Aspect-Oriented Modeling for Representing and Integrating Security Concerns in UML

  • D. Mouheb
  • C. Talhi
  • M. Nouh
  • V. Lima
  • M. Debbabi
  • L. Wang
  • M. Pourzandi
Part of the Studies in Computational Intelligence book series (SCI, volume 296)


Security is a challenging task in software engineering. Enforcing security policies should be taken care of during the early phases of the software development process to more efficiently integrate security into software. Since security is a crosscutting concern that pervades the entire software, integrating security at the software design level may result in the scattering and tangling of security features throughout the entire design. To address this issue, we present in this paper an aspect-oriented modeling approach for specifying and integrating security concerns into UML design models. In the proposed approach, security experts specify high-level and generic security solutions that can be later instantiated by developers, then automatically woven into UML design. Finally, we describe our prototype implemented as a plug-in in a commercial software development environment.


Class Diagram Sequence Diagram Adaptation Rule Security Aspect Security Expert 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Bodkin, R.: Enterprise Security Aspects. In: Proc. of the 4th Workshop on AOSD Technology for Application-Level Security (2004)Google Scholar
  3. 3.
    CUP Parser Generator for Java,
  4. 4.
    Dai, L., Cooper, K.: Modeling and Analysis of Non-Functional Requirements as Aspects in a UML Based Architecture Design. In: Proc. of the Sixth Intl. Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, pp. 178–183. IEEE Computer Society, Washington (2005)Google Scholar
  5. 5.
    Dvorak, R.: Model Transformation with Operational QVT (2008),
  6. 6.
    Fleurey, F., Baudry, B., France, R., Ghosh, S.: A Generic Approach for Automatic Model Composition. In: Proc. of 11th Intl. Workshop on AOM, pp. 7–15. Springer, Nashville (2007)Google Scholar
  7. 7.
    France, R., Ray, I., Georg, G., Ghosh, S.: AO Approach to Early Design Modelling. Software, IEE Proceedings 151(4), 173–185 (2004)CrossRefGoogle Scholar
  8. 8.
    Fuentes, L., Sánchez, P.: Designing and Weaving AO Executable UML Models. Journal of Object Technology 6(7), 109–136 (2007)Google Scholar
  9. 9.
    Gao, S., Deng, Y., Yu, H., He, X., Beznosov, K., Cooper, K.: Applying Aspect-Orientation in Designing Security Systems: A Case Study. In: Proc. of the Intl. Conference of Software Engineering and Knowledge Engineering (2004)Google Scholar
  10. 10.
    Georg, G., Houmb, S.H., Ray, I.: Aspect-Oriented Risk-Driven Development of Secure Applications. In: Damiani, E., Liu, P. (eds.) Data and Applications Security 2006. LNCS, vol. 4127, pp. 282–296. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Groher, I., Voelter, M.: XWeave: Models and Aspects in Concert. In: Proc. of the 10th Workshop on AOM, pp. 35–40 (2007)Google Scholar
  12. 12.
  13. 13.
    Miller, J., Mukerji, J.: MDA Guide Version 1.0.1. Tech. rep., Object Management Group (OMG) (2003)Google Scholar
  14. 14.
    Mouheb, D., Talhi, C., Lima, V., Debbabi, M., Wang, L., Pourzandi, M.: Weaving Security Aspects into UML 2.0 Design Models. In: Proc. of the 13th Workshop on Aspect-Oriented Modeling, pp. 7–12. ACM, New York (2009)CrossRefGoogle Scholar
  15. 15.
    Muller, P.A., Fleurey, F., Jézéquel, J.M.: Weaving Executability into Object-Oriented Meta-Languages. In: Briand, S.K.L. (ed.) MODELS/UML 2005. LNCS, vol. 3713, pp. 264–278. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Pavlich-Mariscal, J., Michel, L., Demurjian, S.: Enhancing UML to Model Custom Security Aspects. In: Proc. of the 11th Workshop on Aspect-Oriented Modeling (2007)Google Scholar
  17. 17.
    Chitchyan, R., et al.: Survey of Analysis and Design Approaches. Technical Report-AOSD-Europe-ULANC-9 (2005)Google Scholar
  18. 18.
    Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST Model for Role-Based Access Control: Towards A Unified Standard. In: Proc. of the fifth ACM workshop on Role-Based Access Control, pp. 47–63 (2000)Google Scholar
  19. 19.
    Schauerhuber, A., Schwinger, W., Kapsammer, E., Retschitzegger, W., Wimmer, M., Kappel, G.: A Survey on Aspect-Oriented Modeling Approaches. Technical Report, Vienna University of Technology (2007)Google Scholar
  20. 20.
    Viega, J., Bloch, J.T., Chandra, P.: Applying Aspect-Oriented Programming to Security. Cutter IT Journal 14, 31–39 (2001)Google Scholar
  21. 21.
    Win, B.D.: Engineering Application Level Security through Aspect-Oriented Software Development. PhD Thesis, Katholieke Universiteit Leuven (2004)Google Scholar
  22. 22.
    Woodside, M., Petriu, D.C., Petriu, D.B., Xu, J., Israr, T., Georg, G., France, R., Bieman, J.M., Houmb, S.H., Jürjens, J.: Performance Analysis of Security Aspects by Weaving Scenarios Extracted from UML Models. Journal of Systems and Software 82(1), 56–74 (2009)CrossRefGoogle Scholar
  23. 23.
    Zhang, G., Baumeister, H., Koch, N., Knapp, A.: AO Modeling of Access Control in Web Applications. In: Proc. of the 6th Workshop on Aspect-Oriented Modeling (2005)Google Scholar
  24. 24.
    Zhang, J., Cottenier, T., Berg, A., Gray, J.: Aspect Composition in the Motorola Aspect-Oriented Modeling Weaver. Journal of Object Technology. Special Issue on AOM 6(7), 89–108 (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • D. Mouheb
    • 1
  • C. Talhi
    • 1
  • M. Nouh
    • 1
  • V. Lima
    • 1
  • M. Debbabi
    • 1
  • L. Wang
    • 1
  • M. Pourzandi
    • 2
  1. 1.Computer Security LaboratoryConcordia UniversityMontrealCanada
  2. 2.Software ResearchEricsson Canada Inc.MontrealCanada

Personalised recommendations