SlideShare uma empresa Scribd logo

Workflows adaptations for security management through MDD and Aspects

Fáber D. Giraldo
Fáber D. Giraldo
Educação
1 de 49
Baixar para ler offline
Workflows adaptations for security management through MDD and Aspects Fáber D. Giraldo Armenia, October 12 2012 1
Acknowledgments • Dr. Raquel Anaya and Pr. Luís Fernando Londoño (EAFIT University) • Mireille Blay-Fornarino (University of Nice-Sophia Antipolis, France) • Sébastien Mosser (University of Lille I, France) • Sergio Ochoa and Alexandre Bergel (University of Chile) 2
Content 1. Context 2. The ADORE Method 3. Case study 4. Problem: Security & Business Processes 5. Our proposal 6. Conclusions, Further works and Results 7. Questions 3
Context • Separation of Concerns • Workflows of Business Processes. • MDD • AOSD • Security based on Services • Workflows adaptations based on security 4
Goals of this work The main goal of this proposal is to establish the incorporation in design time, of adaptation mechanisms on workflows in order to consider security restrictions on data and control structures that are part of a workflow, by using model driven and aspects approaches. 5
Research questions • Which is the way to apply and/or enrich the ADORE method in order to consider security based on standards? • Which is the contribution of modeling languages based on UML for representing, at high abstraction level, the security as an aspect and the interventions of it over the core functionality? • Which is the importance of the visualization mechanism for analyzing the complexity of the security adaptation proposed? 6
Content 1. Context 2. The ADORE Method 3. Case study 4. Problem: Security & Business Processes 5. Our proposal 6. Conclusions, Further works and Results 7. Questions 7
The ADORE Method • «Activity moDel to suppOrt oRchestration Evolution» [TAOSD’10] • Consider concerns as «process fragments» to be composed with existing processes • Support fragment composition through different (endogenous) algorithms • Algorithms ensure compositional properties • E.g., order preservation 8
Examples CCCms security requirement CCCms functional requirement 9
Examples 10
• More info about ADORE • http://www.adore-design.org/doku/ • http://www.adore- design.org/doku/examples/cccms/start • http://modalis.i3s.unice.fr/ MODels to usAge of large scaLe InfraStructures 11
Content 1. Context 2. The ADORE Method 3. Case study 4. Problem: Security & Business Processes 5. Our proposal 6. Conclusions, Further works and Results 7. Questions 12
The Case Study •Car Crash Crisis Management System: CCCms •Requirement documents specified in [Kienzle et al, 2010] •Special issue of TAOSD, focusing on Aspect Oriented Modeling •Contents: •8 main success scenario •27 business extensions •3 non-functional properties Source: S. Mosser (2011) 13 •How to handle a Car Crash accident?
Initial version Source [Mosser, Blay-Fornarino and France, 2010] 14
Final version It’s only for Capture Witness Report use case of CCCms…. Source [Mosser, Blay-Fornarino and France, 2010] 15
Content 1. Context 2. The ADORE Method 3. Case study 4. Problem: Security & Business Processes 5. Our proposal 6. Conclusions, Further works and Results 7. Questions 16
• Model (business) behavior in a Service-Oriented Architecture • Think «activity diagram» in the UML • Think BPMN and BPEL ... • Think specific proposals based on several symbols… • As complex as the modeled business: no magic here (at least yet) • Security (and Quality Attributes) are often handled at the infrastructure level (e.g., WS-*) • But it clearly impacts modeled behaviors (e.g., «role- based access control»), as well as persistence, error handling, ... 17
• The use of SoC and aspects are extended to the treatment of quality attributes (as security and its derived implications, e.g., control access) so that business processes managed within a workflow consider additional features to functionality. • In most contemporary SOA practices focused on the separation of concerns, the properties related with quality attributes are specified and mapped in a set of services. • This strategy involves that developers and SOA architects must configure properly the quality attributes in a range of services (usually every quality attribute covers multiple services simultaneously). 18
• Unfortunately, UML, BPMN and BPEL do not support separation of concerns per se. [Wada, Suzuki and Oba, 2008] 19
Content 1. Context 2. The ADORE Method 3. Case study 4. Problem: Security & Business Processes 5. Our proposal 6. Conclusions, Further works and Results 7. Questions 20
• Existing approaches deal with Separation of Concerns: • Concerns reification (e.g., «Aspects» in Aspect-oriented Programming) • Composition with legacy systems (e.g., «Aspect weaving») • Security (e.g., control access, encryption) can be considered as another concern • Thus composed with other concerns (e.g., persistence standard, behavioral) • Compliant with concern reasoning approaches • E.g, interaction detection mechanisms 21
• Security can be considered as a crosscutting concern? • Security involves services? • Security have a high-level support? • Several works propose the derivation of security models from Business Processes Models (BPMN, BPEL and SOA models) 22
• Security Control Access through RBAC – XACML • RBAC: Role Based Control Access (Model) • XACML (eXtensible Access Control Markup Language): OASIS Standard • XACML 2.0 - 3.0 define a profile for RBAC support in order to bind RBAC practical solutions in web services environments. • RBAC is supported in high level abstraction models by SecureUML metamodel and Model Driven Security. • Encryption using RSA X.509 • Services implemented by existing frameworks 23
SecureUML Metamodel From [Basin, Doser and Lodderstedt, 2006] 24
XACML Model (I) Adapted from http://docs.oasis-open.org/xacml/2.0/XACML-2.0-OS-ALL.zip 25
XACML Model (II) 26 General XACML Architecture. Source [Breu, Popp and Alam, 2007]
Our proposal Principles derived from the AOSD and MDD provide a high degree of flexibility: AOSD can be applied to identify common concerns, visualizing scenarios where they can be applied throughout the business process that is automated in a workflow. The business process models can be adapted to meet new requirements. Further changes to process models can be applied immediately to adjust business processes. 27
Our proposal • To derive ADORE fragments for XACML process and RSA X.509 desencryption process. • Fragments application independent. • To support the semantic context of ADORE fragments through its integration with Theme/UML approach • Bind through ADORE • To use concepts of software visualization for identifying and managing the complexity of new ADORE fragments for CCCms 28
Integration with Theme/UML • Such as was exposed with the XACML standard, a quality attribute could contain a set of associated services and structures or specific dimensions, as hardware/software technologies that support security operations. • Other types of concerns address specifications of dimension, e.g., if a business process model must consider the managing of business rules, the fragment o fragment set must consider specific operations over a business rule engine. • It is evident the use of information of the modeled context expressed as variables that are introduced directly in the formulation of an ADORE fragment. According with the ADORE method the knowledge of context mapped in the fragments is associated exclusively to the description of the selected process. 29
Example of information of context in an ADORE fragment 30
Integration with Theme/UML • With the purpose of supporting the definition of ADORE fragments from quality attributes whose behaviors are generic respect to the behaviors that belongs to a business process workflow, we decided to use a subset of the diagrams of the modeling phase established in the Model-Driven Theme/UML process development to show the mapping of the information of the context of the quality attribute towards the ADORE fragment. • The context is defined in terms of the features specified for the system, the set of standards that govern the application and the invocation of underlying services, as the XACML standard for this case. 31
General proposal of ThemeUML/ADORE Integration 32
Use of ThemeUML in the formulation of XACML ADORE fragment 33
Bind by Endogenous Composition of Concerns 34
Composition leads to Iterative Process Modeling 35
Weaving • XACML application independent fragment (blue) • retrieveVictimHistory dependent fragment (green) • execRescueMission orchestration (white) 36
Desencryption fragment 37
Weaving • XACML application independent fragment (blue) • Desencrypt application independent fragment (pink) • retrieveVictimHistory dependent fragment (green) • execRescueMission orchestration (white) 38
Visualization • The goal of visualization is the extension of cognition or acquisition and/or use of knowledge [Teyseyre and Campo, 2009]. • ADORE allows to extract information from the internal representation of business processes, so it is possible to generate information related to the structure and metrics of business processes • The principle of separation of concerns in the context of business process workflows derive implicitly the presence of complexity as an important factor to consider in the tasks of maintainability, understandability and accuracy of measurement of a business process. • From work of [Mosser, Bergel and Blay-Fornarino, 2010] we adapt it for exposing the "new" independent application fragments (security) in order to manage the complexity of the global CCCMs fragments including new generated fragments. 39
Configuration file generated by ADORE 40
Complexity of fragments and orchestrations of CCCms including formulated security fragments 41
Activities of connection between the fragments and orchestrations of CCCms, including formulated security fragments 42
Content 1. Context 2. The ADORE Method 3. Case study 4. Problem: Security & Business Processes 5. Our proposal 6. Conclusions, Further Works and Results 7. Questions 43
• Integration of MDD and ASOD principles to establish at a model level, mechanisms of adaptation of business process workflows, in order to incorporate security constraints based on access control defined by the RBAC model and the XACML standard. • Final process designed through the composition of smaller artifacts • XACML security fragments are «process independent» • Thus can be reused in other business processes workflows • Approach applied successfully to the complete CCCms 44
• Achievements • XACML policies implemented as reusable process fragments • Approach applied to a concrete and complex case study • Work in progress • Final process «optimization» (e.g., merge redundant activities) • Application to other case studies (information broadcasting) 45
• Further works • Conclusions about the ADORE method • Comparison of this work with BPEL4RBAC, AO4BPEL and AO4BPMN proposals • Use of ADORE by quality attributes experts • Standardization of behaviors derived from quality attributes in ADORE 46
• Fáber D. Giraldo, Mireille Blay-Fornarino, Sébastien Mosser. "Introducing Security Access Control Policies into Legacy Business Processes”. Proceedings of the Fifteenth International Enterprise Distributed Object Computing Conference (EDOC'11), IEEE, Helsinki, Finland, 29 august - 02 September 2011. Available in http://hal.archives- ouvertes.fr/docs/00/59/48/45/PDF/edoc_2011.pdf and http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&ar number=6037600&contentType=Conference+Publications • Fáber D. Giraldo and Raquel Anaya. “Integrating non-functional security services in ADORE using multiple views modeling approaches”. XXXVIII Latin American Conference on Informatics (CLEI 2012), Latin American Symposium in Software Engineering. IEEExplorer coming soon! 47
Contact • fdgiraldo@uniquindio.edu.co • fdgiraldo • @fdgiraldo More Information in CVLac & GrupLac • http://www.linkedin.com/profile/view?id=144790141&trk=tab_pro • http://www.slideshare.net/fdgiraldo/
Thank You for Your Attention ! fdgiraldo@uniquindio.edu.co 49

Recomendados

PhD Proposal - A Framework for evaluating the quality of languages in MDE env...
PhD Proposal - A Framework for evaluating the quality of languages in MDE env...PhD Proposal - A Framework for evaluating the quality of languages in MDE env...
PhD Proposal - A Framework for evaluating the quality of languages in MDE env...Fáber D. Giraldo
 
L software testing
L software testingL software testing
L software testingFáber D. Giraldo
 
Patterns Overview
Patterns OverviewPatterns Overview
Patterns OverviewFáber D. Giraldo
 
Code Inspection
Code InspectionCode Inspection
Code InspectionFáber D. Giraldo
 
I software quality
I software qualityI software quality
I software qualityFáber D. Giraldo
 
Continuous Integration Introduction
Continuous Integration IntroductionContinuous Integration Introduction
Continuous Integration IntroductionFáber D. Giraldo
 
Software configuration management in deep
Software configuration management in deepSoftware configuration management in deep
Software configuration management in deepFáber D. Giraldo
 
ISO 29119 and Software Testing - now what??
ISO 29119 and Software Testing - now what??ISO 29119 and Software Testing - now what??
ISO 29119 and Software Testing - now what??Fáber D. Giraldo
 

Recomendados

PhD Proposal - A Framework for evaluating the quality of languages in MDE env...
PhD Proposal - A Framework for evaluating the quality of languages in MDE env...PhD Proposal - A Framework for evaluating the quality of languages in MDE env...
PhD Proposal - A Framework for evaluating the quality of languages in MDE env...Fáber D. Giraldo
 
L software testing
L software testingL software testing
L software testingFáber D. Giraldo
 
Patterns Overview
Patterns OverviewPatterns Overview
Patterns OverviewFáber D. Giraldo
 
Code Inspection
Code InspectionCode Inspection
Code InspectionFáber D. Giraldo
 
I software quality
I software qualityI software quality
I software qualityFáber D. Giraldo
 
Continuous Integration Introduction
Continuous Integration IntroductionContinuous Integration Introduction
Continuous Integration IntroductionFáber D. Giraldo
 
Software configuration management in deep
Software configuration management in deepSoftware configuration management in deep
Software configuration management in deepFáber D. Giraldo
 
ISO 29119 and Software Testing - now what??
ISO 29119 and Software Testing - now what??ISO 29119 and Software Testing - now what??
ISO 29119 and Software Testing - now what??Fáber D. Giraldo
 
Oracle Method P
Oracle Method POracle Method P
Oracle Method PBhaskar Nalamalapu
 
Aim crisp handout
Aim crisp handoutAim crisp handout
Aim crisp handoutSurya Maddiboina
 
CS8592-OOAD Lecture Notes Unit-5
CS8592-OOAD Lecture Notes Unit-5 CS8592-OOAD Lecture Notes Unit-5
CS8592-OOAD Lecture Notes Unit-5 Gobinath Subramaniam
 
Service Oriented & Model Driven Architectures
Service Oriented & Model Driven ArchitecturesService Oriented & Model Driven Architectures
Service Oriented & Model Driven ArchitecturesPankaj Saharan
 
Model Runway: Design Best Practices at BlueCross BlueShield
Model Runway: Design Best Practices at BlueCross BlueShieldModel Runway: Design Best Practices at BlueCross BlueShield
Model Runway: Design Best Practices at BlueCross BlueShieldRoger Snook
 
Forecast 2014: ODCA Cloud Maturity Model V2.0
Forecast 2014: ODCA Cloud Maturity Model V2.0Forecast 2014: ODCA Cloud Maturity Model V2.0
Forecast 2014: ODCA Cloud Maturity Model V2.0Open Data Center Alliance
 
Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation Modelon
 
Oracle unified method ver1.0
Oracle unified method ver1.0Oracle unified method ver1.0
Oracle unified method ver1.0Manoj Sharma
 
Process architecture vs modeling
Process architecture vs modelingProcess architecture vs modeling
Process architecture vs modelingGraham McLeod
 
An intro to building an architecture repository meta model and modeling frame...
An intro to building an architecture repository meta model and modeling frame...An intro to building an architecture repository meta model and modeling frame...
An intro to building an architecture repository meta model and modeling frame...wweinmeyer79
 
Cloud Computing and Agile Product Line Engineering Integration
Cloud Computing and Agile Product Line Engineering IntegrationCloud Computing and Agile Product Line Engineering Integration
Cloud Computing and Agile Product Line Engineering IntegrationHeba Elshandidy
 
Aim PPT For Oracle HRMS
Aim PPT For Oracle HRMSAim PPT For Oracle HRMS
Aim PPT For Oracle HRMSRajiv reddy
 
Model-Driven Cloud Data Storage
Model-Driven Cloud Data StorageModel-Driven Cloud Data Storage
Model-Driven Cloud Data Storagejccastrejon
 
Cloud computing 101
Cloud computing 101Cloud computing 101
Cloud computing 101George Marootian
 
SOA Solution Patterns
SOA Solution PatternsSOA Solution Patterns
SOA Solution PatternsWSO2
 
From Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesFrom Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesObeo
 
Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...Lionel Briand
 
From use case to software architecture
From use case to software architectureFrom use case to software architecture
From use case to software architectureAhmad karawash
 
SADP PPTs of all modules - Shanthi D.L.pdf
SADP PPTs of all modules - Shanthi D.L.pdfSADP PPTs of all modules - Shanthi D.L.pdf
SADP PPTs of all modules - Shanthi D.L.pdfB.T.L.I.T
 
Victor Chang: Cloud computing business framework
Victor Chang: Cloud computing business frameworkVictor Chang: Cloud computing business framework
Victor Chang: Cloud computing business frameworkCBOD ANR project U-PSUD
 
Introduction to MDE
Introduction to MDEIntroduction to MDE
Introduction to MDEFáber D. Giraldo
 
Applying a software TeleCare prototype in a real residences for older people ...
Applying a software TeleCare prototype in a real residences for older people ...Applying a software TeleCare prototype in a real residences for older people ...
Applying a software TeleCare prototype in a real residences for older people ...Fáber D. Giraldo
 

Mais conteúdo relacionado

Semelhante a Workflows adaptations for security management through MDD and Aspects

Service Oriented & Model Driven Architectures
Service Oriented & Model Driven ArchitecturesService Oriented & Model Driven Architectures
Service Oriented & Model Driven ArchitecturesPankaj Saharan
 
Model Runway: Design Best Practices at BlueCross BlueShield
Model Runway: Design Best Practices at BlueCross BlueShieldModel Runway: Design Best Practices at BlueCross BlueShield
Model Runway: Design Best Practices at BlueCross BlueShieldRoger Snook
 
Forecast 2014: ODCA Cloud Maturity Model V2.0
Forecast 2014: ODCA Cloud Maturity Model V2.0Forecast 2014: ODCA Cloud Maturity Model V2.0
Forecast 2014: ODCA Cloud Maturity Model V2.0Open Data Center Alliance
 
Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation Modelon
 
Oracle unified method ver1.0
Oracle unified method ver1.0Oracle unified method ver1.0
Oracle unified method ver1.0Manoj Sharma
 
Process architecture vs modeling
Process architecture vs modelingProcess architecture vs modeling
Process architecture vs modelingGraham McLeod
 
An intro to building an architecture repository meta model and modeling frame...
An intro to building an architecture repository meta model and modeling frame...An intro to building an architecture repository meta model and modeling frame...
An intro to building an architecture repository meta model and modeling frame...wweinmeyer79
 
Cloud Computing and Agile Product Line Engineering Integration
Cloud Computing and Agile Product Line Engineering IntegrationCloud Computing and Agile Product Line Engineering Integration
Cloud Computing and Agile Product Line Engineering IntegrationHeba Elshandidy
 
Aim PPT For Oracle HRMS
Aim PPT For Oracle HRMSAim PPT For Oracle HRMS
Aim PPT For Oracle HRMSRajiv reddy
 
Model-Driven Cloud Data Storage
Model-Driven Cloud Data StorageModel-Driven Cloud Data Storage
Model-Driven Cloud Data Storagejccastrejon
 
SOA Solution Patterns
SOA Solution PatternsSOA Solution Patterns
SOA Solution PatternsWSO2
 
From Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesFrom Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesObeo
 
Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...Lionel Briand
 
From use case to software architecture
From use case to software architectureFrom use case to software architecture
From use case to software architectureAhmad karawash
 
SADP PPTs of all modules - Shanthi D.L.pdf
SADP PPTs of all modules - Shanthi D.L.pdfSADP PPTs of all modules - Shanthi D.L.pdf
SADP PPTs of all modules - Shanthi D.L.pdfB.T.L.I.T
 
Victor Chang: Cloud computing business framework
Victor Chang: Cloud computing business frameworkVictor Chang: Cloud computing business framework
Victor Chang: Cloud computing business frameworkCBOD ANR project U-PSUD
 

Semelhante a Workflows adaptations for security management through MDD and Aspects (20)

Oracle Method P
Oracle Method POracle Method P
Oracle Method P
 
Aim crisp handout
Aim crisp handoutAim crisp handout
Aim crisp handout
 
CS8592-OOAD Lecture Notes Unit-5
CS8592-OOAD Lecture Notes Unit-5 CS8592-OOAD Lecture Notes Unit-5
CS8592-OOAD Lecture Notes Unit-5
 
Service Oriented & Model Driven Architectures
Service Oriented & Model Driven ArchitecturesService Oriented & Model Driven Architectures
Service Oriented & Model Driven Architectures
 
Model Runway: Design Best Practices at BlueCross BlueShield
Model Runway: Design Best Practices at BlueCross BlueShieldModel Runway: Design Best Practices at BlueCross BlueShield
Model Runway: Design Best Practices at BlueCross BlueShield
 
Forecast 2014: ODCA Cloud Maturity Model V2.0
Forecast 2014: ODCA Cloud Maturity Model V2.0Forecast 2014: ODCA Cloud Maturity Model V2.0
Forecast 2014: ODCA Cloud Maturity Model V2.0
 
Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation Emerging standards and support organizations within engineering simulation
Emerging standards and support organizations within engineering simulation
 
Oracle unified method ver1.0
Oracle unified method ver1.0Oracle unified method ver1.0
Oracle unified method ver1.0
 
Process architecture vs modeling
Process architecture vs modelingProcess architecture vs modeling
Process architecture vs modeling
 
An intro to building an architecture repository meta model and modeling frame...
An intro to building an architecture repository meta model and modeling frame...An intro to building an architecture repository meta model and modeling frame...
An intro to building an architecture repository meta model and modeling frame...
 
Cloud Computing and Agile Product Line Engineering Integration
Cloud Computing and Agile Product Line Engineering IntegrationCloud Computing and Agile Product Line Engineering Integration
Cloud Computing and Agile Product Line Engineering Integration
 
Aim PPT For Oracle HRMS
Aim PPT For Oracle HRMSAim PPT For Oracle HRMS
Aim PPT For Oracle HRMS
 
Model-Driven Cloud Data Storage
Model-Driven Cloud Data StorageModel-Driven Cloud Data Storage
Model-Driven Cloud Data Storage
 
Cloud computing 101
Cloud computing 101Cloud computing 101
Cloud computing 101
 
SOA Solution Patterns
SOA Solution PatternsSOA Solution Patterns
SOA Solution Patterns
 
From Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesFrom Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems Architectures
 
Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...Making Model-Driven Verification Practical and Scalable: Experiences and Less...
Making Model-Driven Verification Practical and Scalable: Experiences and Less...
 
From use case to software architecture
From use case to software architectureFrom use case to software architecture
From use case to software architecture
 
SADP PPTs of all modules - Shanthi D.L.pdf
SADP PPTs of all modules - Shanthi D.L.pdfSADP PPTs of all modules - Shanthi D.L.pdf
SADP PPTs of all modules - Shanthi D.L.pdf
 
Victor Chang: Cloud computing business framework
Victor Chang: Cloud computing business frameworkVictor Chang: Cloud computing business framework
Victor Chang: Cloud computing business framework
 

Mais de Fáber D. Giraldo

Applying a software TeleCare prototype in a real residences for older people ...
Applying a software TeleCare prototype in a real residences for older people ...Applying a software TeleCare prototype in a real residences for older people ...
Applying a software TeleCare prototype in a real residences for older people ...Fáber D. Giraldo
 
Analysing the concept of quality in model-driven engineering literature: a sy...
Analysing the concept of quality in model-driven engineering literature: a sy...Analysing the concept of quality in model-driven engineering literature: a sy...
Analysing the concept of quality in model-driven engineering literature: a sy...Fáber D. Giraldo
 
Teamwork in Software Engineering Projects
Teamwork in Software Engineering ProjectsTeamwork in Software Engineering Projects
Teamwork in Software Engineering ProjectsFáber D. Giraldo
 
Project Planning in Software Engineering
Project Planning in Software EngineeringProject Planning in Software Engineering
Project Planning in Software EngineeringFáber D. Giraldo
 
Introduction to Software Process
Introduction to Software ProcessIntroduction to Software Process
Introduction to Software ProcessFáber D. Giraldo
 
software configuration management
software configuration managementsoftware configuration management
software configuration managementFáber D. Giraldo
 
software metrics (in spanish)
software metrics (in spanish)software metrics (in spanish)
software metrics (in spanish)Fáber D. Giraldo
 
software estimation (in spanish)
software estimation (in spanish)software estimation (in spanish)
software estimation (in spanish)Fáber D. Giraldo
 
Lab Software Architecture (in spanish)
Lab Software Architecture (in spanish)Lab Software Architecture (in spanish)
Lab Software Architecture (in spanish)Fáber D. Giraldo
 

Mais de Fáber D. Giraldo (16)

Introduction to MDE
Introduction to MDEIntroduction to MDE
Introduction to MDE
 
Applying a software TeleCare prototype in a real residences for older people ...
Applying a software TeleCare prototype in a real residences for older people ...Applying a software TeleCare prototype in a real residences for older people ...
Applying a software TeleCare prototype in a real residences for older people ...
 
Analysing the concept of quality in model-driven engineering literature: a sy...
Analysing the concept of quality in model-driven engineering literature: a sy...Analysing the concept of quality in model-driven engineering literature: a sy...
Analysing the concept of quality in model-driven engineering literature: a sy...
 
Teamwork in Software Engineering Projects
Teamwork in Software Engineering ProjectsTeamwork in Software Engineering Projects
Teamwork in Software Engineering Projects
 
Project Planning in Software Engineering
Project Planning in Software EngineeringProject Planning in Software Engineering
Project Planning in Software Engineering
 
SEMAT
SEMATSEMAT
SEMAT
 
The SEI Approach
The SEI ApproachThe SEI Approach
The SEI Approach
 
The Agile Movement
The Agile MovementThe Agile Movement
The Agile Movement
 
Introduction to RUP & SPEM
Introduction to RUP & SPEMIntroduction to RUP & SPEM
Introduction to RUP & SPEM
 
Introduction to Software Process
Introduction to Software ProcessIntroduction to Software Process
Introduction to Software Process
 
software configuration management
software configuration managementsoftware configuration management
software configuration management
 
software metrics (in spanish)
software metrics (in spanish)software metrics (in spanish)
software metrics (in spanish)
 
CMMI
CMMICMMI
CMMI
 
software estimation (in spanish)
software estimation (in spanish)software estimation (in spanish)
software estimation (in spanish)
 
Lab Software Architecture (in spanish)
Lab Software Architecture (in spanish)Lab Software Architecture (in spanish)
Lab Software Architecture (in spanish)
 
Implementation Model
Implementation ModelImplementation Model
Implementation Model
 

Último

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfSanaAli374401
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.MateoGardella
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 

Último (20)

Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 

Workflows adaptations for security management through MDD and Aspects

  • 1. Workflows adaptations for security management through MDD and Aspects Fáber D. Giraldo Armenia, October 12 2012 1
  • 2. Acknowledgments • Dr. Raquel Anaya and Pr. Luís Fernando Londoño (EAFIT University) • Mireille Blay-Fornarino (University of Nice-Sophia Antipolis, France) • Sébastien Mosser (University of Lille I, France) • Sergio Ochoa and Alexandre Bergel (University of Chile) 2
  • 3. Content 1. Context 2. The ADORE Method 3. Case study 4. Problem: Security & Business Processes 5. Our proposal 6. Conclusions, Further works and Results 7. Questions 3
  • 4. Context • Separation of Concerns • Workflows of Business Processes. • MDD • AOSD • Security based on Services • Workflows adaptations based on security 4
  • 5. Goals of this work The main goal of this proposal is to establish the incorporation in design time, of adaptation mechanisms on workflows in order to consider security restrictions on data and control structures that are part of a workflow, by using model driven and aspects approaches. 5
  • 6. Research questions • Which is the way to apply and/or enrich the ADORE method in order to consider security based on standards? • Which is the contribution of modeling languages based on UML for representing, at high abstraction level, the security as an aspect and the interventions of it over the core functionality? • Which is the importance of the visualization mechanism for analyzing the complexity of the security adaptation proposed? 6
  • 7. Content 1. Context 2. The ADORE Method 3. Case study 4. Problem: Security & Business Processes 5. Our proposal 6. Conclusions, Further works and Results 7. Questions 7
  • 8. The ADORE Method • «Activity moDel to suppOrt oRchestration Evolution» [TAOSD’10] • Consider concerns as «process fragments» to be composed with existing processes • Support fragment composition through different (endogenous) algorithms • Algorithms ensure compositional properties • E.g., order preservation 8
  • 9. Examples CCCms security requirement CCCms functional requirement 9
  • 10. Examples 10
  • 11. • More info about ADORE • http://www.adore-design.org/doku/ • http://www.adore- design.org/doku/examples/cccms/start • http://modalis.i3s.unice.fr/ MODels to usAge of large scaLe InfraStructures 11
  • 12. Content 1. Context 2. The ADORE Method 3. Case study 4. Problem: Security & Business Processes 5. Our proposal 6. Conclusions, Further works and Results 7. Questions 12
  • 13. The Case Study •Car Crash Crisis Management System: CCCms •Requirement documents specified in [Kienzle et al, 2010] •Special issue of TAOSD, focusing on Aspect Oriented Modeling •Contents: •8 main success scenario •27 business extensions •3 non-functional properties Source: S. Mosser (2011) 13 •How to handle a Car Crash accident?
  • 14. Initial version Source [Mosser, Blay-Fornarino and France, 2010] 14
  • 15. Final version It’s only for Capture Witness Report use case of CCCms…. Source [Mosser, Blay-Fornarino and France, 2010] 15
  • 16. Content 1. Context 2. The ADORE Method 3. Case study 4. Problem: Security & Business Processes 5. Our proposal 6. Conclusions, Further works and Results 7. Questions 16
  • 17. • Model (business) behavior in a Service-Oriented Architecture • Think «activity diagram» in the UML • Think BPMN and BPEL ... • Think specific proposals based on several symbols… • As complex as the modeled business: no magic here (at least yet) • Security (and Quality Attributes) are often handled at the infrastructure level (e.g., WS-*) • But it clearly impacts modeled behaviors (e.g., «role- based access control»), as well as persistence, error handling, ... 17
  • 18. • The use of SoC and aspects are extended to the treatment of quality attributes (as security and its derived implications, e.g., control access) so that business processes managed within a workflow consider additional features to functionality. • In most contemporary SOA practices focused on the separation of concerns, the properties related with quality attributes are specified and mapped in a set of services. • This strategy involves that developers and SOA architects must configure properly the quality attributes in a range of services (usually every quality attribute covers multiple services simultaneously). 18
  • 19. • Unfortunately, UML, BPMN and BPEL do not support separation of concerns per se. [Wada, Suzuki and Oba, 2008] 19
  • 20. Content 1. Context 2. The ADORE Method 3. Case study 4. Problem: Security & Business Processes 5. Our proposal 6. Conclusions, Further works and Results 7. Questions 20
  • 21. • Existing approaches deal with Separation of Concerns: • Concerns reification (e.g., «Aspects» in Aspect-oriented Programming) • Composition with legacy systems (e.g., «Aspect weaving») • Security (e.g., control access, encryption) can be considered as another concern • Thus composed with other concerns (e.g., persistence standard, behavioral) • Compliant with concern reasoning approaches • E.g, interaction detection mechanisms 21
  • 22. • Security can be considered as a crosscutting concern? • Security involves services? • Security have a high-level support? • Several works propose the derivation of security models from Business Processes Models (BPMN, BPEL and SOA models) 22
  • 23. • Security Control Access through RBAC – XACML • RBAC: Role Based Control Access (Model) • XACML (eXtensible Access Control Markup Language): OASIS Standard • XACML 2.0 - 3.0 define a profile for RBAC support in order to bind RBAC practical solutions in web services environments. • RBAC is supported in high level abstraction models by SecureUML metamodel and Model Driven Security. • Encryption using RSA X.509 • Services implemented by existing frameworks 23
  • 24. SecureUML Metamodel From [Basin, Doser and Lodderstedt, 2006] 24
  • 25. XACML Model (I) Adapted from http://docs.oasis-open.org/xacml/2.0/XACML-2.0-OS-ALL.zip 25
  • 26. XACML Model (II) 26 General XACML Architecture. Source [Breu, Popp and Alam, 2007]
  • 27. Our proposal Principles derived from the AOSD and MDD provide a high degree of flexibility: AOSD can be applied to identify common concerns, visualizing scenarios where they can be applied throughout the business process that is automated in a workflow. The business process models can be adapted to meet new requirements. Further changes to process models can be applied immediately to adjust business processes. 27
  • 28. Our proposal • To derive ADORE fragments for XACML process and RSA X.509 desencryption process. • Fragments application independent. • To support the semantic context of ADORE fragments through its integration with Theme/UML approach • Bind through ADORE • To use concepts of software visualization for identifying and managing the complexity of new ADORE fragments for CCCms 28
  • 29. Integration with Theme/UML • Such as was exposed with the XACML standard, a quality attribute could contain a set of associated services and structures or specific dimensions, as hardware/software technologies that support security operations. • Other types of concerns address specifications of dimension, e.g., if a business process model must consider the managing of business rules, the fragment o fragment set must consider specific operations over a business rule engine. • It is evident the use of information of the modeled context expressed as variables that are introduced directly in the formulation of an ADORE fragment. According with the ADORE method the knowledge of context mapped in the fragments is associated exclusively to the description of the selected process. 29
  • 30. Example of information of context in an ADORE fragment 30
  • 31. Integration with Theme/UML • With the purpose of supporting the definition of ADORE fragments from quality attributes whose behaviors are generic respect to the behaviors that belongs to a business process workflow, we decided to use a subset of the diagrams of the modeling phase established in the Model-Driven Theme/UML process development to show the mapping of the information of the context of the quality attribute towards the ADORE fragment. • The context is defined in terms of the features specified for the system, the set of standards that govern the application and the invocation of underlying services, as the XACML standard for this case. 31
  • 32. General proposal of ThemeUML/ADORE Integration 32
  • 33. Use of ThemeUML in the formulation of XACML ADORE fragment 33
  • 34. Bind by Endogenous Composition of Concerns 34
  • 35. Composition leads to Iterative Process Modeling 35
  • 36. Weaving • XACML application independent fragment (blue) • retrieveVictimHistory dependent fragment (green) • execRescueMission orchestration (white) 36
  • 38. Weaving • XACML application independent fragment (blue) • Desencrypt application independent fragment (pink) • retrieveVictimHistory dependent fragment (green) • execRescueMission orchestration (white) 38
  • 39. Visualization • The goal of visualization is the extension of cognition or acquisition and/or use of knowledge [Teyseyre and Campo, 2009]. • ADORE allows to extract information from the internal representation of business processes, so it is possible to generate information related to the structure and metrics of business processes • The principle of separation of concerns in the context of business process workflows derive implicitly the presence of complexity as an important factor to consider in the tasks of maintainability, understandability and accuracy of measurement of a business process. • From work of [Mosser, Bergel and Blay-Fornarino, 2010] we adapt it for exposing the "new" independent application fragments (security) in order to manage the complexity of the global CCCMs fragments including new generated fragments. 39
  • 41. Complexity of fragments and orchestrations of CCCms including formulated security fragments 41
  • 42. Activities of connection between the fragments and orchestrations of CCCms, including formulated security fragments 42
  • 43. Content 1. Context 2. The ADORE Method 3. Case study 4. Problem: Security & Business Processes 5. Our proposal 6. Conclusions, Further Works and Results 7. Questions 43
  • 44. • Integration of MDD and ASOD principles to establish at a model level, mechanisms of adaptation of business process workflows, in order to incorporate security constraints based on access control defined by the RBAC model and the XACML standard. • Final process designed through the composition of smaller artifacts • XACML security fragments are «process independent» • Thus can be reused in other business processes workflows • Approach applied successfully to the complete CCCms 44
  • 45. • Achievements • XACML policies implemented as reusable process fragments • Approach applied to a concrete and complex case study • Work in progress • Final process «optimization» (e.g., merge redundant activities) • Application to other case studies (information broadcasting) 45
  • 46. • Further works • Conclusions about the ADORE method • Comparison of this work with BPEL4RBAC, AO4BPEL and AO4BPMN proposals • Use of ADORE by quality attributes experts • Standardization of behaviors derived from quality attributes in ADORE 46
  • 47. Fáber D. Giraldo, Mireille Blay-Fornarino, Sébastien Mosser. "Introducing Security Access Control Policies into Legacy Business Processes”. Proceedings of the Fifteenth International Enterprise Distributed Object Computing Conference (EDOC'11), IEEE, Helsinki, Finland, 29 august - 02 September 2011. Available in http://hal.archives- ouvertes.fr/docs/00/59/48/45/PDF/edoc_2011.pdf and http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&ar number=6037600&contentType=Conference+Publications • Fáber D. Giraldo and Raquel Anaya. “Integrating non-functional security services in ADORE using multiple views modeling approaches”. XXXVIII Latin American Conference on Informatics (CLEI 2012), Latin American Symposium in Software Engineering. IEEExplorer coming soon! 47
  • 48. Contact • fdgiraldo@uniquindio.edu.co • fdgiraldo • @fdgiraldo More Information in CVLac & GrupLac • http://www.linkedin.com/profile/view?id=144790141&trk=tab_pro • http://www.slideshare.net/fdgiraldo/
  • 49. Thank You for Your Attention ! fdgiraldo@uniquindio.edu.co 49