TrustSoft - Graduate School on Trustworthy Software Systems
Final Program:
Invited Industrial Speaker Huascar Espinoza canceled his presentation.
|
9:25-10:30 |
Technical Contributions Session | |||||
| 9:25-9:30
|
Wellcome and Introduction
|
|||||
|
9:30-10:30 (45+15min)
|
Invited Speaker, Dorina C. Petriu, "Performance Analysis of Aspect-Oriented UML Models" [video]
|
|||||
| 10:30-11:00
|
Coffee Break |
|||||
|
11:00-12:30 |
Technical Contributions Session
|
|||||
|
11:00-11:30 (20+10min) |
Richard Paige, Louis Rose, Dimitrios Kolovos, Phil Brooke and Xiaocheng Ge, "Automated Safety Analysis for Domain-Specific Modeling Languages" [pdf] [video]
|
|||||
|
11:30-12:00 (20+10min) |
Gabriel Pedraza-Ferreira and Jacky Estublier, "An Extensible Services Orchestration Framework through Concern Composition" [pdf] [video] |
|||||
|
12:00-12:15 (10+5min) |
Moran Kupfer and Irit Hadar, "Understanding and Representing Deployment Requirements for Achieving Non-Functional System Properties" [pdf] [video] |
|||||
|
|
12:15-12:30 (10+5min) |
Andreas Petter, Alexander Behring, Miroslav Zlatkov, Joachim Steinmetz and Max Mühlhäuser, |
||||
| 12:30-14:00
|
Lunch Break (Lunch is not organized) |
|||||
|
14:00-15:30 |
Position Papers Session
|
|||||
|
14:00-14:30 (20+10min) |
Gunter Mussbacher, Jon Whittle and Daniel Amyot, "Towards Semantic-based Aspect Interaction Detection" [pdf] [video] |
|||||
|
14:30-15:00 (20+10min)
|
Christiano Braga, "From Access Control Policies to an Aspect-based Infrastructure: A Metamodel-based Approach" [pdf] [video] |
|||||
|
15:00-15:15 (10+5min)
|
Michael Giddings, Jan Jürjens and Pat Allen, "Challenges for the Model-based Development of Distributed Real Time Systems" [pdf] [video] |
|||||
| 15:15-15:30 | Goals establishment of the discussion session
|
|||||
| 15:30-16:00
|
Coffee Break |
|||||
|
16:00-17:30 |
Discussion Session
|
|||||
| 16:00-17:20 | Discussion
|
|||||
| 17:20-17:30 | Conclusions and Outlook | |||||
"Performance Analysis of Aspect-Oriented UML Models"
Abstract: Aspect-Oriented Modeling (AOM) techniques allow software designers to address separately solutions for crosscutting concerns. Current AOM research is interested not only in conceptualizing and expressing different concerns separately and then composing them into a complete system model, but also in analyzing different non-functional properties of such models. This talk presents an approach for analyzing the performance effects of given aspects on the overall system performance, after the composition of the aspect models with the system’s primary model. Performance analysis of UML models is enabled by the "UML Performance Profile for Schedulability, Performance and Time" (SPT) standardized by OMG in 2003, and its replacement, the “UML Profile for Modeling and Analysis of Real-Time and Embedded systems” (MARTE) adopted in June 2007, which define a set of quantitative performance annotations to be added to a UML model. In order to conduct a quantitative performance analysis, an annotated UML model is transformed into a performance model (such as queueing networks, Petri nets, stochastic process algebra, etc.), which can be solved with existing performance analysis tools.
The talk will discuss at first the kind of performance annotations that need to be added to UML models, and the principles for transforming annotated software models into performance models. Such a transformation must bridge a large semantic gap between the source and the target model, as performance models abstract away many details of the original software model. The talk will also discuss how to extend the approach for performance analysis of UML models to aspect-oriented models.
Dorina C. Petriu is a Professor in the Department of Systems and Computer Engineering at Carleton University, Ottawa, Canada. She received a Dipl. Eng. degree in computer engineering from the Polytechnic University of Timisoara, Romania, and a Ph.D. degree in electrical engineering from Carleton University. Her main research interests are in the areas of performance modelling and software engineering, with emphasis on integrating performance engineering into the software development process. She was a contributor to the “UML Profile for Schedulability, Performance and Time” (SPT) standardized by OMG, and and its replacement, the "UML Profile for Modeling and Analyzing Real-Time and Embedded systems (MARTE)" standard. Dr. Petriu is a Fellow of the Engineering Institute of Canada, a Senior Member of I.E.E.E. and a member of A.C.M.
Richard Paige, Louis Rose, Dimitrios Kolovos, Phil Brooke and Xiaocheng Ge,
"Automated Safety Analysis for Domain-Specific Languages"
Abstract: Critical systems must be shown to be acceptably safe and secure to deploy and use in their environment. But the size, scale, heterogeneity, and distributed nature of these increasingly complex systems makes them difficult to verify and analyse. Additionally, domain experts use a variety of languages to model and build their systems. We present an automated safety analysis technique, Fault Propagation and Transformation Analysis, and explain how it can be used for automatically calculating the failure behaviour of an entire system from the failure behaviours of its components. We outline an implementation of the technique in the Epsilon model management platform, thus allowing it to be used in combination with state-of-the-art model management languages and tools, and making it applicable to a variety of different domain-specific modelling languages.
Gabriel Pedraza-Ferreira and Jacky Estublier,
"An Extensible Services Orchestration Framework through Concern Composition"
Abstract: Service composition is one of the major ways to get new applications out of existing software components (services). The focus so far was mainly on composition formalisms, while most of the real hard issues are related to the many concerns that must be combined, and the limited help provided by the current tools. In this paper we present an approach and a platform in which a service based application is defined through different models along different concerns. The FOCAS platform includes some basic concerns (control, service, and data) and provides support for composition with any other concerns. The platform provides support for the definition of non-functional concerns in the form of annotations over the orchestration model.
The paper shows the concepts and the technology allowing to define an application as a composition of concerns, functional or not, and shows the experience with the concerns currently supported by the FOCAS platform.
Gunter Mussbacher, Jon Whittle and Daniel Amyot,
"Towards Semantic-Based Aspect Interaction Detection"
Abstract: Interactions between dependent or conflicting aspects are a well-known problem with aspect-oriented development. These interactions are potentially dangerous and can lead to unexpected or incorrect results when aspects are composed. To date, there have been very few attempts to address this issue at the modeling level. We present a new approach for detecting interactions that is based on lightweight semantic annotations of aspect models. Each aspect model is annotated with domain-specific markers and a separate goal model describes how semantic markers from different domains influence each other. When aspect models are composed, the composed model is inspected for any semantic markers that potentially conflict. This is achieved by propagating values through the goal model to see which goals (typically non-functional properties) are satisficed by the composition and which are not. The technique can be used both to highlight potential aspect conflicts and to trade-off aspects. We illustrate the approach using two aspect techniques.
"From Access Control Policies to an Aspect-based Infrastructure: A Metamodel-based Approach"
Abstract: Security is among the most successful applications of aspect oriented concepts. In particular, in role-based access control, aspects capture access conditions in a quite modular way. The question we address in this paper is how can aspects be generated from access control policies under a validated process?
We present a metamodel-based transformation from SecureUML, a role based access control language, to an abstract aspect language where a security policy is understood as an instance of SecureUML’s metamodel and the generated aspect is understood as an instance of the aspects' metamodel. The merged metamodel of SecureUML and aspects is used to guarantee that the generated aspect is consistent with the given security policy. The validation of the transformation is done by evaluating the invariants on all involved metamodels.
We have prototyped our approach as a Java application on top of ITP/
OCL, a rewriting-based OCL evaluator. It outputs validated AspectJ
code from a SecureUML policy.
"Evaluating MARTE in the Automotive Industry: Challenges for AUTOSAR Time Modeling"
Abstract: The TIMMO project is defining a timing framework complementing the AUTOSAR standard, which aims to ease integration of software pieces into predictable system-level applications. In this talk, we assess MARTE from three TIMMO perspectives: modeling concepts to enable timing analysis, expressiveness to cover common issues in automotive applications and, best practices for managing complexity in modeling languages.
Huascar Espinoza is a researcher of the Model Driven Engineering Labs at CEA LIST. He obtained his Ph.D. in Computer Science in 2007. His research interests center on model-driven development of real-time systems, architecture evaluation, and verification techniques. He is co-author of the OMG standard for Modeling and Analyzing Real-Time and Embedded systems (MARTE) with UML. His duties in MARTE included the leading of the Non-Functional Properties and the Schedulability analysis modeling frameworks. He currently participates in a number of European and French research projects including TIMMO and ATESST2 for the automotive industry.
Michael Giddings, Jan Jürjens and Pat Allen,
"Challenges for the Model-based Development of Distributed Real Time Systems"
Abstract: Large distributed Real Time systems are time consuming to develop. They frequently cost more than estimated and frequently overrun. Model Driven Architecture has claimed to be able to address some of the issues that cause these problems. A high level of abstraction and automatic translation between models may help. Platform Independent models for the individual components of the system mixed with scheduling information may enable functional changes and real performance to be assessed early in the development. Establishing different views from the requirements repository may better fit the development engineers skill and reduce errors. This is a position paper that discusses current challenges for the model-based development of distributed real time systems and how they might be overcome.
"Understanding and Representing Deployment Requirements for Achieving Non-Functional System Properties"
Abstract: Deployment requirements describe the precise, desired configuration
of a software system. They relate the system’s non functional requirements to
its architecture, providing a basis for making decisions about design trade-offs
in terms of the resulting system's non functional properties. The purpose of this
position paper is to propose a research direction towards developing an
approach for reasoning about deployment decisions. Its main objective is to
quantitatively evaluate and select between different potential architecture
solutions in order to shorten customer time-to-value and increase satisfaction.
In this paper we analyze the relationship between deployment requirements and
non-functional properties, and discuss work in progress of developing a
deployment-based methodology for evaluating software architecture.
Andreas Petter, Alexander Behring, Miroslav Zlatkov, Joachim Steinmetz and Max Mühlhäuser,
"Modeling Usability in Model-Transformations"
Abstract: Developers of transformations for user interface models should have the option to implement transformation rules, which support usability. Model transformation languages should then be able to support their implementation. We identify the features that are commonly needed in the transformation language and give an example in a QVT Relations dialect.