Abstract Interactions and Interaction Refinement in Model-Driven Design

In a model-driven design process the interaction between application parts can be described at various levels of platform-independence. At the lowest level of platform-independence, interaction is realized by interaction mechanisms provided by specific middleware platforms. At higher levels of platform-independence, interaction must be described in such a way that it can be further refined and realized onto a number of different middleware platforms, each with its particular interaction mechanisms and implementation constraints. In this paper, we investigate concepts that support interaction design at various levels of middleware-platform-independence. Also, we propose design operations for interaction refinement. The application of these operations to source designs results in target designs that take into account implementation constraints imposed by platforms, while preserving characteristics prescribed in source designs

The role of the RM-ODP computational viewpoint concepts in the MDA approach

An MDA design approach should be able to accommodate designs at different levels of platform-independence. We have proposed a design approach previously (in [2]), which allows these levels to be identified. An important feature of this approach is the notion of abstract platform. An abstract platform is determined by the platform characteristics that are relevant for applications at a certain level of platform-independence, and must be established by considering various design goals. In this paper, we define a framework that makes it possible to use RM-ODP concepts in our MDA design approach. This framework allows a recursive application of the computational viewpoint at different levels of platform-independence. This is obtained by equating the RM-ODP notion of infrastructure to our notion of abstract platform

A Threat Table Based Approach to Telemedicine Security

Information security within healthcare is paramount and telemedicine applications present unique security challenges. Technology is giving rise to new and advanced telemedicine applications and understanding the security threats to these applications is needed to ensure, among other things, the privacy of patient information. This paper presents a high level analysis of a telemedicine application in order to better understand the security threats to this unique and vulnerable environment. This risk analysis is performed using the concept of threat tables. This case study focuses on the capture and representation of salient security threats in telemedicine. To analyze the security threats to an application, we present a threat modeling framework utilizing a table driven approach. Our analysis reveals that even in a highly controlled environment with static locations, the security risks posed by telemedicine applications are significant, and that using a threat table approach provides an easy-to-use and effective method for managing these threats

Real-time distributed systems dimensioning and validation: The TURTLE method

The TURTLE language and toolkit offer a UML framework for service description, protocol modeling and communication architecture validation. The method associated with TURTLE uses an architectural design pattern where two or several protocol entities rely on a pre-existing communication service. Modeling the pre-existing service with empirical values is error-prone and hampers large space exploration during the communication architecture validation. The paper relies on the Network Calculus theory to parameterizes the service with realistic upper bounds. The revisited TURTLE method includes a dimensioning step between the requirement and analysis steps. This new step is based on a "Dimensioning Diagram" that describes the network in terms of traffic and equipments behavior, and a "Dimensioning-oriented Use Case Diagram" that categorizes the flows conveyed by the network. The paper applies this method to a video conference system as example

Security-Driven Software Evolution Using A Model Driven Approach

High security level must be guaranteed in applications in order to mitigate risks during the deployment of information systems in open network environments. However, a significant number of legacy systems remain in use which poses security risks to the enterprise’ assets due to the poor technologies used and lack of security concerns when they were in design. Software reengineering is a way out to improve their security levels in a systematic way. Model driven is an approach in which model as defined by its type directs the execution of the process. The aim of this research is to explore how model driven approach can facilitate the software reengineering driven by security demand. The research in this thesis involves the following three phases. Firstly, legacy system understanding is performed using reverse engineering techniques. Task of this phase is to reverse engineer legacy system into UML models, partition the legacy system into subsystems with the help of model slicing technique and detect existing security mechanisms to determine whether or not the provided security in the legacy system satisfies the user’s security objectives. Secondly, security requirements are elicited using risk analysis method. It is the process of analysing key aspects of the legacy systems in terms of security. A new risk assessment method, taking consideration of asset, threat and vulnerability, is proposed and used to elicit the security requirements which will generate the detailed security requirements in the specific format to direct the subsequent security enhancement. Finally, security enhancement for the system is performed using the proposed ontology based security pattern approach. It is the stage that security patterns derived from security expertise and fulfilling the elicited security requirements are selected and integrated in the legacy system models with the help of the proposed security ontology. The proposed approach is evaluated by the selected case study. Based on the analysis, conclusions are drawn and future research is discussed at the end of this thesis. The results show this thesis contributes an effective, reusable and suitable evolution approach for software security

Elementos para a construção de uma cadeia de verificação para o projeto TopCased

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-graduação em Automação e SistemasAnalisando a história dos sistemas embarcados, podemos dividi-la em dois momentos. Em um primeiro momento, a origem dos problemas destes sistemas provinha, na grande maioria dos casos, da parte física chamada hardware. A partir dos anos 60, graças à chegada dos circuitos integrados, desenvolvidos para o Programa Espacial Americano, a parte física dos sistemas se tornou mais confiável. Nós últimos 20 anos, devido à complexidade inerente ao desenvolvimento dos softwares para sistemas embarcados, estes se tornaram a origem da maior parte dos erros. Uma das grandes dificuldades no desenvolvimento destes softwares é assegurar um funcionamento correto (de acordo com as especificações). A fim de reduzir a incidência de erros, a indústria passou a estudar o uso de métodos formais para auxiliar o desenvolvimento destes sistemas complexos. Estas técnicas auxiliam o processo decisório porque permitem afirmar antes de implementar o protótipo se uma dada especificação será cumprida ou não pelo sistema. Entretanto, a verificação formal ainda não é largamente empregada no ambiente industrial devido à dificuldade no intercâmbio de informações entre as linguagens de modelagem de alto nível (UML, AADL, SDL, etc) e as ferramentas de verificação formal. Esta dificuldade é decorrente da falta de uma semântica formal para estas linguagens de modelagem largamente utilizadas pela indústria. Além disto, cada ferramenta de verificação trabalha com formalismos matemáticos diferentes, não havendo uma fácil integração entre elas. Outro fator importante é que não podemos afirmar que existe um formalismo único capaz de atender a todas as necessidades de um sistema complexo. Isto implica que sistemas futuros vão cada vez mais requerer uma combinação de métodos baseados em modelos, tais como sistema de transição, álgebra de processos, lógica temporal, entre outros. Estas restrições impõem à indústria a necessidade de desenvolver uma ferramenta de tradução de modelos para cada par linguagem-formalismo empregado. A fim de facilitar este intercâmbio de informações entre as diferentes linguagens de modelagem e as ferramentas de verificação formais existentes - tais como TINA (Time Petri Net Analyser), CADP (Construction and Analysis of Distributed Processes), entre outras - o projeto TOPCASED (Toolkit in Open-Source for Critical Application & Systems Development) desenvolveu uma arquitetura de verificação original, que promove a transformação de modelos entre os diferentes níveis. Esta transformação é simplificada pelo advento de uma linguagem intermediária formal chamada FIACRE (Format Intermédiaire pour les Architectures de Composants Répartis Embarqués). Dentro deste contexto, as atividades desenvolvidas neste trabalho fazem parte da especificação e operacionalização da linguagem FIACRE do projeto TOPCASED. A primeira atividade apresentada neste trabalho é o estudo preliminar da tradução entre SDL e FIACRE para auxiliar na especificação da linguagem FIACRE. A segunda atividade consiste inicialmente na proposição de um esquema conceitual para a tradução de FIACRE para o formalismo matemático TTS (Sistema de Transições Temporizadas), e posteriormente na sua implementação na forma de um compilador (front-end) para a ferramenta TINA. Por último, um exemplo de verificação de sistema é apresentado com o intuito de demonstrar as vantagens das ferramentas que fazem parte do projeto TOPCASED

Enabling High-Level Application Development in the Internet of Things

International audienceThe sensor networking field is evolving into the Internet of Things~(IoT), owing in large part to the increased availability of consumer sensing devices, including modern smart phones. However, application development in the IoT still remains challenging, since it involves dealing with several related issues, such as lack of proper identification of roles of various stakeholders, as well as lack of suitable (high-level) abstractions to address the large scale and heterogeneity in IoT systems. Although the software engineering community has proposed several approaches to address the above in the general case, existing approaches for IoT application development only cover limited subsets of above mentioned challenges. In this paper, we propose a multi-stage model-driven approach for IoT application development based on a precise definition of the role to be played by each stakeholder involved in the process -- domain expert, application designer, application developer, device developer, and network manager. The abstractions provided to each stakeholder are further customized using the inputs provided in the earlier stages by other stakeholders. We have also implemented code-generation and task-mapping techniques to support our approach. Our initial evaluation based on two realistic scenarios shows that the use of our techniques/framework succeeds in improving productivity in the IoT application development process

Interface refactoring in performance-constrained web services

This paper presents the development of REF-WS an approach to enable a Web Service provider to reliably evolve their service through the application of refactoring transformations. REF-WS is intended to aid service providers, particularly in a reliability and performance constrained domain as it permits upgraded ’non-backwards compatible’ services to be deployed into a performance constrained network where existing consumers depend on an older version of the service interface. In order for this to be successful, the refactoring and message mediation needs to occur without affecting functional compatibility with the services’ consumers, and must operate within the performance overhead expected of the original service, introducing as little latency as possible. Furthermore, compared to a manually programmed solution, the presented approach enables the service developer to apply and parameterize refactorings with a level of confidence that they will not produce an invalid or ’corrupt’ transformation of messages. This is achieved through the use of preconditions for the defined refactorings

Performance modelling for system-level design

xii+208hlm.;24c