Mirco Kuhlmann

Verifying UML/OCL models using Boolean satisfiability

Nowadays, modeling languages like UML are essential in the design of complex software systems and also start to enter the domain of hardware and hardware/software codesign. Due to shortening time-to-market demands, “first time right” requirements have thereby to be satisfied. In this paper, we propose an approach that makes use of Boolean satisfiability for verifying UML/OCL models. We describe how the respective components of a verification problem, namely system states of a UML model, OCL constraints, and the actual verification task, can be encoded and afterwards automatically solved using an off-the-shelf SAT solver. Experiments show that our approach can solve verification tasks significantly faster than previous methods while still supporting a large variety of UML/OCL constructs.

From UML and OCL to relational logic and back

Languages like UML and OCL are used to precisely model systems. Complex UML and OCL models therefore represent a crucial part of model-driven development, as they formally specify the main system properties. Consequently, creating complete and correct models is a critical concern. For this purpose, we provide a lightweight model validation method based on efficient SAT solving techniques. In this paper, we present a transformation from UML class diagram and OCL concepts into relational logic. Relational logic in turn represents the source for advanced SAT-based model instance finders like Kodkod. This paper focuses on a natural transformation approach which aims to exploit the features of relational logic as directly as possible through straitening the handling of main UML and OCL features. This approach allows us to explicitly benefit from the efficient handling of relational logic in Kodkod and to interpret found results backwards in terms of UML and OCL.

Extensive validation of OCL models by integrating SAT solving into USE

The Object Constraint Language (OCL) substantially enriches modeling languages like UML, MOF or EMF with respect to formulating meaningful model properties. In model-centric approaches, an accurately defined model is a requisite for further use. During development of a model, continuous validation of properties and feedback to developers is required, since many design flaws can then be directly discovered and corrected. For this purpose, lightweight validation approaches which allow developers to perform automatic model analysis are particularly helpful. We provide a new method for efficiently searching for model instances. The existence or non-existence of model instances with certain properties allows significant conclusions about model properties. Our approach is based on the translation of UML and OCL concepts into relational logic and its realization with SAT solvers. We explain various use cases of our proposal, for example, completion of partly defined model instances so that particular properties hold in the completed model instances. Our proposal is realized by integrating a model validator as a plugin into the UML and OCL tool USE

Consistency, Independence and Consequences in UML and OCL Models

Properties in UML models are frequently formulated as OCL invariants or OCL pre- and postconditions. The UML-based Specification Environment (USE) supports validation and to a certain degree verification of such properties. USE allows the developer to prove the consistency and independence of invariants by building automatically generated test cases. USE also assists the developer in checking consequences and making deductions from invariants by automatically constructing a set of test cases in form of model scenarios. Suspected deductions are either falsified by a counter test case or are shown to be valid in a fixed finite search space.

A Benchmark for OCL Engine Accuracy, Determinateness, and Efficiency

The Object Constraint Language (OCL) is a central element in modeling and transformation languages like UML, MOF, and QVT. Consequently approaches for MDE (Model-Driven Engineering) depend on OCL. However, OCL is present not only in these areas influenced by the OMG but also in the Eclipse Modeling Framework (EMF). Thus the quality of OCL and its realization in tools seems to be crucial for the success of model-driven development. Surprisingly, up to now a benchmark for OCL to measure quality properties has not been proposed. This paper puts forward in the first part the concepts of a comprehensive OCL benchmark. Our benchmark covers (A) OCL engine accuracy (e.g., for the undefined value and the use of variables), (B) OCL engine determinateness properties (e.g., for the collection operations any and flatten), and (C) OCL engine efficiency (for data type and user-defined operations). In the second part, this paper empirically evaluates the proposed benchmark concepts by examining a number of OCL tools. The paper discusses several differences in handling particular OCL language features and underspecifications in the OCL standard.

Modeling and validating Mondex scenarios described in UML and OCL with USE

This paper describes the Mondex case study with UML class diagrams and restricting OCL constraints. The constraints have been formulated either as OCL class invariants or as OCL pre- and postconditions. The proposed two models include UML class diagrams and OCL constraints which have been checked by the UML and OCL tool USE (UML-based Specification Environment). USE allows validation of a model by testing it with scenarios. The Mondex case study has been validated by positive and negative test cases. The test cases allow the validity of the various constraints to be traced and checked. Validation results are presented as textual protocols or as UML sequence diagrams where starting, intermediate, and resulting system states are represented by UML object diagrams. UML sequence diagrams, UML object diagrams, and textual protocols are shown with varying degrees of detail for the attributes, constraints, and executed commands.

Comprehensive Two-Level Analysis of Static and Dynamic RBAC Constraints with UML and OCL

Organizations with stringent security requirements like banks or hospitals frequently adopt role-based access control (RBAC) principles to simplify their internal permission management. Authorization constraints represent a fundamental advanced RBAC concept enabling precise restrictions on access rights. Thereby, the complexity of the resulting security policies increases so that tool support for comfortable creation and adequate validation is required. We propose a new approach to developing and analyzing RBAC policies using UML for modeling RBAC core concepts and OCL to realize authorization constraints. Dynamic (i. e., time-dependent) constraints, their visual representation in UML and their analysis are of special interest. The approach results in a domain-specific language for RBAC which is highly configurable and extendable with respect to new RBAC concepts and classes of authorization constraints and allows the developer to validate RBAC policies in an effective way. The approach is supported by a UML and OCL validation tool.

Model-driven standardization of public authority data interchange

In the past decade, several electronic data exchange processes between public authorities have been established by the German public administration. In the context of various legacy systems and numerous suppliers of software for public authorities, it is crucial that these interfaces are open and precisely and uniformly defined, in order to foster free competition and interoperability. A community of such projects and specifications for various public administration domains has arisen from an early adopter project in the domain of data interchange between the 5400 German municipal citizen registers. A central coordination office provides a framework for these projects that is put into operation by a unified model-driven method, supported by tools and components, involving UML profiles, model validation, and model-to-text transformations into several technical domains. We report how this model-driven approach has already proven to be effective in a number of projects, and how it could contribute to the development of standardized e-government specifications in various ways. A model-driven method has been successfully applied in e-government standardization.Model validation and model transformation foster time to market and interoperability.The case study reports how the method has been uniformly applied in 8 different projects.

Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL

Context: Role-based access control (RBAC) has become the de facto standard for access management in various large-scale organizations. Often role-based policies must implement organizational rules to satisfy compliance or authorization requirements, e.g., the principle of separation of duty (SoD). To provide business continuity, organizations should also support the delegation of access rights and roles, respectively. This, however, makes access control more complex and error-prone, in particular, when delegation concepts interplay with SoD rules. Objective: A systematic way to specify and validate access control policies consisting of organizational rules such as SoD as well as delegation and revocation rules shall be developed. A domain-specific language for RBAC as well as delegation concepts shall be made available. Method: In this paper, we present an approach to the precise specification and validation of role-based policies based on UML and OCL. We significantly extend our earlier work, which proposed a UML-based domain-specific language for RBAC, by supporting delegation and revocation concepts. Result: We show the appropriateness of our approach by applying it to a banking application. In particular, we give three scenarios for validating the interplay between SoD rules and delegation/revocation. Conclusion: To the best of our knowledge, this is the first attempt to formalize advanced RBAC concepts, such as history-based SoD as well as various delegation and revocation schemes, with UML and OCL. With the rich tool support of UML, we believe our work can be employed to validate and implement real-world role-based policies.

Strengthening SAT-based validation of UML/OCL models by representing collections as relations

Collections, i.,e., sets, bags, ordered sets and sequences, play a central role in UML and OCL models. Essential OCL operations like role navigation, object selection by stating properties and the first order logic universal and existential quantifiers base upon or result in collections. In this paper, we show a uniform representation of flat and nested, but typed OCL collections as well as strings in form of flat, untyped relations, i.,e., sets of tuples, respecting the OCL particularities for nesting, undefinedness and emptiness. Transforming collections and strings into relations is particularly needed in the context of automatic model validation on the basis of a UML and OCL model transformation into relational logic.