Vitor Lima

Formal Verification and Validation of UML 2.0 Sequence Diagrams using Source and Destination of Messages

A major challenge in software development process is to advance error detection to early phases of the software life cycle. For this purpose, the Verification and Validation (V&V) of UML diagrams play a very important role in detecting flaws at the design phase. It has a distinct importance for software security, where it is crucial to detect security flaws before they can be exploited. This paper presents a formal V&V technique for one of the most popular UML diagrams: sequence diagrams. The proposed approach creates a PROMELA-based model from UML interactions expressed in sequence diagrams, and uses SPIN model checker to simulate the execution and to verify properties written in Linear Temporal Logic (LTL). The whole technique is implemented as an Eclipse plugin, which hides the model-checking formalism from the user. The main contribution of this work is to provide an efficient mechanism to be able to track the execution state of an interaction, which allows designers to write relevant properties involving send/receive events and source/destination of messages using LTL. Another important contribution is the definition of the PROMELA structure that provides a precise semantics of most of the newly UML 2.0 introduced combined fragments, allowing the execution of complex interactions. Finally, we illustrate the benefits of our approach through a security-related case study in a real world scenario.

Usability of Security Specification Approaches for UML Design: A Survey.

Since it is the de facto language for software specification and design, UML is the target language used by almost all state of the art contributions handling security at specification and design level. However, these contributions differ in the covered security requirements, specification approaches, verification tools, etc. This paper investigates the main approaches adopted for specifying and enforcing security at UML design and surveys the related state of the art. The main contribution of this paper is a discussion of these approaches from usability viewpoint. A set of criteria has been defined and used in this usability discussion. The discussed UML approaches are stereotypes and tagged values, OCL, and behavior diagrams. Extending the UML meta-language or creating new meta-languages for security specification are also covered by this study.

Weaving security aspects into UML 2.0 design models

Security plays a predominant role in software engineering. Nowadays, security solutions are generally added to existing software either as an afterthought, or manually injected into software applications. However, given the complexity and pervasiveness of todays software systems, the current practices might not be completely satisfactory. In most cases, security features remain scattered and tangled throughout the entire software, resulting in complex applications that are hard to understand and maintain. In this paper, we propose an aspect-oriented modeling approach to systematically integrate security solutions into software during the early phases of the software development life cycle. First, we present the security design weaving approach, as well as the UML profile needed for specifying security aspects. Then, we illustrate the approach through an example for injecting the design-level security aspects into base models.

Aspect-Oriented Modeling for Representing and Integrating Security Concerns in UML

Security is a challenging task in software engineering. Enforcing security policies should be taken care of during the early phases of the software development process to more efficiently integrate security into software. Since security is a crosscutting concern that pervades the entire software, integrating security at the software design level may result in the scattering and tangling of security features throughout the entire design. To address this issue, we present in this paper an aspect-oriented modeling approach for specifying and integrating security concerns into UML design models. In the proposed approach, security experts specify high-level and generic security solutions that can be later instantiated by developers, then automatically woven into UML design. Finally, we describe our prototype implemented as a plug-in in a commercial software development environment.

Aspect-Oriented Security Hardening of UML Design Models

This book comprehensively presents a novel approach to the systematic security hardening of software design models expressed in the standard UML language. It combines model-driven engineering and the aspect-oriented paradigm to integrate security practices into the early phases of the software development process. To this end, a UML profile has been developed for the specification of security hardening aspects on UML diagrams. In addition, a weaving framework, with the underlying theoretical foundations, has been designed for the systematic injection of security aspects into UML models.The work is organized as follows: chapter 1 presents an introduction to software security, model-driven engineering, UML and aspect-oriented technologies. Chapters 2 and 3 provide an overview of UML language and the main concepts of aspect-oriented modeling (AOM) respectively. Chapter 4 explores the area of model-driven architecture with a focus on model transformations. The main approaches that are adopted in the literature for security specification and hardening are presented in chapter 5. After these more general presentations, chapter 6 introduces the AOM profile for security aspects specification. Afterwards, chapter 7 details the design and the implementation of the security weaving framework, including several real-life case studies to illustrate its applicability. Chapter 8 elaborates an operational semantics for the matching/weaving processes in activity diagrams, while chapters 9 and 10 present a denotational semantics for aspect matching and weaving in executable models following a continuation-passing style. Finally, a summary and evaluation of the work presented are provided in chapter 11.The book will benefit researchers in academia and industry as well as students interested in learning about recent research advances in the field of software security engineering.

Security Aspect Weaving

In this chapter, we present the design and implementation of the proposed security weaving framework. We start by providing a high-level overview that summarizes the main steps and the technologies that are followed to implement the weaving framework. Afterwards, we present the details of each weaving step. The proposed weaver is implemented as a model-to-model (M2M) transformation using the OMG standard Query/View/Transformation (QVT) language. In addition, it covers all the diagrams that are supported by our approach, i.e., class diagrams, state machine diagrams, activity diagrams, and sequence diagrams. For each diagram, we provide algorithms that implement its corresponding weaving adaptations. Moreover, we present the transformation rules that implement each aspect adaptation rule.

Model-Based Security

In this chapter, we present the background related to security at the modeling level. We start by investigating security specification approaches for UML design: (1) using UML artifacts, (2) extending UML meta-language, and (3) creating a new meta-language. Afterwards, we evaluate the usability of these approaches for security specification according to a set of defined criteria. Finally, we overview the main design mechanisms that are adopted for security hardening at the modeling level. These are security design patterns, mechanism-directed meta-languages, and aspect-oriented modeling.

Security Aspect Specification

In this chapter, we present the AOM profile proposed for the specification of security aspects on UML design models. The proposed profile covers the main UML diagrams that are used in software design, i.e., class diagrams, state machine diagrams, sequence diagrams, and activity diagrams. In addition, it covers most common AOP adaptations, i.e., adding new elements before, after, or around specific points, and removing existing elements. Moreover, we present a high-level and user-friendly pointcut language proposed to designate the locations where aspect adaptations should be injected into base models.

Static Matching and Weaving Semantics in Activity Diagrams

In this chapter, we present formal specifications for aspect matching and weaving in UML activity diagrams. We formalize both types of adaptations, i.e., add adaptations and remove adaptations. For the join point model, we consider not only executable nodes, i.e., action nodes, but also various control nodes. In addition, we derive algorithms for matching and weaving based on the semantic rules. Finally, we prove the correctness and the completeness of these algorithms with respect to the proposed semantics.

Aspect-Oriented Paradigm

In this chapter, we present an overview of the main Aspect-Oriented Programming (AOP) models. Additionally, we discuss the appropriateness of these AOP models from a security perspective. Moreover, we present the main constructs of the pointcut-advice model that is adopted in our framework. Finally, we introduce the main concepts of Aspect-Oriented Modeling (AOM).