Contracts and Behavioral Patterns for SoS: The EU IP DANSE approach

This paper presents some of the results of the first year of DANSE, one of the first EU IP projects dedicated to SoS. Concretely, we offer a tool chain that allows to specify SoS and SoS requirements at high level, and analyse them using powerful toolsets coming from the formal verification area. At the high level, we use UPDM, the system model provided by the british army as well as a new type of contract based on behavioral patterns. At low level, we rely on a powerful simulation toolset combined with recent advances from the area of statistical model checking. The approach has been applied to a case study developed at EADS Innovation Works.Comment: In Proceedings AiSoS 2013, arXiv:1311.319

A Catalog of Reusable Design Decisions for Developing UML/MOF-based Domain-specific Modeling Languages

In model-driven development (MDD), domain-specific modeling languages (DSMLs) act as a communication vehicle for aligning the requirements of domain experts with the needs of software engineers. With the rise of the UML as a de facto standard, UML/MOF-based DSMLs are now widely used for MDD. This paper documents design decisions collected from 90 UML/MOF-based DSML projects. These recurring design decisions were gained, on the one hand, by performing a systematic literature review (SLR) on the development of UML/MOF-based DSMLs. Via the SLR, we retrieved 80 related DSML projects for review. On the other hand, we collected decisions from developing ten DSML projects by ourselves. The design decisions are presented in the form of reusable decision records, with each decision record corresponding to a decision point in DSML development processes. Furthermore, we also report on frequently observed (combinations of) decision options as well as on associations between options which may occur within a single decision point or between two decision points. This collection of decision-record documents targets decision makers in DSML development (e.g., DSML engineers, software architects, domain experts).Series: Technical Reports / Institute for Information Systems and New Medi

A Static Verification Framework for Secure Peer-to-Peer Applications

In this paper we present a static verification framework to support the design and verification of secure peer-to-peer applications. The framework supports the specification, modeling, and analysis of security aspects together with the general characteristics of the system, during early stages of the development life-cycle. The approach avoids security issues to be taken into consideration as a separate layer that is added to the system as an afterthought by the use of security protocols. The main functionality supported by the framework are concerned with the modeling of the system together with its security aspects by using an extension of UML, modeling of abuse cases to represent scenarios of attackers and assist with the identification of properties to be verified, specification of properties to be verified in a graphical template language, verification of the models against the properties, and visualization of the results of the verification process

Aspect-based approach to modeling access control policies, An

Department Head: L. Darrell Whitley.2007 Spring.Includes bibliographical references (pages 119-126).Access control policies determine how sensitive information and computing resources are to be protected. Enforcing these policies in a system design typically results in access control features that crosscut the dominant structure of the design (that is, features that are spread across and intertwined with other features in the design). The spreading and intertwining of access control features make it difficult to understand, analyze, and change them and thus complicate the task of ensuring that an evolving design continues to enforce access control policies. Researchers have advocated the use of aspect-oriented modeling (AOM) techniques for addressing the problem of evolving crosscutting features. This dissertation proposes an approach to modeling and analyzing crosscutting access control features. The approach utilizes AOM techniques to isolate crosscutting access control features as patterns described by aspect models. Incorporating an access control feature into a design involves embedding instantiated forms of the access control pattern into the design model. When composing instantiated access control patterns with a design model, one needs to ensure that the resulting composed model enforces access control policies. The approach includes a technique to verify that specified policies are enforced in the composed model. The approach is illustrated using two well-known access control models: the Role- Based Access Control (RBAC) model and the Bell-LaPadula (BLP) model. Features that enforce RBAC and BLP models are described by aspect models. We show how the aspect models can be composed to create a new hybrid access control aspect model. We also show how one can verify that composition of a base (primary) design model and an aspect model that enforces specified policies produces a composed model in which the policies are still enforced

Early aspects: aspect-oriented requirements engineering and architecture design

This paper reports on the third Early Aspects: Aspect-Oriented Requirements Engineering and Architecture Design Workshop, which has been held in Lancaster, UK, on March 21, 2004. The workshop included a presentation session and working sessions in which the particular topics on early aspects were discussed. The primary goal of the workshop was to focus on challenges to defining methodical software development processes for aspects from early on in the software life cycle and explore the potential of proposed methods and techniques to scale up to industrial applications

Construct by Contract: Construct by Contract: An Approach for Developing Reliable Software

This research introduces “Construct by Contract” as a proposal for a general methodology to develop dependable software systems. It describes an ideal process to construct systems by propagating requirements as contracts from the client’s desires to the correctness proof in verification stage, especially in everyday-used software like web applications, mobile applications and desktop application. Such methodology can be converted in a single integrated workspace as standalone tool to develop software. To achieve the already mentioned goal, this methodology puts together a collection of software engineering tools and techniques used throughout the software’s lifecycle, from requirements gathering to the testing phase, in order to ensure a contract-based flow. Construct by Contract is inclusive, regarding the roles of the people involved in the software construction process, including for instance customers, users, project managers, designers, developers and testers, all of them interacting in one common software development environment, sharing information in an understandable presentation according to each stage. It is worth to mention that we focus on the verification phase, as the key to achieve the reliability sought. Although at this point, we only completed the definition and the specification of this methodology, we evaluate the implementation by analysing, measuring and comparing different existing tools that could fit at any of the stages of software’s lifecycle, and that could be applied into a piece of commercial software. These insights are provided in a proof of concept case study, involving a productive Java Web application using struts framework

Model-Based Run-time Verification of Software Components by Integrating OCL into Treaty

Model Driven Development is used to improve software quality and efficiency by automatically transforming abstract and formal models into software implementations. This is particularly sensible if the model’s integrity can be proven formally and is preserved during the model’s transformation. A standard to specify software model integrity is the Object Constraint Language (OCL). Another topic of research is the dynamic development of software components, enabling software system composition at component run-time. As a consequence, the system’s verification must be realized during system run-time (and not during transformation or compile time). Many established verification techniques cannot be used for run-time verification. A method to enable model-based run-time verification will be developed during this work. How OCL constraints can be transformed into executable software artifacts and how they can be used in the component-based system Treaty will be the major task of this diploma thesis.Modellgetriebene Entwicklung dient der Verbesserung von Qualität und Effizienz in der Software-Entwicklung durch Automatisierung der notwendigen Transformationen von abstrakten bzw. formalen Modellen bis zur Implementierung. Dies ist insbesondere dann sinnvoll, wenn die Integrität der ursprünglichen Modelle formal bewiesen werden kann und durch die Transformation gewährleistet wird. Ein Standard zur Spezifikation der Integrität von Softwaremodellen ist die Object Constraint Language (OCL). Eine weitere Forschungsrichtung im Software-Engineering ist die Entwicklung von dynamischen Komponenten-Modellen, die die Komposition von Softwaresystemen im laufenden Betrieb ermöglichen. Dies bedeutet, dass die Systemverifikation im laufenden Betrieb realisiert werden muss. Die meisten der etablierten Verifikationstechniken sind dazu nicht geeignet. In der Diplomarbeit soll ausgehend von diesem Stand der Technik eine Methode zur modellbasierten Verifikation zur Laufzeit entwickelt werden. Insbesondere soll untersucht werden, wie OCL-Constraints zur Laufzeit in ausführbare Software-Artefakte übersetzt und in dem komponentenbasierten System Treaty verwendet werden können

MDA-driven development of standard-compliant OSS components: the OSS/J inventory case-study.

The telecommunications-oriented Operational Support Systems (OSS) industry have recognised the value of technology independent modelling of OSS solutions as a way to reduce cost, add agility, validate and verify solution designs against architectural guidelines of an enterprise and most importantly provide traceability in the design methodology process. The challenges faced by the OSS community is how MDA tools can deliver the promise of advanced meta-modelling, model definition and validation and model transformation for both OSS software components and integration logic in the larger OSS landscape. This paper describes how an advanced extensible meta-modelling tool is used to build an OSS component following best practice industry guidelines. Extended MOF, extended executable OCL and a powerful transformation language are used to capture the constraints in the meta-models as well as models followed by complete, 100% code generation from models. Furthermore, meta-models are also developed to capture graphical user interface elements in conjunction with the inventory data models, which are then automatically translated into code. This work is the precursor for defining extensive meta-models for a component-based OSS infrastructure based on industry best practice, for adding high degree of formality to model specifications and for enabling the verification of domain requirements by executing the models through model snapshot creation, way before system implementation takes place