Tool Support for DFD-UML Model-Based Transformations

This paper presents a model-based approach that combines the data-flow and object-oriented computing paradigms to model embedded systems. The rationale behind the approach is that both views are important for modelling purposes in embedded systems environments, and thus a combined and integrated usage is not only useful, but also fundamental for developing complex systems. We also show that by using models we were able to implement automated transformations between different views of the system under design. We exemplify the approach with an IPv6 router case study.HPY Research Foundation; CIMO - HH-02-383; Fundação para a Ciência e Tecnologia; Fundo Europeu de Desenvolvimento Regional - Project METHODES: Methodologies and Tools for Developing Complex Real-Time Embedded Systems (POSI/37334/CHS/2001)

Integration of DFDs into a UML - based model-driven engineering approach

The main aim of this article is to discuss how the functional and the object-oriented views can be inter-played to represent the various modeling perspectives of embedded systems.We discuss whether the object-oriented modeling paradigm, the predominant one to develop software at the present time, is also adequate for modeling embedded software and how it can be used with the functional paradigm.More specifically, we present how the main modeling tool of the traditional structured methods, data flow diagrams, can be integrated in an object-oriented development strategy based on the unified modeling language. The rationale behind the approach is that both views are important for modeling purposes in embedded systems environments, and thus a combined and integrated model is not only useful, but also fundamental for developing complex systems. The approach was integrated in amodel-driven engineering process, where tool support for the models used was provided. In addition, model transformations have been specified and implemented to automate the process.We exemplify the approach with an IPv6 router case study.FEDER -Fundação para a Ciência e a Tecnologia(HH-02-383

Using AToM3 as a Meta-CASE Tool

This is an electronic version of the paper presented at the 4th International Conference on Enterprise Information Systems, held in Ciudad Real on 200

MDA-based ATL transformation to generate MVC 2 web models

Development and maintenance of Web application is still a complex and error-prone process. We need integrated techniques and tool support for automated generation of Web systems and a ready prescription for easy maintenance. The MDA approach proposes an architecture taking into account the development and maintenance of large and complex software. In this paper, we apply MDA approach for generating PSM from UML design to MVC 2Web implementation. That is why we have developed two meta-models handling UML class diagrams and MVC 2 Web applications, then we have to set up transformation rules. These last are expressed in ATL language. To specify the transformation rules (especially CRUD methods) we used a UML profiles. To clearly illustrate the result generated by this transformation, we converted the XMI file generated in an EMF (Eclipse Modeling Framework) model.Comment: International Journal of Computer Science & Information Technology-201

Using ontology for the representational analysis of process modelling techniques

Selecting an appropriate business process modelling technique forms an important task within the methodological challenges of a business process management project. While a plethora of available techniques has been developed over the last decades, there is an obvious shortage of well-accepted reference frameworks that can be used to evaluate and compare the capabilities of the different techniques. Academic progress has been made at least in the area of representational analyses that use ontology as a benchmark for such evaluations. This paper reflects on the comprehensive experiences with the application of a model based on the Bunge ontology in this context. A brief overview of the underlying research model characterizes the different steps in such a research project. A comparative summary of previous representational analyses of process modelling techniques over time gives insights into the relative maturity of selected process modelling techniques. Based on these experiences suggestions are made as to where ontology-based representational analyses could be further developed and what limitations are inherent to such analyses

Efficiency and Automation in Threat Analysis of Software Systems

Context: Security is a growing concern in many organizations. Industries developing software systems plan for security early-on to minimize expensive code refactorings after deployment. In the design phase, teams of experts routinely analyze the system architecture and design to find potential security threats and flaws. After the system is implemented, the source code is often inspected to determine its compliance with the intended functionalities. Objective: The goal of this thesis is to improve on the performance of security design analysis techniques (in the design and implementation phases) and support practitioners with automation and tool support.Method: We conducted empirical studies for building an in-depth understanding of existing threat analysis techniques (Systematic Literature Review, controlled experiments). We also conducted empirical case studies with industrial participants to validate our attempt at improving the performance of one technique. Further, we validated our proposal for automating the inspection of security design flaws by organizing workshops with participants (under controlled conditions) and subsequent performance analysis. Finally, we relied on a series of experimental evaluations for assessing the quality of the proposed approach for automating security compliance checks. Findings: We found that the eSTRIDE approach can help focus the analysis and produce twice as many high-priority threats in the same time frame. We also found that reasoning about security in an automated fashion requires extending the existing notations with more precise security information. In a formal setting, minimal model extensions for doing so include security contracts for system nodes handling sensitive information. The formally-based analysis can to some extent provide completeness guarantees. For a graph-based detection of flaws, minimal required model extensions include data types and security solutions. In such a setting, the automated analysis can help in reducing the number of overlooked security flaws. Finally, we suggested to define a correspondence mapping between the design model elements and implemented constructs. We found that such a mapping is a key enabler for automatically checking the security compliance of the implemented system with the intended design. The key for achieving this is two-fold. First, a heuristics-based search is paramount to limit the manual effort that is required to define the mapping. Second, it is important to analyze implemented data flows and compare them to the data flows stipulated by the design