Model-Based Formal Reasoning about Data-Management Applications

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9033)

Abstract

Data-management applications are focused around so-called CRUD actions that create, read, update, and delete data from persistent storage. These operations are the building blocks for numerous applications, for example dynamic websites where users create accounts, store and update information, and receive customized views based on their stored data. Typically, the application’s data is required to satisfy some properties, which we may call the application’s data invariants. In this paper, we introduce a tool-supported, model-based methodology for proving that all the actions possibly triggered by a data-management application will indeed preserve the application’s data invariants. Moreover, we report on our experience applying this methodology on a non-trivial case study: namely, an application for managing medical records, for which over eighty data invariants need to be proved to be preserved.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology 15(1), 39–91 (2006)Google Scholar
  2. 2.
    Basin, D.A., Clavel, M., Egea, M., García de Dios, M.A., Dania, C.: A model-driven methodology for developing secure data-management applications. IEEE Trans. Software Eng. 40(4), 324–337 (2014)CrossRefGoogle Scholar
  3. 3.
    Cabot, J., Clarisó, R., Guerra, E., de Lara, J.: Verification and validation of declarative model-to-model transformations through invariants. Journal of Systems and Software 83(2), 283–302 (2010)CrossRefGoogle Scholar
  4. 4.
    Clavel, M., Egea, M., García de Dios, M.A.: Checking unsatisfiability for OCL constraints. Electronic Communications of the EASST 24, 1–13 (2009)Google Scholar
  5. 5.
    Dania, C., Clavel, M.: OCL2FOL+: Coping with Undefinedness. In: Cabot, J., Gogolla, M., Ráth, I., Willink, E. (eds.) CEUR Workshop Proceedings OCL@MoDELS, vol. 1092, pp. 53–62. CEUR-WS.org (2013)Google Scholar
  6. 6.
    García de Dios, M.A., Dania, C., Basin, D., Clavel, M.: Model-driven development of a secure eHealth application. In: Heisel, M., Joosen, W., Lopez, J., Martinelli, F. (eds.) Engineering Secure Future Internet Services and Systems. LNCS, vol. 8431, pp. 97–118. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  7. 7.
    de Moura, L., Bjørner, N.: Z3: An efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  8. 8.
    D’Souza, D., Wills, A.: Catalysis. Practical Rigor and Refinement: Extending OMT, Fusion, and Objectory. Technical report (1995), http://catalysis.org
  9. 9.
    Gogolla, M., Hamann, L., Hilken, F., Kuhlmann, M., France, R.B.: From application models to filmstrip models: An approach to automatic validation of model dynamics. In: Fill, H., Karagiannis, D., Reimer, U. (eds.) Modellierung. LNI, vol. 225, pp. 273–288. GI (2014)Google Scholar
  10. 10.
    González, C.A., Cabot, J.: Formal verification of static software models in MDE: A systematic review. Information & Software Technology 56(8), 821–838 (2014)CrossRefGoogle Scholar
  11. 11.
    Jackson, D.: Software Abstractions: Logic, Language, and Analysis. The MIT Press (2006)Google Scholar
  12. 12.
    Kanso, B., Taha, S.: Temporal constraint support for OCL. In: Czarnecki, K., Hedin, G. (eds.) SLE 2012. LNCS, vol. 7745, pp. 83–103. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  13. 13.
    Kleppe, A.G., Warmer, J., Bast, W.: MDA Explained: The Model Driven Architecture: Practice and Promise. Addison-Wesley Longman Publishing Co., Inc., Boston (2003)Google Scholar
  14. 14.
    NESSoS. The European Network of Excellence on Engineering Secure Future internet Software Services and Systems (2010), http://www.nessos-project.eu
  15. 15.
    Object Management Group. Object constraint language specification version 2.4. Technical report, OMG (2014), http://www.omg.org/spec/OCL/2.4
  16. 16.
    Queralt, A., Artale, A., Calvanese, D., Teniente, E.: OCL-Lite: Finite reasoning on UML/OCL conceptual schemas. Data & Knowledge Engineering 73, 1–22 (2012)CrossRefGoogle Scholar
  17. 17.
    Soeken, M., Wille, R., Kuhlmann, M., Gogolla, M., Drechsler, R.: Verifying UML/OCL models using Boolean satisfiability. In: DATE, pp. 1341–1344. IEEE (2010)Google Scholar
  18. 18.
    WieringaA, R.: survey of structured and object-oriented software specification methods and techniques. ACM Comput. Surv. 30(4), 459–527 (1998)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  1. 1.IMDEA Software InstituteMadridSpain

Personalised recommendations