Tao Jiang,Jing Ying,Minghui Wu,Canghong Jin

DOI: https://doi.org/10.1109/CSCWD.2008.4537010

2008-01-01

Abstract:As adaptive Web applications are gaining importance in software domains nowadays, there is a need for an effective method to construct such applications. In this paper, we propose MAWA, a method for model-driven development of adaptive Web applications. MAWA considers the architecture of adaptive Web applications and the key elements of the development activity. It adopts an iterative, incremental development process, and the adaptive model, which is composed of context model and user model, is highlighted. Besides, the adaptive categories and mechanism are specified in MAWA, which are used to support the implementation of the adaptive behaviors. A code generation strategy is integrated into MAWA, and it can help us to produce the applications quickly and effectively.

Deren Yang,Min Liu,Shengguo Wang

DOI: https://doi.org/10.1109/icsess.2012.6269442

2012-01-01

Abstract:As software are becoming more and more complex and platforms are increasing of diversity, software industry has faced some unprecedented challenges, such as interoperability. It is difficult to use objected-oriented methodology and traditional software paradigms to meet the challenges. Model Driven Architecture (MDA) has been proposed to solve the problems. In this paper, the principles, the advantages, the disadvantages, key techniques and some important issues of objected-oriented methodology and MDA are highlighted; the mechanism of combining objected-oriented methodology and MDA software paradigm is studied, especially the corresponding relations among models, domains, stages and languages are explored, and a modeling process for MDA is proposed. The research is helpful to apply MDA.

Mehran Alidoost Nia

DOI: https://doi.org/10.48550/arXiv.2312.17358

2023-12-29

Abstract:This paper presents the adaptive software security model, an innovative approach integrating the MAPE-K loop and the Software Development Life Cycle (SDLC). It proactively embeds security policies throughout development, reducing vulnerabilities from different levels of software engineering. Three primary contributions-MAPE-K integration, SDLC embedding, and analytical insights-converge to create a comprehensive approach for strengthening software systems against security threats. This research represents a paradigm shift, adapting security measures with agile software development and ensuring continuous improvement in the face of evolving threats. The model emerges as a robust solution, addressing the crucial need for adaptive software security strategies in modern software development. We analytically discuss the advantages of the proposed model.

Software Engineering,Cryptography and Security

Deren Yang,Fulin Su,Tao Zhou

DOI: https://doi.org/10.1109/msna.2012.6324609

2012-01-01

Abstract:As a non-core element of UML, robustness analysis bridges the gap between analysis and design in software process, and it is a key technique to realize transformation and trace ability of models in software process. In this paper, the fundamental ideas of robustness analysis were highlighted. The compositions, essence, properties of robustness diagram were explored; and especially an interactive mechanism and corresponding principles for robustness diagram were proposed. The principles, models and corresponding properties of Model Driven Architecture (MDA) software paradigm were studied. And finally the mechanism of applying robustness analysis to MDA software paradigm was explored, the models' representations are detailed, and the way of using robustness diagram were specified. The research is useful to develop modeling tools based on MDA.

deren yang,min liu,bo li

DOI: https://doi.org/10.14257/ijdta.2014.7.4.12

2014-01-01

International Journal of Database Theory and Application

Abstract:Aimed at resolving the second software crisis due to increasingly technical complexities and diversities of software development methods, Model Driven Architecture (MDA) was proposed in the late 2000. However, because of its lacking an effective and well-known modeling process or method, it is difficult to apply and promote MDA in the industry. In this paper, MDA is extended with a business model, and corresponding theory and presentation of the business model are explored, especially the dependencies and transformation mechanism of its sub-models are discussed. And a case of shopping is shown. Based on the business model, CIM is traced. And its advantages are discussed by compared with the Rational Unified Process (RUP) and Dines’ triptych paradigm. This research is helpful to apply MDA in the industry.

Phu H. Nguyen,Jacques Klein,Yves Le Traon,Max E. Kramer

DOI: https://doi.org/10.1109/apsec.2013.64

2013-12-01

Abstract:To face continuously growing security threats and requirements, sound methodologies for constructing secure systems are required. In this context, Model-Driven Security (MDS) has emerged since more than a decade ago as a specialized Model-Driven Engineering approach for supporting the development of secure systems. Mds aims at improving the productivity of the development process and quality of the resulting secure systems, with models as the main artifact. This paper presents how we systematically examined existing published work in Mds and its results. The systematic review process, which is based on a formally designed review protocol, allowed us to identify, classify, and evaluate different Mds approaches. To be more specific, from thousands of relevant papers found, a final set of the most relevant Mds publications has been identified, strictly selected, and reviewed. We present a taxonomy for Mds, which is used to synthesize data in order to classify and evaluate the selected Mds approaches. The results draw a wide picture of existing Mds research showing the current status of the key aspects in MDS as well as the identified most relevant Mds approaches. We discuss the main limitations of the existing Mds approaches and suggest some potential research directions based on these insights.

Phu H. Nguyen,Max Kramer,Jacques Klein,Yves Le Traon

DOI: https://doi.org/10.1016/j.infsof.2015.08.006

IF: 3.9

2015-12-01

Information and Software Technology

Abstract:Context: Model-Driven Security (MDS) is as a specialised Model-Driven Engineering research area for supporting the development of secure systems. Over a decade of research on MDS has resulted in a large number of publications.Objective: To provide a detailed analysis of the state of the art in MDS, a systematic literature review (SLR ) is essential.Method: We conducted an extensive SLR on MDS. Derived from our research questions, we designed a rigorous, extensive search and selection process to identify a set of primary MDS studies that is as complete as possible. Our three-pronged search process consists of automatic searching, manual searching, and snowballing. After discovering and considering more than thousand relevant papers, we identified, strictly selected, and reviewed 108 MDS publications.Results: The results of our SLR show the overall status of the key artefacts of MDS, and the identified primary MDS studies. For example, regarding security modelling artefact, we found that developing domain-specific languages plays a key role in many MDS approaches. The current limitations in each MDS artefact are pointed out and corresponding potential research directions are suggested. Moreover, we categorise the identified primary MDS studies into 5 significant MDS studies, and other emerging or less common MDS studies. Finally, some trend analyses of MDS research are given.Conclusion: Our results suggest the need for addressing multiple security concerns more systematically and simultaneously, for tool chains supporting the MDS development cycle, and for more empirical studies on the application of MDS methodologies. To the best of our knowledge, this SLR is the first in the field of Software Engineering that combines a snowballing strategy with database searching. This combination has delivered an extensive literature study on MDS.

computer science, information systems, software engineering

Chung-Ling Lin,Wuwei Shen,Tao Yue,Guangyuan Li

DOI: https://doi.org/10.1007/978-3-319-99933-3_2

2018-01-01

Abstract:One of the challenges in developing safety critical systems is to ensure software assurance which encompasses quality attributes such as reliability and security as well as functionality and performance. An assurance case, which lays out an argumentation-structure with supporting evidence to claim that software assurance in a system is achieved, is increasingly considered as an important means to gain confidence that a system has achieved acceptable safety when checking with emerging standards and national guidelines. However, the complexity of modern safety critical applications hinders the automatic integration of heterogeneous artifacts into an assurance case during a development process such as a V-model, let alone the automatic support of system evolution. In this paper, we present a novel framework to automatically generate assurance cases via safety patterns and further support the maintenance of them during a system’s evolution. The application of safety patterns not only enables reusability of previously successful argument structures but also directs the support of assurance maintenance caused by common types of modifications in safety critical domains. The framework is implemented as a prototypical tool built using Model Driven Architecture (MDA). We evaluated the framework with two case studies featuring two criteria and the preliminary experimental results not only show that the framework is useful in evaluation of safety critical systems but also reveal how different types of modification can affect a structure of an assurance case.

Yan Chen,Weidong Qiu,Xuan Du,Chenglian Peng

DOI: https://doi.org/10.3321/j.issn:1003-9775.2006.02.015

2006-01-01

Abstract:A model driven architecture (MDA)-based model driven development method for embedded systems is presented. The UMLforSystemC meta model was established to extend the abilities to model hardware specific implementations for UML. Transformation rules were defined between platform independent models and platform specific models, i.e. UML models and SystemC models. Finally, the automatic transformation was implemented, which is based on system's platform model and HW/SW partitioning. The proposed method provides automatic generation of different implementation models, so that there can be an increased efficiency of system space exploration and a rapid development and verification for embedded systems.

Deren Yang,Shengguo Wang,Min Liu

DOI: https://doi.org/10.1109/fskd.2012.6234093

2012-01-01

Abstract:Based on the basic concept and objectives of Model-Driven Architecture (MDA), a set of modeling principles for MDA were designed, the models of MDA were extended, the modeling mechanism of Computation Independent Model from a Business Model was detailed, the relations among models and corresponding domains were proposed, and finally the dependences of models were further explored. The research is helpful to promote application of MDA in industry.

Dan Wang,Xiaofeng Li,Bin Gu,Yue Cao,Yusheng Liu

DOI: https://doi.org/10.1109/icmra59796.2023.10708094

2023-01-01

Abstract:The rising interdisciplinarity and complexity of the Distributed Automation Systems (DASs) require the systems to be modeled in an unambiguous and high-level abstract way for cross-discipline/stage communication and interoperability in the Model-Driven Development (MDD) lifecycle. The concept of the System Architecture Model in systems engineering has been adopted for this challenge. To support the creation and analysis of this model, a modeling framework with a modeling methodology, modeling language, knowledge base, and related toolkit is established based on SysML and Semantic Web Technologies. A modeling methodology which is the core of the framework for modeling the architecture of DASs is formally defined with domain-specificity, comprehensiveness, discipline-neutrality, and platform-independency. Based on it, the SysML-DAS modeling language is extended from SysML, and the System Architecture Ontology is built with the help of the Knowledge Extraction Tool. This ontology works as the knowledge base not only to provide a unified and unambiguous view of the system but also to support the automated accomplishment of tasks in the MDD process. As a typical task, the semantic correctness and integrity of the system architecture model can be assessed by the Knowledge Analysis Tool in this framework.

Linzhang Wang,Eric Wong,Dianxiang Xu

DOI: https://doi.org/10.1109/SESS.2007.2

2007-01-01

Abstract:In this paper, we propose a novel threat model-driven security testing approach for detecting undesirable threat behavior at runtime. Threats to security policies are modelled with UML (Unified Modeling Language) sequence diagrams. From a design-level threat model we extract a set of threat traces, each of which is an event sequence that should not occur during the system execution. The same threat model is also used to decide what kind of information should be collected at runtime and to guide the code instrumentation. The instrumented code is recompiled and executed using test cases randomly generated. The execution traces are collected and analyzed to verify whether the aforementioned undesirable threat traces are matched. If an execution trace is an instance of a threat trace, security violations are reported and actions should be taken to mitigate the threat in the system. Thus the linkage between models, code implementations, and security testing are extended to form a systematic methodology that can test certain security policies.

Yepeng Ding,Hiroyuki Sato

DOI: https://doi.org/10.1109/TrustCom60117.2023.00230

2024-06-02

Abstract:Best practices of self-sovereign identity (SSI) are being intensively explored in academia and industry. Reusable solutions obtained from best practices are generalized as architectural patterns for systematic analysis and design reference, which significantly boosts productivity and increases the dependability of future implementations. For security-sensitive projects, architects make architectural decisions with careful consideration of security issues and solutions based on formal analysis and experiment results. In this paper, we propose a model-driven security analysis framework for analyzing architectural patterns of SSI systems with respect to a threat model built on our investigation of real-world security concerns. Our framework mechanizes a modeling language to formalize patterns and threats with security properties in temporal logic and automatically generates programs for verification via model checking. Besides, we present typical vulnerable patterns verified by SecureSSI, a standalone integrated development environment, integrating commonly used pattern and attacker models to practicalize our framework.

Cryptography and Security

Minghui Wu,Jing Ying,Hui Yan

DOI: https://doi.org/10.1007/978-3-642-05250-7_32

2009-01-01

Abstract:Enterprise applications have the requirements of meeting dynamic businesses processes and adopting lasted technologies flexibly, with to solve the problems caused by the nature of heterogeneous characteristic. Service-Oriented Architecture (SOA) is becoming a leading paradigm for business process integration. This research work focuses on business process modeling, proposes a semantic model-driven development method named SMDA combined with the Ontology and Model-Driven Architecture (MDA) technologies. The architecture of SMDA is presented in three orthogonal perspectives. (1) Vertical axis is the MDA 4 layers, the focus is UML profiles in M2 (meta-model layer) for ontology modeling, and three abstract levels: CIM, PIM and PSM modeling respectively. (2) Horizontal axis is different concerns involved in the development: Process, Application, Information, Organization, and Technology. (3) Traversal Axis is referred to aspects that have influence on other models of the cross-cutting axis: Architecture, Semantics, Aspect, and Pattern. The paper also introduces the modeling and transformation process in SMDA, and describes dynamic service composition supports briefly.

来猛,赵建华,李宣东,郑国梁

DOI: https://doi.org/10.3969/j.issn.1000-7024.2004.11.003

2004-01-01

Abstract:Model driven architecture (MDA) provides an approach to using models in software development and it puts the concept of model on the critical path of the software development. The essence of MDA is the distinction between platform independent models (PIMs) and platform specific models (PSMs). Software development based on MDA is completed through the transformation of models at different abstract levels. The vision of MDA, including its basic concepts and MDA-based development process is introduced and several important issues about the implementation of MDA is discussed.

Katja Tuma,Sven Peldszus,Daniel Strüber,Riccardo Scandariato,Jan Jürjens

DOI: https://doi.org/10.1007/s10270-022-00991-5

2022-03-18

Abstract:Abstract It is challenging to verify that the planned security mechanisms are actually implemented in the software. In the context of model-based development, the implemented security mechanisms must capture all intended security properties that were considered in the design models. Assuring this compliance manually is labor intensive and can be error-prone. This work introduces the first semi-automatic technique for secure data flow compliance checks between design models and code. We develop heuristic-based automated mappings between a design-level model (SecDFD, provided by humans) and a code-level representation (Program Model, automatically extracted from the implementation) in order to guide users in discovering compliance violations, and hence, potential security flaws in the code. These mappings enable an automated , and project-specific static analysis of the implementation with respect to the desired security properties of the design model. We developed two types of security compliance checks and evaluated the entire approach on open source Java projects.

computer science, software engineering

Zhang Kangkang,Zhao Jianhua

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.08.041

2009-01-01

Abstract:OMG(Object Management Group) proposed MDA(Model Driven Architecture) as a software development approach to solve the applied integration problem among enterprises.Since its presence,there are lots of software vendors and researchers support MDA significantly,and in industrial community and academia there are also many model transformation tools provided supporting MDA exploiting method.These tool use different techniques and implementation approaches,each has its own advantages.The appearance of these tools has strongly promoted the development of MDA exploitation approaches.The goal of this paper is to comparatively analyze existing popular transformation tools of MDA model with respect to the following criteria: model and meta-model description languages,model transformation approaches and the roles of tools in the software life cycle.According to the analytical results,we also further discuss the development prospects of the MDA model transformation tools and put forward the research directions about the improvement of them more.

Basel Magableh

DOI: https://doi.org/10.48550/arXiv.1901.04020

2019-01-13

Software Engineering

Abstract:In the last few years, Model Driven Development (MDD), Component-based Software Development (CBSD), and context-oriented software have become interesting alternatives for the design and construction of self-adaptive software systems. In general, the ultimate goal of these technologies is to be able to reduce development costs and effort, while improving the modularity, flexibility, adaptability, and reliability of software systems. An analysis of these technologies shows them all to include the principle of the separation of concerns, and their further integration is a key factor to obtaining high-quality and self-adaptable software systems. Each technology identifies different concerns and deals with them separately in order to specify the design of the self-adaptive applications, and, at the same time, support software with adaptability and context-awareness. This research studies the development methodologies that employ the principles of model-driven development in building self-adaptive software systems. To this aim, this article proposes an evaluation framework for analysing and evaluating the features of model-driven approaches and their ability to support software with self-adaptability and dependability in highly dynamic contextual environment. Such evaluation framework can facilitate the software developers on selecting a development methodology that suits their software requirements and reduces the development effort of building self-adaptive software systems. This study highlights the major drawbacks of the propped model-driven approaches in the related works, and emphasise on considering the volatile aspects of self-adaptive software in the analysis, design and implementation phases of the development methodologies. In addition, we argue that the development methodologies should leave the selection of modelling languages and modelling tools to the software developers.

Liliana Pasquale,Kushal Ramkumar,Wanling Cai,John McCarthy,Gavin Doherty,Bashar Nuseibeh

DOI: https://doi.org/10.48550/arXiv.2306.04481

2023-06-05

Cryptography and Security

Abstract:With software systems permeating our lives, we are entitled to expect that such systems are secure by design, and that such security endures throughout the use of these systems and their subsequent evolution. Although adaptive security systems have been proposed to continuously protect assets from harm, they can only mitigate threats arising from changes foreseen at design time. In this paper, we propose the notion of Sustainable Adaptive Security (SAS) which reflects such enduring protection by augmenting adaptive security systems with the capability of mitigating newly discovered threats. To achieve this objective, a SAS system should be designed by combining automation (e.g., to discover and mitigate security threats) and human intervention (e.g., to resolve uncertainties during threat discovery and mitigation). In this paper, we use a smart home example to showcase how we can engineer the activities of the MAPE (Monitor, Analysis, Planning, and Execution) loop of systems satisfying sustainable adaptive security. We suggest that using anomaly detection together with abductive reasoning can help discover new threats and guide the evolution of security requirements and controls. We also exemplify situations when humans can be involved in the execution of the activities of the MAPE loop and discuss the requirements to engineer human interventions.

B Qiao,HJ Yang,WC Chu,BW Xu

DOI: https://doi.org/10.1109/cmpsac.2003.1245358

2003-01-01

Abstract:System evolution can be achieved effectively fromarchitectural point of view, and one of the most excitingoutcomes of those efforts on software architecture isOMG' Model Driven Architecture (MDA) which aims at aunified framework for system evolution targetingmiddleware-based modern distributed system. Theadvance of technologies in software design andimplementation, however, cannot completely avoid theneed for deep understanding of legacy systems forevolution. We are still stuck with incomplete highabstraction views when evolving the legacy systems.This paper presents an approach to bridging legacysystems to MDA, which has three contributions: a suitablearchitecture description language for architecturerecovery, the relevant abstraction rules and theintegration of reverse engineering with MDA.