Aspect - Oriented Security Hardening of UML Design Models

Djedjiga Mouheb · Mourad Debbabi

Makan Pourzandi · Lingyu Wang

Mariam Nouh · Raha Ziarati

Dima Alhadidi · Chamseddine Talhi

Vitor Lima

Aspect-Oriented

Security Hardening of

UML Design Models

Aspect-Oriented Security Hardening

of UML Design Models

Djedjiga Mouheb • Mourad Debbabi

Makan Pourzandi • Lingyu Wang

Mariam Nouh • Raha Ziarati

Dima Alhadidi • Chamseddine Talhi

Vitor Lima

Aspect-Oriented

Security Hardening of

UML Design Models

123

Djedjiga Mouheb

Concordia University

Montreal, QC

Canada

Mourad Debbabi

Concordia University

Montreal, QC

Canada

Makan Pourzandi

Ericsson Canada Inc.

Montreal, QC

Canada

Lingyu Wang

Concordia University

Montreal, QC

Canada

Mariam Nouh

King Abdulaziz City for Science

and Technology

Riyadh

Saudi Arabia

Raha Ziarati

Sophos Inc.

Vancouver, BC

Canada

Dima Alhadidi

Zayed University

Dubai

United Arab Emirates

Chamseddine Talhi

École de Technologie Supérieure

Montreal, QC

Canada

Vitor Lima

Montreal, QC

Canada

ISBN 978-3-319-16105-1 ISBN 978-3-319-16106-8 (eBook)

DOI 10.1007/978-3-319-16106-8

Library of Congress Control Number: 2015932850

Springer Cham Heidelberg New York Dordrecht London

© Springer International Publishing Switzerland 2015

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part

of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations,

recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission

or information storage and retrieval, electronic adaptation, computer software, or by similar or

dissimilar methodology now known or hereafter developed.

The use of general descriptive names, registered names, trademarks, service marks, etc. in this

publication does not imply, even in the absence of a specific statement, that such names are exempt

from the relevant protective laws and regulations and therefore free for general use.

The publisher, the authors and the editors are safe to assume that the advice and information in this

book are believed to be true and accurate at the date of publication. Neither the publisher nor the

authors or the editors give a warranty, express or implied, with respect to the material contained

herein or for any errors or omissions that may have been made.

Printed on acid-free paper

Springer International Publishing AG Switzerland is part of Springer Science+Business Media

(www.springer.com)

Foreword

Today, software is being used virtually everywhere in our society; in vehicles,

banking, commerce, media, industrial control systems, and health care, just to

mention a few. A large part of our infrastructure, including the communication

systems that interconnect people, machines, and devices, are built on and managed

through software. As our dependency on this infrastructure increases, so does the

need for assurance of the software; to ensure that the software is functioning as

intended, and that vulnerabilities are few and appropriately handled.

Assurance and verification of software are becoming essential, not only for IT

security, but for communication systems in large. The need for security, as well as

the means to verify security, will become even more emphasized with evolvements

toward 5G and Internet of things, which come with new requirements on networks

and services. Improved and proactive software assurance is also motivated by the

fact that security breaches in software systems keep appearing in spite of numerous

updates and patches.

Given the complexity and pervasiveness of today’s software systems, building

secure software is a challenging task, especially as security must be addressed

during all phases of the software engineering process rather than added as an

afterthought. In many cases, the security of software largely depends on developers’

awareness of security requirements. Therefore, to reduce the burden on developers,

there is a clear need for practical tools and methods for secure software

development.

A promising approach for early security hardening is to leverage prominent

modeling languages, such as the Unified Modeling Language (UML) for the

specification and strengthening of software security. Indeed, using UML for

developing secure software has a practical significance considering the fact that

UML is the de-facto standard for object-oriented modeling of software systems and

there exist many tools for UML modeling.

Because of the pervasive nature of security, adding security manually into a

UML design is tedious, may lead to the introduction of new security vulnerabilities,

and security components may become tangled and scattered throughout the whole

v

design. Consequently, the resulting UML design model will most likely become

difficult to understand and maintain. In this respect, the aspect-oriented technology

emerged as an appealing approach for strengthening software security. This para￾digm, which has received considerable attention from researchers and industry,

allows a more advanced modularization by separating crosscutting concerns, such

as security, from the software functionalities.

This book contributes to methodical engineering of secure software-intensive

systems, by extending prominent modeling languages such as UML to address

security concerns throughout the development life cycle. Such measures, as well as

their extension, are vital in making software-intensive systems reliable, flexible, and

highly secure. These are properties necessary for software systems as we come to

depend on them as a natural part of our environment.

Stockholm, January 2015 Eva Fogelström

Director Security, Ericsson Research

vi Foreword

Preface

In the coming years, information technology will continue to transform the way we

think, work, communicate, and learn. The tremendous success of Internet-related

technologies (web services, voice over IP, mobile telephony, etc.) coupled with

advances both in hardware and software will invigorate the existing proliferation of

software intensive systems. This will allow for new services, applications, and

systems that will recede increasingly into the background of our lives. In this

setting, the secure engineering of such software-intensive systems becomes a major

concern. This is emphasized by the fact that security breaches of software systems

keep appearing at an alarming rate in spite of numerous updates and patches that are

constantly being issued.

Unfortunately, in many organizations, the emphasis on operational security

usually leads most investments to be directed to network security measures, such as

firewall, virtual private network, intrusion detection system, etc. However, in spite

of significant efforts on network security, the scale and severity of security breaches

have been increasing with no victory in sight in this arm race against attackers.

Recently, new efforts have emerged in extending the defense by rooting the security

in software itself. However, given the complexity and pervasiveness of today’s

software systems, building secure software is a challenging task. In most cases, the

security of software widely depends on developers’ awareness of security

requirements, which is unfortunately not always present. To reduce the burden on

developers, there is a clear need for practical tools and methods for secure software

development.

Very often security practices are added to existing software either as an after￾thought phase of the software development life cycle, or manually injected into

software code or UML models. However, this practice is no longer acceptable for

such an important aspect, especially with the increasing complexity and perva￾siveness of today’s software systems. Therefore, security must be addressed during

the early phases of the software engineering process. A promising approach to early

security hardening is to leverage prominent modeling languages, such as the

Unified Modeling Language (UML) for the specification, verification, and hard￾ening of software security. Indeed, using UML for secure software development

vii

would have more practical significance considering the fact that UML is the de￾facto standard for object-oriented modeling of software systems and there exist

many tools for UML modeling. In addition, UML supports standard extension

mechanisms that enable the language to be customized for different platforms or

domains.

Besides, because of the pervasive nature of security, adding security manually

into a UML design is tedious, may lead to additional security vulnerabilities, and

security components may become tangled and scattered throughout the whole

design. Consequently, the resulting UML design model will most likely become

difficult to understand and maintain. In this respect, the aspect-oriented technology

emerged as an appealing approach for security hardening. This paradigm has

received considerable attention from researchers and industrial practitioners alike. It

allows a more advanced modularization by separating crosscutting concerns, such

as security, from the software functionalities. Due to the increasing interest, the

aspect-oriented technology has stretched over earlier stages of the software

development life cycle. Aspect-Oriented Modeling (AOM) applies aspect-oriented

techniques to software models with the aim of modularizing crosscutting concerns.

It carries over the advantages of aspect-oriented programming to the modeling

level. Indeed, handling those concerns at the modeling level would significantly

help in alleviating the complexity of software models and facilitate reuse of existing

design models.

This book contributes to the secure engineering of software-intensive systems.

To this end, it extends current model-driven engineering paradigms and prominent

modeling languages, such as UML, to address security concerns throughout the

development life cycle. Moreover, it leverages the AOM paradigm for the speci￾fication and the systematic execution of security hardening practices on UML

models. In this regard, a UML profile has been developed for the specification of

security hardening aspects on UML diagrams. In addition, a weaving framework,

with the underlying theoretical foundations, has been elaborated for the systematic

injection of security aspects into UML models. The book will benefit researchers in

academia and industry as well as students in the field of software and systems

engineering. The reader will find, in this book, an overview of the research

advancements related to model-based software security hardening.

The book is organized as follows: Chapter 1 presents an introduction to software

security, model-driven engineering, UML, and aspect-oriented technologies.

Chapter 2 provides an overview of UML language. Chapter 3 describes the main

concepts of AOM. Chapter 4 explores the area of model-driven architecture with a

focus on model transformations. The main approaches that are adopted in the lit￾erature for security specification and hardening are presented in Chap. 5. Chapter 6

presents our AOM profile for security aspects specification. Afterwards, Chap. 7

details the design and implementation of the security weaving framework. In

addition, several real-life case studies are illustrated to demonstrate the relevance

viii Preface

of the proposed framework for security hardening. Chapter 8 elaborates an opera￾tional semantics for the matching/weaving processes in activity diagrams. Moreover,

Chaps. 9 and 10 elaborate a denotational semantics for aspect matching and weaving

in executable models following a continuation-passing style. Finally, a summary and

evaluation of the presented work are presented in Chap. 11.

March 2015 Djedjiga Mouheb

Mourad Debbabi

Makan Pourzandi

Lingyu Wang

Mariam Nouh

Raha Ziarati

Dima Alhadidi

Chamseddine Talhi

Vitor Lima

Preface ix

Acknowledgments

We would like to express our deepest gratitude to all the people who contributed to

the realization of this work. This book is the result of a fruitful research collabo￾ration between Concordia University and Ericsson Canada under the Collaborative

Research and Development (CRD) Grant Program of the Natural Sciences and

Engineering Research Council of Canada (NSERC) with additional support from

PROMPT Quebec. The project is entitled “Model-Based Engineering of Secure

Software and Systems” (MOBS2 Project) and has been executed, while most of the

authors were affiliated with Concordia University. We would like to thank, from

Ericsson: Anders Caspar who saw early on the potential and importance of this

topic and without his support, this project would not have been possible; Rolf Blom

whose advice and insights guided us throughout the project; Pierre Boucher whose

continuous support for the project made this research a reality; Magnus Buhrgard

who helped us to shape the project activities; and finally special thanks to Denis

Monette for his precious advice, know-how, support, and good humor.

xi

Contents

1 Introduction ........................................ 1

1.1 Motivations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.2 Software Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

1.3 Model-Driven Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1.4 Unified Modeling Language. . . . . . . . . . . . . . . . . . . . . . . . . 7

1.5 Aspect-Oriented Paradigm . . . . . . . . . . . . . . . . . . . . . . . . . . 8

1.6 Outline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2 Unified Modeling Language. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

2.1 Why Unified Modeling Language? . . . . . . . . . . . . . . . . . . . . 11

2.2 UML Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

2.3 UML Views and Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . 13

2.4 UML Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

2.5 UML Extension Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . 18

2.5.1 Stereotypes and Tagged Values . . . . . . . . . . . . . . . . 18

2.5.2 Constraints. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

2.6 Object-Constraint Language . . . . . . . . . . . . . . . . . . . . . . . . . 18

2.7 Executable UML . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

2.7.1 Foundational UML . . . . . . . . . . . . . . . . . . . . . . . . . 19

2.7.2 Action Language for Foundational UML . . . . . . . . . . 21

2.8 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3 Aspect-Oriented Paradigm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3.1 AOP Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

3.1.1 Pointcut-Advice Model . . . . . . . . . . . . . . . . . . . . . . 24

3.1.2 Multi-Dimensional Separation of Concerns Model. . . . 26

3.1.3 Adaptive Programming Model . . . . . . . . . . . . . . . . . 26

3.2 AOP and Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

3.3 Basic Constructs of the Pointcut-Advice Model . . . . . . . . . . . 28

3.3.1 Aspects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

3.3.2 Join Points. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

xiii

3.3.3 Pointcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

3.3.4 Advices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

3.3.5 Introductions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

3.4 Aspect-Oriented Modeling . . . . . . . . . . . . . . . . . . . . . . . . . . 32

3.5 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

4 Model-Driven Architecture and Model Transformations. . . . . . . . 35

4.1 MDA Layers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

4.1.1 Computation Independent Model (CIM). . . . . . . . . . . 37

4.1.2 Platform Independent Model (PIM) . . . . . . . . . . . . . . 37

4.1.3 Platform Specific Model (PSM) . . . . . . . . . . . . . . . . 37

4.1.4 Implementation Specific Model (ISM) . . . . . . . . . . . . 38

4.2 MDA Benefits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38

4.3 MDA Transformations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39

4.4 Applications of Model Transformations . . . . . . . . . . . . . . . . . 40

4.5 Model Transformation Languages and Tools . . . . . . . . . . . . . 42

4.5.1 Query/View/Transformation Language. . . . . . . . . . . . 42

4.5.2 Atlas Transformation Language . . . . . . . . . . . . . . . . 43

4.5.3 Open Architecture Ware . . . . . . . . . . . . . . . . . . . . . 43

4.5.4 IBM Model Transformation Framework. . . . . . . . . . . 43

4.5.5 Kermeta. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

4.6 Comparative Study of Model Transformation Languages . . . . . 44

4.7 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

5 Model-Based Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47

5.1 Security Specification for UML Design . . . . . . . . . . . . . . . . . 47

5.1.1 Security Specification Using UML Artifacts . . . . . . . . 47

5.1.2 Security Specification by Extending UML

Meta-language . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

5.1.3 Security Specification by Creating New

Meta-languages. . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

5.2 Usability Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

5.2.1 Usability Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . 53

5.2.2 Security Specification Using UML Artifacts . . . . . . . . 54

5.2.3 Extending UML Meta-language . . . . . . . . . . . . . . . . 56

5.2.4 Creating a New Meta-language. . . . . . . . . . . . . . . . . 57

5.3 Model-Based Security Hardening Mechanisms . . . . . . . . . . . . 57

5.3.1 Security Design Patterns . . . . . . . . . . . . . . . . . . . . . 58

5.3.2 Mechanism-Directed Meta-languages. . . . . . . . . . . . . 58

5.3.3 Aspect-Oriented Modeling . . . . . . . . . . . . . . . . . . . . 58

5.3.4 Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59

5.4 Related Work on Model-Based Security . . . . . . . . . . . . . . . . 59

5.4.1 Security Design Patterns . . . . . . . . . . . . . . . . . . . . . 60

5.4.2 Mechanism-Directed Meta-languages. . . . . . . . . . . . . 61

xiv Contents

5.4.3 Aspect-Oriented Modeling . . . . . . . . . . . . . . . . . . . . 63

5.4.4 Comparative Study . . . . . . . . . . . . . . . . . . . . . . . . . 65

5.5 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

6 Security Aspect Specification . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

6.1 Proposed AOM Approach for Security Hardening. . . . . . . . . . 70

6.2 A UML Profile for Aspect-Oriented Modeling . . . . . . . . . . . . 71

6.2.1 Aspect Adaptations . . . . . . . . . . . . . . . . . . . . . . . . . 72

6.2.2 Aspect Adaptation Rules . . . . . . . . . . . . . . . . . . . . . 74

6.2.3 Pointcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

6.3 Related Work on AOM . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

6.4 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

7 Security Aspect Weaving. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

7.1 Approach Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

7.2 Security Aspect Specialization . . . . . . . . . . . . . . . . . . . . . . . 87

7.3 Join Point Matching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

7.4 Security Aspect Weaving . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

7.4.1 Weaver Architecture . . . . . . . . . . . . . . . . . . . . . . . . 89

7.4.2 Transformation Definitions. . . . . . . . . . . . . . . . . . . . 92

7.4.3 Transformation Rules . . . . . . . . . . . . . . . . . . . . . . . 102

7.5 Tool Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

7.5.1 AOM Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

7.5.2 Weaving Framework . . . . . . . . . . . . . . . . . . . . . . . . 107

7.6 Case Studies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

7.6.1 Service Provider Application . . . . . . . . . . . . . . . . . . 111

7.6.2 SIP-Communicator . . . . . . . . . . . . . . . . . . . . . . . . . 119

7.6.3 Replacing Deprecated Functions in OpenSAF. . . . . . . 128

7.7 Related Work on Model Weaving . . . . . . . . . . . . . . . . . . . . . 132

7.8 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

8 Static Matching and Weaving Semantics in Activity Diagrams . . . 137

8.1 Syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

8.1.1 Activity Diagrams Syntax . . . . . . . . . . . . . . . . . . . . 138

8.1.2 Aspect Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

8.2 Matching and Weaving Semantics. . . . . . . . . . . . . . . . . . . . . 142

8.2.1 Matching Semantics . . . . . . . . . . . . . . . . . . . . . . . . 142

8.2.2 Weaving Semantics. . . . . . . . . . . . . . . . . . . . . . . . . 146

8.3 Completeness and Correctness of the Weaving . . . . . . . . . . . . 148

8.3.1 Algorithms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

8.3.2 Completeness and Correctness . . . . . . . . . . . . . . . . . 151

8.4 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161

Contents xv

9 Dynamic Matching and Weaving Semantics in k-Calculus . . . . . . 163

9.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164

9.1.1 k-Calculus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165

9.1.2 Denotational Semantics . . . . . . . . . . . . . . . . . . . . . . 167

9.1.3 Continuation-Passing Style. . . . . . . . . . . . . . . . . . . . 168

9.1.4 Defunctionalization . . . . . . . . . . . . . . . . . . . . . . . . . 170

9.2 Syntax and Denotational Semantics . . . . . . . . . . . . . . . . . . . . 172

9.3 Continuation-Passing Style Semantics . . . . . . . . . . . . . . . . . . 174

9.3.1 Representation of Continuations as Functions . . . . . . . 174

9.3.2 Representation of Continuations as Frames. . . . . . . . . 174

9.4 Aspect Syntax and Semantics . . . . . . . . . . . . . . . . . . . . . . . . 178

9.4.1 Aspect Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

9.4.2 Matching Semantics . . . . . . . . . . . . . . . . . . . . . . . . 179

9.4.3 Weaving Semantics. . . . . . . . . . . . . . . . . . . . . . . . . 181

9.5 Semantics of Flow-Based Pointcuts . . . . . . . . . . . . . . . . . . . . 184

9.5.1 Control Flow Pointcut . . . . . . . . . . . . . . . . . . . . . . . 184

9.5.2 Dataflow Pointcut . . . . . . . . . . . . . . . . . . . . . . . . . . 185

9.5.3 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189

9.6 Related Work on AOP Semantics . . . . . . . . . . . . . . . . . . . . . 190

9.7 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

10 Dynamic Matching and Weaving Semantics

in Executable UML. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193

10.1 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

10.2 Syntax. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

10.3 Denotational Semantics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 196

10.3.1 Denotational Semantics of Activity Diagrams . . . . . . . 197

10.3.2 Denotational Semantics of Alf Language . . . . . . . . . . 199

10.4 Continuation-Passing Style Semantics . . . . . . . . . . . . . . . . . . 199

10.4.1 Representation of Continuations as Functions . . . . . . . 199

10.4.2 Representation of Continuations as Frames. . . . . . . . . 200

10.5 Aspect Syntax and Semantics . . . . . . . . . . . . . . . . . . . . . . . . 203

10.5.1 Aspect Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204

10.5.2 Matching Semantics . . . . . . . . . . . . . . . . . . . . . . . . 204

10.5.3 Weaving Semantics. . . . . . . . . . . . . . . . . . . . . . . . . 205

10.6 Semantics of the Dataflow Pointcut. . . . . . . . . . . . . . . . . . . . 207

10.7 Related Work on Aspect Semantics in xUML. . . . . . . . . . . . . 211

10.8 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

11 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

xvi Contents

Acronyms

AAM Aspect-oriented Architecture Model

Alf Action Language for Foundational UML

AMW Atlas Model Weaver

AOEM Aspect-Oriented Executable Modeling

AOM Aspect-Oriented Modeling

AOP Aspect-Oriented Programming

AOSD Aspect-Oriented Software Development

API Application Programming Interface

ATL Atlas Transformation Language

BNF Backus-Naur Form

BPMN Business Process Modeling Notation

CASE Computer Aided and Software Engineering

CORBA Common Object Request Broker Architecture

CORBA AC CORBA Access Control

CPS Continuation-Passing Style

CWM Common Warehouse Metamodel

DAC Discretionary Access Control

DSML Domain Specific Modeling Language

FDAF Formal Design Analysis Framework

FNE Framework for Network Enterprises

fUML Foundational UML

GReCCo Generic Reusable Concern Composition

HiLA High-Level Aspect

IDE Integrated Development Environment

IP Internet Protocol

IRC Internet Relay Chat

ISO International Organization for Standardization

JPM Join Point Model

M2M Model-to-Model

M2T Model-to-Text

xvii