Index

ModSec FFG BMVIT


Project titleDomain-Specific Languages for Model-Driven Security Engineering
Short titleModSec
Duration2 years (2011-12-01 - 2013-11-30)
Funded byAustrian Research Promotion Agency (FFG) of the Austrian Federal Ministry for Transport, Innovation and Technology (BMVIT)
Programme lineFIT-IT / Trust in IT Systems
Project typeDissertation Fellowship Project


Security issues in software systems have become a major problem in every day's life, such as software end users, companies, and governments—just to name a few. Current software engineering processes do not emphasize the modeling and design of security properties of software artifacts. Security features are often integrated in an ad-hoc manner and are not planned systematically. Furthermore, security software tests may be skipped due to tight software delivering cycles. Research has repeatedly shown that eliminating errors early in the software development process is far cheaper than fixing security holes at a later stage or in productive systems. However, less effort is put in creating processes which take security concerns from the beginning of software developments into account.

In the ModSec project we build on the concept of Domain-Specific Languages (DSLs) for specifying security requirements in business processes on the modeling-level and automatically transform these models to the system-level. Thereby, emphasizing the integration and test of different security- and process-related DSLs to ensure compliance of model- and system-level implementations.

The proposed approach should allow for a software development cycle considering security aspects in software engineering processes right from the beginning. Thus, research done in the ModSec project will help to minimize the risk of security issues emerging from the development of process-aware information systems. The outcome will be new methods, concepts, and software artifacts in the area of DSL-based Model-Driven Security Engineering (MDSE).


For more information contact Bernhard Hoisl.


Publications


Resources
  • S. Sobernig, B. Hoisl, and M. Strembeck: Extracting Reusable Design Decisions for UML-based Domain-specific Languages: A Multi-Method Study. In Journal of Systems and Software (JSS), vol. 113, 140-172, Elsevier, 2016.
    • Paper: PDF | DOI
    • Supplementary material
      • Appendix: PDF | URL
      • Protocol for a Systematic Literature Review on Design Decisions for UML-based DSMLs: PDF | URL
      • A Catalog of Reusable Design Decisions for Developing UML/MOF-based Domain-specific Modeling Languages
        • Pre-study revision: PDF | URL
        • Post-study revision: PDF | URL

  • B. Hoisl and S. Sobernig: Open-Source Development Tools for Domain-Specific Modeling: Results from a Systematic Literature Review. In Proceedings of the 49th Hawaii International Conference on System Sciences (HICSS), Editors T. X. Bui and R. H. Sprague, Jr., 5001-5010, IEEE Computer Society Press, 2016.

  • B. Hoisl, Z. Hu, and S. Hidaka: Towards Bidirectional Higher-Order Transformation for Model-Driven Co-evolution. In Communications in Computer and Information Science (CCIS), Editors S. Hammoudi, L. F. Pires, J. Filipe, and R. C. das Neves, 153-167, Springer International Publishing, 2015.

  • B. Hoisl and S. Sobernig: Towards Benchmarking Evolution Support in Model-to-Text Transformation Systems. In Proceedings of the 4th Workshop on the Analysis of Model Transformations (AMT), Editors J. Dingel, S. Kokaly, L. Lúcio, R. Salay, and H. Vangheluwe, 16-25, CEUR Workshop Proceedings, 2015.

  • B. Hoisl and S. Sobernig: Consistency Rules for UML-based Domain-specific Language Models: A Literature Review. In Proceedings of the 1st International Workshop on UML Consistency Rules (WUCOR), Editors D. Torre, Y. Labiche, M. Genero, and M. Elaasar, 29-36, CEUR Workshop Proceedings, 2015.

  • B. Hoisl: Integration and Test of MOF/UML-based Domain-specific Modeling Languages. PhD Thesis, WU Vienna University of Economics and Business, 2014.

  • B. Hoisl, S. Sobernig, and M. Strembeck: Comparing Three Notations for Defining Scenario-based Model Tests: A Controlled Experiment. In Proceedings of the 9th International Conference on the Quality of Information and Communications Technology (QUATIC), Editors A. R. da Silva, A. R. Silva, M. A. Brito, and R. J. Machado, 95-104, IEEE Computer Society Press, 2014.
    • Paper: PDF | DOI
    • Experiment material
      • Experience questionnaire: PDF
      • Introductory presentation: PDF
      • Notation references: PDF
      • Example tasks: PDF
      • Tasks (models, scenarios, questions): Eclipse project
      • Ex-post questionnaire: PDF
    • Collected data and results
      • Experience questionnaire, group allocations: ODS
      • Collected data, calculations, computed results: ODS

  • B. Hoisl, S. Sobernig, and M. Strembeck: Modeling and Enforcing Secure Object Flows in Process-driven SOAs: An Integrated Model-driven Approach. In Software and Systems Modeling (SoSyM), vol. 13, no. 2, 513-548, Springer, 2014.

  • B. Hoisl, Z. Hu, and S. Hidaka: Towards Co-Evolution in Model-driven Development via Bidirectional Higher-Order Transformation. In Proceedings of the 2nd International Conference on Model-Driven Engineering and Software Development (MODELSWARD), Editors L. F. Pires, S. Hammoudi, J. Filipe, and R. C. das Neves, 466-471, SciTePress, 2014.

  • B. Hoisl, S. Sobernig, and M. Strembeck: Natural-language Scenario Descriptions for Testing Core Language Models of Domain-Specific Languages. In Proceedings of the 2nd International Conference on Model-Driven Engineering and Software Development (MODELSWARD), Editors L. F. Pires, S. Hammoudi, J. Filipe, and R. C. das Neves, 356-367, SciTePress, 2014.

  • S. Sobernig, B. Hoisl, and M. Strembeck: Requirements-driven Testing of Domain-specific Core Language Models using Scenarios. In Proceedings of the 13th International Conference on Quality Software (QSIC), Editors A. Gotlieb and Z. Chen, 163-172, IEEE Computer Society Press, 2013.

  • B. Hoisl: Towards Testing the Integration of MOF/UML-based Domain-specific Modeling Languages. In Proceedings of the 8th IASTED International Conference on Advances in Computer Science (ACS), Editors K. Piromsopa and P. Bhattarakosol, 314-323, ACTA Press, 2013.

  • B. Hoisl, S. Sobernig, and M. Strembeck: Higher-Order Rewriting of Model-to-Text Templates for Integrating Domain-specific Modeling Languages. In Proceedings of the 1st International Conference on Model-Driven Engineering and Software Development (MODELSWARD), 49-61, SciTePress, 2013.

  • B. Hoisl, M. Strembeck, and S. Sobernig: Towards a Systematic Integration of MOF/UML-based Domain-specific Modeling Languages. In Proceedings of the 16th IASTED International Conference on Software Engineering and Applications (SEA), Editor M. H. Hamza, 337-344, ACTA Press, 2012.

  • B. Hoisl, S. Sobernig, S. Schefer-Wenzl, M. Strembeck, and A. Baumgrass: Design Decisions for UML and MOF based Domain-specific Language Models: Some Lessons Learned. In Proceedings of the 2nd Workshop on Process-based approaches for Model-Driven Engineering (PMDE), Editors H. Störrle, G. Botterweck, M. Bourdellès, D. Kolovos, R. Paige, E. Roubtsova, J. Rubin, and J.-P. Tolvanen, 303-314, Technical University of Denmark (DTU), 2012.

  • B. Hoisl and M. Strembeck: A UML Extension for the Model-driven Specification of Audit Rules. In Proceedings of the 2nd International Workshop on Information Systems Security Engineering (WISSE), Editors M. Bajec and J. Eder, 16-30, Springer, 2012.

  • B. Hoisl and S. Sobernig: Integrity and Confidentiality Annotations for Service Interfaces in SoaML Models. In Proceedings of the International Workshop on Security Aspects of Process-aware Information Systems (SAPAIS), 673-679, IEEE Computer Society Press, 2011.

  • B. Hoisl and M. Strembeck: Modeling Support for Confidentiality and Integrity of Object Flows in Activity Models. In Proceedings of the 14th International Conference on Business Information Systems (BIS), Editor W. Abramowicz, 278-289, Springer, 2011.