Sven Wenzel

Unique identification of elements in evolving software models

Evolving models are often managed in file-based software configuration management systems. This causes the identification problem: if the model elements are not assigned with globally unique identifiers, we cannot identify them over time. However, if such identifiers would be given, they can be misleading because the elements to which they are assigned might change completely. As a consequence, evolution becomes incomprehensible, partial transformation is hampered, and sufficient management of inter-model relationships (e.g. traceability links) is impeded. This article presents an approach to identify model elements or even complete model fragments over time. It establishes a fine-grained history representation to describe model evolution. The representation contains identification links between the elements of different model revisions allowing us to identify elements of a given revision in other revisions or variants of the model. Due to the explicit expression of model evolution, it further enables the capturing of changes that have been applied to the fine-grained elements inside a model.

Restoring security of evolving software models using graph transformation

Security certification of complex systems requires a high amount of effort. As a particular challenge, today’s systems are increasingly long-living and subject to continuous change. After each change of some part of the system, the whole system needs to be re-certified from scratch (since security properties are not in general modular), which is usually far too much effort. When models for software get changed, this can lead to security weaknesses that are also part of the software system that is derived from those models. Hence, it is important to check the models with respect to security properties and correct them respectively. To address this challenge, we present an approach which not only finds security weaknesses but can also correct them in a tool-supported way. As time goes by, a diverse number of changing requirements that may be security-related and non-security-related lead to an evolving system that met its security requirements at design time but can contain vulnerabilities with respect to meanwhile updated security knowledge. Supported by patterns we can describe and detect potential flaws that may arise in models, such as inconsistencies in security requirements. Potential violations can be formalized in the patterns as well as the correction alternatives to fix these. It is based on graph transformation and can be applied to different types of models and violations. For flaw detection, these patterns are used as the left-hand sides of graph transformation rules. Using graph transformation, we can further correct the models and establish that they no longer violate the security requirements under investigation. The approach is supported by a tool which can check whether these patterns arise in models and assist the user in correcting the security vulnerabilities.

Specifying model changes with UMLchange to support security verification of potential evolution

In model-based development, quality properties such as consistency of security requirements are often verified prior to code generation. Changed models have to be re-verified before re-generation. If several alternative evolutions of a model are possible, each alternative has to be modeled and verified to find the best model for further development. We present a verification strategy to analyze whether evolution preserves given security properties. The UMLchange profile is used for specifying potential evolutions of a given model simultaneously. We present a tool that reads these annotations and computes a delta containing all possible evolution paths. The paths can be verified wrt. security properties, and for each successfully verified path a new model version is generated automatically.

Using Ontologies to Analyze Compliance Requirements of Cloud-Based Processes

In recent years, the concept of cloud computing has seen a significant growth. The spectrum of available services covers most, if not all, aspects needed in existing business processes, allowing companies to outsource large parts of their IT infrastructure to cloud service providers. While this prospect might offer considerable economic advantages, it is hindered by concerns regarding information security as well as compliance issues. Relevant regulations are imposed by several sources, like legal regulations or standards for information security, amounting to an extend that makes it difficult to identify those aspects relevant for a given company. In order to support the identification of relevant regulations, we developed an approach to represent regulations in the form of ontologies, which can then be used to examine a given system for compliance requirements. Additional tool support is offered to check system models for certain properties that have been found relevant.

Orchestrating security and system engineering for evolving systems

How to design a security engineering process that can cope with the dynamic evolution of Future Internet scenarios and the rigidity of existing system engineering processes? The SecureChange approach is to orchestrate (as opposed to integrate) security and system engineering concerns by two types of relations between engineering processes: (i) vertical relations between successive security-related processes; and (ii) horizontal relations between mainstream system engineering processes and concurrent security-related processes. This approach can be extended to cover the complete system/ software lifecycle, from early security requirement elicitation to runtime configuration and monitoring, via high-level architecting, detailed design, development, integration and design-time testing. In this paper we illustrate the high-level scientific principles of the approach.