VERIFICATION OF ASPECT-ORIENTED MODELS

Review of Aspect-Oriented Definitions aspect – crosscutting concern that may involve

multiple classes pointcut – tells where and when to insert code in a

program joinpoint – actual location to insert code advice – functional code to implement aspect

ASPECT ORIENTED PROGRAMMING

Improves modularity

Clean separation of concerns

Enables incremental improvements by

interweaving aspect code into base program

Difficult to predict the effect of a given aspect on the base program

VERIFICATION

Formal verification and analysis of AO system model

Consider AO model written in Aspect UML

Aspect interactions verified using Alloy model analyzer

ASPECT INTERACTION PROBLEMS

Violation of local properties: An advice or a join point’s pre/post condition is violated due to the weaving of an aspect

Violation of a class, aspect or system invariant due to the addition of an aspect

TELECOM SYSTEM (Aspect UML)

UML2Alloy

UML Semi Formal Language Not easy to perform verification and automated

analysis Alloy

Formal Language Allows verification and automated analysis Increases reliability of software systems

UML2Alloy

Need not be familiar with Alloy Create a model in UML Convert it to an Alloy Model using UML2Alloy

(Automated) Specify an OCL statement. Tool transforms

this statement into alloy and evaluates it on th e alloy model

PROCESS FOR ANALYSIS(use Aspect-UML or UML2ALLOY)

VERIFICATION OF UML MODELS WITH ALLOY

What is Alloy Analyzer? Formal language for structured modeling based on

first order logic and ideas from Z http://alloy.mit.edu/alloy4 (need Java5 RTE)

Used for verification of agent-oriented, service-oriented, and aspect-oriented models

Provides verification for interactions

ALLOY ANALYZER FEATURES

Provides a structured specification consisting of the following types of elements: signatures, facts, predicates, and assertions

Checks small model instances Provides an automatic analysis

1) simulation - evaluates predicates (states of the model) for consistency

2) checking – proves validity of assertions

UML2Alloy – Transformation Rules

EXAMPLE: SECURITY SYSTEM

Security System Design Methodology

MAN IN THE MIDDLE ATTACKER

SOLUTION TO PROBLEM

The security mechanism for authentication chosen was TLS which involved passing certificates between a client and server.

The mechanism was verified by the Alloy Analyzer.

ReferencesF. Mostefaoui and J. Vachon,” Design level Detection of Interactions inAspect-UML models using Alloy”, Journal of Object Technology, vol. 6, no.7, Special Issue: Aspect-Oriented Modeling, pp 137–165, 2007.

B. Bordbar, “UML2ALLOY: A Tool For Lightweight Modelling Of Discrete EventSystems,” In Proceedings of IADIS Applied Computing (Algarve,Portugal, February 22, 2005)

G. Georg, “An Aspect-oriented Methodology for Designing SecureApplications,” Information and Software Technology, vol. 51, no. 5, pp. 846-864, 2009.

F. Mostefaoui and J. Vachon,”Verification of Aspect-UML models using Alloy,”In Proceedings of the 10th International workshop on Aspect-OrientedModeling (Van Couver, Canada, March, 2007) pp. 41-48.

Farida Mostefaoui DIRO, University of Montreal Quebec, Canadamostefaf@iro.umontreal.caJulie Vachon DIRO, University of Montreal Quebec, Canadavachon@iro.umontreal.ca

Permission to make digital or hard copies of all or part of this work forpersonal or classroom use is granted without fee provided that copies arenot made or distributed for profit or commercial advantage and that copiesbear this notice and the full citation on the first page. To copy otherwise, torepublish, to post on servers or to redistribute to lists, requires prior specificpermission and/or a fee.Workshop AOM ’07, March 12-13, 2007 Vancouver, British Columbia,Canada Copyright 2007 ACM 1-59593-658-5/07/03... $5.00