Automated verification of security pattern compositions

Software security becomes a critically important issue for software development when more and more malicious attacks explore the security holes in software systems. To avoid security problems, a large software system design may reuse good security solutions by applying security patterns. Security patterns document expert solutions to common security problems and capture best practices on secure software design and development. Although each security pattern describes a good design guideline, the compositions of these security patterns may be inconsistent and encounter problems and flaws. Therefore, the compositions of security patterns may be even insecure. In this paper, we present an approach to automated verification of the compositions of security patterns by model checking. We formally define the behavioral aspect of security patterns in CCS through their sequence diagrams. We also prove the faithfulness of the transformation from a sequence diagram to its CCS representation. In this way, the properties of the security patterns can be checked by a model checker when they are composed. Composition errors and problems can be discovered early in the design stage. We also use two case studies to illustrate our approach and show its capability to detect composition errors.     

A Trustworthy Proof Checker

Proof-carrying code (PCC) and other applications in computer security require machine-checkable proofs of properties of machine-language programs. The main advantage of the PCC approach is that the amount of code that must be explicitly trusted is very small: it consists of the logic in which predicates and proofs are expressed, the safety predicate, and the proof checker. We have built a minimal proof checker, and we explain its design principles and the representation issues of the logic, safety predicate, and safety proofs. We show that the trusted computing base (TCB) in such a system can indeed be very small. In our current system the TCB is less than 2,700 lines of code (an order of magnitude smaller even than other PCC systems), which adds to our confidence of its correctness.     

How to Implement a Safe Real-Time System:The OBSERV Implementation of the Production Cell Case Study

The Production Cell example was chosen by FZI (the Computer Science Research Center), in Karlsruhe. to examine the benefits of formal methods for industrial applications. This example was implemented in more than 30 formalisms. This paper describes the implementation of the Production Cell in OBSERV. The OBSERV methodology for software development is based on rapid construction of an executable specification, or prototype, of a system, which may be examined and modified repeatedly to achieve the desired functionality. The objectives of OBSERV also include facilitating a smooth transition to a target system, and providing means for reusing specification, design, and code of systems, particularly real-time reactive systems. In this paper we show how the methods used in the OBSERV implementation address the requirements imposed by reactive systems. We describe the OBSERV implementation of the Production cell, explain design decisions, with special emphasis on reusability and safety issues. We demonstrate how to take care of safety and liveness properties required for this example. These properties are checked by means of simulation and formally proved with a model checker.     

面向Java语言的设计模式抽取方法的研究

从源码中抽取设计模式对于提高软件可理解性和可维护性、软件设计重用以及软件重构具有重要意义。文章面向Java语言提出了一个从源码中抽取设计模式的方法。具体地,研究了一种特定的设计模式描述方法、定义了源码信息模型及其化简方法,以此为基础提出了设计模式模型和源码模型的匹配方法。特别讨论了在抽取设计模式时与container类相关的问题及其解决方案。最后根据抽取结果从模式及其实例的角度对方法进行了评价,并提出了必要的优化技术。     

基于SFTA的桥接模式安全性分析

采用软件故障树分析法,通过一个应用桥接模式的实例研究在软件设计中引入设计模式对软件安全性的影响。结果表明,单纯引入桥接模式,软件的安全性约降低50%,但引入设计模式使得软件模块之间解耦合,通过加入双余量设计,可以使软件安全性提高2个数量级。该结论对安全关键软件面向对象的设计具有指导作用。     

面向Agent的软件设计模式

设计模式针对一类在特定上下文中反复出现的问题给出了通用解决方案,模式的提取和重用有助于提高软件开发的效率和质量,其思想和方法已在面向对象软件工程中得到广泛应用和验证。我们认为同一问题采用不同的实现技术往往具有不同的设计形态,不同软件开发范型也有其各自不同的设计模式。作为一种新颖的软件开发范型,近年来面向Agent软件工程的研究取得了长足进展,如何提高软件Agent技术实用性,发挥其技术潜力,扩大其应用范围成为当前人们关注的焦点。本文将模式思想引入到面向Agent软件工程,针对软件Agent技术的特点,从组织结构、交互协作和个体Agent体系结构三个视点提出了一组面向Agent的软件设计模式,以支持多Agent系统的设计;并进一步给出了面向Agent设计模式的描述框架,进行了典型设计模式和应用案例的分析。     

Petri网模型的扩展与检测

扩展了基本Petri网，提出了更加适合模型检测的MCPN方法，并将MCPN模型转换成模型检测工具SPIN的输入语言——PROMELA。使用SPIN完成对系统模型的检测，以提高软件设计的可靠性。在转换过程中，考虑了对当前情态下处于激活状态的多个变迁的同时激发；并提出了一种处理Petri网公平性问题的解决方案。     

一种面向对象的软件设计模式库的设计

成功地利用模式可以有效提高软件的开发效率和设计质量,通用模式具有较强的普适性,结合具体领域特点形成的实例模式具有更强、更具体的指导作用。为了实现一个辅助设计模式复用的CASE工具,对设计模式的几个面向对象的原则进行分析,提出了一种面向对象的分布式软件实例模式库来存储设计模式,并给出相应的类层次库组织结构、分布式的交互管理和基于聚类的多级索引方法及面向对象的嵌套索引方法。依此存储模式以更有效地管理和利用模式。     

Towards pattern‐based architectures for event processing systems

Recently, event processing (EP) has gained considerable attention as an individual discipline in computer science. From a software engineering perspective, EP systems still lack the maturity of well‐established software architectures. For the development of industrial EP systems, generally accepted software architectures based on proven design patterns and principles are still missing. In this article, we introduce a catalog of design patterns that supports the development of event‐driven architectures (EDAs) and complex EP systems. The design principles originate from experiences reported in publications as well as from our own experiences in building EP systems with industrial and academic partners. We present several patterns on different layers of abstractions that define the overall structure as well as the building blocks for EP systems. Architectural patterns that determine the top‐level structure of an EDA can be distinguished from design patterns that specify the basic mechanisms of EP. The practical application of the catalog of patterns is described by the pattern‐based design of a sample EDA for a sensor‐based energy control system. Finally, we propose a coherent and general reference architecture for EP derived from the proposed patterns.Copyright © 2013 John Wiley & Sons, Ltd.     

Preserving architectural pattern composition information through explicit merging operators

Composable software systems have been proved to support the adaptation to new requirements thanks to their flexibility. A typical method of composable software development is to select and combine a number of patterns that address the expected quality requirements. Therefore, pattern composition has become a crucial aspect during software design. One of the shortcomings of existing work about pattern composition is the vaporization of composition information which leads to the problem of traceability and reconstructability of patterns. In this paper we propose to give first-class status to pattern merging operators to facilitate the preservation of composition information. The approach is tool-supported and an empirical study has also been conducted to highlight its effectiveness. By applying the approach on the composition of a set of formalized architectural patterns, including their variants, we have shown that composed patterns have become traceable and reconstructable.     

基于ACE框架的高效网络通信的研究

由于操作系统及通信平台的多样性,通信软件开发者往往要面对诸多问题,而ACE的框架和设计模式可以帮助我们消除复杂性。该文介绍了利用ACE实现通信软件的设计机制和优越性,概述了ACE的反应器、事件处理器、接受器、连接器等框架,并且通过创建服务端和客户端的实例来进一步说明ACE的灵活性和方便性。     

XSLT‐based evolutions and analyses of design patterns

Design patterns document flexible designs that may evolve over time. Design pattern evolution typically involves the addition or removal of a group of modeling elements, such as classes, attributes, operations, and relationships. However, the possible evolutions of each design pattern are often not explicitly documented. Missing part of the evolution process may result in inconsistent evolution. Pattern instances may interact with each other making the evolution of design patterns more error‐prone. Undetected design errors and inconsistencies may cause failures of systems. In this paper, we propose a service‐oriented architecture for design pattern evolution and analysis based on two‐level transformations, thus making the possible evolutions of each design pattern explicit. In addition, we automate the evolution processes as XSLT transformations that can transform the unified modeling language (UML) model of a design pattern application into the evolved UML model of the pattern. Both the original and evolved UML models are represented in the XML Metadata Interchange format to facilitate the transformations. Furthermore, we check the consistency of the evolution results using the semantic web checker based on the Java Theorem Prover. A case study on a large real‐world system is presented to illustrate and evaluate our approach. Copyright © 2009 John Wiley & Sons, Ltd.     

基于ACE框架的高效网络通信的研究

由于操作系统及通信平台的多样性，通信软件开发者往往要面对诸多问题，而ACE的框架和设计模式可以帮助我们消除复杂性。该文介绍了利用ACE实现通信软件的设计机制和优越性，概述了ACE的反应器、事件处理器、接受器、连接器等框架，并且通过创建服务端和客户端的实例来进一步说明ACE的灵活性和方便性。     

Pattern-based design evolution using graph transformation

In recent years, design patterns gain more interest in software engineering communities for both software development and maintenance. As a template to solve a certain recurring problem, a design pattern documents successful experiences of software experts and gradually becomes the design guidelines of software development. Applying design patterns correctly can improve the efficiency of software design in terms of reusability and enhance maintainability during reverse engineering. Software can be evolved when developers modify their initial designs as requirements change. For instance, a developer may add/delete a set of design elements, such as classes and methods. Modifications on software artifacts can introduce conflicts and inconsistencies in the previously applied design patterns, which are difficult to find and time-consuming to correct. This paper presents a graph-transformation approach to pattern level design validation and evolution. Based on a well founded formalism, we validate a given design by a graph grammar parser and automatically evolve the design at pattern level using a graph-transformation system. Rules for potential pattern evolutions are predefined. The graph-transformation approach preserves the integrity and consistency of design patterns in the system when designs change. A prototype system is built and a case study on the Strategy pattern demonstrates the feasibility of pattern-based design validation and evolution using graph transformation techniques.     

Blending design patterns with aspects: A quantitative study

Design patterns often need to be blended (or composed) when they are instantiated in a software system. The composition of design patterns consists of assigning multiple pattern elements into overlapping sets of classes in a software system. Whenever the modularity of each design pattern is not preserved in the source code, their implementation becomes tangled with each other and with the classes’ core responsibilities. As a consequence, the change or removal of each design pattern will be costly or prohibitive as the software system evolves. In fact, composing design patterns is much harder than instantiating them in an isolated manner. Previous studies have found design pattern implementations are naturally crosscutting in object-oriented systems, thereby making it difficult to modularly compose them. Therefore, aspect-oriented programming (AOP) has been pointed out as a natural alternative for modularizing and blending design patterns. However, there is little empirical knowledge on how AOP models influence the composability of widely used design patterns. This paper investigates the influence of using AOP models for composing the Gang-of-Four design patterns. Our study categorizes different forms of pattern composition and studies the benefits and drawbacks of AOP in these contexts. We performed assessments of several pair-wise compositions taken from 3 medium-sized systems implemented in Java and two AOP models, namely, AspectJ and Compose*. We also considered complex situations where more than two patterns involved in each composition, and the patterns were interacting with other aspects implementing other crosscutting concerns of the system. In general, we observed two dominant factors impacting the pattern composability with AOP: (i) the category of the pattern composition, and (ii) the AspectJ idioms used to implement the design patterns taking part in the composition.     

物流信息系统中设计模式的应用

随着信息系统的不断发展,客户对软件系统提出了更高的要求。由于软件开发固有的复杂性、软件实现的不易复制性,软件的生产过程面临许多问题。设计模式提供了对问题簇的设计精良的解决方案。文中通过在物流信息系统中引入设计模式,具体分析了三种代表性的设计模式在物流信息系统中的应用,证明了模式设计的引入有助于提高软件的可复用性、可维护性以及稳定性和安全性。     

基于故障配置的故障树生成

故障树分析是提高系统安全性和可靠性的有效方法。传统的人工故障树生成方式难以解决当前系统的庞大规模与复杂性的问题,且容易出错。为此,提出基于故障配置的故障树生成方法,引入软件产品线的可变性管理,用于系统故障建模与形式化分析。首先,定义故障特征图模型用于刻画系统故障间的约束关系,基于Kripke结构定义故障标记迁移系统来描述系统的行为;然后,基于模型的语义建立通过模型检测生成故障树的过程;最后,通过时序逻辑描述系统安全属性,利用模型检测工具SNIP验证安全属性进而生成故障树。案例研究验证了该方法的有效性。     

A new method for detecting various variants of GoF design patterns using conceptual signatures

Software design patterns are well-known solutions for solving commonly occurring problems in software design. Detecting design patterns used in the code can help to understand the structure and behavior of the software, evaluate the quality of the software, and trace important design decisions. To develop and maintain a software system, we need sufficient knowledge of design decisions and software implementation processes. However, the acquisition of knowledge related to design patterns used in complex software systems is a challenging, time-consuming, and costly task. Therefore, using a suitable method to detect the design patterns used in the code reduces software development and maintenance costs. In this paper, we proposed a new method based on conceptual signatures to improve the accuracy of design pattern detection. So we used the conceptual signatures based on the purpose of patterns to detect the patterns’ instances that conform to the standard structure of patterns, and cover more instances of patterns’ variants and implementation versions of the patterns and improve the accuracy of pattern detection. The proposed method is a specific process in two main phases. In the first phase, the conceptual signature and detection formula for each pattern is determined manually. Then in the second phase, each pattern in the code is detected in a semi-automatic process using the conceptual signature and pattern detection formula. To implement the proposed method, we focused on GoF design patterns and their variants. We evaluated the accuracy of our proposed method on five open-source projects, namely, Junit v3.7, JHotDraw v5.1, QuickUML 2001, JRefactory v2.6.24, and MapperXML v1.9.7. Also, we performed our experiments on a set of source codes containing the instances of GoF design patterns’ variants for a comprehensive and fair evaluation. The evaluation results indicate that the proposed method has improved the accuracy of design pattern detection in the code.