main-content

## Über dieses Buch

This book comprehensively presents a novel approach to the systematic security hardening of software design models expressed in the standard UML language. It combines model-driven engineering and the aspect-oriented paradigm to integrate security practices into the early phases of the software development process. To this end, a UML profile has been developed for the specification of security hardening aspects on UML diagrams. In addition, a weaving framework, with the underlying theoretical foundations, has been designed for the systematic injection of security aspects into UML models.

The work is organized as follows: chapter 1 presents an introduction to software security, model-driven engineering, UML and aspect-oriented technologies. Chapters 2 and 3 provide an overview of UML language and the main concepts of aspect-oriented modeling (AOM) respectively. Chapter 4 explores the area of model-driven architecture with a focus on model transformations. The main approaches that are adopted in the literature for security specification and hardening are presented in chapter 5. After these more general presentations, chapter 6 introduces the AOM profile for security aspects specification. Afterwards, chapter 7 details the design and the implementation of the security weaving framework, including several real-life case studies to illustrate its applicability. Chapter 8 elaborates an operational semantics for the matching/weaving processes in activity diagrams, while chapters 9 and 10 present a denotational semantics for aspect matching and weaving in executable models following a continuation-passing style. Finally, a summary and evaluation of the work presented are provided in chapter 11.

The book will benefit researchers in academia and industry as well as students interested in learning about recent research advances in the field of software security engineering.

## Inhaltsverzeichnis

### Chapter 1. Introduction

Abstract
This book presents a dedicated approach for the systematic security hardening of software design models expressed in the standard UML language. It combines the promising model-driven engineering and the aspect-oriented paradigm to integrate security practices into the early phases of the software development process. In this context, it defines a practical and theoretical aspect-oriented modeling framework for the specification and systematic integration of security practices into UML design models.
Djedjiga Mouheb, Mourad Debbabi, Makan Pourzandi, Lingyu Wang, Mariam Nouh, Raha Ziarati, Dima Alhadidi, Chamseddine Talhi, Vitor Lima

### Chapter 2. Unified Modeling Language

Abstract
In this chapter, we present an overview of UML background. In particular, we present the structure of UML language, the different UML views and concepts, and the main UML diagrams. Additionally, we present the standard UML extension mechanisms as well as OCL language. Moreover, we provide the necessary background on Executable UML and related standards, i.e., Foundational UML and Alf language.
Djedjiga Mouheb, Mourad Debbabi, Makan Pourzandi, Lingyu Wang, Mariam Nouh, Raha Ziarati, Dima Alhadidi, Chamseddine Talhi, Vitor Lima

Abstract
In this chapter, we present an overview of the main Aspect-Oriented Programming (AOP) models. Additionally, we discuss the appropriateness of these AOP models from a security perspective. Moreover, we present the main constructs of the pointcut-advice model that is adopted in our framework. Finally, we introduce the main concepts of Aspect-Oriented Modeling (AOM).
Djedjiga Mouheb, Mourad Debbabi, Makan Pourzandi, Lingyu Wang, Mariam Nouh, Raha Ziarati, Dima Alhadidi, Chamseddine Talhi, Vitor Lima

### Chapter 4. Model-Driven Architecture and Model Transformations

Abstract
In this chapter, we explore the area of model transformation presented as part of the Model Driven Architecture (MDA) framework. In particular, we describe the main MDA layers and recall the main benefits of using the MDA approach. Afterwards, we provide an overview of the different kinds of MDA transformations as well as the different applications of model transformations. Finally, we study the most important model transformation languages and tools.
Djedjiga Mouheb, Mourad Debbabi, Makan Pourzandi, Lingyu Wang, Mariam Nouh, Raha Ziarati, Dima Alhadidi, Chamseddine Talhi, Vitor Lima

### Chapter 5. Model-Based Security

Abstract
In this chapter, we present the background related to security at the modeling level. We start by investigating security specification approaches for UML design: (1) using UML artifacts, (2) extending UML meta-language, and (3) creating a new meta-language. Afterwards, we evaluate the usability of these approaches for security specification according to a set of defined criteria. Finally, we overview the main design mechanisms that are adopted for security hardening at the modeling level. These are security design patterns, mechanism-directed meta-languages, and aspect-oriented modeling.
Djedjiga Mouheb, Mourad Debbabi, Makan Pourzandi, Lingyu Wang, Mariam Nouh, Raha Ziarati, Dima Alhadidi, Chamseddine Talhi, Vitor Lima

### Chapter 6. Security Aspect Specification

Abstract
In this chapter, we present the AOM profile proposed for the specification of security aspects on UML design models. The proposed profile covers the main UML diagrams that are used in software design, i.e., class diagrams, state machine diagrams, sequence diagrams, and activity diagrams. In addition, it covers most common AOP adaptations, i.e., adding new elements before, after, or around specific points, and removing existing elements. Moreover, we present a high-level and user-friendly pointcut language proposed to designate the locations where aspect adaptations should be injected into base models.
Djedjiga Mouheb, Mourad Debbabi, Makan Pourzandi, Lingyu Wang, Mariam Nouh, Raha Ziarati, Dima Alhadidi, Chamseddine Talhi, Vitor Lima

### Chapter 7. Security Aspect Weaving

Abstract
In this chapter, we present the design and implementation of the proposed security weaving framework. We start by providing a high-level overview that summarizes the main steps and the technologies that are followed to implement the weaving framework. Afterwards, we present the details of each weaving step. The proposed weaver is implemented as a model-to-model (M2M) transformation using the OMG standard Query/View/Transformation (QVT) language. In addition, it covers all the diagrams that are supported by our approach, i.e., class diagrams, state machine diagrams, activity diagrams, and sequence diagrams. For each diagram, we provide algorithms that implement its corresponding weaving adaptations. Moreover, we present the transformation rules that implement each aspect adaptation rule.
Djedjiga Mouheb, Mourad Debbabi, Makan Pourzandi, Lingyu Wang, Mariam Nouh, Raha Ziarati, Dima Alhadidi, Chamseddine Talhi, Vitor Lima

### Chapter 8. Static Matching and Weaving Semantics in Activity Diagrams

Abstract
In this chapter, we present formal specifications for aspect matching and weaving in UML activity diagrams. We formalize both types of adaptations, i.e., add adaptations and remove adaptations. For the join point model, we consider not only executable nodes, i.e., action nodes, but also various control nodes. In addition, we derive algorithms for matching and weaving based on the semantic rules. Finally, we prove the correctness and the completeness of these algorithms with respect to the proposed semantics.
Djedjiga Mouheb, Mourad Debbabi, Makan Pourzandi, Lingyu Wang, Mariam Nouh, Raha Ziarati, Dima Alhadidi, Chamseddine Talhi, Vitor Lima

### Chapter 9. Dynamic Matching and Weaving Semantics in $$\lambda$$ λ -Calculus

Abstract
In this chapter, we present a denotational semantics for aspect matching and weaving in lambda-calculus. The proposed semantics is based on the so-called Continuation-Passing Style (CPS) since this style of semantics provides a precise, accurate, and elegant description of aspect-oriented mechanisms. We first formalize semantics for a core language based on lambda-calculus. Afterwards, we extend the semantics by considering flow-based pointcuts, such as control flow and data flow that are important from a security perspective.
Djedjiga Mouheb, Mourad Debbabi, Makan Pourzandi, Lingyu Wang, Mariam Nouh, Raha Ziarati, Dima Alhadidi, Chamseddine Talhi, Vitor Lima

### Chapter 10. Dynamic Matching and Weaving Semantics in Executable UML

Abstract
In this chapter, we elaborate a denotational semantics for aspect matching and weaving in Executable UML (xUML). More precisely, we specify xUML models using the standard Action Language for Foundational UML (Alf). As we did in the previous chapter, we start by formalizing the matching and the weaving processes for basic pointcuts. Then, we elaborate the semantics for the dataflow pointcut, which is relevant from a security perspective.
Djedjiga Mouheb, Mourad Debbabi, Makan Pourzandi, Lingyu Wang, Mariam Nouh, Raha Ziarati, Dima Alhadidi, Chamseddine Talhi, Vitor Lima

### Chapter 11. Conclusion

Abstract
In this chapter, we recall the main contributions presented in this book, namely, the proposed UML profile for the specification of security aspects, the weaving framework for the injection of security aspects into UML models, and the underlying theoretical foundations for aspect matching and weaving in UML activity diagrams. In addition, we provide an evaluation of the proposed framework from different perspectives. Finally, we present some possible future directions for the proposed framework.
Djedjiga Mouheb, Mourad Debbabi, Makan Pourzandi, Lingyu Wang, Mariam Nouh, Raha Ziarati, Dima Alhadidi, Chamseddine Talhi, Vitor Lima

### Backmatter

Weitere Informationen