Abstract
Security is a challenging task in software engineering. Enforcing security policies should be taken care of during the early phases of the software development process to more efficiently integrate security into software. Since security is a crosscutting concern that pervades the entire software, integrating security at the software design level may result in the scattering and tangling of security features throughout the entire design. To address this issue, we present in this paper an aspect-oriented modeling approach for specifying and integrating security concerns into UML design models. In the proposed approach, security experts specify high-level and generic security solutions that can be later instantiated by developers, then automatically woven into UML design. Finally, we describe our prototype implemented as a plug-in in a commercial software development environment.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
AOM Website: http://www.aspect-modeling.org/
Bodkin, R.: Enterprise Security Aspects. In: Proc. of the 4th Workshop on AOSD Technology for Application-Level Security (2004)
CUP Parser Generator for Java, http://www2.cs.tum.edu/projects/cup/
Dai, L., Cooper, K.: Modeling and Analysis of Non-Functional Requirements as Aspects in a UML Based Architecture Design. In: Proc. of the Sixth Intl. Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, pp. 178–183. IEEE Computer Society, Washington (2005)
Dvorak, R.: Model Transformation with Operational QVT (2008), http://www.eclipse.org/m2m/qvto/doc/M2M-QVTO.pdf
Fleurey, F., Baudry, B., France, R., Ghosh, S.: A Generic Approach for Automatic Model Composition. In: Proc. of 11th Intl. Workshop on AOM, pp. 7–15. Springer, Nashville (2007)
France, R., Ray, I., Georg, G., Ghosh, S.: AO Approach to Early Design Modelling. Software, IEE Proceedings 151(4), 173–185 (2004)
Fuentes, L., Sánchez, P.: Designing and Weaving AO Executable UML Models. Journal of Object Technology 6(7), 109–136 (2007)
Gao, S., Deng, Y., Yu, H., He, X., Beznosov, K., Cooper, K.: Applying Aspect-Orientation in Designing Security Systems: A Case Study. In: Proc. of the Intl. Conference of Software Engineering and Knowledge Engineering (2004)
Georg, G., Houmb, S.H., Ray, I.: Aspect-Oriented Risk-Driven Development of Secure Applications. In: Damiani, E., Liu, P. (eds.) Data and Applications Security 2006. LNCS, vol. 4127, pp. 282–296. Springer, Heidelberg (2006)
Groher, I., Voelter, M.: XWeave: Models and Aspects in Concert. In: Proc. of the 10th Workshop on AOM, pp. 35–40 (2007)
IBM-Rational Software Architect, http://www.ibm.com/software/awdtools/architect/swarchitect/
Miller, J., Mukerji, J.: MDA Guide Version 1.0.1. Tech. rep., Object Management Group (OMG) (2003)
Mouheb, D., Talhi, C., Lima, V., Debbabi, M., Wang, L., Pourzandi, M.: Weaving Security Aspects into UML 2.0 Design Models. In: Proc. of the 13th Workshop on Aspect-Oriented Modeling, pp. 7–12. ACM, New York (2009)
Muller, P.A., Fleurey, F., Jézéquel, J.M.: Weaving Executability into Object-Oriented Meta-Languages. In: Briand, S.K.L. (ed.) MODELS/UML 2005. LNCS, vol. 3713, pp. 264–278. Springer, Heidelberg (2005)
Pavlich-Mariscal, J., Michel, L., Demurjian, S.: Enhancing UML to Model Custom Security Aspects. In: Proc. of the 11th Workshop on Aspect-Oriented Modeling (2007)
Chitchyan, R., et al.: Survey of Analysis and Design Approaches. Technical Report-AOSD-Europe-ULANC-9 (2005)
Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST Model for Role-Based Access Control: Towards A Unified Standard. In: Proc. of the fifth ACM workshop on Role-Based Access Control, pp. 47–63 (2000)
Schauerhuber, A., Schwinger, W., Kapsammer, E., Retschitzegger, W., Wimmer, M., Kappel, G.: A Survey on Aspect-Oriented Modeling Approaches. Technical Report, Vienna University of Technology (2007)
Viega, J., Bloch, J.T., Chandra, P.: Applying Aspect-Oriented Programming to Security. Cutter IT Journal 14, 31–39 (2001)
Win, B.D.: Engineering Application Level Security through Aspect-Oriented Software Development. PhD Thesis, Katholieke Universiteit Leuven (2004)
Woodside, M., Petriu, D.C., Petriu, D.B., Xu, J., Israr, T., Georg, G., France, R., Bieman, J.M., Houmb, S.H., Jürjens, J.: Performance Analysis of Security Aspects by Weaving Scenarios Extracted from UML Models. Journal of Systems and Software 82(1), 56–74 (2009)
Zhang, G., Baumeister, H., Koch, N., Knapp, A.: AO Modeling of Access Control in Web Applications. In: Proc. of the 6th Workshop on Aspect-Oriented Modeling (2005)
Zhang, J., Cottenier, T., Berg, A., Gray, J.: Aspect Composition in the Motorola Aspect-Oriented Modeling Weaver. Journal of Object Technology. Special Issue on AOM 6(7), 89–108 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Mouheb, D. et al. (2010). Aspect-Oriented Modeling for Representing and Integrating Security Concerns in UML. In: Lee, R., Ormandjieva, O., Abran, A., Constantinides, C. (eds) Software Engineering Research, Management and Applications 2010. Studies in Computational Intelligence, vol 296. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13273-5_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-13273-5_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13272-8
Online ISBN: 978-3-642-13273-5
eBook Packages: EngineeringEngineering (R0)