Ziarati, Raha (2012) Dynamic matching and weaving semantics for executable UML models. Masters thesis, Concordia University.
Preview |
Text (application/pdf)
1MBZiarati_MASc_S2013.pdf - Accepted Version |
Abstract
To develop more secure software, security concerns should be considered as an essential part of all phases of software development lifecycle. It has been observed that incorporation of security concerns after the completion of software development may result in conflicts between functional and security requirements and leads to severe
security vulnerabilities. On the other hand, security is a crosscutting concern and consequently the integration of security solutions at the software design phase may
result in scattering and tangling of security features throughout the entire design. Therefore, in the case of large scale software (e.g., hundreds of UML classes), the
resulting UML design models may become more complex and difficult to understand. Moreover, adding security manually is tedious and may lead to additional security flaws.
Aspect-Oriented Modeling is an appropriate approach to systematically integrate security at the design phase as it allows the separation of crosscutting concerns from the core functionality. In this research work, we provide formal semantics for aspect matching and weaving on executable UML models, particularly for activity diagrams. The semantics is based on a defunctionalized continuation-passing style since it provides a concise and elegant description of aspect-oriented mechanisms. In addition, we have extended our framework and provided semantics for control and data flow pointcuts as these pointcuts are beneficial from a security perspective and are used to detect vulnerabilities related to information flow.
Divisions: | Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering |
---|---|
Item Type: | Thesis (Masters) |
Authors: | Ziarati, Raha |
Institution: | Concordia University |
Degree Name: | M.A. Sc. |
Program: | Information Systems Security |
Date: | October 2012 |
Thesis Supervisor(s): | Debbabi, Mourad and Wang, Lingyu |
ID Code: | 974888 |
Deposited By: | RAHA ZIARATI |
Deposited On: | 07 Jun 2013 14:46 |
Last Modified: | 18 Jan 2018 17:39 |
Repository Staff Only: item control page