Security is a very important concern for software architecture and software components. Previous modeling approaches provide insufficient support for an in-depth treatment of security. This paper argues for a more comprehensive treatment based on software connectors. Connectors provide a suitable vehicle to model, capture, and enforce security. Our approach models security principal, privilege, trust, and context of architectural constituents. Extending our existing architecture description language and support tools, our approach can facilitate describing the security characteristics of an architecture generating enabling infrastructure, and monitoring run-time conformance. Initial results of applying this approach are illustrated through a case study. The contribution of this research is a deeper and more comprehensive treatment of architectural security through software connectors.

Domain-specific models increase the level of abstraction used to develop large-scale component-based systems. Model-driven development (MDD) approaches (e.g., Model-Integrated Computing and Model-Driven Architecture) emphasize the use of models at all stages of system development. Decomposing problems using MDD approaches may result in a separation of the artifacts in a way that impedes comprehension. For example, a single concern (such as deployment of a distributed system) may crosscut different orthogonal activities (such as component specification, interaction, packaging and planning). To keep track of all entities associated with a component, and to ensure that the constraints for the system as a whole are not violated, a purely model-driven approach imposes extra effort, thereby negating some of the benefits of MDD. This paper provides three contributions to the study of applying aspect-oriented techniques to address the crosscutting challenges of model-driven component-based distributed systems development. First, we identify the sources of crosscutting concerns that typically arise in model-driven development of component-based systems. Second, we describe how aspect-oriented model weaving helps modularize these crosscutting concerns

Abstract. Aspect-orientation provides a new way of modularization by clearly separating crosscutting concerns from non-crosscutting ones. While aspect-orientation originally has emerged at the programming level, it now stretches also over other development phases. There are, for example, already several proposals to Aspect-Oriented Modeling (AOM), most of them pursuing distinguished goals, providing different concepts as well as notations, and showing various levels of maturity. Consequently, there is an urgent need for both, academia and practice, to provide an in-depth survey, clearly identifying commonalities and differences between current AOM approaches. Existing surveys in this area focus more on comprehensibility with respect to development phases or evaluated approaches rather than on comparability at a fine-grained level. This paper tries to fill this gap. As a prerequisite for an in-depth evaluation, a conceptual reference model is presented, capturing the basic

Abstract. Security engineering deals with modeling, analysis, and implementation of complex security mechanisms. The dynamic nature of such mechanisms makes it difficult to anticipate undesirable emergent behavior. In this work, we propose an approach to develop and analyze security-critical specifications and implementations using aspect-oriented modeling. Since we focus on the dynamic views of a system, our work is complementary to existing approaches to security aspects mostly concerned with static views. Our approach includes a link to implementations in so far as the code which is constructed from the models can be analyzed automatically for satisfaction of the security requirements stated in the UML diagrams. We present tool support for our approach. 1

Abstract. This paper presents an approach for specifying reusable aspect models that define structure (using class diagrams) and behavior (using sequence diagrams). The high degree of reusability of the aspect models is demonstrated by modeling the design of 8 inter-dependent aspects of the AspectOptima case study. Based on this experience, several modeling language features that we deem essential to support reusable aspect modeling are identified. 1

The focus of the paper is on the analysis of performance effects of different security solutions modeled as aspects in UML. Aspect oriented modeling (AOM) allows software designers to isolate and separately address solutions for crosscutting concerns, which are defined as distinct UML aspect models, then are composed with the primary UML model of the system under development. For performance analysis we use techniques developed previously in the PUMA project, which take as input UML models annotated with the standard UML Profile for Schedulability, Performance and Time (SPT), and transform them first into Core Scenario Model (CSM) and then into different performance models. The contribution of this paper is in performing the composition of the aspects with the primary model at the CSM level. The input is represented by the primary model and a number of aspect models in UML+SPT, which are processed as follows: a) converted separately to CSM; b) composed into a single CSM model; c) transformed into a Layered Queueing Networks (LQN) model and d) analyzed. The proposed approach is illustrated with a case study based on two standards, TPC-W and SSL. Categories and Subject Descriptors C.4 [Performance of Systems]: modeling techniques, performance attributes. D.2.4 Software/Program Verification: model checking

Abstract: We propose a methodology, based on Aspect-Oriented Modeling (AOM), for incorporating security mechanisms in an application. The functionality of the application is described using the primary model and the attacks are specified using aspects. The attack aspect is composed with the primary model to obtain the misuse model. The misuse model describes how much the application can be compromised. If the results are unacceptable, then some security mechanism must be incorporated into the application. The security mechanism, modeled as security aspect, is composed with the primary model to obtain the security treated model. The security treated model is analyzed to give assurance that it is resilient to the attack.

Aspect-Oriented Modeling (AOM) allows software designers to describe features that address pervasive concerns separately as aspects, and to systematically incorporate the features into a design model using model composition techniques. The goal of this paper is to analyze the performance effects of different security features that may be represented as aspect models. This is part of a larger research effort to integrate methodologies and tools for the analysis of security and performance properties early in the software development process. In this paper we describe an extension to the AOM approach that provides support for performance analysis. We use the performance analysis techniques developed previously in the PUMA project, which take as input UML models annotated with the standard UML profile for Schedulability, Performance and Time (SPT), and transform them first into Core Scenario Model (CSM), and then into different performance models. The composition of the aspects with the primary (base) model is performed at the CSM level. A new formal definition of CSM properties and operations is described as a foundation for scenario-based weaving. The proposed approach is illustrated with an example that utilizes two standards, TPC-W and SSL.

Abstract. Model driven development (MDD) is regarded as a promising software development technique which can reduce the complexity and cost of developing large software systems. In recent years research in MDD has focused on the technical domain where techniques and tools are developed to assist in automatically transforming design models to implementation models. However, little attention has been paid on automatically transforming knowledge embedded in business requirement models (e.g., business processes) into generic design models and implementation models. In this paper, we use aspect-oriented modeling (AOM) techniques to help us customize the primary model (e.g., design model and implementation model) by weaving different business requirements into it. As a result, we can verify the primary models against the business requirements. Our case study demonstrates the feasibility of our proposed approach.

Software maintenance and evolution are the most costly and time consuming activities during the software development life cycle. One of the biggest challenges of software evolution is to adapt a software system to the ever-changing requirements from users or operating environments. An ideal goal is to encapsulate these requirements into a high-level abstraction, which can be used to drive large-scale adaptation of the underlying software implementation. Model-Driven Engineering (MDE) is one of the enabling techniques that support this objective, in that it allows the domain experts or application designers to synthesize various software artifacts from high-level models that represent domain concepts or system design logic. The state-of-the-art MDE techniques, however, lack support for advanced processes and constructive methods involved within the context of the evolution of software systems. With respect to large legacy systems written in disparate programming languages,