Abstract:Abstract. We present a software tool platform which facilitates security and performance analysis of systems which starts and ends with UML model descriptions. A UML project is presented to the platform for analysis, formal content is extracted in the form of process calculi descriptions, analysed with the analysers of the calculi, and the results of the analysis are reflected back into a modified version of the input UML model. The design platform supporting the methodology, Choreographer, interoperates with … Show more
“…For instance, HIDE [4] is an environment for the design and transformation-based validation of dependable systems that, however, does not include an explicit mechanism for annotation of results. Another example is DEGAS [5], a framework for the analysis of UML models with annotation of results to UML. The design platform supporting the methodology interoperates with state-of-theart UML modelling tools, playing the role of bridge between these CASE tools and additional ones for the analysis.…”
Esta es la versión de autor del artículo publicado en: This is an author produced version of a paper published in:
AbstractThe integration of usable and flexible analysis support in modelling environments is a key success factor in Model-Driven Development. In this paradigm, models are the core asset from which code is automatically generated, and thus ensuring model correctness is a fundamental quality control activity. For this purpose, a common approach consists on transforming the system models into formal semantic domains for verification. However, if the analysis results are not shown in a proper way to the end-user (e.g. in terms of the original language) they may become useless.In this paper we present a novel DSVL called BaVeL that facilitates the flexible annotation of verification results obtained in semantic domains to different formats, including the context of the original language. BaVeL is used in combination with a consistency framework, providing support for all the verification life cycle: acquisition of additional input data, transformation of the system models into semantic domains, verification, and flexible annotation of analysis results.The approach has been empirically validated by its implementation in the AToM 3 meta-modelling tool, and tested with several DSVLs. In this paper we present a case study for the analysis of a notation in the area of Digital Libraries, where the analysis is performed by transformations into Petri nets and a process algebra.
“…For instance, HIDE [4] is an environment for the design and transformation-based validation of dependable systems that, however, does not include an explicit mechanism for annotation of results. Another example is DEGAS [5], a framework for the analysis of UML models with annotation of results to UML. The design platform supporting the methodology interoperates with state-of-theart UML modelling tools, playing the role of bridge between these CASE tools and additional ones for the analysis.…”
Esta es la versión de autor del artículo publicado en: This is an author produced version of a paper published in:
AbstractThe integration of usable and flexible analysis support in modelling environments is a key success factor in Model-Driven Development. In this paradigm, models are the core asset from which code is automatically generated, and thus ensuring model correctness is a fundamental quality control activity. For this purpose, a common approach consists on transforming the system models into formal semantic domains for verification. However, if the analysis results are not shown in a proper way to the end-user (e.g. in terms of the original language) they may become useless.In this paper we present a novel DSVL called BaVeL that facilitates the flexible annotation of verification results obtained in semantic domains to different formats, including the context of the original language. BaVeL is used in combination with a consistency framework, providing support for all the verification life cycle: acquisition of additional input data, transformation of the system models into semantic domains, verification, and flexible annotation of analysis results.The approach has been empirically validated by its implementation in the AToM 3 meta-modelling tool, and tested with several DSVLs. In this paper we present a case study for the analysis of a notation in the area of Digital Libraries, where the analysis is performed by transformations into Petri nets and a process algebra.
“…Buchholtz et al [79] verify the security requirements by a qualitative analysis and then compute the performance measure by a performance analysis of UML sequence diagrams. The used technique for security analysis is a static analysis procedure.…”
Modern systems are more and more complex and security has become a key component in the success of software and systems development. The main challenge encountered in industry as well as in academia is to develop secure products, prove their security correctness, measure their resilience to attacks, and check if vulnerabilities exist. In this paper, we review the state-of-the-art related to security specification, verification, and quantification for software and systems that are modeled by using UML or SysML language. The reviewed work fall into the field of secure software and systems engineering that aims at fulfilling the security as an afterthought in the development of secure systems.
“…It is targeted specifically at efforts to ensure view consistency for tree-structured data, but does not propose a concrete language for transformations and updates, nor has it been applied directly to security analysis. By contrast, the work in the DEGAS project explored security analysis in the context of the Choreographer platform [19], but they did not present a concrete transformation language as well.…”
Article:Chivers, Howard Robert orcid.org/0000-0001-7057-9650 and Paige, Richard F. orcid.org/0000- 0002-1978-9852 (2009)
ReuseUnless indicated otherwise, fulltext items are protected by copyright with all rights reserved. The copyright exception in section 29 of the Copyright, Designs and Patents Act 1988 allows the making of a single copy solely for the purpose of non-commercial research or private study within the limits of fair dealing. The publisher or other rights-holder may allow further reproduction and re-use of this version -refer to the White Rose Research Online record for this item. Where records identify the publisher as the copyright holder, users can verify any specific terms of use on the publisher's website.
TakedownIf you consider content in White Rose Research Online to be in breach of UK law, please notify us by emailing eprints@whiterose.ac.uk including the URL of the record and the reason for the withdrawal request. hrchivers@iee. org, paige@cs.york.ac.uk Abstract Successful analysis of the models used in ModelDriven Development requires the ability to synthesise the results of analysis and automatically integrate these results with the models themselves. This paper presents a reversible template language called XRound which supports round-trip transformations between models and the logic used to encode system properties. A template processor that supports the language is described, and the use of the template language is illustrated by its application in an analysis workbench, designed to support analysis of security properties of UML and MOF-based models. As a result of using reversible templates, it is possible to seamlessly and automatically integrate the results of a security analysis with a model.
XRound: A Reversible Template Language and its application in Model-Based Security Analysis
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.