Aspect-Oriented Security Hardening of UML Design Models


Book Description

This book comprehensively presents a novel approach to the systematic security hardening of software design models expressed in the standard UML language. It combines model-driven engineering and the aspect-oriented paradigm to integrate security practices into the early phases of the software development process. To this end, a UML profile has been developed for the specification of security hardening aspects on UML diagrams. In addition, a weaving framework, with the underlying theoretical foundations, has been designed for the systematic injection of security aspects into UML models. The work is organized as follows: chapter 1 presents an introduction to software security, model-driven engineering, UML and aspect-oriented technologies. Chapters 2 and 3 provide an overview of UML language and the main concepts of aspect-oriented modeling (AOM) respectively. Chapter 4 explores the area of model-driven architecture with a focus on model transformations. The main approaches that are adopted in the literature for security specification and hardening are presented in chapter 5. After these more general presentations, chapter 6 introduces the AOM profile for security aspects specification. Afterwards, chapter 7 details the design and the implementation of the security weaving framework, including several real-life case studies to illustrate its applicability. Chapter 8 elaborates an operational semantics for the matching/weaving processes in activity diagrams, while chapters 9 and 10 present a denotational semantics for aspect matching and weaving in executable models following a continuation-passing style. Finally, a summary and evaluation of the work presented are provided in chapter 11. The book will benefit researchers in academia and industry as well as students interested in learning about recent research advances in the field of software security engineering.




Aspect-Oriented Requirements Engineering


Book Description

Broadly-scoped requirements such as security, privacy, and response time are a major source of complexity in modern software systems. This is due to their tangled inter-relationships with and effects on other requirements. Aspect-Oriented Requirements Engineering (AORE) aims to facilitate modularisation of such broadly-scoped requirements, so that software developers are able to reason about them in isolation - one at a time. AORE also captures these inter-relationships and effects in well-defined composition specifications, and, in so doing exposes the causes for potential conflicts, trade-offs, and roots for the key early architectural decisions. Over the last decade, significant work has been carried out in the field of AORE. With this book the editors aim to provide a consolidated overview of these efforts and results. The individual contributions discuss how aspects can be identified, represented, composed and reasoned about, as well as how they are used in specific domains and in industry. Thus, the book does not present one particular AORE approach, but conveys a broad understanding of the aspect-oriented perspective on requirements engineering. The chapters are organized into five sections: concern identification in requirements, concern modelling and composition, domain-specific use of AORE, aspect interactions, and AORE in industry. This book provides readers with the most comprehensive coverage of AORE and the capabilities it offers to those grappling with the complexity arising from broadly-scoped requirements - a phenomenon that is, without doubt, universal across software systems. Software engineers and related professionals in industry, as well as advanced undergraduate and post-graduate students and researchers, will benefit from these comprehensive descriptions and the industrial case studies.




Models in Software Engineering


Book Description

This book constitutes a collection of the best papers selected from the 12 workshops and 3 tutorials held in conjunction with MODELS 2008, the 11th International Conference on Model Driven Engineering Languages and Systems, in Toulouse, France, September 28 - October 3, 2008. The contributions are organized within the volume according to the workshops at which they were presented: Model Based Architecting and Construction of Embedded Systems (ACES-MB); Challenges in Model Driven Software Engineering (CHAMDE); Empirical Studies of Model Driven Engineering (ESMDA); Models@runtime; Model Co-evolution and Consistency Management (MCCM); Model-Driven Web Engineering (MDWE); Modeling Security (MODSEC); Model-Based Design of Trustworthy Health Information Systems (MOTHIS); Non-functional System Properties in Domain Specific Modeling Languages (NFPin DSML); OCL Tools: From Implementation to Evaluation and Comparison (OCL); Quality in Modeling (QIM); and Transforming and Weaving Ontologies and Model Driven Engineering (TWOMDE). Each section includes a summary of the workshop. The last three sections contain selected papers from the Doctoral Symposium, the Educational Symposium and the Research Project Symposium, respectively.




Aspect-Oriented, Model-Driven Software Product Lines


Book Description

Software product lines provide a systematic means of managing variability in a suite of products. They have many benefits but there are three major barriers that can prevent them from reaching their full potential. First, there is the challenge of scale: a large number of variants may exist in a product line context and the number of interrelationships and dependencies can rise exponentially. Second, variations tend to be systemic by nature in that they affect the whole architecture of the software product line. Third, software product lines often serve different business contexts, each with its own intricacies and complexities. The AMPLE (http://www.ample-project.net/) approach tackles these three challenges by combining advances in aspect-oriented software development and model-driven engineering. The full suite of methods and tools that constitute this approach are discussed in detail in this edited volume and illustrated using three real-world industrial case studies.




Models in Software Engineering


Book Description

This book presents a comprehensive documentation of the scientific outcome of 14 satellite events held at the 13th International Conference on Model-Driven Engineering, Languages and Systems, MODELS 2010, held in Oslo, Norway, in October 2010. Besides the 21 revised best papers selected from 12 topically focused workshops, the post-proceedings also covers the doctoral symposium and the educators symposium; each of the 14 satellite events covered is introduced by a summary of the respective organizers. All relevant current aspects in model-based systems design and analysis are addressed. This book is the companion of the MODELS 2010 main conference proceedings LNCS 6394/6395.




Service-Oriented Computing - ICSOC Workshops 2012


Book Description

This book constitutes the thoroughly refereed proceedings of the 2012 ICSOC Workshops consisting of 6 scientific satellite events, organized in 3 main tracks including workshop track (ASC, DISA. PAASC, SCEB, SeMaPS and WESOA 2012), PhD symposium track, demonstration track; held in conjunction with the 10th International Conference on Service-Oriented Computing (ICSOC), in Shanghai, China, November 2012. The 53 revised papers presents a wide range of topics that fall into the general area of service computing such as business process management, distributed systems, computer networks, wireless and mobile computing, grid computing, networking, service science, management science, and software engineering.




Visual Privacy Management


Book Description

​Privacy is a burden for most organizations, the more complex and wider an organization is, the harder to manage and enforce privacy is. GDPR and other regulations on privacy impose strict constraints that must be coherently enforced, considering also privacy needs of organization and their users. Furthermore, organizations should allow their users to express their privacy needs easily, even when the process that manages users' data is complex and involves multiple organizations. Many research work consider the problem using simplistic examples, with solutions proposed that never actually touch pragmatic problems of real, large organizations, with thousands of users and terabytes of personal and sensitive data. This book faces the privacy management problem targeting actual large organizations, such as public administrations, including stakeholders in the process of definition of the solution and evaluating the results with its actual integration in four large organizations. The contribution of this book is twofold: a privacy platform that can be customized and used to manage privacy in large organizations; and the process for the design of such a platform, from a state-of-the-art survey on privacy regulations, through the definition of its requirements, its design and its architecture, until the evaluation of the platform.




Security and Dependability for Ambient Intelligence


Book Description

Security and Dependability for Ambient Intelligence is the primary publication of the SERENITY approach, which provides security and dependability (S&D) solutions for dynamic, highly distributed, heterogeneous systems. The objective of SERENITY is to enhance the security and dependability of ambient intelligence systems by providing a framework supporting the automated integration, configuration, monitoring and adaptation of security and dependability mechanisms. An edited volume contributed by world leaders in the field, this book covers the problems that the highly dynamic and heterogeneous nature of ambient intelligence systems poses to security and dependability and presents solutions to these problems. Security and Dependability for Ambient Intelligence is designed for researchers and practitioners focusing on the dynamic integration, deployment and verification of security and dependability solutions in highly distributed systems incorporating ambient intelligence features. It is also suitable as a reference or secondary text for advanced-level students in computer science and computer or electrical engineering.




Perspectives in Business Informatics Research


Book Description

This book constitutes the proceedings of the 13th International Conference on Perspectives in Business Informatics Research, BIR 2014, held in Lund, Sweden, in September 2014. Overall, 71 submissions were rigorously reviewed by 55 members of the Program Committee representing 22 countries. As a result, 27 full papers have been selected for publication in this volume. The papers cover many aspects of business information research and have been organized in topical sections on: business, people, and systems; business and information systems development; and contextualized evaluation of business informatics.




Non-Functional Properties in Service Oriented Architecture: Requirements, Models and Methods


Book Description

"This book offers a selection of chapters that cover three important aspects related to the use of non-functional properties in SOA: requirements specification with respect to non-functional properties, modeling non-functional properties and implementation of non-functional properties"--Provided by publisher.