Model Based Development of Quality-Aware Software Services

Modelling languages and development frameworks give support for functional and structural description of software architectures. But quality-aware applications require languages which allow expressing QoS as a first-class concept during architecture design and service composition, and to extend existing tools and infrastructures adding support for modelling, evaluating, managing and monitoring QoS aspects. In addition to its functional behaviour and internal structure, the developer of each service must consider the fulfilment of its quality requirements. If the service is flexible, the output quality depends both on input quality and available resources (e.g., amounts of CPU execution time and memory). From the software engineering point of view, modelling of quality-aware requirements and architectures require modelling support for the description of quality concepts, support for the analysis of quality properties (e.g. model checking and consistencies of quality constraints, assembly of quality), tool support for the transition from quality requirements to quality-aware architectures, and from quality-aware architecture to service run-time infrastructures. Quality management in run-time service infrastructures must give support for handling quality concepts dynamically. QoS-aware modeling frameworks and QoS-aware runtime management infrastructures require a common evolution to get their integration

Multi Domain-Specific Modeling of the Security Concerns of Service-Oriented Architectures

Service-Oriented Architectures (SOA), and Web Services (WS), the technology generally used to implement them, achieve the integration of heterogeneous technologies, providing interoperability, and yielding the reutilization of pre-existent systems. Model-driven development methodologies provide inherent benefits such as increased productivity, greater reuse, and better maintainability, to name a few. Efforts on achieving model-driven development of SOAs already exist, but there is currently no standard solution that addresses non-functional aspects of these services as well. This paper presents an approach to integrate these non-functional aspects in the development of web services, with an emphasis on security

Integration of Safety Analysis in Model-Driven Software Development

I Safety critical software requires integrating verification techniques in software development methods. Software architectures must guarantee that developed systems will meet safety requirements and safety analyses are frequently used in the assessment. Safety engineers and software architects must reach a common understanding on an optimal architecture from both perspectives. Currently both groups of engineers apply different modelling techniques and languages: safety analysis models and software modelling languages. The solutions proposed seek to integrate both domains coupling the languages of each domain. It constitutes a sound example of the use of language engineering to improve efficiency in a software-related domain. A model-driven development approach and the use of a platform-independent language are used to bridge the gap between safety analyses (failure mode effects and criticality analysis and fault tree analysis) and software development languages (e.g. unified modelling language). Language abstract syntaxes (metamodels), profiles, language mappings (model transformations) and language refinements, support the direct application of safety analysis to software architectures for the verification of safety requirements. Model consistency and the possibility of automation are found among the benefits

Evaluating non-functional properties globally

Real-time systems are usually dependable systems which, besides timing constraints, have to meet some other quality criteria in order to provide certain reliance on its operation. For this reason, a key issue in the development of this kind of system is to trade off the different non-functional aspects involved in the system e.g., time, performance, safety, power, or memory. The success of the development process is often determined by how earlier we can make thorough assumptions and estimations, and hence, take careful decisions about non-functional aspects. Our approach to support this decision activity is based on treating non-functional properties and requirements uniformly, and still supporting specific evaluation and analysi

Model-Driven Development of a Web Service-Oriented Architecture and Security Policies.

Applying model-driven development methodologies provide inherent benefits such as increased productivity, greater reuse, and better maintainability, to name a few. Efforts on achieving model-driven development of web services already exist. However, there is currently no complete solution that addresses non-functional aspects of these services as well. This paper presents an ongoing work which seeks to integrate these non-functional aspects in the development of web services, with a clear emphasis on security

Analysis of Quality Dependencies in the Composition of Software Architectures

A dependable system has to meet some quality criteria in order to provide certain reliance on its operation. The quality of a system depends on the complex composition of the quality of its subsystems. Specications of non-functional properties are commonly used to describe provided quality, required quality, resource usage and resource availability. Enclosing these specifications along with architectural models allows performing preliminary quality assessments (design-phase analysis). We allow configuration choices for quality specifications to represent design choices, deployment choices, or component adaptability. We focus on a composition study that answers to: is it possible to meet system and subsystem requirements given provided qualities? and, which configuration allows satisfying the requirements? The contributions of this work are: i) to formalize the composition based on quality levels and constraints, ii) to analyze existing quality dependencies in such a composition, iii) to show how we represent and evaluate dependencies in a model driven environment

Application of model-driven techniques to the design of non-functional concerns of service-oriented software systems

Internet se ha convertido en la herramienta por excelencia para el intercambio de servicios de negocio e información entre empresas. En este contexto, las arquitecturas orientadas a servicios (SOA) y los servicios web (WS) han surgido como la plataforma más apropiada para las interacciones aplicación-aplicación. Por otra parte, el desarrollo guiado por modelos (MDD), y Model-Driven Architecture (MDA) en particular, son nuevos paradigmas que promueven el uso de modelos del sistema como elementos fundamentales en el proceso de desarrollo. Estos nuevos enfoques soportan la aplicación de mejores prácticas, patrones, y la reutilización en el desarrollo de familias de sistemas. Sin embargo, a las propiedades o características no funcionales (NF) (tales como seguridad, adaptabilidad, calidad de servicio, etc.) no se les ha prestado suficiente atención por parte de estos enfoques. Recientemente, han surgido nuevas propuestas que estudian específicamente el tema de las propiedades no-funcionales del software, permitiendo una separación de las características funcionales y no funcionales de los sistemas en la etapa de diseño. Entre los ejemplos de dichas propuestas encontramos Viewpoints, Multi-Dimensional Separation of Concerns (MDSOC), Aspect-Oriented Modeling (AOM) or Early Aspects (EA). Actualmente, las organizaciones de estándares, tales como el Object Management Group (OMG), se encuentran proponiendo soluciones que ofrezcan alternativas estándar al modelado de servicios. Herramientas y descripciones sobre la experiencia del uso de dichos estándares se esperan en el corto plazo. Sin embargo, no ha sido hasta muy recientemente que los aspectos no funcionales de los servicios han sido considerados para estos procesos de estandarización. Por ende, soluciones en este área no son esperadas en los años venideros. Dentro de las carencias de la computación orientada a servicios se destaca la necesidad de metodologías que soporten la especificación y el diseño de servicios y composiciones de servicios, asociando de esta forma las metodologías de diseño con las técnicas de modelado de procesos de negocio. La conciencia de calidad de servicio es también destacada como otro gran desafío en el futuro de las arquitecturas orientadas a servicios. Estos desafíos, nuevos enfoques y metodologías que han sido enumerados previamente, los cuales brindan soporte para la inclusión de características no funcionales en el desarrollo de sistemas SOA, son los motores que impulsan este trabajo. Aunque existen múltiples tecnologías de implementación que buscan facilitar el desarrollo de servicios web y sistemas SOA, la falta de una sólida base metodológica para el desarrollo de tales aplicaciones acentúa la necesidad de nuevas técnicas o métodos de modelado que pudieran garantizar la calidad del desarrollo de este tipo de sistemas. Esta tesis presenta un enfoque para lograr una solución para el desarrollo de arquitecturas orientadas a servicios con conciencia de características no funcionales, integrada, guiada por modelos, y que engloba múltiples áreas de investigación. La solución propuesta brinda, entre otros beneficios, una mejor comprensión del sistema al completo, y un desarrollo independiente de la plataforma objetivo, mejorando así la reutilización de diseño, y simplificando la evolución del sistema, con el consecuente aumento de la productividad. i Abstract Internet has become the tool “par excellence” for business and information exchange between companies. In this context, service-oriented architectures (SOA) and web services (WS) have emerged as the most suitable platform for application-to-application interactions. On a different token, model-driven development (MDD), and Model-Driven Architecture (MDA) in particular, are new paradigms that promote the use of system models as primary artifacts in the development process. These approaches support the application of best practices, patterns, and reuse in the development of families of systems. However, non-functional (NF) properties or concerns (such as security, adaptability, quality of service, etc.) have not been sufficiently addressed by these approaches. Recently, new proposals have risen that specifically focus on the area of non-functional concerns, allowing for the separation of functional and extra-functional characteristics of the systems at design time. Examples of those are Viewpoints, Multi-Dimensional Separation of Concerns (MDSoC), Aspect-Oriented Modeling (AOM) or Early Aspects (EA). Currently, standardization organizations, such as the OMG, are proposing standard solutions for service modeling. Tools and experiences on the use of such standards are expected in the short term. However, it has not been until very recently that non-functional aspects of services have been considered for standardization processes. Thus, no solution in this area is expected within the next few years. In the research roadmap for service-oriented computing, the need for methodologies supporting the specification and design of services and service compositions is remarked, in that way associating the design methodology with business process modeling techniques. QoS-awareness is also stressed as another grand challenge in the future of service-oriented architectures. These challenges and new approaches and methodologies enumerated above, supporting the inclusion of non-functional concerns development into SOA systems, are the engines propelling this research. Although multiple implementation technologies exist to facilitate the development of web services and SOA systems, the lack of a sound methodological base for the development of such applications stresses the need for new modeling methods or techniques that could guarantee the quality of the development of this type of systems. This dissertation presents an approach for the achievement of an integrated, model-driven solution for the development of service-oriented architectures with non-functional awareness, spanning over multiple areas of research. The proposed approach provides, among other benefits, a greater understanding of the system as a whole and a platform-independent development, improving reusability of designs, and simplifying the evolution of the system, thus increasing productivity

A Model-Driven Strategy for Including Security Aspects in Web Services-Based Embedded Services

[EN] In modern distributed systems, such as in the Internet or Web of Things, security plays a fundamental role. Special atention must be placed, then, in considering these aspects in the first stages of development. In this context, the model-driven development of non functional (NF) requirements is of great interest, as it addresses those NF characteristics in the design stage, when analyses can be performed, and there is room for changes while they are still not too costly. The use of modeldriven methodologies brings with them some intrinsic benefits, such as the increase in productivity, a greater reuse of design elements, or an improved maintainability of the system. This paper presents a development strategy that allows integrating non-functional security aspects (such as as confidentiality, integrity, or access control) in embedded systems design.[ES] En los sistemas distribuidos modernos, como la Internet o Web de las Cosas, la seguridad juega un papel preponderante. Debe prestarse especial atención a la consideración de estos aspectos en las primeras etapas de desarrollo. En este contexto, el desarrollo guiado por modelos de requisitos no funcionales (NF) presenta especial interés, ya que aborda dichas características NF en la etapa de diseño, cuando todavía se pueden realizar análisis, y aún hay margen para modificaciones antes de que éstas sean muy costosas. El uso de estas metodologías guiadas por modelos ofrece beneficios tales como el aumento de la productividad, una mayor reutilización de los elementos de diseño, o una mejor mantenibilidad del sistema. Este artículo presenta una estrategia de desarrollo que permite integrar aspectos NF de seguridad (confidencialidad, integridad, y control de acceso) en los sistemas de software empotrado.Este trabajo ha sido financiado en parte por el Centro Español de Desarrollo Tecnológico (CDTI, Ministerio de Industria, Comercio y Turismo), por medio del proyecto ITECBAN (Infraestructura Tecnológica y Metodológica de Soporte para un Core Bancario), del programa INGENIO 2010, y por el Ministerio Español de Educación y Ciencia, por medio del proyecto RT-MODEL (Plataformas de tiempo real para diseño de sistemas empotrados basado en modelos, TIN2008-06766-C03- 03) del Plan Nacional de I+D+I.Silva Gallino, JP.; De Miguel, M.; Briones, JF.; Alonso, A. (2014). Estrategia Guiada por Modelos para incluir Aspectos de Seguridad en Sistemas Empotrados Basados en Servicios Web. Revista Iberoamericana de Automática e Informática industrial. 11(1):86-97. https://doi.org/10.1016/j.riai.2013.11.006OJS8697111Asnar, Y., Felici, M., Kokolakis, S., Li, K., Saidane, A., Yautsiukhin, A. 2009. Serenity Project Deliverable A1.D5.1 - Preliminary version of S&D Metrics.Blet, N. S., Simo’n, J. L. 2011. SOA en automatizacio’n de pymes manufacture-ras. Iberoamericana de Engenharia Industrial [2175-8018] 3 (2), 190.CDTI, 2006. ITECBAN, Infraestructura Tecnolo’gica y Metodolo’gica de Soporte para un Core Bancario. URL: http://www.daedalus.es/i-d-i/proyectos-nacionales/itecban/.De Miguel, M. A., Briones, J. F., Silva, J. P., & Alonso, A. (2008). Integration of safety analysis in model-driven software development. IET Software, 2(3), 260. doi:10.1049/iet-sen:20070050Dodd, J., Allen, P., Butler, J., Olding, S., Veryard, R., Wilkes, L., 2007. Cbdi- sae meta model for soa version 2. Tech. rep., Everware-CBDI. URL: http://www.cbdiforum.com/public/meta_model_v2.php.Eby, M., Apr. 2007. Integrating Security Modeling into Embedded System Design. Masterthesis, Vanderbilt University. URL: http://etd.library.vanderbilt.edu/available/etd-04022007-092035/.Illner, S., Krumm, H., Lück, I., Pohl, A., Bobek, A., Bohn, H., Golatowski, F. 2006. Model-based management of embedded service systems - an applied approach. En: AINA (2). IEEE Computer Society, pp. 519-523.Illner, S., Pohl, A., Krumm, H., nov. 2005. Model-driven security management of embedded service systems. En: Industrial Electronics Society, 2005. IE- CON 2005. 31st Annual Conference of IEEE. p. 6 pp. DOI: 10.1109/IECON.2005.1569326.ISO/IEC, 2011. ISO/IEC 25010 Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – System and software quality models. ISO, Geneva, Switzerland.Kim, A., Luo, J., Kang, M., 2007. Security Ontology to Facilitate Web Service Description and Discovery. En: Journal on Data Semantics IX. Vol. 4601 of Lecture Notes in Computer Science. Springer Berlin, pp. 167-195.Langer, P., Wieland, K., Wimmer, M., Cabot, J. 2011. From uml profiles to emf profiles and beyond. En: Bishop, J., Vallecillo, A., (Eds.), Objects, Models, Components, Patterns. Vol. 6705 of Lecture Notes in Computer Science. Springer Berlin Heidelberg, pp. 52-67.Microsoft, 2012a. Micro Framework Web Page. URL: http://www.microsoft.com/en-us/netmf/default.aspx.Microsoft, 2012b. WSDAPI. URL: http://msdn.microsoft.com/en-us/library/windows/desktop/aa826001%28v=vs.85%29.aspx.Nabil, S., Mohamed, B. 2012. Security ontology for semantic scada. En: Malki, M., Benbernou, S., Benslimane, S.M., Lehireche, A., (Eds.), ICWIT. Vol. 867 of CEUR Workshop Proceedings. CEUR-WS.org, pp. 179-192.OASIS, 2006. Web services security: Soap message security 1.1 (ws-security 2004). Security 2003 (February), 76. URL: http://docs.oasis-open.org/wss/v1.1/wss-v1. 1-spec-os-SOAPMessageSecurity.pdf.OASIS, 2009. Devices Profile for Web Services Version 1.1. OASIS (July). URL: http://docs.oasis-open.org/ws-dd/dpws/1.1/pr-01/wsdd-dpws-1.1-spec-pr-01.html.OMG, 2007. Specification. A UML Profile for MARTE.OMG, 2008. UML Profile for Modeling QoS and Fault Tolerance Characteris- tics and Mechanisms Version 1.1.OMG, 2009. Service oriented architecture Modeling Language (SoaML)- Specification for the UML Profile and Metamodel for Services.(UPMS).OMG, 2011. Business Process Model and Notation (BPMN). DOI: 10.1007/s11576-008-0096-z.Satoh, F., Nakamura, Y., Mukhi, N., Tatsubori, M., Ono, K., 2008. Methodo- logy and Tools for End-to-End SOA Security Configurations. En: 2008 IEEE Congress on Services, SERVICES I. IEEE Computer Society, Honolulu, Ha- waii, USA, pp. 307-314.Shopov, M., Matev, H., Spasov, G., 2007. Evaluation of Web Services Imple- mentation for ARM-based Embedded System. En: Proceedings of ELEC- TRONICS’07. Sozopol, Bulgaria, pp. 79-84.Silva Gallino, J.P., de Miguel, M.A., Briones, J.F., Alonso, A., 2010. Model-Driven Development of a Web Service-Oriented Architecture and Security Policies. En: 2010 13th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing. IEEE Computer Society, Los Alamitos, CA, USA, Carmona, Spain, pp. 92-96.Silva Gallino, J.P., de Miguel, M.A., Briones, J.F., Alonso, A., 2011b. Domain-Specific Multi-Modeling of Security Concerns in Service-Oriented Architectures. LNCS - 8th International Workshop on Web Services and For- mal Methods, WS-FM’11.Silva Gallino, J.P. and de Miguel, M.A. and Briones, J.F. and Alonso, A., 2011a. Multi Domain-Specific Modeling of the Security Concerns of Service-Oriented Architectures. Services Computing, IEEE International Conference on 0, 761-762. DOI: 10.1109/SCC. 2011.102.SOA4D, 2007. Web Page. URL: https://forge.soa4d.org/.Tarr, P., Ossher, H., Harrison, W., Sutton Jr., S.M., 1999. N degrees of separa- tion: multi-dimensional separation of concerns. International Conference on Software Engineering, 107-119.Theorin, A., Ollinger, L., Johnsson, C., May 2012. Service-oriented process control with grafchart and the devices profile for web services. En: 14th IFAC Symposium on Information Control Problems in Manufacturing (IN- COM). Bucharest, Romania.Unger, S., Pfeiffer, S., Timmermann, D. may 2012. Dethroning transport layer security in the embedded world. En: New Technologies, Mobility and Secu- rity (NTMS), 2012 5th International Conference on. pp. 1-5. DOI: 10.1109/NTMS. 2012.6208685.Wada, H., Suzuki, J., Oba, K., 2008. Early Aspects for Non-Functional Proper- ties in Service Oriented Business Processes. Services, IEEE Congress on 0, 231-238. DOI: 10.1109/SERVICES-1.2008.76.WS4D, 2007. Web Page. URL: http://www.ws4d.org/

NSC99741

Real-time, embedded and safety-critical systems have to meet some quality criteria in order to provide certain reliance on its operation. The quality of a system depends on the complex composition of the quality of its subsystems. Quality composability depends on matchmaking the provided and required quality specifications. To allow for flexibility during the system design, we study composability as a configuration problem. We allow options of quality specifications to represent design choices, deployment choices, operation modes or component adaptability. This kind of assessments of system architectures is very important e.g., for COTS development. The contributions of this paper are: to study the modeling requirements to model composability analysis, to compare two modeling approaches, and to show how a model-driven environment can leverage composability assessments. The two modeling approaches, QoS-FT + OCL and MARTE + VSL, are used to attach quality specifications to system models. However, our ultimate goal is to evaluate these specifications, and we have implemented tool-support to evaluate composability using constraint satisfaction techniques