Carolina Dania

OCL2MSFOL: a mapping to many-sorted first-order logic for efficiently checking the satisfiability of OCL constraints

In this paper we propose a mapping from OCL to many-sorted first-order logic, called OCL2MSFOL. This new mapping significantly improves our previous results in two key aspects. First, it accepts as input a larger subset of the UML/OCL language; in particular, it supports UML generalization, along with generalization-related OCL operators. Secondly, it generates as output a class of satisfiability problems that can be efficiently handled by SMT solvers with finite model finding capabilities. We report on a non-trivial case study and draw comparisons with related tools.

MySQL4OCL: A Stored Procedure-Based MySQL Code Generator for OCL

In this paper we introduce a MySQL code generator for a significant subset of OCL expressions which is based on the use of stored procedures for mapping OCL iterators. Our code generator is defined recursively over the structure of OCL expressions. We discuss the class of OCL expressions covered by our definition (which includes, possibly nested, iterator expressions) as well as some extensions needed to cover the full OCL language. We also discuss the efficiency of the MySQL code produced by our code generator, and compare it with previous known results on evaluating OCL expressions on medium-large scenarios. We have implemented our code generator in the MySQL4OCL tool.

A Model-Driven Methodology for Developing Secure Data-Management Applications

We present a novel model-driven methodology for developing secure data-management applications. System developers proceed by modeling three different views of the desired application: its data model, security model, and GUI model. These models formalize respectively the applications data domain, authorization policy, and its graphical interface together with the applications behavior. Afterwards a model-transformation function lifts the policy specified by the security model to the GUI model. This allows a separation of concerns where behavior and security are specified separately, and subsequently combined to generate a security-aware GUI model. Finally, a code generator generates a multi-tier application, along with all support for access control, from the security-aware GUI model. We report on applications built using our approach and the associated tool.

Model-driven development of security-aware GUIs for data-centric applications

In this tutorial we survey a very promising instance of modeldriven security: the full generation of security-aware graphical user interfaces (GUIs) from models for data-centric applications with access control policies. We describe the modeling concepts and languages employed and how model transformation can be used to automatically lift security policies from data models to GUI models. We work through a case study where we generate a security-aware GUI for a chatroom application. We also present a toolkit that supports the construction of security, data, and GUI models and generates complete, deployable, web applications from these models.

SSG: a model-based development environment for smart, security-aware GUIs

We present a development environment for automatically building smart, security-aware GUIs following a model-based approach. Our environment consists of a number of plugins that have been developed using the Eclipse framework and includes three model editors, a model-transformation tool, and a code generator.

SQL-PL4OCL: An Automatic Code Generator from OCL to SQL Procedural Language

In this paper, we introduce a SQL-PL code generator for OCL expressions that, in contrast to other proposals, is able to map OCL iterate and iterator expressions thanks to our use of stored procedures. We explain how the mapping presented here introduces key differences to the previous version of our mapping in order to (i) simplify its definition, (ii) improve the evaluation time of the resulting code, and (iii) consider OCL three-valued evaluation semantics. Moreover, we have implemented our mapping to target several relational database management systems, i.e., MySQL, MariaDB, PostgreSQL, and SQL server, which allows us to widen its usability and to benchmark the evaluation time of the SQL-PL code produced.

Modeling Social Networking Privacy

In this paper we propose to use a formal language, called Secure UML, to model social networking privacy. Secure UML is a language for specifying role-based static and dynamic access control policies, the latter being policies that depend on the run-time satisfaction of specific constraints (e.g., the privacy settings in social networking sites). By using a formal language for modeling social networking privacy, we provide a rigorous, unambiguous description of the policies, and a solid, much-needed formal foundations for tools to validate them and to perform change impact analysis. To illustrate our proposal, as well as its benefits, we use Facebook as a case study, in particular, the latest two versions of Facebooks policy for posting and tagging.

Model-Based Formal Reasoning about Data-Management Applications

Data-management applications are focused around so-called CRUD actions that create, read, update, and delete data from persistent storage. These operations are the building blocks for numerous applications, for example dynamic websites where users create accounts, store and update information, and receive customized views based on their stored data. Typically, the application’s data is required to satisfy some properties, which we may call the application’s data invariants. In this paper, we introduce a tool-supported, model-based methodology for proving that all the actions possibly triggered by a data-management application will indeed preserve the application’s data invariants. Moreover, we report on our experience applying this methodology on a non-trivial case study: namely, an application for managing medical records, for which over eighty data invariants need to be proved to be preserved.