Abstract. Security is a two dimensional problem that involves technical as well as social challenges. In the development of security-critical applications, system developers must consider both the technical and the social parts. To achieve this, security issues must be considered during the whole development life-cycle of an information system. This paper presents an approach that allows developers to consider both the social and the technical dimensions of security through a structured and well defined process. In particular, the proposed approach takes the high-level concepts and modelling activities of the secure Tropos methodology and enriches them with a low level security-engineering ontology and models derived from the UMLsec approach. A real case study from the e-commerce sector is employed to demonstrate the applicability of the approach.
Aspect Oriented Programming and subsequentlyAspect Oriented Software Development have received great attention recently and constitutes an interesting field of research in computer science. The goal of this paper is to propose a more precise understanding of aspects based on the idea of crosscutting concerns in view of model transformation. This proposal considers security aspects as an example of a behavior applied over a desired software product. This implies improving the actual definition of aspects. The work introduces the main current concepts of aspect, defines aspects as behavioral entities, presents examples, and outlines a method for model transformation based on the proposed definition.
We present tool-support for checking UML models and C code against security requirements. A framework supports implementing verification routines, based on XMI output of the diagrams from UML CASE tools, and on control flow generated from the C code. The tool also supports weaving security aspects into the code generated from the models. Advanced users can use this open-source framework to implement verification routines for the constraints of selfdefined security requirements. We focus on a verification routine that automatically verifies crypto-based software for security requirements by using automated theorem provers.
In this work, we compare current approaches to dynamic adaptation (DA) and identify the need for further research on mechanisms for DA, which should allow for higher compositionality and flexibility. Moreover, after exploring the research landscape in DA we identified the need for a framework that permits to compose several elements of a software system and specially the ones that perform adaptation. Finally, we identified the need for a framework that allows for runtime discovery or replacement of services with a runtime environment capable of verifying the reliability of changes and preservation of the execution time bounds of the software system.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.