Specifying model changes with UMLchange to support security verification of potential evolution

Wenzel, Sven; Poggenpohl, Daniel; Jürjens, Jan; Ochoa, Martín

doi:10.1016/j.csi.2013.12.011

Cited by 5 publications

(5 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A research effort was conducted thereafter to define frameworks for the systematic application of MDD approaches [33], independently of the notations and the processes adopted. More recently, MDD approaches were introduced to extend the targeted NFRs (e.g., to guarantee security during software evolution [34]), to cope with specific paradigms (such as Service-Oriented Architectures [35]) and/or specific application domains (such as Adaptive Systems [36]) and to control the fulfilment of NFRs in model transformations [37].…”

Section: Non-functional Requirements In Mddmentioning

confidence: 99%

Dealing with Non-Functional Requirements in Model-Driven Development: A Survey

Ameller

Franch

Gómez

et al. 2021

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

Managing Non-Functional Requirements (NFRs) in software projects is challenging, and projects that adopt Model-Driven Development (MDD) are no exception. Although several methods and techniques have been proposed to face this challenge, there is still little evidence on how NFRs are handled in MDD by practitioners. Knowing more about the state of the practice may help researchers to steer their research and practitioners to improve their daily work. Objective: In this paper, we present our findings from an interview-based survey conducted with practitioners working in 18 different companies from 6 European countries. From a practitioner's point of view, the paper shows what barriers and benefits the management of NFRs as part of the MDD process can bring to companies, how NFRs are supported by MDD approaches, and which strategies are followed when (some) types of NFRs are not supported by MDD approaches. Results: Our study shows that practitioners perceive MDD adoption as a complex process with little to no tool support for NFRs, reporting productivity and maintainability as the types of NFRs expected to be supported when MDD is adopted. But in general, companies adapt MDD to deal with NFRs. When NFRs are not supported, the generated code is sometimes changed manually, thus compromising the maintainability of the software developed. However, the interviewed practitioners claim that the benefits of using MDD outweight the extra effort required by these manual adaptations. Conclusion: Overall, the results indicate that it is important for practitioners to handle NFRs in MDD, but further research is necessary in order to lower the barrier for supporting a broad spectrum of NFRs with MDD. Still, much conceptual and tool implementation work seems to be necessary to lower the barrier of integrating the broad spectrum of NFRs in practice.

show abstract

Section: Non-functional Requirements In Mddmentioning

confidence: 99%

Dealing with Non-Functional Requirements in Model-Driven Development: A Survey

Ameller

Franch

Gómez

et al. 2021

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

show abstract

“…We experimented it on XML diff algorithms and this analysis has not required us to do any modification or extension to the model. The generality of UniDM and our first experiments make us optimistic about the possibility of extending and tuning the metrics to evaluate diff algorithms specialized, for instance, on database dumps [13], ontologies [8] or diagrams [28]. This is one of the main future directions of our research.…”

Section: Discussionmentioning

confidence: 94%

Measuring the quality of diff algorithms: a formalization

Barabucci

Ciancarini

Iorio

et al. 2016

Computer Standards & Interfaces

View full text Add to dashboard Cite

“…To further demonstrate our quality framework's applicability to other methodologies—and hence the generalizability of our validation—below we consider very briefly some unique activities and features of two methodologies: UMLsec/MBSE and Secure Tropos . In particular: UMLsec's and Secure Tropos' security modeling activities—even to the level of specific constructs such as constraints, goals, and others—can be assessed by our quality framework via instances and subsequent specializations of Structure (artifacts) (CF; w; O) and Structure (activities — introducing countermeasures) (SP; w; S) , as well as via other artifact‐related criteria.…”

Section: On the Generalizability Of Our Validation To Other Methodolomentioning

confidence: 95%

“…The UMLsec modeling language is used to capture security constraints at the design level (security modeling), and also offers the ability to model and verify security protocols. More recently, UMLsec has also incorporated ideas and corresponding software tools for change management and privacy concerns …”

Section: On the Generalizability Of Our Validation To Other Methodolomentioning

confidence: 99%

Assessing and improving the quality of security methodologies for distributed systems

Uzunov

Fernández

Falkner

2018

J Software Evolu Process

View full text Add to dashboard Cite

Security methodologies represent systematic approaches for introducing security attributes into a system throughout the development lifecycle. While isolated attempts have been made to demonstrate the value of particular security methodologies, the “quality” of security methodologies, as such, has never been given due consideration; indeed, it has never been studied as a self‐standing topic. The literature therefore entirely lacks supportive artifacts that can provide a basis for assessing, and hence for improving, a security methodology's quality. In this paper, we fill the aforementioned gap by proposing a comprehensive quality framework and accompanying process, within the context of an existing approach to engineering security methodologies, which can be used for both (bottom‐up) quality assessment and (top‐down) quality improvement. The main framework elements can be extended and customized to allow an essentially arbitrary range of methodology features to be considered, thus forming a basis for flexible, fine‐grained quality control. We demonstrate the bottom‐up application of the latter framework and process on three real‐life security methodologies for distributed systems, taken as case studies. Based on the assessment results, we subsequently show in detail (for one) and briefly discuss (for the remaining set) how the case study methodologies can be re‐engineered to improve their quality.

show abstract

Specifying model changes with UMLchange to support security verification of potential evolution

Cited by 5 publications

References 31 publications

Dealing with Non-Functional Requirements in Model-Driven Development: A Survey

Dealing with Non-Functional Requirements in Model-Driven Development: A Survey

Measuring the quality of diff algorithms: a formalization

Assessing and improving the quality of security methodologies for distributed systems

Contact Info

Product

Resources

About