共查询到20条相似文献,搜索用时 156 毫秒
1.
Security is a critical issue for software systems, especially for those systems which are connected to networks and the Internet, since most of them suffer from various malicious attacks. Intrusion detection is an approach to protect software against such attacks. However, security vulnerabilities that are exploited by intruders cut across multiple modules in software systems and are difficult to address and monitor. These kinds of concerns, called cross-cutting concerns, can be handled by aspect-oriented software development (AOSD) for better modularization. A number of works have utilized AOSD to address security issues of software systems, but none of them has employed AOSD for intrusion detection. In this paper, we propose a model-based aspect-oriented framework for building intrusion-aware software systems. We model attack scenarios and intrusion detection aspects using an aspect-oriented Unified Modeling Language (UML) profile. Based on the UML model, the intrusion detection aspects are implemented and woven into the target system. The resulting target system has the ability to detect the intrusions automatically. We present an experimental evaluation by applying this framework for some of the most common attacks included in the Web Application Security Consortium (WASC) web security threat classification. The experimental results demonstrate that the framework is effective in specifying and implementing intrusion detection and can be applied for a wide range of attacks. 相似文献
2.
面向方面软件开发是近年来软件开发领域出现的一个重要的前沿研究方向。本文从软件开发方法和方面的哲学基础探讨面向方面软件开发(AOSD)的根本和理念,并以此为指导,追寻其发展历程,明确AOSD未来发展的目标和核心关注点。 相似文献
3.
一种基于模板的面向方面重构框架的研究 总被引:1,自引:1,他引:0
面向方面编程是一种新的编程范型,而面向方面重构则是当前面向方面软件开发中的一个研究热点。首先对面向方面重构进行了分类研究,然后引入基于角色的横切关注点重构方法,最后在此基础上提出一种基于模版的面向方面重构框架。 相似文献
4.
应用形式化与实时语言的面向方面方法 总被引:2,自引:2,他引:0
面向方面的软件开发方法是在面向对象开发方法的基础上,在AOP的支持下将贯穿系统的横切关注点提取出来,通过联结方式织入系统功能代码中的软件开发方法,该方法降低了软件开发的复杂性,提高了系统的灵活性和可维护性。形式化和实时语言为面向方面方法贯穿于实时软件开发提供了必要的支持,以形式化方法AO-RT-Z和实时语言PEARL为基础,给出了一种面向方面的实时软件开发框架,实现了软件生命周期各个阶段对面向方面的无缝支持,降低了实时软件开发的复杂性,提升了系统的可信度。 相似文献
5.
6.
为了分离软件系统中的核心关注点和横切关注点,通过引入面向方面软件开发的思想设计了一种面向方面软件体系结构模型,并详细分析了该模型的三个基本构成单元,即构件、连接件和方面构件。最后通过一个网上支付实例验证了该模型具有一定的理论意义和实用价值。 相似文献
7.
Model Driven Architecture (MDA) is a software development approach promoted by the OMG. MDA is based on two key concepts, models and model transformations. Several kinds of models are generally used throughout the development process to specify a software system and to support its analysis and validation. UML and its extensions, such as the UML profile for real-time systems (UML/SPT), are commonly used to define the structure and the behavior of software systems while other models, such as performance models or schedulability models, are more suitable for performance or schedulability analysis, respectively. In this paper we discuss a model transformation enabling the derivation of schedulability analysis models from UML/SPT models. As a proof of concepts, we present a prototype implementation of this model transformation using ATL. We provide a definition of the source and target metamodels using the metamodel specification language KM3 and we specify the transformation in an ATL module. We discuss the merits and limitations of our approach and of its implementation. 相似文献
8.
面向方面软件开发研究 总被引:4,自引:0,他引:4
系统的某些关注点横切整个系统,无法很好地封装在单个模块里,造成代码混乱和弥散,用面向方面编程AOP可以解决这些问题。首先介绍了现代软件开发方法及其产生的问题;其次,阐述了AOP的基本概念,并结合AspectC++演示了如何进行面向方面的编程;再次,描述了如何对UML扩展以支持对方面建模;然后介绍了面向方面软件开发在实时系统中的应用;最后给出了结论和未来的主要工作。 相似文献
9.
10.
《Information and Software Technology》2007,49(7):761-773
Aspect-oriented software development (AOSD) is an approach to software development in which aspect-oriented techniques are integrated with traditional (mainly OO) development techniques. Identifying the appropriate method components for supporting aspect-oriented development is facilitated by the use of a method engineering approach. We demonstrate this approach by using the OPEN Process Framework (OPF) to identify previous deficiencies in the method fragments stored in the OPF repository so that the enhanced OPF repository is able to fully support AOSD. 相似文献
11.
面向Aspect的操作系统研究 总被引:6,自引:0,他引:6
面向Aspect软件设计是一种新的软件设计思想和技术.分析了近年来操作系统贯穿特性与Aspect概念,构件重构、系统演化与设计,系统安全、性能检测与容错这3个方面的研究成果,指出面向Aspect操作系统研究已经获得了积极的成果.但是,目前的研究缺乏一定的深度和广度,尚没有在操作系统的设计阶段运用AOP(Aspect-Oriented operating)思想的成果出现.在已有操作系统代码中抽象Aspect的过程中,缺乏完整的工程化和规范化的研究.这些问题的解决有赖于面向Aspect研究的进一步深入.最后,对面向Aspect操作系统研究的前景进行展望,认为有关AOSD(Aspect-Oriented software development)的研究有可能对未来操作系统的发展产生重大影响. 相似文献
12.
Ali Fouad Keith Phalp John Mathenge Kanyaru Sheridan Jeary 《Software Quality Journal》2011,19(2):411-430
Model-Driven Architecture (MDA) brings benefits to software development, among them the potential for connecting software
models with the business domain. This paper focuses on the upstream or Computation-Independent Model (CIM) phase of MDA. Our contention is that, whilst there are many models and notations available
within the CIM phase, those that are currently popular and supported by the Object Management Group (OMG) may not be the most
useful notations for business analysts nor sufficient to fully support software requirements and specification. Therefore,
with specific emphasis on the value of the Business Process Modelling Notation (BPMN) for business analysts, this paper provides
an example of a typical CIM approach before describing an approach that incorporates specific requirements techniques. A framework
extension to MDA is then introduced, which embeds requirements and specification within the CIM, thus further enhancing the
utility of MDA by providing a more complete method for business analysis. 相似文献
13.
Artur Boronat Jos
. Carsí Isidro Ramos 《Electronic Notes in Theoretical Computer Science》2005,127(3):31
Software evolution can be supported at two levels: models and programs. The model-based software development approach allows the application of a more abstract process of software evolution, in accordance with the OMG's MDA initiative. We describe a framework for model management, called MOMENT, that supports automatic formal model transformations in MDA. Our model transformation approach is based on the algebraic specification of models and benefits from mature term rewriting system technology to perform model transformation using rewriting logic. In this paper, we present how we apply this formal transformation mechanism between platformindependent models, such as UML models and relational schemas. Our approach enhances the integration between formal environments and industrial technologies such as .NET technology, and exploits the best features of both. 相似文献
14.
15.
结合AOSD,改进统一软件开发过程中的用例驱动,提出贯穿需求结构,从需求到设计明确地得到与贯穿特性相应的组合表,并且用ATM银行系统的案例学习来验证该方法。 相似文献
16.
在包含诸多横切关注点的复杂软件系统开发中,面向对象软件开发方法(OOSD)存在无法克服的缺陷。在分析面向对象软件开发方法对横切关注点处理的缺陷的基础上,讨论了面向方面软件开发(aspect-oriented software development,AOSD)方法及其在复杂系统开发中的优越性,提出了一种面向方面软件开发方法的过程模型,介绍了面向方面软件开发方法在分布式系统开发中的应用。 相似文献
17.
18.
Alfonso Rodríguez Ignacio García-Rodríguez de Guzmán Eduardo Fernández-Medina Mario Piattini 《Information and Software Technology》2010,52(9):945-971
ContextModel-Driven Development (MDD) is an alternative approach for information systems development. The basic underlying concept of this approach is the definition of abstract models that can be transformed to obtain models near implementation. One fairly widespread proposal in this sphere is that of Model Driven Architecture (MDA). Business process models are abstract models which additionally contain key information about the tasks that are being carried out to achieve the company’s goals, and two notations currently exist for modelling business processes: the Unified Modelling Language (UML), through activity diagrams, and the Business Process Modelling Notation (BPMN).ObjectiveOur research is particularly focused on security requirements, in such a way that security is modelled along with the other aspects that are included in a business process. To this end, in earlier works we have defined a metamodel called secure business process (SBP), which may assist in the process of developing software as a source of highly valuable requirements (including very abstract security requirements), which are transformed into models with a lower abstraction level, such as analysis class diagrams and use case diagrams through the approach presented in this paper.MethodWe have defined all the transformation rules necessary to obtain analysis class diagrams and use case diagrams from SBP, and refined them through the characteristic iterative process of the action-research method.ResultsWe have obtained a set of rules and a checklist that make it possible to automatically obtain a set of UML analysis classes and use cases, starting from SBP models. Our approach has additionally been applied in a real environment in the area of the payment of electrical energy consumption.ConclusionsThe application of our proposal shows that our semi-automatic process can be used to obtain a set of useful artifacts for software development processes. 相似文献
19.
Lahiru S. Gallege Dimuthu U. Gamage James H. Hill Rajeev R. Raje 《Concurrency and Computation》2016,28(1):114-143
An early understanding of the trust concerns while composing a distributed system from independently developed software services saves time and effort. It also allows the developer of such distributed systems to reason about the trust‐related properties of these systems. Although there are prevalent approaches for evaluating the trust of such systems, it is not clear which approach, if any, is the most comprehensive and best suited for a given situation. Moreover, there is no agreement about a unified approach, for quantifying trust, which can be applied to the entire software life‐cycle of distributed systems. This article, first, motivates the need for such a quantification of trust via a case study from the domain of indoor tracking. It then provides a comprehensive survey of current approaches that define trust, in general domains, and then focuses on the relevant approaches from the domain of software‐oriented distributed systems. These prevalent efforts are categorized into groups using existing clustering tools and then are further analyzed for their comprehensiveness. The analysis depicts: (1) many trust‐related efforts and associated models have their own constrained views of trust; (2) different trust models focus on different aspects of trust and life‐cycle details; and (3) it is difficult to interoperate across different trust models. Hence, the paper identifies a set of principles that can assist in quantifying and evaluating the trust throughout the software life‐cycle of distributed systems. These principles, then, are applied to the aforementioned case study to provide an outline of how trustworthy distributed systems can be composed from independent software services. Copyright © 2015 John Wiley & Sons, Ltd. 相似文献
20.
Cortellessa V. Pierini P. Rossi D. 《IEEE transactions on pattern analysis and machine intelligence》2007,33(6):385-401
System performance is a key factor to take into account throughout the software life cycle of modern computer systems, mostly due to their typical characteristics such as distributed deployment, code mobility, and platform heterogeneity. An open challenge in this direction is to integrate the performance validation as a transparent and efficient activity in the system development process. Several methodologies have been proposed to automate the transformation of software/hardware models into performance models. In this paper, we do not take a transformational approach; rather, we present a framework to integrate a software model with a platform model in order to build a performance model. Performance indices are obtained from simulation of the resulting performance model. Our framework provides a library of predefined resource models, model annotation and integration procedures, and simulation support that makes the performance analysis a much easier activity. We present the results obtained from two different industrial case studies that show the maturity and the stability of our approach 相似文献