Dynamic matching and weaving semantics for executable UML models

• Main Author: Ziarati, Raha
• Format: Others
• Published: 2012
• Online Access: http://spectrum.library.concordia.ca/974888/4/Ziarati_MASc_S2013.pdf; Ziarati, Raha <http://spectrum.library.concordia.ca/view/creators/Ziarati=3ARaha=3A=3A.html> (2012) Dynamic matching and weaving semantics for executable UML models. Masters thesis, Concordia University.

To develop more secure software, security concerns should be considered as an essential part of all phases of software development lifecycle. It has been observed that incorporation of security concerns after the completion of software development may result in conflicts between functional and security requirements and leads to severe security vulnerabilities. On the other hand, security is a crosscutting concern and consequently the integration of security solutions at the software design phase may result in scattering and tangling of security features throughout the entire design. Therefore, in the case of large scale software (e.g., hundreds of UML classes), the resulting UML design models may become more complex and difficult to understand. Moreover, adding security manually is tedious and may lead to additional security flaws. Aspect-Oriented Modeling is an appropriate approach to systematically integrate security at the design phase as it allows the separation of crosscutting concerns from the core functionality. In this research work, we provide formal semantics for aspect matching and weaving on executable UML models, particularly for activity diagrams. The semantics is based on a defunctionalized continuation-passing style since it provides a concise and elegant description of aspect-oriented mechanisms. In addition, we have extended our framework and provided semantics for control and data flow pointcuts as these pointcuts are beneficial from a security perspective and are used to detect vulnerabilities related to information flow.