A Domain-Specific Language for Modelling Security Objectives in a Business Process Models of SOA Applications
|
|
- Nathan Brown
- 8 years ago
- Views:
Transcription
1 A Domain-Specific Language for Modelling Security Objectives in a Business Process Models of SOA Applications Department of Computer and Information Sciences, Universiti Teknologi PETRONAS, 31750, Seri Iskandar, Perak Darul Ridwan, Malaysia. muhammad.qaiser.saleem@gmail.com, jafreez@petronas.com.my, mfadzil_hassan@petronas.com.my Abstract Business process modelling is very crucial for enterprises because it give an idea how the business would be operated in the real world and it is important for every stakeholder. SOA is one of the most popular architecture for building Web Information Systems. In current SOA system development practices, security is not defined at the early phases of software development and left on the developer. Properly configuring security requirements in SOA applications is quite difficult for developers because they are not security experts, furthermore SOA security is cross-domain and all required information are not available at downstream phases. The post-hoc, low-level integration of security has a negative impact on resulting SOA applications. Business process modelling is normally performed by the Business Process expert who is not a security expert. Furthermore current business process modelling languages like UML or BPMN do not support the specification of security requirements along the business process modelling. We have presented a DSL, to model the security requirements along the business process model. We are facilitating the Business Process expert to model the security in business process diagram. This security annotated business process model will facilitate the security expert in specifying concrete security implementation. As a proof of work the proposed DSL is applied to the modeling of a typical business process of on-line student information system. Keywords: Service Oriented Architecture, Business Process Modelling, Security Goals, Model Driven Security, Domain Specific Language 1. Introduction Now a day, IT-infrastructure have been evolved into an enterprise landscape which is basically a distributed and loosely coupled e.g. Service Oriented Architecture (SOA) [1-3]. In the new business scene, where companies are using intensive use of Information and Communications Technologies (ICT), they are also increasing their vulnerability. With the increase in number of attack on the system, it is probable that an intrusion can be successful [4]. The security violation defiantly cause losses, therefore it is necessary to secure the whole system. Security must be unified with the software engineering process but in practice it is considered afterthought and implemented in ad-hoc manner [4]. Security is left on to the developer and added when the functional requirements are met or at the time of integration of distributed applications. This is not a realistic approach and degrade the implementation and maintainability of security of the system [5]. SOA applications are cross-domain and coupled over various network technologies and protocols; just adding security code to software applications is not a realistic approach because all required security information are not available at the downstream phases[6, 7]. During the past few years, several security protocols, access control models and security implementations have emerged to enforce the security goals [6, 8]; however focus of the SOA security standards and protocols are towards technological level; which do not provide high level of abstraction and mastering them is also a daunting task [1, 3, 9]. The technology focus of current security standards and protocol, will leads to security vulnerabilities, which justify increasing effort in defining security in pre-development phases, where finding and removing a bug is cheaper [10]. Empirical studies shows that those who model the business process i.e. business domain expert are able to specify security requirements at high level of abstraction i.e. while designing the system [4]. Advances in information Sciences and Service Sciences(AISS) Volume4, Number1, January 2012 doi: /AISS.vol4.issue
2 However in practice, business domain expert mainly focus on the functionality of the system and often neglect the security goals. It may happen due to many reasons e.g. business domain expert is not a security expert [4], and no currently available process modelling notation have ability to capture security goals[11]. Furthermore system model and security models are disjoint and expressed in different ways i.e. system model is represented in a graphical way in a modelling language like Unified Modelling Language (UML) while security model in a structured text [4]. It is evident that business domain expert must define the security requirements at business process model [11]. Business process modelling is the most appropriate layer to describe security requirements and to evaluate risks [1, 12]. Business process modelling is normally performed in a modelling language such as UML or Business Process Model and Notion (BPMN), these modelling languages do not support specification of security requirements [13]. Some security extensions are proposed in these modelling languages to annotate the business process model with security goals [14, 15] and work is still in progress. Model Driven Security (MDS) and automatically developed software having security configuration has been a topic of interest among the research community and different research groups across the globe are trying to solve the security problems for SOA based applications by presenting MDS frameworks along with the DSL definitions [6, 8, 13-17]. In our previous work [18], we have highlighted the different SOA security problems and provided a detailed study of different MDS frameworks which are trying to address these security problems. Later on, a framework is presented where it is recommended that both experts i.e. business process expert and security expert must work side by side in defining the security requirement while modeling the SOA system. [19]. In this work, meta-model of BPMN is extended with essential security objectives of SOA environment by proposing a Domain Specific Language (DSL). Model Driven Architecture (MDA) approach is used to integrate security goals in a business process model from business process expert perspective. BPMN is used as a modelling language for our work; which is an industry standard for business modelling [4]. Main reasons for the selection of BPMN is that, its modelling techniques are easily understood by all user of the business e.g. business analyst, technical people, business people etc. Furthermore it create standardization through which design of a business process is connected to implementation [4]. Our aim is to facilitate business process expert to add security goals while performing business process modelling. This security annotative business process model will facilitate the security expert while defining concrete security implementation. Rest of the paper is organized as; section 2 illustrates the related work and section 3 illustrates the different extension mechanisms for defining a DSL. After that in section 4, there is a detail discussion about the essential security objectives to be modeled for SOA application. Section 5 represents the proposed DSL followed by the real life case study for the demonstration of work in section 6. Finally section 7 concludes the whole work followed by the references in section Related Work A language is required for the modelling of security objectives while designing the system which provides syntax and semantic as provided by the UML and BPMN. To model the security objectives related to different system s aspects different security extensions are proposed by different authors. Mostly authors represent the abstract syntax of their DSL by a meta-model using Meta Object Facility (MOF) framework and concrete syntax by UML profile [4, 10, 16, 20]. Related work exists almost along all type of software development models, following is its descriptions: 2.1. System Models: Static structure of the system is represented by UML class diagram and UML state diagram. Basin David et al. in [21] presented SecureUML to model the security requirements for modeling static structure of the system. Basically it is a separate language based on protocol of Role Based Access Control (RBAC). Afterwards SecureUML can be integrated with any system modeling language like UML or BPMN to model the security in the system design. They have presented a meta-model for abstract syntax and used UML profile for concrete syntax and security constraints are added through OCL. 354
3 2.2 Interaction Diagram: UML sequence diagram is used to represent the flow of control between the object of the system. Jürjens, J. in [22] defined UMLSec by extending the UML and developed a UML profile to incorporate security to represent the secure interaction. 2.3 Deployment Diagram: UML component diagram is used for the representation of deployment of a system. UMLSec presented by Jürjens, J. in [22] also support the secure modelling of UML component diagram Work Flow Model: UML activity diagram and BPMN are used to represent the business process work flow. This is the most important aspect of a system and most of the security extensions are proposed related to this aspect. This research work is also focusing this system aspect. Rodriguez A. et al. created a meta-model for their security extensions and defined security stereotypes and developed a DSL. They also assign different symbols to these security stereotypes. They used the same DSL for extending BPMN [4] as well as UML [10]. Christian Wolter et al. [11] incorporate security stereotypes in BPMN. Ruth Brue et al. [16] also present security stereotypes in UML activity diagram Security Objectives in Related Work Different research groups are focusing on different security goals for their DSLs [4, 6, 10, 11, 23]. Michal Hafner et al. [23] defined the three security goals naming confidentiality, integrity and availability. They defined access control as confidentiality, later on availability is used in the meaning of no-repudiation. Alfonso Rodríguez et al. [4, 10] extended the UML and BPMN by defining DSLs and focusing on five security goals: access control, integrity, privacy, attack-harm detection and nonrepudiation. In [11]. Christian Wolter et al. presented a security policy model by focusing six security goals: authentication, authorization, confidentiality, integrity, availability, auditing. Michal Menzel et al. also used security policy model in their work [1] and defined security extensions to the BPMN. In [7] Yuichi Nakamura et al. defined three security intents for their work: authentication, integrity and confidentiality and defined a UML profile. In [6] Yuichi Nakamura et al. addressed four business level security intents as they are easy to be understood by business user and presentation of them is discussed in UML: Authentication, Integrity, Non-repudiation and confidentiality. Basically they picked some of the security intents defined in [24] and their names are changed according to WS- Security s terminology. 3. Extending a Modeling Language According to Specific Domain DSL is used to formalize a modelling language capable of formalizing different business domains (like e-government, e-education), system aspects (like security, real-time) or concrete technologies(such as EJB or.net) [21]. It is very clumsy to add domain-specific restrictions in large languages like UML; furthermore for formal analysis, large languages usually lack detailed formal semantics. DSLs are small and provide basis for domain-specific formal analysis; furthermore DSLs use those notions which are familiar to domain experts [20]. Extending a modelling language according to a particular domain and defining DSL is a common practice e.g. UML extensions according to specific domains like data warehousing[25], Business intelligence[26] and real-time systems[27] etc. Following are the three alternatives for defining a DSL [21, 28]. 1. DSL can be defined directly in UML in a lightweight way by using stereotypes and tagged values known as labels resulting UML profile. To introduce new language primitives (elements), stereotypes are used by extending the semantics of existing types in UML meta-model. Stereotypes are represented by double angle brackets e.g. <<stereotype>>. To formalize the properties of these new language primitive, tagged values are used which are written within curly brackets e.g. {Tag, Value} 355
4 [18], which associate data with model elements. Model elements are assigned to these new language primitives and labeled them with corresponding stereotype. If some additional restrictions are required on the syntax of these new language primitives; Object Constraints Language (OCL) constraints is used. Normally OCL expressions are used for various purposes such as invariant for classes, pre and post conditions for methods and guards for state diagram. Set of such definitions i.e. stereotype, tagged values and OCL constitutes the UML profile. Most of the current UML modelling tools can readily be used because they support the definition of custom stereotypes and tagged value. Because of having tool support this approach is widely used [20-22]. Normally DSLs are defined by UML-Profiles when the domain may be combined with other domains, in an unpredictable way and the model defined under the domain may be interchanged with other domains [20]. The remaining two techniques of language definition are meta-model based techniques. The metamodel based technique of defining DSL is mostly used when the domain is well defined and has accepted set of concepts; there is no need to combine the domain with other domains and the model defined under the domain is not transferred into other domains [20]. To gain the benefits of DSL and general purpose modelling language, DSLs are defined in terms of general purpose modelling language like BPMN or UML [20]. 2. DSL can be defined by using MOF by extending the meta-model of existing modelling languages like UML or BPMN etc. Concept of stereotype is used to formally extend the meta-model of an existing modelling language. At modelling level, these stereotypes are manipulated as annotation on model elements. In this way of DSL definition, an existing meta-model is reused and specialized. The extended and customized meta-model is based on the entire meta-model of existing modelling languages and may be complex. Furthermore to support the DSL; CASE (Computer Aided Software Engineering) tool may also require extension to accommodate these new language primitives; in particular storage component (repository) and visualization component. In the context of UML, this lightweight way of extension is called profile [20, 21, 27]. 3. A new DSL for modelling the domain of interest or particular problem is created by a fully dedicated meta-model using MOF having no dependency on existing modelling languages. The resulting DSL have much more concise vocabulary than the vocabulary of existing modelling languages. For querying and manipulating meta-data of these DSL, interface would be more simple then the UML Interfaces. Example of such a language is CWM (Common Warehouse Metamodel) [20]. In this way every discipline may have its own DSL which optimally suited for that particular domain or problem. The limitation is to interface these domains or problems specific DSLs to understand test and verify the whole system. Tool support for such DSLs would be very difficult [27]. This work used the second type of DSL definition and a DSL by extending the meta-model of BPMN; afterwards stereotypes are defined to represent the security objectives. 4. Security Goals for SOA environment. Security is an abstract concept which can be defined by specifying a set of security goals and these security goals can be further subdivided, specialized or combined [11]. Among the security objectives mentioned in section 2.5, we believe following are the essential security objectives which should be modeled in a business process model of SOA applications; which are focused by different authors either as it is or with some different name or by merging them. 1. Confidentiality: It specifies the system s state where only authorized entities can access the information. Access control is maintained by authentication and authorization mechanism. Authentication is a mechanism to verify the identity of an entity, whereas authorization is based on some specific security model i.e. how to grant various privileges to various entities on different resources [23]. Many authors treat confidentiality, authentication and authorization as a separate security goals [1, 4, 10, 11]. However; Ruth Brue and Michal Hafner in their work [23] keep authentication and authorization under the umbrella of confidentiality and we agree with their work because by enforcement of these access control mechanism one can achieve confidentiality. 2. Integrity: It identifies an authorized subject to alter information in authorized ways. It ensures the integrity of data (properness of information) as well as integrity of origin[23]. It ensure that the transferred, processed or stored data can only be modified with proper rights [11]. Basically it 356
5 ensures that the transferred data between parties must be guaranteed to reach the recipient in the same form and with the same content [6]. 3. Availability: It is an important aspect of reliability and in SOA environment, it is interpreted as non-repudiation. A user may use a resource or call a service and this usage or service call must not deniable. Basically it is a system state where provision of a specific resource is guaranteed[23]. Basically it ensures that the information must include the digital signatures of the parties related to the document [6]. 4. Traceability and Auditing: It is a process of verification of all actions performed in an information processing system [11]. It underlies each security requirement and will automatically be understood when a security requirement is specified in a model [4]. Therefore there is no need to model it separately in a business process model. 5. Proposed Security Domain Specific Language The process of defining a DSL is described in Figure 1; which is based on MOF [29] framework presented by the OMG for the definition of modelling languages. The domain which is focused in this work is security-critical, inter-organizational workflow for SOA system. Figure 1: Process of defining a DSL For this work, second type of DSL definition mechanism is used, as discussed in section 3. Abstract syntax of the DSL is defined by extending the meta-model of BPMN and concrete syntax is defined by providing stereotypes. Detailed discussion about the security goals focused in our work is presented in the section 4; which are confidentiality, integrity and availability. 5.1 Abstract Syntax Security enhanced meta-model of BPMN is represented in Figure 2. Shaded classes show our security enhancements in the meta-model and un-shaded classes are the basic meta-model of BPMN language. Among the symbols used to model a Business Process Diagram (BPD) in BPMN, we have used artifacts to extend the BPMN and introduce security stereotypes. Artifacts are designed with the possibility of extending the modelling basic notion to represents the specific situation [4]. 357
6 Figure: 2: Security Enhanced Meta-Model of BPMN (Abstract Syntax of Proposed DSL) 5.2 Concrete Syntax For concrete syntax we have presented three stereotypes naming <<Confidentiality>>, <<Integrity>> and <<Availability>>. Notions used to represent these stereotypes are presented in Table
7 Table 1: Concrete Syntax (Notions) of Proposed Domain Specific Language S/No Security Stereotype Symbol Description 1. <<Confidentiality>> Idea behind the symbol is that, initially information are inaccessible to user and will only be access able to him/her when he/she provides the desired security credentials. In BPD it can be specified in Pool, Lane, Activity or Group. Idea is to restrict the access to authorized user only. 2 <<Integrity>> Idea behind the symbol is that before. transformation, information contents are in particular form; during transformation it may change its form however it must be in the same form on its receipt. In BPD it is specified over the Message Flow 3 <<Availability>> Basically it is based on the idea of norepudiation. i.e. whenever a user uses some resource or service then his/her signature will be stored with the document along with date and time information. In BPD it can be specified over the message flow, it means it means the interactions cannot be denied. 6. Case Study To demonstrate the work, a case study of Online Student Information System is presented. It describes the web services based interaction between the participants and enables them to work through the Internet. The whole process has to be realized in a peer-to-peer fashion and should integrate security requirements. 6.1 Business Scenario Universities normally have semester based education system, and normally have two semesters in a year. During the whole working of the system, normally interaction takes place between three stakeholders naming Student, University Administration and Teacher. Normally university administration is composed of three departments naming registration, accounts and examination. A student has to register for each semester by filling the registration form and submit it to the registration department, which verify three things: first; student s dues information from the accounts department, which calculate the dues of the student for the semester after consulting his/her accounts information and send it to student as well as registration office. Second; previous result of the students are verified from examination department, which prepare the student result. Third; university rules for registration are consulted and ensured. After getting verified these three things, registration department informed student about his/her registration status and registered students lists for the offered courses are prepared. Faculty member who is teaching the course get the list of registered student from registration department for a particular course. He/she is responsible for the student s evaluation and assigning him/her marks and grads. Whenever a teacher evaluates a student, he/she enters his/her marks in the student result file which is maintained at examination department. At the end of the semester student is notify about his result information by exam department. 359
8 Figure.3: Security annotated Business Process Model of Online Student Information System 6.2 Security Requirements of the System In Online Student Information System, a student needs to perform different tasks i.e. filling the registration form, viewing registration status and result information etc. Necessary permissions are assigned to student on different objects to perform his/her tasks i.e. student require update permission on registration form and read permission on registration status and result information etc. These are personal information of a student therefore confidentiality is required i.e. proper access control mechanism with authentication and authorization is required to access these information. Furthermore student has to submit the registration form to the registration department. Student must sign the submitted form with his/her signature so he/she may not be able to deny that he/she has not submitted the registration form. Availability (Non-repudiation) is required in this use-case between the student and registration department. 360
9 As the registration form is submitted online, therefore secure information flow i.e. Integrity is required to successfully perform this use-case. These three security requirements i.e. Confidentiality, Availability, and Integrity can be identified and modeled for other users of the case-study like teacher and clerks from different departments i.e. registration, accounts and examination. Figure 3 shows the security enhanced business process model of the above mentioned scenario. 7 Conclusion We have investigated the SOA security scenarios and found that security is not incorporating in the early stages of SOA application development because of two main reasons. Firstly; current general purpose modeling languages, like UML, lack the modeling of QoS attributes, security is among the most important QoS attribute. Secondly there is not clear identification of security objectives to be modeled during the business process modeling of SOA application. There should be some formal means through which security would be modeled for secure SOA application development. Having this very essential aspect in mind we have developed a DSL. We have identified the essential security objectives of SOA applications and among them picked the most essential security objectives which are necessary for modeling along the business process modeling. Abstract syntax of the DSL is defined by extending the meta-model of BPMN with the security objectives of the SOA applications. Afterwards, concrete syntax of the DSL is represented by stereotypes. At the moment we are just showing security symbols in the business process diagram, CASE tool can be specialized and these domain specific stereotypes are made available at the modelling level in the form of annotation. Business process expert is not a security expert, will only model the security objectives along the business process modeling of SOA application. Later on architectural team will implement the security mechanisms based on the security objectives present in the business process model. Now architectural team has flexibility, they get idea what security objective business expert want, and they have flexibility to implement potentially better security solution. 8 References [1] Michael Menzel, Ivonne Thomas, Christoph Meinel, "Security Requirements Specification in Service-Oriented Business Process Management," in International Conference on Availability, Reliability and Security, ARES '09., 2009, pp [2] Qusay F. Hassan, "Aspects of SOA: An Entry Point for Starters," Annals. Computer Science Series, Mirton Publishing House, Timisoara, Vol- VII, Phase 2,, [3] Chung C. Chang, Kou-Chan Hsiao,"A SOA-Based e-learning System for Teaching Fundamental Information Management Courses," JCIT, Vol. 6, No. 4, pp. 298 ~ 305, [4] Rodríguez Alfonso, Fernández-Medina Eduardo, Piattini Mario, "A BPMN Extension for the Modeling of Security Requirements in Business Processes," IEICE - Trans. Inf. Syst., vol. E90-D, pp , [5] David Basin, Jurgen Doser, Torsten Lodderstedt, "Model driven security: From UML models to access control infrastructures," ACM Trans. Softw. Eng. Methodol., vol. 15, pp , [6] Yuichi Nakamura, Michiaki Tatsubori, Takeshi Imamura, and Koichi Ono, "Model-driven security based on a Web services security architecture," in IEEE International Conference on Services Computing, 2005, 2005, pp vol.1. [7] Fumiko Satoh, Yuichi Nakamura, Nirmal K. Mukhi, Michiaki Tatsubori, Kouichi Ono, "Methodology and Tools for End-to-End SOA Security Configurations," in IEEE Congress on Services - Part I, 2008., 2008, pp [8] Christian Wolter, Michael Menzel, Christoph Meinel, Andreas Schaad, Philip Miseldine, "Modeldriven business process security requirement specification," J. Syst. Archit., vol. 55, pp , [9] Muhammad Alam, "Model Driven Security Engineering for the Realization of Dynamic Security Requirements in Collaborative Systems," in Models in Software Engineering, ed, 2007, pp
10 [10] Rodríguez Alfonso, Fernández-Medina Eduardo, Piattini Mario, "Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes," in Trust and Privacy in Digital Business, ed, 2006, pp [11] Christian Wolter, Michael Menzel, Christoph Meinel, "Modelling Security Goals in Business Processes," Proc. GI Modellierung 2008, GI LNI 127, Berlin, Germany, vol. pp , March [12] Yih-Jiun Lee, Yuh-Chang Wei, Kai-Wen Lien, "Making the Internet Search as a Smarter Service: based on Taiwanese Searching Preferences," AISS, Vol. 3, No. 3, pp. 147 ~ 153, [13] Michael Menzel, Christoph Meinel, "A Security Meta-model for Service-Oriented Architectures," in IEEE International Conference on Services Computing, SCC '09'., 2009, pp [14] Jürjens, Jan, "UMLsec: Extending UML for Secure Systems Development- Tutorial," presented at the Proceedings of the 5th International Conference on The Unified Modeling Language, [15] Torsten Lodderstedt, David A. Basin, Jürgen Doser, "SecureUML: A UML-Based Modeling Language for Model-Driven Security," presented at the Proceedings of the 5th International Conference on The Unified Modeling Language, [16] Michal Hafner, Ruth Breu, Berthold Agreiter, "SECTET: an extensible framework for the realization of secure inter-organizational workflows," Emeral, Internet Research, vol. Vol.16 No. 5, Pag: , pp. pp , [17] Mukhtiar Memom, Michael Hafner, Ruth Breu, "SECTISSIMO: A Platform-independent Framework for Security Services," MODSEC08 Modeling Security Workshop, [18] Saleem, Muhammad. Qaiser., JAfreezal. Jaafar, M. Fadzil Hassan., "Model Driven Security Frameworks for Addressing Security Problems of Service Oriented Architecture," IEEE Conference, International Symposium in Information Technology ITSim 2010, [19] Saleem, Muhammad. Qaiser., Jafreezal. Jaafar, M. Fadzil Hassan.., "Model Driven Security Framework for Definition of Security Requirements for SOA systems," IEEE International Conference on Computer Applications and Industrial Electronics (ICCAIE 2010), Kuala Lumpure, Malaysia., [20] Achim D. Brucker, Jurgen Doser, "Metamodel-based UML Notations for Domain-specific Languages," 4th International Workshop on Language Engineering (atem 2007), pp. 1-{??}, [21] David Basin, Jurgen Doser, Torsten Lodderstedt, "Model driven security: From UML models to access control infrastructures," ACM Trans. Softw. Eng. Methodol., vol. 15, pp , [22] Jürjens, Jan "UMLsec: Extending UML for Secure Systems Development," in «UML» 2002 The Unified Modeling Language, Springer-Verlag Berlin Heidelberg ed, 2002, pp [23] Ruth Breu, Michal Hafner, "Security Engineering for Service-Oriented Architectures," Springer- Verlag Berlin Heidelberg, 2009,. [24] Simon Johnston, "Modeling security concerns in service-oriented architectures," IBM developerworks, [25] Luján-Mora, Sergio, Trujillo, Juan, Song, Il-Yeol, "Extending the UML for Multidimensional Modeling," in UML 2002, LNCS 2460, pp , 2002, ed: Springer-Verlag Berlin Heidelberg 2002, 2002, pp [26] Stefanov, Veronika List, Beate Korherr, Birgit, "Extending UML 2 Activity Diagrams with Business Intelligence Objects," in Data Warehousing and Knowledge Discovery, ed, 2005, pp [27] Passerone, R. Damm, W. Ben Hafaiedh, I. Graf, S. Ferrari, A. Mangeruca, L. Benveniste, A. Josko, B. Peikenkamp, T. Cancila, D. Cuccuru, A. Gerard, S. Terrier, F. Sangiovanni-Vincentelli "Metamodels in Europe: Languages, Tools, and Applications," Copublished by the IEEE CS and the IEEE CASS, vol. 26, pp , [28] Michael Menzel, Christoph Meinel "SecureSOA Modelling Security Requirements for Service- Oriented Architectures," in Services Computing (SCC), 2010 IEEE International Conference on, 2010, pp [29] The OMG., "Meta Object Facility (MOF) 2.0 Core Specification," OMG Available Specification,,
Model-based Security Engineering of SOA System Using Security Intent DSL
Model-based Security Engineering of SOA System Using Security Intent DSL Muhammad Qaiser Saleem 1, Jafreezal Jaafar 1, Mohd Fadzil Hassan 1 1 Department of Computer and Information Sciences, Universiti
More informationSECTISSIMO: A Platform-independent Framework for Security Services
SECTISSIMO: A Platform-independent Framework for Security Services Mukhtiar Memon, Michael Hafner, and Ruth Breu University of Innsbruck, AUSTRIA {mukhtiar.memon, m.hafner, ruth.breu}@uibk.ac.at Abstract.
More informationA Framework for the Model Driven Development of Secure Web Services
A Framework for the Model Driven Development of Secure Web Services Composition Department of Computer and Information Sciences, Universiti Teknologi PETRONAS, 31750, Seri Iskandar, Perak Darul Ridzuan,
More informationA Pattern-driven Generation of Security Policies for Service-oriented Architectures
A Pattern-driven Generation of Security Policies for Service-oriented Architectures Michael Menzel Hasso-Plattner-Institute Prof.-Dr.-Helmert Str. 2-3 14482 Potsdam, Germany michael.menzel @hpi.uni-potsdam.de
More informationSecure Document Circulation Using Web Services Technologies
Secure Document Circulation Using Web Services Technologies Shane Bracher Bond University, Gold Coast QLD 4229, Australia Siemens AG (Corporate Technology), Otto-Hahn-Ring 6, 81739 Munich, Germany sbracher@student.bond.edu.au
More informationSecure Database Development
Secure Database Development Jan Jurjens () and Eduardo B. Fernandez (2) () Computing Department, The Open University, Milton Keynes, MK7 8LA GB http://www.jurjens.de/jan (2) Dept. of Computer Science,
More informationAugmented Enterprise Models as a Foundation for Generating Security-Related Software: Requirements and Objectives
Augmented Enterprise Models as a Foundation for Generating Security-Related Software: Requirements and Objectives Anat Goldstein University of Duisburg-Essen Universitaetsstr. 9 D-45141 Essen +49(0201)183-4563
More informationTowards Modeling and Transformation of Security Requirements for Service-oriented Architectures
Towards Modeling and Transformation of Security Requirements for Service-oriented Architectures Sven Feja 1, Ralph Herkenhöner 2, Meiko Jensen 3, Andreas Speck 1, Hermann de Meer 2, and Jörg Schwenk 3
More informationModel driven Security of Service Oriented Systems based on Security as a Service
Japan-Austria Joint Workshop on ICT October 18-19 2010, Tokyo, Japan SECTET Model driven Security of Oriented Systems based on Security as a Basel Katt, Ruth Breu, Mukhtiar Memon and Michael Hafner Research
More informationSecure State UML: Modeling and Testing Security Concerns of Software Systems Using UML State Machines
Research Journal of Applied Sciences, Engineering and Technology 7(18): 3786-3790, 2014 ISSN: 2040-7459; e-issn: 2040-7467 Maxwell Scientific Organization, 2014 Submitted: October 26, 2013 Accepted: December
More informationModel-driven secure system development framework
SCIENTIFIC PAPERS, UNIVERSITY OF LATVIA, 2010. Vol. 757 COMPUTER SCIENCE AND INFORMATION TECHNOLOGIES 43 52 P. Model-driven secure system development framework Viesturs Kaugers, Uldis Sukovskis Riga Technical
More informationDesign Authorization Systems Using SecureUML
Design Authorization Systems Using SecureUML By Rudolph Araujo & Shanit Gupta, Foundstone Professional Services February 2005 Overview This whitepaper describes the Foundstone SecureUML template, a Microsoft
More informationBusiness-Driven Software Engineering Lecture 3 Foundations of Processes
Business-Driven Software Engineering Lecture 3 Foundations of Processes Jochen Küster jku@zurich.ibm.com Agenda Introduction and Background Process Modeling Foundations Activities and Process Models Summary
More informationA UML 2 Profile for Business Process Modelling *
A UML 2 Profile for Business Process Modelling * Beate List and Birgit Korherr Women s Postgraduate College for Internet Technologies Institute of Software Technology and Interactive Systems Vienna University
More informationCIM to PIM Transformation: A criteria Based Evaluation
ISSN:2229-6093 CIM to PIM Transformation: A criteria Based Evaluation Abdelouahed KRIOUILE *, Taoufiq GADI, Youssef BALOUKI Univ Hassan 1, LAVETE Laboratory, 26000 Settat, Maroc * E-mail of the corresponding
More informationMeta Model Based Integration of Role-Based and Discretionary Access Control Using Path Expressions
Meta Model Based Integration of Role-Based and Discretionary Access Control Using Path Expressions Kathrin Lehmann, Florian Matthes Chair for Software Engineering for Business Information Systems Technische
More informationExtending UML 2 Activity Diagrams with Business Intelligence Objects *
Extending UML 2 Activity Diagrams with Business Intelligence Objects * Veronika Stefanov, Beate List, Birgit Korherr Women s Postgraduate College for Internet Technologies Institute of Software Technology
More informationIncorporating database systems into a secure software development methodology
Incorporating database systems into a secure software development methodology Eduardo B. Fernandez 1, Jan Jurjens 2, Nobukazu Yoshioka 3, and Hironori Washizaki 4 1 Dept. of Computer Science, Florida Atlantic
More informationCommon Warehouse Metamodel (CWM): Extending UML for Data Warehousing and Business Intelligence
Common Warehouse Metamodel (CWM): Extending UML for Data Warehousing and Business Intelligence OMG First Workshop on UML in the.com Enterprise: Modeling CORBA, Components, XML/XMI and Metadata November
More informationOpen Source egovernment Reference Architecture Osera.modeldriven.org. Copyright 2006 Data Access Technologies, Inc. Slide 1
Open Source egovernment Reference Architecture Osera.modeldriven.org Slide 1 Caveat OsEra and the Semantic Core is work in progress, not a ready to use capability Slide 2 OsEra What we will cover OsEra
More informationUML/OCL based Design and Analysis of Role-Based Access Control Policies
UML/OCL based Design and Analysis of Role-Based Access Control Policies Oliver Hofrichter, Martin Gogolla, and Karsten Sohr University of Bremen, Computer Science Department Database Systems Group, D-28334
More informationVARIABILITY MODELING FOR CUSTOMIZABLE SAAS APPLICATIONS
VARIABILITY MODELING FOR CUSTOMIZABLE SAAS APPLICATIONS Ashraf A. Shahin 1, 2 1 College of Computer and Information Sciences, Al Imam Mohammad Ibn Saud Islamic University (IMSIU) Riyadh, Kingdom of Saudi
More informationRevel8or: Model Driven Capacity Planning Tool Suite
Revel8or: Model Driven Capacity Planning Tool Suite Liming Zhu 1,2, Yan Liu 1,2, Ngoc Bao Bui 1,2,Ian Gorton 3 1 Empirical Software Engineering Program, National ICT Australia Ltd. 2 School of Computer
More informationModel Driven Configuration of Secure Operating Systems for Mobile Applications in Healthcare
Model Driven Configuration of Secure Operating Systems for Mobile Applications in Healthcare B. Agreiter 1, M. Alam 1, M. Hafner 1, J.-P. Seifert 14, and X. Zhang 4 1 University of Innsbruck, Austria {berthold.agreiter,
More informationGenerating the PIM Behavioral Model from the CIM using QVT
Journal of Computer Science and Information Technology December 2014, Vol. 2, No. 3 & 4, pp. 55-81 ISSN: 2334-2366 (Print), 2334-2374 (Online) Copyright The Author(s). 2014. All Rights Reserved. Published
More informationTowards Collaborative Requirements Engineering Tool for ERP product customization
Towards Collaborative Requirements Engineering Tool for ERP product customization Boban Celebic, Ruth Breu, Michael Felderer, Florian Häser Institute of Computer Science, University of Innsbruck 6020 Innsbruck,
More informationA Framework for Composable Security Definition, Assurance, and Enforcement
A Framework for Composable Security Definition, Assurance, and Enforcement J. A. Pavlich-Mariscal Advisors: S. A. Demurjian and L. D. Michel Department of Computer Science & Engineering The University
More informationA Method for Eliciting Security Requirements from the Business Process Models
A Method for Eliciting Security Requirements from the Business Process Models Naved Ahmed and Raimundas Matulevičius Institute of Computer Science, University of Tartu J. Liivi 2, 50409 Tartu, Estonia
More informationMODELING OF SERVICE ORIENTED ARCHITECTURE: FROM BUSINESS PROCESS TO SERVICE REALISATION
MODELING OF SERVICE ORIENTED ARCHITECTURE: FROM BUSINESS PROCESS TO SERVICE REALISATION Marek Rychlý and Petr Weiss Faculty of Information Technology, Brno University of Technology, Czech Republic, rychly@fit.vutbr.cz,
More informationUML-based Conceptual Design Approach for Modeling Complex Processes in Web Application
UML-based Conceptual Design Approach for Modeling Complex Processes in Web Application Siti Azreena Mubin Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, 43400 Serdang,
More informationBusiness Process Modelling Languages, Goals and Variabilities
Business Process Modelling Languages, Goals and Variabilities Birgit Korherr Women s Postgraduate College for Internet Technologies Institute of Software Technology and Interactive Systems Vienna University
More informationComparative Analysis of Data warehouse Design Approaches from Security Perspectives
Comparative Analysis of Data warehouse Design Approaches from Security Perspectives Shashank Saroop #1, Manoj Kumar *2 # M.Tech (Information Security), Department of Computer Science, GGSIP University
More informationModeling Turnpike: a Model-Driven Framework for Domain-Specific Software Development *
for Domain-Specific Software Development * Hiroshi Wada Advisor: Junichi Suzuki Department of Computer Science University of Massachusetts, Boston hiroshi_wada@otij.org and jxs@cs.umb.edu Abstract. This
More informationMDE Adoption in Industry: Challenges and Success Criteria
MDE Adoption in Industry: Challenges and Success Criteria Parastoo Mohagheghi 1, Miguel A. Fernandez 2, Juan A. Martell 2, Mathias Fritzsche 3 and Wasif Gilani 3 1 SINTEF, P.O.Box 124-Blindern, N-0314
More informationModel Driven Interoperability through Semantic Annotations using SoaML and ODM
Model Driven Interoperability through Semantic Annotations using SoaML and ODM JiuCheng Xu*, ZhaoYang Bai*, Arne J.Berre*, Odd Christer Brovig** *SINTEF, Pb. 124 Blindern, NO-0314 Oslo, Norway (e-mail:
More informationAdministration of Access Control in Information Systems Using URBAC Model
JOURNAL OF APPLIED COMPUTER SCIENCE Vol. 19 No. 2 (2011), pp. 89-109 Administration of Access Control in Information Systems Using URBAC Model Aneta Poniszewska-Marańda Institute of Information Technology
More informationSEARCH The National Consortium for Justice Information and Statistics. Model-driven Development of NIEM Information Exchange Package Documentation
Technical Brief April 2011 The National Consortium for Justice Information and Statistics Model-driven Development of NIEM Information Exchange Package Documentation By Andrew Owen and Scott Came Since
More informationSERENITY Pattern-based Software Development Life-Cycle
SERENITY Pattern-based Software Development Life-Cycle Francisco Sanchez-Cid, Antonio Maña Computer Science Department University of Malaga. Spain {cid, amg}@lcc.uma.es Abstract Most of current methodologies
More informationThe BPM to UML activity diagram transformation using XSLT
The BPM to UML activity diagram transformation using XSLT Ondřej Macek 1 and Karel Richta 1,2 1 Department of Computer Science and Engineering, Faculty of Electrical Engineering, Czech Technical University,
More informationFoundations of Model-Driven Software Engineering
Model-Driven Software Engineering Foundations of Model-Driven Software Engineering Dr. Jochen Küster (jku@zurich.ibm.com) Contents Introduction to Models and Modeling Concepts of Model-Driven Software
More informationModel-Driven Architecture: Vision, Standards And Emerging Technologies
1 Model-Driven Architecture: Vision, Standards And Emerging Technologies Position Paper Submitted to ECOOP 2001 Workshop on Metamodeling and Adaptive Object Models John D. Poole Hyperion Solutions Corporation
More informationEnterprise Architecture at Work
Marc Lankhorst et al. Enterprise Architecture at Work Modelling, Communication and Analysis Third Edition 4y Springer Contents 1 Introduction to Enterprise Architecture 1 1.1 Architecture 1 1.2 Enterprise
More informationModeling Quality Information within Business Process Models
Modeling Quality Information within Business Process Models Robert Heinrich, Alexander Kappe, Barbara Paech University of Heidelberg, Institute of Computer Science, Im Neuenheimer Feld 326, 69120 Heidelberg,
More informationA Decade of Model Driven Web Services Composition Frameworks
Research Journal of Applied Sciences, Engineering and Technology 7(20): 4244-4250, 2014 ISSN: 2040-7459; e-issn: 2040-7467 Maxwell Scientific Organization, 2014 Submitted: November 28, 2013 Accepted: December
More informationDevelopment of Tool Extensions with MOFLON
Development of Tool Extensions with MOFLON Ingo Weisemöller, Felix Klar, and Andy Schürr Fachgebiet Echtzeitsysteme Technische Universität Darmstadt D-64283 Darmstadt, Germany {weisemoeller klar schuerr}@es.tu-darmstadt.de
More informationAN ONTOLOGICAL APPROACH TO WEB APPLICATION DESIGN USING W2000 METHODOLOGY
STUDIA UNIV. BABEŞ BOLYAI, INFORMATICA, Volume L, Number 2, 2005 AN ONTOLOGICAL APPROACH TO WEB APPLICATION DESIGN USING W2000 METHODOLOGY ANNA LISA GUIDO, ROBERTO PAIANO, AND ANDREA PANDURINO Abstract.
More informationTOWARDS A FRAMEWORK INCORPORATING FUNCTIONAL AND NON FUNCTIONAL REQUIREMENTS FOR DATAWAREHOUSE CONCEPTUAL DESIGN
IADIS International Journal on Computer Science and Information Systems Vol. 9, No. 1, pp. 43-54 ISSN: 1646-3692 TOWARDS A FRAMEWORK INCORPORATING FUNCTIONAL AND NON FUNCTIONAL REQUIREMENTS FOR DATAWAREHOUSE
More informationAccess Control Framework of Personal Cloud based on XACML
Access Control Framework of Personal Cloud based on XACML 1 Jun-Young Park, 2 Young-Rok Shin, 3 Kyoung-Hun Kim, 4 Eui-Nam Huh 1First Author, 2 Kyung Hee University, {parkhans, shinyr}@khu.ac.kr 3 Gangdong
More informationSecurity Requirements Analysis of Web Applications using UML
Security Requirements Analysis of Web Applications using UML Salim Chehida 1, Mustapha kamel Rahmouni 2 1 Department of Informatics, University of Mostaganem, Algeria salimchehida@yahoo.fr 2 Department
More informationPMLite: An Open Source Solution for Process Monitoring
PMLite: An Open Source Solution for Process Monitoring Alberto Colombo, Ernesto Damiani, and Fulvio Frati Department of Information Technology - University of Milan via Bramante 65, 26013 Crema (CR) Italy
More informationA Model-based Software Architecture for XML Data and Metadata Integration in Data Warehouse Systems
Proceedings of the Postgraduate Annual Research Seminar 2005 68 A Model-based Software Architecture for XML and Metadata Integration in Warehouse Systems Abstract Wan Mohd Haffiz Mohd Nasir, Shamsul Sahibuddin
More informationDevelopment of Enterprise Architecture of PPDR Organisations W. Müller, F. Reinert
Int'l Conf. Software Eng. Research and Practice SERP'15 225 Development of Enterprise Architecture of PPDR Organisations W. Müller, F. Reinert Fraunhofer Institute of Optronics, System Technologies and
More informationSecure Software Architecture Description using UML Jan Jürjens Competence Center for IT Security Software & Systems Engineering TU Munich, Germany
Secure Software Architecture Description using UML Jan Jürjens Competence Center for IT Security Software & Systems Engineering TU Munich, Germany juerjens@in.tum.de http://www.umlsec.org Problems, Causes
More informationSOPLE-DE: An Approach to Design Service-Oriented Product Line Architectures
SOPLE-DE: An Approach to Design -Oriented Product Line Architectures Flávio M. Medeiros, Eduardo S. de Almeida 2, and Silvio R.L. Meira Federal University of Pernambuco (UFPE) 2 Federal University of Bahia
More informationLinking BPMN, ArchiMate, and BWW: Perfect Match for Complete and Lawful Business Process Models?
Linking BPMN, ArchiMate, and BWW: Perfect Match for Complete and Lawful Business Process Models? Ludmila Penicina Institute of Applied Computer Systems, Riga Technical University, 1 Kalku, Riga, LV-1658,
More informationModel Driven Development of Inventory Tracking System*
Model Driven Development of Inventory Tracking System* Gan Deng, Tao Lu, Emre Turkay Andrey Nechypurenko Aniruddha Gokhale, Douglas Schmidt ISIS, Vanderbilt University Siemens Nashville, TN 37221 Germany
More informationDesigning a Semantic Repository
Designing a Semantic Repository Integrating architectures for reuse and integration Overview Cory Casanave Cory-c (at) modeldriven.org ModelDriven.org May 2007 The Semantic Metadata infrastructure will
More informationAplicando enfoque MDE a aplicaciones WEB-SOA
Aplicando enfoque MDE a aplicaciones WEB-SOA María Consuelo Franky lfranky@javeriana.edu.co Dpto. Ingeniería de Sistemas Universidad Javeriana Bogotá - 2010 http://sophia.javeriana.edu.co/~lfranky/ 1 Temario
More informationBPMN PATTERNS USED IN MANAGEMENT INFORMATION SYSTEMS
BPMN PATTERNS USED IN MANAGEMENT INFORMATION SYSTEMS Gabriel Cozgarea 1 Adrian Cozgarea 2 ABSTRACT: Business Process Modeling Notation (BPMN) is a graphical standard in which controls and activities can
More informationAlignment of Misuse Cases with Security Risk Management
Alignment of Misuse Cases with Security Risk Management Raimundas Matulevičius PReCISE, University of Namur, rue Grandgagnage 21, B-5000 Namur, Belgium rma@info.fundp.ac.be Nicolas Mayer CRP Henri Tudor
More informationModel-Driven Data Warehousing
Model-Driven Data Warehousing Integrate.2003, Burlingame, CA Wednesday, January 29, 16:30-18:00 John Poole Hyperion Solutions Corporation Why Model-Driven Data Warehousing? Problem statement: Data warehousing
More informationRealizing business flexibility through integrated SOA policy management.
SOA policy management White paper April 2009 Realizing business flexibility through integrated How integrated management supports business flexibility, consistency and accountability John Falkl, distinguished
More informationTowards a Common Metamodel for the Development of Web Applications
Towards a Common Metamodel for the Development of Web Applications Nora Koch and Andreas Kraus Ludwig-Maximilians-Universität Munich, Germany Motivation Overwhelming diversity of Web methodologies Goal:
More informationA Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems
Volume 1, Number 2, December 2014 JOURNAL OF COMPUTER SCIENCE AND SOFTWARE APPLICATION A Conceptual Technique for Modelling Security as a Service in Service Oriented Distributed Systems Satish Kumar*,
More informationModel Driven and Service Oriented Enterprise Integration---The Method, Framework and Platform
Driven and Oriented Integration---The Method, Framework and Platform Shuangxi Huang, Yushun Fan Department of Automation, Tsinghua University, 100084 Beijing, P.R. China {huangsx, fanyus}@tsinghua.edu.cn
More informationA Comparison of SOA Methodologies Analysis & Design Phases
202 A Comparison of SOA Methodologies Analysis & Design Phases Sandra SVANIDZAITĖ Institute of Mathematics and Informatics, Vilnius University Abstract. Service oriented computing is a new software engineering
More informationGECO: Automatic Generator-Composition for (Aspect-oriented) DSLs
GECO: Automatic Generator-Composition for (Aspect-oriented) DSLs Doctoral Symposium - MODELS 2014 Reiner Jung Christian-Albrechts-University Kiel, Germany 30.09.2014 Domain-specific Languages Motivation
More informationA methodology for secure software design
A methodology for secure software design Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca Raton, FL 33431 ed@cse.fau.edu 1. Introduction A good percentage of the
More informationDagstuhl seminar on Service Oriented Computing. Service design and development. Group report by Barbara Pernici, Politecnico di Milano
Dagstuhl seminar on Service Oriented Computing Service design and development Group report by Barbara Pernici, Politecnico di Milano Abstract This paper reports on the discussions on design and development
More informationBusiness Modeling with UML
Business Modeling with UML Hans-Erik Eriksson and Magnus Penker, Open Training Hans-Erik In order to keep up and be competitive, all companies Ericsson is and enterprises must assess the quality of their
More informationChange Pattern-Driven Traceability of Business Processes
Proceedings of the International MultiConference of Engineers and Computer Scientists 2014 Vol I,, March 12-14, 2014, Hong Kong Change Pattern-Driven Traceability of Business Processes Watcharin Uronkarn
More informationFrom Business World to Software World: Deriving Class Diagrams from Business Process Models
From Business World to Software World: Deriving Class Diagrams from Business Process Models WARARAT RUNGWORAWUT 1 AND TWITTIE SENIVONGSE 2 Department of Computer Engineering, Chulalongkorn University 254
More informationModeling of Distributed Systems with SOA & MDA
Modeling of Distributed Systems with SOA & MDA Haeng-Kon Kim Abstract Along with the boom of Web services and the thriving Model Driven Architecture (MDA), we must consider the growing significance and
More informationTool Support for Software Variability Management and Product Derivation in Software Product Lines
Tool Support for Software Variability Management and Product Derivation in Software s Hassan Gomaa 1, Michael E. Shin 2 1 Dept. of Information and Software Engineering, George Mason University, Fairfax,
More informationEnterprise IT Architectures BPM (Business Process Management)
Dr. Hans-Peter Hoidn Executive Architect, IBM Distinguished IT Architect (Opengroup) Enterprise IT Architectures BPM (Business Process Management) Introduction 2 Agenda of this Part Business Process Management
More informationA Collaborative System Software Solution for Modeling Business Flows Based on Automated Semantic Web Service Composition
32 A Collaborative System Software Solution for Modeling Business Flows Based on Automated Semantic Web Service Composition Ion SMEUREANU, Andreea DIOŞTEANU Economic Informatics Department, Academy of
More informationAn Aspect-Oriented Product Line Framework to Support the Development of Software Product Lines of Web Applications
An Aspect-Oriented Product Line Framework to Support the Development of Software Product Lines of Web Applications Germán Harvey Alférez Salinas Department of Computer Information Systems, Mission College,
More informationClarifying a vision on certification of MDA tools
SCIENTIFIC PAPERS, UNIVERSITY OF LATVIA, 2010. Vol. 757 COMPUTER SCIENCE AND INFORMATION TECHNOLOGIES 23 29 P. Clarifying a vision on certification of MDA tools Antons Cernickins Riga Technical University,
More informationRules and Business Rules
OCEB White Paper on Business Rules, Decisions, and PRR Version 1.1, December 2008 Paul Vincent, co-chair OMG PRR FTF TIBCO Software Abstract The Object Management Group s work on standards for business
More informationMonitoring Security and Safety of Assets in Supply Chains
Monitoring Security and Safety of Assets in Supply Chains Ganna Monakova 1 and Cristina Severin 2 and Achim D. Brucker 1 and Ulrich Flegel 3, and Andreas Schaad 1 1 SAP Research, Vincenz-Priessnitz-Str.
More informationBusiness Process Modeling Information Systems in Industry (372-1-4207 )
Business Process Modeling Information Systems in Industry (372-1-4207 ) Arnon Sturm The material of this presentation is adopted from various people including:, Pnina Soffer, Iris Reinhartz-Berger 1 Outline
More informationA Survey on Requirements and Design Methods for Secure Software Development*
A Survey on Requirements and Design Methods for Secure Software Development* Muhammad Umair Ahmed Khan and Mohammad Zulkernine School of Computing Queen s University Kingston, Ontario, Canada K7L 3N6 {umair
More informationDefining and Checking Model Smells: A Quality Assurance Task for Models based on the Eclipse Modeling Framework
Defining and Checking Model Smells: A Quality Assurance Task for Models based on the Eclipse Modeling Framework Thorsten Arendt a, Matthias Burhenne a, Gabriele Taentzer a a Philipps-Universität Marburg,
More informationProceedings of the 43rd Hawaii International Conference on System Sciences - 2010
Managing Internal Control in Changing Organizations through Business Process Intelligence A Service Oriented Architecture for the XACML based Monitoring of Supporting Systems Matthias Kehlenbeck, Thorben
More informationComparison of Model-Driven Architecture and Software Factories in the Context of Model-Driven Development
Comparison of Model-Driven Architecture and Software Factories in the Context of Model-Driven Development Ahmet Demir Technische Universität München Department of Informatics Munich, Germany AhmetDemir@gmx.de
More informationA Service Oriented Security Reference Architecture
International Journal of Advanced Computer Science and Information Technology (IJACSIT) Vol. 1, No.1, October 2012, Page: 25-31, ISSN: 2296-1739 Helvetic Editions LTD, Switzerland www.elvedit.com A Service
More informationEnterprise Application Deployment: Amodel driven approach
Enterprise Application Deployment: Amodel driven approach Peter Golibrzuch Lufthansa Technik AG peter.golibrzuch@lht.dlh.de Alexander Holbreich Lufthansa Systems AG alexander.holbreich@lhsystems.com Simon
More informationModel Based Software Development: Issues & Challenges
N Md Jubair Basha 1, Salman Abdul Moiz 2 & Mohammed Rizwanullah 3 1&3 IT Department, Muffakham Jah College of Engineering & Technology, Hyderabad, India 2 IT Department, MVSR Engineering College, Hyderabad,
More informationA Graphical Approach to Risk Identification, Motivated by Empirical Investigations
A Graphical Approach to Risk Identification, Motivated by Empirical Investigations Ida Hogganvik and Ketil Stølen SINTEF ICT and Department of Informatics, University of Oslo {iho, kst}@sintef.no Abstract.
More information2 nd UML 2 Semantics Symposium: Formal Semantics for UML
2 nd UML 2 Semantics Symposium: Formal Semantics for UML Manfred Broy 1, Michelle L. Crane 2, Juergen Dingel 2, Alan Hartman 3, Bernhard Rumpe 4, and Bran Selic 5 1 Technische Universität München, Germany
More informationTool support for Collaborative Software Quality Management
Tool support for Collaborative Software Quality Management Philipp Kalb and Ruth Breu Institute of Computer Science University of Innsbruck Email: philipp.kalb, ruth.breu@uibk.ac.at Abstract. Nowadays
More informationModeling the User Interface of Web Applications with UML
Modeling the User Interface of Web Applications with UML Rolf Hennicker,Nora Koch,2 Institute of Computer Science Ludwig-Maximilians-University Munich Oettingenstr. 67 80538 München, Germany {kochn,hennicke}@informatik.uni-muenchen.de
More informationTransforming PICTURE to BPMN 2.0 as Part of the Model-driven Development of Electronic Government Systems
Heitkötter, Henning, Transforming PICTURE to BPMN 2.0 as Part of the Model-Driven Development of Electronic Government Systems, 44th Hawaii International Conference on System Sciences (HICSS), pp. 1 10,
More informationSecure Information Systems Engineering: Experiences and Lessons Learned from two Health Care Projects
Secure Information Systems Engineering: Experiences and Lessons Learned from two Health Care Projects H. Mouratidis 1, A. Sunyaev 2, J. Jurjens 3 1 School of Computing and Technology, University of East
More informationCONTEMPORARY SEMANTIC WEB SERVICE FRAMEWORKS: AN OVERVIEW AND COMPARISONS
CONTEMPORARY SEMANTIC WEB SERVICE FRAMEWORKS: AN OVERVIEW AND COMPARISONS Keyvan Mohebbi 1, Suhaimi Ibrahim 2, Norbik Bashah Idris 3 1 Faculty of Computer Science and Information Systems, Universiti Teknologi
More informationA Framework of Model-Driven Web Application Testing
A Framework of Model-Driven Web Application Testing Nuo Li, Qin-qin Ma, Ji Wu, Mao-zhong Jin, Chao Liu Software Engineering Institute, School of Computer Science and Engineering, Beihang University, China
More informationAn Evaluation of Conceptual Business Process Modelling Languages
An Evaluation of Conceptual Business Process Modelling Languages Beate List and Birgit Korherr Women s Postgraduate College for Internet Technologies Institute of Software Technology and Interactive Systems
More informationMDA Transformations Applied to Web Application Development 1
MDA Transformations Applied to Web Application Development 1 Santiago Meliá 1, Andreas Kraus 2, and Nora Koch 2, 3 1 Universidad de Alicante, Spain 2 Ludwig-Maximilians-Universität München, Germany 3 F.A.S.T
More informationInforme Técnico / Technical Report
Informe Técnico / Technical Report A Comparative Analysis of SPEM 2.0 and BPMN 2.0 Mario Cervera, Manoli Albert, Victoria Torres, Vicente Pelechano Ref. #: ProS-TR-2012-03 Title: A Comparative Analysis
More informationChapter 4 Software Lifecycle and Performance Analysis
Chapter 4 Software Lifecycle and Performance Analysis This chapter is aimed at illustrating performance modeling and analysis issues within the software lifecycle. After having introduced software and
More information