A UML-based static verification framework for security

Secure software engineering is a new research area that has been proposed to address security issues during the development of software systems. This new area of research advocates that security characteristics should be considered from the early stages of the software development life cycle and should not be added as another layer in the system on an ad-hoc basis after the system is built. In this paper, we describe a UML-based Static Verification Framework (USVF) to support the design and verification of secure software systems in early stages of the software development life-cycle taking into consideration security and general requirements of the software system. USVF performs static verification on UML models consisting of UML class and state machine diagrams extended by an action language. We present an operational semantics of UML models, define a property specification language designed to reason about temporal and general properties of UML state machines using the semantic domains of the former, and implement the model checking process by translating models and properties into Promela, the input language of the SPIN model checker. We show that the methodology can be applied to the verification of security properties by representing the main aspects of security, namely availability, integrity and confidentiality, in the USVF property specification language.     

Tools for secure systems development with UML

For model-based development to be a success in practice, it needs to have a convincing added-value associated with its use. Our goal is to provide such added-value by developing tool-support for the analysis of UML models against difficult system requirements. Towards this goal, we describe a UML verification framework supporting the construction of automated requirements analysis tools for UML diagrams. The framework is connected to industrial CASE tools using XMI and allows convenient access to this data and to the human user. As a particular example, we present plugins for verifying models defined using the security extension UMLsec of UML. The verification framework allows advanced users of the UMLsec approach to themselves implement verification routines for the constraints of self-defined stereotypes. In particular, we focus on an analysis plug-in that utilizes the model-checker Spin to verify security properties of cryptography-based systems.     

A survey on run-time supporting platforms for cyber physical systems

Cyber physical systems (CPSs) incorporate computation, communication, and physical processes. The deep coupling and continuous interaction between such processes lead to a significant increase in complexity in the design and implementation of CPSs. Consequently, whereas developing CPSs from scratch is inefficient, developing them with the aid of CPS run-time sup-porting platforms can be efficient. In recent years, much research has been actively conducted on CPS run-time supporting plat-forms. However, few surveys have been conducted on these platforms. In this paper, we analyze and evaluate existing CPS run-time supporting platforms by first classifying them into three categories from the viewpoint of software architecture: com-ponent-based platforms, service-based platforms, and agent-based platforms. Then, for each type, we detail its design philosophy, key technical problems, and corresponding solutions with specific use cases. Subsequently, we compare existing platforms from two aspects: construction approaches for CPS tasks and support for non-functional properties. Finally, we outline several im-portant future research issues.     

A UML-based object-oriented approach for design and simulation of a drug delivery system

Given complexity of the design and manufacturing processes of microelectromechanical system (MEMS) products, we present a unified modeling language (UML) based design approach for multi-domain products or systems like MEMS to designing and evaluating possible solutions at the early design stage to shorten their development time. Specifically, the proposed approach is used to model and analyze a novel drug delivery system combining MEMS devices and integrated circuit (IC) units. This drug delivery system aims to be used for safer and more effective therapy of the diabetics. Two design models about the whole drug delivery system and its micropump subsystem are established using UML diagrams; in particular a composition diagram with components and ports describes the topology of the system. Through design and simulation on the micropump subsystem, it is found that the variations of geometrical dimension and excitation voltage affect the characterization of the micropump. The simulation results demonstrate and validate the proposed approach, and can be used as a significant reference for the designer to design the optimal micropump.     

Embedded real-time systems in cyber-physical applications: a frequency domain analysis methodology

ABSTRACT

Cyber-Physical Systems (CPSs) use sensors and actuators to interface between an embedded system and the physical world. The time-continuous domain of the physical world should be periodically sampled by real-time tasks in an embedded system to preserve its dynamic properties in the time-discrete domain.

Because the task execution pattern may vary during runtime, a jitter in the execution of a real-time task hinders the periodicity of its execution. The effects of jitters in CPSs are difficult to determine when the premises of the Nyquist-Shannon sampling theorem are not satisfied.

This paper proposes using frequency domain analysis to determine the perturbations that a real-time system produces on real-world applications; accordingly, the paper defines both a design and an evaluation criterion for real-time systems in CPS applications. The Fixed Priority discipline is analysed through simulations to conclude that no special design techniques are required when the utilization factors are less than 20%.     

Verification of real‐time systems design

The main objective of this paper is to present an approach to accomplish verification in the early design phases of a system, which allows us to make the system verification easier, specifically for those systems with timing restrictions. For this purpose we use RT‐UML sequence diagrams in the design phase and we translate these diagrams into timed automata for performing the verification by using model checking techniques. Specifically, we use the Object Management Group's UML Profile for Schedulability, Performance, and Time and from the specifications written using this profile we obtain the corresponding timed automata. The ‘RT‐UML Profile’ is used in conjunction with a very well‐known tool to perform validation and verification of the timing needs, namely, the UPPAAL tool, which is used to simulate and analyze the behaviour of real‐time dynamic systems described by timed automata. Copyright © 2009 John Wiley & Sons, Ltd.     

Systematization and security assessment of cyber-physical systems

In this paper, the features of cyber-physical systems (CPSs) from the point of view of information security have been considered and CPSs have been classified. The authors have analyzed approaches to security assessments and identified the requirements to indicators of CPS information security. A system of specific assessment indicators based on the system stability criterion and homeostatic approach is proposed.     

From UML/SPT models to schedulability analysis: approach and a prototype implementation using ATL

Model Driven Architecture (MDA) is a software development approach promoted by the OMG. MDA is based on two key concepts, models and model transformations. Several kinds of models are generally used throughout the development process to specify a software system and to support its analysis and validation. UML and its extensions, such as the UML profile for real-time systems (UML/SPT), are commonly used to define the structure and the behavior of software systems while other models, such as performance models or schedulability models, are more suitable for performance or schedulability analysis, respectively. In this paper we discuss a model transformation enabling the derivation of schedulability analysis models from UML/SPT models. As a proof of concepts, we present a prototype implementation of this model transformation using ATL. We provide a definition of the source and target metamodels using the metamodel specification language KM3 and we specify the transformation in an ATL module. We discuss the merits and limitations of our approach and of its implementation.     

Dynamic Meta Modeling with time: Specifying the semantics of multimedia sequence diagrams

The Unified Modeling Langugage (UML) offers different diagram types to model the behavior of software systems. In some domains like embedded real-time systems or multimedia systems, it is necessary to include specifications of time in behavioral models since the correctness of these applications depends on the fulfillment of temporal requirements in addition to functional requirements. UML thus already incorporates language features to model time and temporal constraints. Such model elements must have an equivalent in the semantic domain.We have proposed Dynamic Meta Modeling (DMM), an approach based on graph transformation, as a means for specifying operational semantics of dynamic UML diagrams. In this article, we extend this approach to also account for time by extending the semantic domain to timed graph transformation. This enables us to define the operational semantics of UML diagrams with time specifications. As an example, we provide semantics for special sequence diagrams from the domain of multimedia application modeling.     

Model-Based Verification and Validation of Properties

One of the key issues in software development, like in all engineering problems, is to ensure that the product delivered meets its specification. Verification and validation are well-established techniques for ensuring the quality of a product within the overall software development lifecycle. With models being expressed in the Unified Modeling Language, the application of verification and validation is complicated. Firstly, concerning verification, a UML model is typically not the input language of a verification tool. Secondly, with regards to validation, a UML model is also not directly executable.In this paper, we show how verification and validation can be achieved for UML models. Within our approach, graph transformation techniques are applied for automated translation of UML models into a language understood by a verification tool or directly into an implementation. By the use of such semantic-preserving transformations, both verification and validation can be lifted up to the model level, allowing for a seamless integration of verification and validation into a UML-based development process.     

基于规则的UML设计模型的一致性检验

统一建模语言(UML)是业界公认的主流面向对象建模语言,为系统开发提供了丰富的建模元素。由于UML不同建模元素之间缺乏准确定义的关系,因此UML模型往往会出现不一致性问题。针对该问题,提出了一种基于规则的检验方法。该方法把UML设计模型和一致性条件分别映射为规则系统的事实库和规则库,如果事实库与规则库不匹配,则表示设计模型中存在不一致性。我们使用自主开发的一种“面向对象-规则语言系统”作为检验一致性的规则系统,它集成了面向对象语言和规则语言两种范型,有利于统一使用C++语言来设计并实现一致性检验工具,提高一致性检验效率。     

基于AADL的失效概率分配及安全性评估方法

当代航空系统是复杂的安全关键信息物理融合系统(cyber-physicalsystem,简称CPS).失效概率分配是民用航空系统及设备初步系统安全性评估过程的重要工作,AADL(architecture analysis and design language)适用于航电系统的设计开发,对AADL模型实施失效概率分配和安全性评估是不可或缺的.提出了基于AADL的失效概率分配方法,可将系统失效概率分配给子构件,作为其安全性需求.该方法综合考虑系统架构设计、模型复杂度和严酷度(severity)等级.通过结合失效概率分配方法和确定性随机Petri网(deterministicstochasticPetri-net,简称DSPN),进一步提出了基于AADL的安全性评估方法,将系统的AADL模型转换为DSPN模型,以计算子构件的失效概率,并评估子构件是否满足安全性需求,直到设计出满足安全性目标的架构模型.最后给出了失效概率分配方法与安全性评估方法的实现算法和工具结构,并通过将所提出的方法应用到飞行控制系统,表明所提方法能够有效地完成失效概率分配和安全性评估.     

Automated formal verification of visual modeling languages by model checking

Graph transformation has recently become more and more popular as a general, rule-based visual specification paradigm to formally capture (a) requirements or behavior of user models (on the model-level), and (b) the operational semantics of modeling languages (on the meta-level) as demonstrated by benchmark applications around the Unified Modeling Language (UML). The current paper focuses on the model checking-based automated formal verification of graph transformation systems used either on the model-level or meta-level. We present a general translation that inputs (i) a metamodel of an arbitrary visual modeling language, (ii) a set of graph transformation rules that defines a formal operational semantics for the language, and (iii) an arbitrary well-formed model instance of the language and generates a transitions system (TS) that serve as the underlying mathematical specification formalism of various model checker tools. The main theoretical benefit of our approach is an optimization technique that projects only the dynamic parts of the graph transformation system into the target transition system, which results in a drastical reduction in the state space. The main practical benefit is the use of existing back-end model checker tools, which directly provides formal verification facilities (without additional efforts required to implement an analysis tool) for many practical applications captured in a very high-level visual notation. The practical feasibility of the approach is demonstrated by modeling and analyzing the well-known verification benchmark of dining philosophers both on the model and meta-level.     

Test Synthesis from UML Models of Distributed Software

The object-oriented software development process is increasingly used for the construction of complex distributed systems. In this context, behavior models have long been recognized as the basis for systematic approaches to requirements capture, specification, design, simulation, code generation, testing, and verification. Two complementary approaches for modeling behavior have proven useful in practice: interaction-based modeling (e.g., UML sequence diagrams) and state-based modeling (e.g., UML statecharts). Building on formal V&V techniques, in this article we present a method and a tool for automated synthesis of test cases from scenarios and a state-based design model of the application, remaining entirely within the UML framework. The underlying "on the fly" test synthesis algorithms are based on the input/output labeled transition system formalism, which is particularly appropriate for modeling applications involving asynchronous communication. The method is eminently compatible with classical OO development processes since it can be used to synthesize test cases from the scenarios used in early development stages to model global interactions between actors and components, instead of these test cases being derived manually. We illustrate the system test synthesis process using an air traffic control software example     

UML活动图的操作语义

越来越多的系统采用UML(unified model language, 统一建模语言)作为建模语言来进行系统分析和设计. UML活动图是UML语言中描述系统动态行为的一种方法,它广泛地运用于业务建模.由于UML活动图缺乏精确的动态语义,所以不利于对其所描述的系统进行形式化的分析、验证和确认.为解决这一问题,根据UML1.5语义文档,给出UML活动图的形式化操作语义.首先给出UML活动图的形式化的语法,然后详细地定义了活动图的格局和变迁,最后基于LTS给出了活动图的演绎规则.主要工作是：引入状态包的概念,使得描述更加清楚、完善;通过LTS定义活动图的操作语义,并详细阐述演绎规则,从而获得活动图的全局状态转移图,使定义的操作语义很容易地应用到形式化验证中.该语义覆盖了UML活动图的绝大部分特征,为对UML活动图进行模型检验奠定了基础.     

UML状态机模型形式化验证技术研究

系统建模是系统开发经常用到的分析设计方法,如何保证模型的正确性一直是人们关注的话题.为了验证系统设计的模型正确性,进而提高整个系统的质量,提出了一种通过模型检查技术对UML状态机模型进行动态语义验证的方法.对状态机模型进行形式化描述,根据定义的映射规则将图形信息映射成模型检查器可以读取的语言,分析待验证的性质内容,通过使用模型检查器得到验证结果.     

The UML as a formal modeling notation

The Unified Modeling Language (UML) is an Object Management Group (OMG) object-oriented (OO) modeling notation standard. It consists of a set of notations for modeling systems from a variety of views and at varying levels of abstraction. While the UML reflects some of the best OO modeling experiences available, it suffers from a lack of precise semantics that is necessary if one is to use the notations to precisely model systems and to rigorously reason about the models. In this paper we discuss some of the problems with the current UML semantic document and present the approach that the precise UML group (pUML) group is using to develop a precise semantics for the UML. The approach utilizes mathematical techniques to explore and gain insights into appropriate semantics for UML modeling concepts. The insights and formal expressions will then be used to develop a UML semantics document written in natural language that defines the semantics in a precise, consistent, and understandable manner.     

OPM vs. UML--Experimenting with Comprehension and Construction of Web Application Models

Object-Process Methodology (OPM), which is a holistic approach to modeling and evolving systems, views objects and processes as two equally important entities that describe the system's structure and behavior in a single model. Unified Modeling Language (UML), which is the standard object-oriented modeling language for software systems, separates the system model into various aspects, each of which is represented in a different view (diagram type).The exponential growth of the Web and the progress of Internet-based architectures have set the stage for the proliferation of a variety of Web applications, which are classified as hybrids between hypermedia and information systems. Such applications require a modeling approach that is capable of clearly specifying aspects of their architecture, communication, and distributive nature. Since UML and OPM are two candidates for this task, this study has been designed to establish the level of comprehension and the quality of the constructed Web application models using each one of these two approaches.In the experiment we carried out, third year undergraduate information systems engineering students were asked to respond to comprehension and construction questions about two representative Web application models. The comprehension questions related to the system's structure, dynamics, and distribution aspects. The results suggest that OPM is better than UML in modeling the dynamics aspect of the Web applications. In specifying structure and distribution aspects, there were no significant differences. The results further suggest that the quality of the OPM models students built in the construction part was superior to that of the corresponding UML models.     

On challenges of model transformation from UML to Alloy

The Unified Modeling Language (UML) is the de facto language used in the industry for software specifications. Once an application has been specified, Model Driven Architecture (MDA) techniques can be applied to generate code from such specifications. Since implementing a system based on a faulty design requires additional cost and effort, it is important to analyse the UML models at earlier stages of the software development lifecycle. This paper focuses on utilizing MDA techniques to deal with the analysis of UML models and identify design faults within a specification. Specifically, we show how UML models can be automatically transformed into Alloy which, in turn, can be automatically analysed by the Alloy Analyzer. The proposed approach relies on MDA techniques to transform UML models to Alloy. This paper reports on the challenges of the model transformation from UML class diagrams and OCL to Alloy. Those issues are caused by fundamental differences in the design philosophy of UML and Alloy. To facilitate better the representation of Alloy concepts in the UML, the paper draws on the lessons learnt and presents a UML profile for Alloy.     

Dynamic Meta Modeling with Time: Specifying the Semantics of Multimedia Sequence Diagrams

UML offers different diagram types to model behavior and dynamics of software systems. In some domains like embedded real-time systems or multimedia systems, it is necessary to include specifications of time since the correctness of these applications depends on the fulfillment of temporal requirements in addition to functional requirements. UML thus already incorporates language features to model time and temporal constraints. Such model elements must have an equivalent in the semantic domain. We have proposed Dynamic Meta Modeling (DMM) as a means for the specification of the formal operational semantics of UML models by applying graph transformation to the meta modeling of dynamic behavior. Within this paper, we extend this approach to also account for time by building on timed graph transformations. We apply these concepts to the domain of multimedia application modeling in which we adopt UML sequence diagrams. The DMM rules with time then specify an interpreter that can be used to analyze or test a model of multimedia sequence diagrams.