion of impacts in software architecture after a change in requirements. Due to the lack of semantics of traces between R&A, change impact analysis may produce high number of false positive and false negative impacted architectural elements. A software architect may have to analyze all architectural elements in the architecture for a single requirements change. In this thesis we propose an approach that reduces the explosion of impacts in R&A. The approach employs semantic information of traces and is supported by tools. We consider that every relation between software development artifacts or between elements in these artifacts can play the role of a trace for a certain traceability purpose like change impact analysis. We choose Model Driven Engineering (MDE) as a solution platform for our approach. MDE provides a uniform treatment of software artifacts (e.g. requirements documents, software design and test documents) as models. It also enables using different formalisms to reason about development artifacts described as models. To give an explicit structure to requirements documents and treat requirements, architecture and traces in a uniform way, we use metamodels and models with formally defined semantics. The thesis provides the following contributions: A modeling language for definition of requirements models with formal semantics. The language is defined according to the MDE principles by defining a metamodel. It is based on a survey about the most commonly found requirements types and relation types. With this language, the requirements engineer can explicitly specify the requirements and the relations among them. The semantics of these entities is given in First Order Logic (FOL) and allows two activities. First, new relations among requirements can be inferred from the initial set of relations. Second, requirements models can be automatically checked for consistency of the relations. Tool for Requirements Inferencing and Consistency Checking (TRIC) is developed to support both activities. The defined semantics is used in a technique for change impact analysis in requirements models. A change impact analysis technique for requirements using semantics of requirements relations and requirements change types. The technique aims at solving the problem of explosion of impacts in requirements when semantics of requirements relations is missing. The technique uses formal semantics of requirements relations and requirements change types. A classification of requirements changes based on the structure of a textual requirement is given and formalized. The semantics of requirements change types is based on FOL. We support three activities for impact analysis. First, the requirements engineer proposes changes according to the change classification before implementing the actual changes. Second, the requirements engineer indentifies the propagation of the changes to related requirements. The change alternatives in the propagation are determined based on the semantics of change types and requirements relations. Third, possible contradicting changes are identified. We extend TRIC with a support for these activities. The tool automatically determines the change propagation paths, checks the consistency of the changes, and suggests alternatives for implementing the change. A technique that provides trace establishment between R&A by using architecture verification and semantics of traces. It is hard, expensive and error prone to manually establish traces between R&A. We present an approach that provides trace establishment by using architecture verification together with semantics of requirements relations and traces. We use a trace metamodel with commonly used trace types. The semantics of traces is formalized in FOL. Software architectures are expressed in the Architecture Analysis and Design Language (AADL). AADL is provided with a formal semantics expressed in Maude. The Maude tool set allows simulation and verification of architectures. The first way to establish traces is to use architecture verification techniques. A given requirement is reformulated as a property in terms of the architecture. The architecture is executed and a state space is produced. This execution simulates the behavior of the system on the architectural level. The property derived from the requirement is checked by the Maude model checker. Traces are generated between the requirement and the architectural components used in the verification of the property. The second way to establish traces is to use the requirements relations together with the semantics of traces. Requirements relations are reflected in the connections among the traced architectural elements based on the semantics of traces. Therefore, new traces are inferred from existing traces by using requirements relations. We use semantics of requirements relations and traces to both generate/validate traces and generate/validate requirements relations. There is a tool support for our approach. The tool provides the following: (1) generation/validation of traces by using requirements relations and/or verification of architecture, (2) generation/validation of requirements relations by using traces. A change impact analysis technique for software architecture using architecture verification and semantics of traces between R&A. The software architect needs to identify the impacted architectural elements after requirements change. We present a change impact analysis technique for software architecture using architecture verification and semantics of traces. The technique is semi-automatic and requires participation of the software architect. Our technique has two parts. The first part is to identify the architectural elements that implement the system properties to which proposed requirements changes are introduced. By having the formal semantics of requirements relations and traces, we identify which parts of software architecture are impacted by a proposed change in requirements. We have extended TRIC for determining candidate impacted architectural elements. The second part of our technique is to propose possible changes for software architecture when the software architecture does not satisfy the new and/or changed requirements. The technique is based on architecture verification. The output of verification is a counter example if the requirements are not satisfied. The counter example is used with a classification of architectural changes in order to propose changes in the software architecture. These changes produce a new version of the architecture that possibly satisfies the new or the changed requirements

An interactive metaheuristic search framework for software serviceidentification from business process models

In recent years, the Service-Oriented Architecture (SOA) model of computing has become widely used and has provided efficient and agile business solutions in response to inevitable and rapid changes in business requirements. Software service identification is a crucial component in the production of a service-oriented architecture and subsequent successful software development, yet current service identification methods have limitations. For example, service identification methods are either not sufficiently comprehensive to handle the totality of service identification activities, or they lack computational support, or they pay insufficient attention to quality checks of resulting services. To address these limitations, comprehensive computationally intelligent support for software engineers when deriving software services from an organisation’s business process models shows great potential, especially when the impact of human preference on the quality of the resulting solutions can be incorporated. Accordingly, this research attempts to apply interactive metaheuristic search to effectively bridge the gap between business and SOA technology and so increase business agility.A novel, comprehensive framework is introduced that is driven by domain independent role-based business process models, and uses an interactive metaheuristic search-based service identification approach based on a genetic algorithm, while adhering to SOA principles. Termed BPMiSearch, the framework is composed of three main layers. The first layer is concerned with processing inputs from business process models into search space elements by modelling input data and presenting them at an appropriate level of granularity. The second layer focuses on identifying software services from the specified search space. The third layer refines the resulting services to map the business elements in the resulting candidate services to the corresponding service components. The proposed BPMiSearch framework has been evaluated by applying it to a healthcare domain case study, specifically, Cancer Care and Registration (CCR) business processes at the King Hussein Cancer Centre, Amman, Jordan.Experiments show that the impact of software engineer interaction on the quality of the outcomes in terms of search effectiveness, efficiency, and level of user satisfaction, is assessed. Results show that BPMiSearch has rapid search performance to positively support software engineers in the identification of services from role-based business process models while adhering to SOA principles. High-quality services are identified that might not have been arrived at manually by software engineers. Furthermore, it is found that BPMiSearch is sensitive and responsive to software engineer interaction resulting in a positive level of user trust, acceptance, and satisfaction with the candidate services

Software development in the post-PC era : towards software development as a service

PhD ThesisEngineering software systems is a complex task which involves various stakeholders and requires planning and management to succeed. As the role of software in our daily life is increasing, the complexity of software systems is increasing. Throughout the short history of software engineering as a discipline, the development practises and methods have rapidly evolved to seize opportunities enabled by new technologies (e.g., the Internet) and to overcome economical challenges (e.g., the need for cheaper and faster development). Today, we are witnessing the Post-PC era. An era which is characterised by mobility and services. An era which removes organisational and geographical boundaries. An era which changes the functionality of software systems and requires alternative methods for conceiving them. In this thesis, we envision to execute software development processes in the cloud. Software processes have a software production aspect and a management aspect. To the best of our knowledge, there are no academic nor industrial solutions supporting the entire software development process life-cycle(from both production and management aspects and its tool-chain execution in the cloud. Our vision is to use the cloud economies of scale and leverage Model-Driven Engineering (MDE) to integrate production and management aspects into the development process. Since software processes are seen as workflows, we investigate using existing Workflow Management Systems to execute software processes and we find that these systems are not suitable. Therefore, we propose a reference architecture for Software Development as a Service (SDaaS). The SDaaS reference architecture is the first proposal which fully supports development of complex software systems in the cloud. In addition to the reference architecture, we investigate three specific related challenges and propose novel solutions addressing them. These challenges are: Modelling & enacting cloud-based executable software processes. Executing software processes in the cloud can bring several benefits to software develop ment. In this thesis, we discuss the benefits and considerations of cloud-based software processes and introduce a modelling language for modelling such processes. We refer to this language as EXE-SPEM. It extends the Software and Systems Process Engineering (SPEM2.0) OMG standard to support creating cloudbased executable software process models. Since EXE-SPEM is a visual modelling language, we introduce an XML notation to represent EXE-SPEM models in a machine-readable format and provide mapping rules from EXE-SPEM to this notation. We demonstrate this approach by modelling an example software process using EXE-SPEM and mapping it to the XML notation. Software process models expressed in this XML format can then be enacted in the proposed SDaaS architecture. Cost-e cient scheduling of software processes execution in the cloud. Software process models are enacted in the SDaaS architecture as workflows. We refer to them sometimes as Software Workflows. Once we have executable software process models, we need to schedule them for execution. In a setting where multiple software workflows (and their activities) compete for shared computational resources (workflow engines), scheduling workflow execution becomes important. Workflow scheduling is an NP-hard problem which refers to the allocation of su cient resources (human or computational) to workflow activities. The schedule impacts the workflow makespan (execution time) and cost as well as the computational resources utilisation. The target of the scheduling is to reduce the process execution cost in the cloud without significantly a ecting the process makespan while satisfying the special requirements of each process activity (e.g., executing on a private cloud). We adapt three workflow scheduling algorithms to fit for SDaaS and propose a fourth one; the Proportional Adaptive Task Schedule. The algorithms are then evaluated through simulation. The simulation results show that the our proposed algorithm saves between 19.74% and 45.78% of the execution cost, provides best resource (VM) utilisation and provides the second best makespan compared to the other presented algorithms. Evaluating the SDaaS architecture using a case study from the safety-critical systems domain. To evaluate the proposed SDaaS reference architecture, we instantiate a proof-of-concept implementation of the architecture. This imple mentation is then used to enact safety-critical processes as a case study. Engineering safety-critical systems is a complex task which involves multiple stakeholders. It requires shared and scalable computation to systematically involve geographically distributed teams. In this case study, we use EXE-SPEM to model a portion of a process (namely; the Preliminary System Safety Assessment - PSSA) adapted from the ARP4761 [2] aerospace standard. Then, we enact this process model in the proof-of-concept SDaaS implementation. By using the SDaaS architecture, we demonstrate the feasibility of our approach and its applicability to di erent domains and to customised processes. We also demonstrate the capability of EXE-SPEM to model cloud-based executable processes. Furthermore, we demonstrate the added value of the process models and the process execution provenance data recorded by the SDaaS architecture. This data is used to automate the generation of safety cases argument fragments. Thus, reducing the development cost and time. Finally, the case study shows that we can integrate some existing tools and create new ones as activities used in process models. The proposed SDaaS reference architecture (combined with its modelling, scheduling and enactment capabilities) brings the benefits of the cloud to software development. It can potentially save software production cost and provide an accessible platform that supports collaborating teams (potentially across di erent locations). The executable process models support unified interpretation and execution of processes across team(s) members. In addition, the use of models provide managers with global awareness and can be utilised for quality assurance and process metrics analysis and improvement. We see the contributions provided in this thesis as a first step towards an alternative development method that uses the benefits of cloud and Model-Driven Engineering to overcome existing challenges and open new opportunities. However, there are several challenges that are outside the scope of this study which need to be addressed to allow full support of the SDaaS vision (e.g., supporting interactive workflows). The solutions provided in this thesis address only part of a bigger vision. There is also a need for empirical and usability studies to study the impact of the SDaaS architecture on both the produced products (in terms of quality, cost, time, etc.) and the participating stakeholders

Considerations about quality in model-driven engineering

The final publication is available at Springer via http://dx.doi.org/10.1007/s11219-016-9350-6The virtue of quality is not itself a subject; it depends on a subject. In the software engineering field, quality means good software products that meet customer expectations, constraints, and requirements. Despite the numerous approaches, methods, descriptive models, and tools, that have been developed, a level of consensus has been reached by software practitioners. However, in the model-driven engineering (MDE) field, which has emerged from software engineering paradigms, quality continues to be a great challenge since the subject is not fully defined. The use of models alone is not enough to manage all of the quality issues at the modeling language level. In this work, we present the current state and some relevant considerations regarding quality in MDE, by identifying current categories in quality conception and by highlighting quality issues in real applications of the model-driven initiatives. We identified 16 categories in the definition of quality in MDE. From this identification, by applying an adaptive sampling approach, we discovered the five most influential authors for the works that propose definitions of quality. These include (in order): the OMG standards (e.g., MDA, UML, MOF, OCL, SysML), the ISO standards for software quality models (e.g., 9126 and 25,000), Krogstie, Lindland, and Moody. We also discovered families of works about quality, i.e., works that belong to the same author or topic. Seventy-three works were found with evidence of the mismatch between the academic/research field of quality evaluation of modeling languages and actual MDE practice in industry. We demonstrate that this field does not currently solve quality issues reported in industrial scenarios. The evidence of the mismatch was grouped in eight categories, four for academic/research evidence and four for industrial reports. These categories were detected based on the scope proposed in each one of the academic/research works and from the questions and issues raised by real practitioners. We then proposed a scenario to illustrate quality issues in a real information system project in which multiple modeling languages were used. For the evaluation of the quality of this MDE scenario, we chose one of the most cited and influential quality frameworks; it was detected from the information obtained in the identification of the categories about quality definition for MDE. We demonstrated that the selected framework falls short in addressing the quality issues. Finally, based on the findings, we derive eight challenges for quality evaluation in MDE projects that current quality initiatives do not address sufficiently.F.G, would like to thank COLCIENCIAS (Colombia) for funding this work through the Colciencias Grant call 512-2010. This work has been supported by the Gene-ralitat Valenciana Project IDEO (PROMETEOII/2014/039), the European Commission FP7 Project CaaS (611351), and ERDF structural funds.Giraldo-Velásquez, FD.; España Cubillo, S.; Pastor López, O.; Giraldo, WJ. (2016). Considerations about quality in model-driven engineering. Software Quality Journal. 1-66. https://doi.org/10.1007/s11219-016-9350-6S166(1985). Iso information processing—documentation symbols and conventions for data, program and system flowcharts, program network charts and system resources charts. ISO 5807:1985(E) (pp. 1–25).(2011). Iso/iec/ieee systems and software engineering – architecture description. ISO/IEC/IEEE 42010:2011(E) (Revision of ISO/IEC 42010:2007 and IEEE Std 1471-2000) (pp. 1–46).Abran, A., Moore, J.W., Bourque, P., Dupuis, R., & Tripp, L.L. (2013). Guide to the Software Engineering Body of Knowledge (SWEBOK) version 3 public review. IEEE. ISO Technical Report ISO/IEC TR 19759.Agner, L.T.W., Soares, I.W., Stadzisz, P.C., & Simão, J.M. (2013). A brazilian survey on {UML} and model-driven practices for embedded software development. Journal of Systems and Software, 86(4), 997–1005. {SI} : Software Engineering in Brazil: Retrospective and Prospective Views.Amstel, M.F.V. (2010). The right tool for the right job: assessing model transformation quality. pages 69–74. Affiliation: Eindhoven University of Technology, P.O. Box 513, 5600 MB, Eindhoven, Netherlands. Cited By (since 1996):1.Aranda, J., Damian, D., & Borici, A. (2012). Transition to model-driven engineering: what is revolutionary, what remains the same?. In Proceedings of the 15th international conference on model driven engineering languages and systems, MODELS’12 (pp. 692–708). Berlin, Heidelberg: Springer.Arendt, T., & Taentzer, G. (2013). A tool environment for quality assurance based on the eclipse modeling framework. Automated Software Engineering, 20(2), 141–184.Atkinson, C., Bunse, C., & Wüst, J. (2003). Driving component-based software development through quality modelling, volume 2693. Cited By (since 1996):3.Baker, P., Loh, S., & Weil, F. (2005). Model-driven engineering in a large industrial context—motorola case study. In Briand, L., & Williams, C. (Eds.) Model Driven Engineering Languages and Systems, volume 3713 of Lecture Notes in Computer Science (pp. 476–491). Berlin, Heidelberg: Springer.Barišić, A., Amaral, V., Goulão, M., & Barroca, B. (2011). Quality in use of domain-specific languages: a case study. In Proceedings of the 3rd ACM SIGPLAN workshop on evaluation and usability of programming languages and tools, PLATEAU ’11 (pp. 65–72). New York: ACM.Becker, J., Bergener, P., Breuker, D., & Rackers, M. (2010). Evaluating the expressiveness of domain specific modeling languages using the bunge-wand-weber ontology. In 2010 43rd Hawaii international conference on system sciences (HICSS) (pp. 1–10).Bertrand Portier, L.A. (2009). Model driven development misperceptions and challenges.Bézivin, J., & Kurtev, I. (2005). Model-based technology integration with the technical space concept. In Proceedings of the Metainformatics Symposium: Springer.Brambilla, M. (2016). How mature is of model-driven engineering as an engineering discipline @ONLINE.Brambilla, M., & Fraternali, P. (2014). Large-scale model-driven engineering of web user interaction: The webml and webratio experience. Science of Computer Programming, 89 Part B(0), 71 – 87. Special issue on Success Stories in Model Driven Engineering.Brown, A. (2009). Simple and practical model driven architecture (mda) @ONLINE.Bruel, J.-M., Combemale, B., Ober, I., & Raynal, H. (2015). Mde in practice for computational science. Procedia Computer Science, 51, 660–669.Budgen, D., Burn, A.J., Brereton, O.P., Kitchenham, B.A., & Pretorius, R. (2011). Empirical evidence about the uml: a systematic literature review. Software: Practice and Experience, 41(4), 363–392.Burden, H., Heldal, R., & Whittle, J. (2014). Comparing and contrasting model-driven engineering at three large companies. In Proceedings of the 8th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM ’14 (pp. 14:1–14:10). New York: ACM.Cabot, J. Has mda been abandoned (by the omg)?Cabot, J. (2009). Modeling will be commonplace in three years time @ONLINE.Cachero, C., Poels, G., Calero, C., & Marhuenda, Y. (2007). Towards a Quality-Aware Engineering Process for the Development of Web Applications. Working Papers of Faculty of Economics and Business Administration, Ghent University, Belgium 07/462, Ghent University, Faculty of Economics and Business Administration.Challenger, M., Kardas, G., & Tekinerdogan, B. (2015). A systematic approach to evaluating domain-specific modeling language environments for multi-agent systems. Software Quality Journal, 1–41.Chaudron, M.V., Heijstek, W., & Nugroho, A. (2012). How effective is uml modeling? Software & Systems Modeling, 11(4), 571–580. J2: Softw Syst Model.Chenouard, R., Granvilliers, L., & Soto, R. (2008). Model-driven constraint programming. pages 236–246. Affiliation: CNRS, LINA, Universit de Nantes, France; Affiliation: Pontificia Universidad Catlica de, Valparaiso, Chile. Cited By (since 1996):8.Clark, T., & Muller, P.-A. (2012). Exploiting model driven technology: a tale of two startups. Software and Systems Modeling, 11(4), 481–493.Corneliussen, L. (2008). What do you think of model-driven software development?Costal, D., Gómez, C., & Guizzardi, G. (2011). Formal semantics and ontological analysis for understanding subsetting, specialization and redefinition of associations in uml. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 6998 LNCS:189–203. cited By (since 1996)3.Cruz-Lemus, J.A., Maes, A., Género, M., Poels, G., & Piattini, M. (2010). The impact of structural complexity on the understandability of uml statechart diagrams. Information Sciences, 180(11), 2209–2220. Cited By (since 1996):14.Cuadrado, J.S., Izquierdo, J.L.C., & Molina, J.G. (2014). Applying model-driven engineering in small software enterprises. Science of Computer Programming, 89 Part B(0), 176 – 198. Special issue on Success Stories in Model Driven Engineering.Da Silva, A.R. (2015). Model-driven engineering: a survey supported by the unified conceptual model. Computer Languages Systems and Structures, 43, 139–155.Da Silva Teixeira, D.G.M., Quirino, G.K., Gailly, F., De Almeida Falbo, R., Guizzardi, G., & Perini Barcellos, M. (2016). PoN-S: a Systematic Approach for Applying the Physics of Notation (PoN), (pp. 432–447). Cham: Springer International Publishing.Davies, I., Green, P., Rosemann, M., Indulska, M., & Gallo, S. (2006). How do practitioners use conceptual modeling in practice? Data and Knowledge Engineering, 58(3), 358 – 380. Including the special issue : {ER} 2004ER 2004.Davies, J., Milward, D., Wang, C.-W., & Welch, J. (2015). Formal model-driven engineering of critical information systems. Science of Computer Programming, 103(0), 88 – 113. Selected papers from the First International Workshop on Formal Techniques for Safety-Critical Systems (FTSCS 2012).De Oca, I.M.-M., Snoeck, M., Reijers, H.A., & Rodríguez-Morffi, A. (2015). A systematic literature review of studies on business process modeling quality. Information and Software Technology, 58, 187–205.DenHaan, J. (2009). 8 reasons why model driven development is dangerous @ONLINE.DenHaan, J. (2010). Model driven engineering vs the commando pattern @ONLINE.DenHaan, J. (2011a). Why aren’t we all doing model driven development yet @ONLINE.DenHaan, J. (2011b). Why there is no future model driven development @ONLINE.Di Ruscio, D., Iovino, L., & Pierantonio, A. (2013). Managing the coupled evolution of metamodels and textual concrete syntax specifications. cited By (since 1996)0.Dijkman, R.M., Dumas, M., & Ouyang, C. (2008). Semantics and analysis of business process models in {BPMN}. Information and Software Technology, 50(12), 1281–1294.Domínguez-Mayo, F.J., Escalona, M.J., Mejías, M., Ramos, I., & Fernández, L. (2011). A framework for the quality evaluation of mdwe methodologies and information technology infrastructures. International Journal of Human Capital and Information Technology Professionals, 2(4), 11–22.Domínguez-Mayo, F.J., Escalona, M.J., Mejías, M., & Torres, A.H. (2010). A quality model in a quality evaluation framework for mdwe methodologies. pages 495–506. Affiliation: Departamento de Lenguajes y Sistemas Informíticos, University of Seville, Seville, Spain., Cited By (since 1996):1.Dubray, J.-J. (2011). Why did mde miss the boat?.Escalona, M.J., Gutiérrez, J.J., Pérez-Pérez, M., Molina, A., Domínguez-Mayo, E., & Domínguez-Mayo, F.J. (2011). Measuring the Quality of Model-Driven Projects with NDT-Quality, (pp. 307–317). New York: Springer.Espinilla, M., Domínguez-Mayo, F.J., Escalona, M.J., Mejías, M., Ross, M., & Staples, G. (2011). A Method Based on AHP to Define the Quality Model of QuEF (Vol. 123, pp. 685–694). Berlin, Heidelberg: Springer.Fabra, J., Castro, V.D., Álvarez, P., & Marcos, E. (2012). Automatic execution of business process models: exploiting the benefits of model-driven engineering approaches. Journal of Systems and Software, 85(3), 607–625. Novel approaches in the design and implementation of systems/software architecture.Falkenberg, E.D., Hesse, W., Lindgreen, P., Nilsson, B.E., Oei, J.L.H., Rolland, C., Stamper, R.K., Assche, F.J.M.V., Verrijn-Stuart, A.A., & Voss, K. (1996). Frisco: a framework of information system concepts. Technical report, The IFIP WG 8. 1 Task Group FRISCO.Fettke, P., Houy, C., Vella, A.-L., & Loos, P. (2012). Towards the Reconstruction and Evaluation of Conceptual Model Quality Discourses – Methodical Framework and Application in the Context of Model Understandability, volume 113 of Lecture Notes in Business Information Processing, chapter 28, pages 406–421, Springer, Berlin, Heidelberg.Finnie, S. (2015). Modeling community: Are we missing something?Fournier, C. (2008). Is uml [email protected], R., & Rumpe, B. (2007). Model-driven development of complex software: a research roadmap. In Future of Software Engineering, 2007, FOSE ’07 (pp. 37–54).Gallego, M., Giraldo, F.D., & Hitpass, B. (2015). Adapting the pbec-otss software selection approach for bpm suites: an application case. In 2015 34th International Conference of the Chilean Computer Science Society (SCCC) (pp. 1–10).Galvão, I., & Goknil, A. (2007). Survey of traceability approaches in model-driven engineering. cited By (since 1996)22.Giraldo, F., España, S., Giraldo, W., & Pastor, O. (2015). Modelling language quality evaluation in model-driven information systems engineering: a roadmap. In 2015 IEEE 9th International Conference on Research Challenges in Information Science (RCIS) (pp. 64–69).Giraldo, F., España, S., & Pastor, O. (2014). Analysing the concept of quality in model-driven engineering literature: a systematic review. In 2014 IEEE Eighth International Conference on Research Challenges in Information Science (RCIS) (pp. 1–12).Giraldo, F.D., España, S., & Pastor, O. (2016). Evidences of the mismatch between industry and academy on modelling language quality evaluation. arXiv: 1606.02025 .González, C., & Cabot, J. (2014). Formal verification of static software models in mde: a systematic review. Information and Software Technology, 56(8), 821–838. cited By (since 1996)0.González, C.A., Büttner, F., Clarisó, R., & Cabot, J. (2012). Emftocsp: a tool for the lightweight verification of emf models. pages 44–50. Affiliation: cole des Mines de Nantes, INRIA, LINA, Nantes, France; Affiliation: Universitat Oberta de Catalunya, Barcelona, Spain. Cited By (since 1996):1.Gorschek, T., Tempero, E., & Angelis, L. (2014). On the use of software design models in software development practice: an empirical investigation. Journal of Systems and Software, 95(0), 176– 193.Goulão, M., Amaral, V., & Mernik, M. (2016). Quality in model-driven engineering: a tertiary study. Software Quality Journal, 1–33.Grobshtein, Y., & Dori, D. (2011). Generating sysml views from an opm model: design and evaluation. Systems Engineering, 14(3), 327–340.Haan, J.d. (2008). 8 reasons why model-driven approaches (will) fail.Harel, D., & Rumpe, B. (2000). Modeling languages: Syntax, semantics and all that stuff, part i: The basic stuff, Israel. Technical report Jerusalem Israel.Harel, D., & Rumpe, B. (2004). Meaningful modeling: what’s the semantics of semantics? Computer, 37(10), 64–72.Hebig, R., & Bendraou, R. (2014). On the need to study the impact of model driven engineering on software processes. In Proceedings of the 2014 International Conference on Software and System Process, ICSSP 2014 (pp. 164–168). New York: ACM.Heidari, F., & Loucopoulos, P. (2014). Quality evaluation framework (qef): modeling and evaluating quality of business processes. International Journal of Accounting Information Systems, 15(3), 193–223. Business Process Modeling.Heymans, P., Schobbens, P.Y., Trigaux, J.C., Bontemps, Y., Matulevicius, R., & Classen, A. (2008). Evaluating formal properties of feature diagram languages. Software, IET, 2(3), 281–302. ID 2.Hindawi, M., Morel, L., Aubry, R., & Sourrouille, J.-L. (2009). Description and Implementation of a UML Style Guide (Vol. 5421, pp. 291–302). Berlin: Springer.Hoang, D. (2012). Current limitations of mdd and its implications @ONLINE.Hodges, W. (2013). Model theory Zalta, E.N. (Ed.) The Stanford Encyclopedia of Philosophy. Fall 2013 edition.Hutchinson, J., Rouncefield, M., & Whittle, J. (2011a). Model-driven engineering practices in industry. In Proceedings of the 33rd International Conference on Software Engineering, ICSE’11 (pp. 633–642). New York: ACM.Hutchinson, J., Whittle, J., & Rouncefield, M. (2014). Model-driven engineering practices in industry: social, organizational and managerial factors that lead to success or failure. Science of Computer Programming, 89 Part B(0), 144–161. Special issue on Success Stories in Model Driven Engineering.Hutchinson, J., Whittle, J., Rouncefield, M., & Kristoffersen, S. (2011b). Empirical assessment of mde in industry. In Proceedings of the 33rd International Conference on Software Engineering, ICSE’11 (pp. 471–480). New York: ACM.Igarza, I.M.H., Boada, D.H.G., & Valdés, A.P. (2012). Una introducción al desarrollo de software dirigido por modelos. Serie Científica, 5(3).ISO/IEC (2001). ISO/IEC 9126. Software engineering—Product quality. ISO/IEC.Izurieta, C., Rojas, G., & Griffith, I. (2015). Preemptive management of model driven technical debt for improving software quality. In Proceedings of the 11th International ACM SIGSOFT Conference on Quality of Software Architectures, QoSA’15 (pp. 31–36). New York: ACM.Jalali, S., & Wohlin, C. (2012). Systematic literature studies: Database searches vs. backward snowballing. In Proceedings of the ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM’12 (pp. 29–38). New York: ACM.Kahraman, G., & Bilgen, S. (2013). A framework for qualitative assessment of domain-specific languages. Software & Systems Modeling, 1–22.Kessentini, M., Langer, P., & Wimmer, M. (2013). Searching models, modeling search: On the synergies of sbse and mde (pp. 51–54).Kitchenham, B., & Charters, S. (2007). Guidelines for performing Systematic Literature Reviews in Software Engineering. Technical Report EBSE 2007-001, Keele University and Durham University Joint Report.Kitchenham, B., Pfleeger, S., Pickard, L., Jones, P., Hoaglin, D., El Emam, K., & Rosenberg, J. (2002). Preliminary guidelines for empirical research in software engineering. IEEE Transactions on Software Engineering, 28(8), 721–734.Klinke, M. (2008). Do you use mda/mdd/mdsd, any kind of model-driven approach? Will it be the future?Köhnlein, J. (2013). Eclipse diagram editors from a user’s perspective.Kolovos, D.S., Paige, R.F., & Polack, F.A. (2008). The grand challenge of scalability for model driven engineering. In Models in Software Engineering (pp. 48–53): Springer.Kolovos, D.S., Rose, L.M., Matragkas, N., Paige, R.F., Guerra, E., Cuadrado, J.S., De Lara, J., Ráth, I., Varró, D., Tisi, M., & Cabot, J. (2013). A research roadmap towards achieving scalability in model driven engineering. In Proceedings of the Workshop on Scalability in Model Driven Engineering, BigMDE’13 (pp. 2:1–2:10). New York: ACM.Krill, P. (2016). Uml to be ejected from microsoft visual studio (infoworld).Krogstie, J. (2012a). Model-based development and evolution of information systems: a quality approach, Springer Publishing Company, Incorporated.Krogstie, J. (2012b). Quality of modelling languages, (pp. 249–280). London: Springer.Krogstie, J. (2012c). Quality of models, (pp. 205–247). London: Springer.Krogstie, J. (2012d). Specialisations of SEQUAL, (pp. 281–326). London: Springer.Krogstie, J., Lindland, O.I., & Sindre, G. (1995). Defining quality aspects for conceptual models. In Proceedings of the IFIP International Working Conference on Information System Concepts: Towards a Consolidation of Views (pp. 216–231). London: Chapman & Hall, Ltd.Kruchten, P. (2000). The rational unified process: an introduction, 2nd edn. Boston: Addison-Wesley Longman Publishing Co., Inc.Kruchten, P., Nord, R., & Ozkaya, I. (2012). Technical debt: from metaphor to theory and practice. Software, IEEE, 29(6), 18–21.Kulkarni, V., Reddy, S., & Rajbhoj, A. (2010). Scaling up model driven engineering – experience and lessons learnt. In Petriu, D., Rouquette, N., & Haugen, y. (Eds.) Model Driven Engineering Languages and Systems, volume 6395 of Lecture Notes in Computer Science (pp. 331–345). Berlin, Heidelberg: Springer.Laguna, M.A., & Marqués, J.M. (2010). Uml support for designing software product lines: the package merge mechanism, 16(17), 2313–2332.Lange, C. (2007a). Model size matters. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 4364 LNCS:211–216. cited By (since 1996)1.Lange, C., & Chaudron, M. (2005). Managing Model Quality in UML-Based Software Development. In 13th IEEE International Workshop on Technology and Engineering Practice, 2005 (pp. 7–16).Lange, C., Chaudron, M.R.V., Muskens, J., Somers, L.J., & Dortmans, H.M. (2003). An empirical investigation in quantifying inconsistency and incompleteness of uml designs. In Incompleteness of UML Designs, Proceedings Workshop on Consistency Problems in UML-based Software Development, 6th International Conference on Unified Modeling Language, UML, 2003.Lange, C., DuBois, B., Chaudron, M., & Demeyer, S. (2006). An experimental investigation of uml modeling conventions. In Nierstrasz, O., Whittle, J., Harel, D., & Reggio, G. (Eds.) Model Driven Engineering Languages and Systems, volume 4199 of Lecture Notes in Computer Science (pp. 27–41). Berlin, Heidelberg: Springer.Lange, C.F.J., & Chaudron, M.R.V. (2006). Effe

AutoTaSC : Model driven development for autonomic software engineering

Whilst much research progress has been achieved towards the development of autonomic software engineering tools and techniques including: policy-based management, modelbased development, service-oriented architecture and model driven architecture. They have often focused on and started from chosen object-oriented models of required software behaviour, rather than domain model including user intentions and/or software goals. Such an approach is often reported to lead to "misalignment" between business process layer and their associated computational enabling systems. This is specifically noticeable in adaptive and evolving business systems and/or processes settings. To address this long-standing problem research has over the years investigated many avenues to close the gap between business process modelling and the generation of enactment (computation) layer, which is responsive to business changes. Within this problem domain, this research sets out to study the extension of the Model Driven Development (MOD) paradigm to business/domain model, that is, how to raise the abstraction level of model-driven software development to the domain level and provide model synchronisation to trace and analyse the impact of a given model change. The main contribution of this research is the development of a MOD-based design method for autonomic systems referred to as AutoTaSC. The latter consists of a series of related models, where each of which represents the system under development at a given stage. The first and highest level model represents the abstract model referred to as the Platform Independent Model (PIM). The next model encapsulates the PIM model for the autonomic system where the autonomic capabilities and required components (such as monitor, sensor, actuator, analyser, policy, etc.) are added via some appropriate transformation rules. Targeting a specific technology involves adding, also via transformation rules, specific information related to that platform from which the Platform Specific Model (PSM) for the autonomic system is extracted. In the last stage, code can be generated for the specific platform or technology targeted in the previous stage, web services for instance. In addition, the AutoTaSC method provides a situated model synchronisation mechanism, which is designed following the autonomic systems principles. For instance, to guarantee model synchronisation each model from each AutoTaSC stage has an associated policy-based feedback control loop, which regulates its reaction to detected model change. Thus, AutaTase method model transformation approach to drive model query, view and synchronisation. The Auto'Iast? method was evaluated using a number of benchmark case-studies to test this research hypothesis including the effectiveness and generality of AutaTaSe design method

UML-SOA-Sec and Saleem’s MDS Services Composition Framework for Secure Business Process Modelling of Services Oriented Applications

In Service Oriented Architecture (SOA) environment, a software application is a composition of services, which are scattered across enterprises and architectures. Security plays a vital role during the design, development and operation of SOA applications. However, analysis of today’s software development approaches reveals that the engineering of security into the system design is often neglected. Security is incorporated in an ad-hoc manner or integrated during the applications development phase or administration phase or out sourced. SOA security is cross-domain and all of the required information is not available at downstream phases. The post-hoc, low-level integration of security has a negative impact on the resulting SOA applications. General purpose modeling languages like Unified Modeling Language (UML) are used for designing the software system; however, these languages lack the knowledge of the specific domain and “security” is one of the essential domains. A Domain Specific Language (DSL), named the “UML-SOA-Sec” is proposed to facilitate the modeling of security objectives along the business process modeling of SOA applications. Furthermore, Saleem’s MDS (Model Driven Security) services composition framework is proposed for the development of a secure web service composition

Quality-aware model-driven service engineering

Service engineering and service-oriented architecture as an integration and platform technology is a recent approach to software systems integration. Quality aspects ranging from interoperability to maintainability to performance are of central importance for the integration of heterogeneous, distributed service-based systems. Architecture models can substantially influence quality attributes of the implemented software systems. Besides the benefits of explicit architectures on maintainability and reuse, architectural constraints such as styles, reference architectures and architectural patterns can influence observable software properties such as performance. Empirical performance evaluation is a process of measuring and evaluating the performance of implemented software. We present an approach for addressing the quality of services and service-based systems at the model-level in the context of model-driven service engineering. The focus on architecture-level models is a consequence of the black-box character of services