论文信息 - Specifying and monitoring non-functional properties

Specifying and monitoring non-functional properties

This thesis focuses on the implementation and the control of non-functional safety properties during system execution. More concretely, it describes the development process of such properties, starting with the formal specification, the verification, and the runtime enforcement of the specified properties to avoid any undesired behavior. This thesis starts by studying and classifying the approaches on the specification and runtime verification of non-functional safety properties. When examining these approaches, the following observations are made. First, the non-functional properties are generally ignored in the early phases of the software development process. They are often addressed after the functional part is implemented, which has negative effects on the quality of the code. The approaches that use UML for modeling these properties cannot verify the absence of contradictions between the specified properties. In addition, UML lacks means to express various types of non-functional properties, such as temporal properties. Second, runtime verification approaches monitor the execution of the application at runtime and detect violations of the specified properties. However, just detecting the violation is not sufficient for critical applications. These approaches should enforce these properties and avoid the misbehavior of the system by skipping the execution of undesired events. Third, in current approaches the code for enforcing non-functional properties is mostly not encapsulated in separated modules. The implementation cuts across the functional application code. This lack of modularity leads to serious problems related to the quality of code and the possibility of changing those properties. The thesis shows a generic and holistic approach, called Seven-pro that combines formal methods and aspect-oriented programming for specifying and runtime enforcing non-functional safety properties. Seven-pro covers the whole development process of non-functional properties and avoids the gap between the specification and the implementation by automatically generating aspects from a high-level specification. The generated aspects will be integrated, in a modular way, in the functional application code for enforcing the formally specified properties at runtime. In addition, this thesis shows how Seven-pro covers different types of non-functional properties in distributed applications. This approach is applied to structural, qualitative and quantitative behavioral non-functional properties. This thesis presents three applications for the supported types of properties. In the context of structural properties, Seven-pro is applied for specifying and enforcing architectural properties of distributed object-oriented applications that are characterized by dynamic software architectures. Seven-pro uses a combination of Z notation and Petri nets to specify (a) the architectural styles with their architectural invariants, (b) the reconfiguration operations with their pre- and post-conditions, and (c) the coordination protocols describing the execution order of the reconfiguration operations. A verification step is performed to verify the consistency of the specification and the preservation of the architectural style after a reconfiguration of the architecture. After that, the Z and Petri nets specifications are automatically translated to AspectJ aspects to verify – before each reconfiguration operation – that all related architectural properties are satisfied. In the context of qualitative behavioral properties, Seven-pro is applied for specifying and enforcing static and dynamic separation of duties and different types and characteristics of delegation policies on top of role-based access control. In the specification phase, TemporalZ, a combination of Z notation and linear temporal logic, is used for formally specifying the supported policies. In the verification phase, the absence of contradictions between the specified policies is verified. In the implementation phase, the aspect language Alpha is extended with a new library for supporting the specified properties. In addition, TemporalZ specifications are automatically translated to Alpha aspects to control the access permissions according to the specified policies. In the context of quantitative behavioral properties, Seven-pro is applied for specifying and enforcing temporal properties in Web service compositions. To support both relative and absolute timed properties, a new formal language called XTUS-Automata is proposed which extends timed automata with the constructs of the XTUS language. After formally verifying the absence of deadlocks in timed automata specifications and verifying other properties related to the XTUS language, the XTUS-Automata specifications are automatically translated to AO4BPEL aspects.

Slim Kallel

[1] Mira Mezini,et al. An Overview of CaesarJ , 2006, LNCS Trans. Aspect Oriented Softw. Dev..

[2] Tadao Murata,et al. Petri nets: Properties, analysis and applications , 1989, Proc. IEEE.

[3] Antoni Ligeza,et al. Algebraic temporal specifications with extended TUS. Hierarchical granular terms and their applications , 2005, 17th IEEE International Conference on Tools with Artificial Intelligence (ICTAI'05).

[4] Anis Charfi,et al. Aspect-oriented workflow languages: AO4BPEL and applications , 2007 .

[5] Alan Bundy,et al. Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[6] David Garlan,et al. Software architecture: a roadmap , 2000, ICSE '00.

[7] Grigore Rosu,et al. Monitoring Java Programs with Java PathExplorer , 2001, RV@CAV.

[8] Gustavo Alonso,et al. Dynamic AOP with PROSE , 2005, CAiSE Workshops.

[9] Gregory D. Abowd,et al. Formalizing style to understand descriptions of software architecture , 1995, TSEM.

[10] Luis Daniel Benavides Navarro,et al. Explicitly distributed AOP using AWED , 2006, AOSD '06.

[11] Xiaoli Liu,et al. A Lightweight Framework for Code Generation from B Formal Specification , 2010, 2010 Second International Workshop on Education Technology and Computer Science.

[12] Sabrina De Capitani di Vimercati,et al. Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[13] Slim Kallel,et al. Using Aspects for Enforcing Formal Architectural Invariants , 2008, Electron. Notes Theor. Comput. Sci..

[14] H. Amjad,et al. Combining model checking and theorem proving , 2004 .

[15] Mira Mezini,et al. Adapting virtual machine techniques for seamless aspect support , 2006, OOPSLA '06.

[16] Gail-Joon Ahn,et al. The RSL99 language for role-based separation of duty constraints , 1999, RBAC '99.

[17] Luigi V. Mancini,et al. A graph-based formalism for RBAC , 2002, TSEC.

[18] Francisco Curbera,et al. Web Services Business Process Execution Language Version 2.0 , 2007 .

[19] Lidia Fuentes,et al. AO-ADL: An ADL for Describing Aspect-Oriented Architectures , 2007, EA@AOSD.

[20] Xiao Fu,et al. Modeling Dynamic Software Architecture Based on π-Net , 2006, 2006 2nd International Conference on Information & Communication Technologies.

[21] R. Unland,et al. Position Paper on Aspect-Oriented Modeling : Issues on Representing Crosscutting Features , 2003 .

[22] Bechir Zalila,et al. Designing dynamic reconfiguration for distributed real time embedded systems , 2010, 2010 10th Annual International Conference on New Technologies of Distributed Systems (NOTERE).

[23] Cristina V. Lopes,et al. Aspect-oriented programming , 1999, ECOOP Workshops.

[24] Grigore Rosu,et al. Towards Monitoring-Oriented Programming: A Paradigm Combining Specification and Implementation , 2003, RV@CAV.

[25] Yves Deville,et al. Synthesis of Programs in Computational Logic , 2004, Program Development in Computational Logic.

[26] Mark Strembeck,et al. An approach to engineer and enforce context constraints in an RBAC environment , 2003, SACMAT '03.

[27] Gail-Joon Ahn,et al. Role-based authorization constraints specification , 2000, TSEC.

[28] David Harel,et al. From multi-modal scenarios to code: compiling LSCs into aspectJ , 2006, SIGSOFT '06/FSE-14.

[29] Ezedin Barka,et al. Implementation of Role-Based Delegation Model / Flat Roles ( RBDM 0 ) , 2005 .

[30] Amiram Yehudai,et al. Obvious or not?: regulating architectural decisions using aspect-oriented programming , 2002, AOSD '02.

[31] Luciano Baresi,et al. A Timed Extension of WSCoL , 2007, IEEE International Conference on Web Services (ICWS 2007).

[32] Slim Kallel,et al. Combining Formal Methods and Aspects for Specifying and Enforcing Architectural Invariants , 2007, COORDINATION.

[33] Wolfgang Grieskamp,et al. Combining Z and Temporal Interval Logics for the Formalization of Properties and Behaviors of Embedded Systems , 1997, ASIAN.

[34] Rémi Douence,et al. Expressive scoping of distributed aspects , 2009, AOSD '09.

[35] Dianxiang Xu,et al. An aspect-oriented approach to mobile agent access control , 2005, International Conference on Information Technology: Coding and Computing (ITCC'05) - Volume II.

[36] Elnar Hajiyev,et al. Datalog as a pointcut language in aspect-oriented programming , 2006, OOPSLA '06.

[37] Frédéric Cuppens,et al. Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[38] Kung Chen,et al. An Aspect-Oriented Approach to Declarative Access Control for Web Applications , 2006, APWeb.

[39] Jaime A. Pavlich-Mariscal,et al. Enhancing UML to Model Custom Security Aspects [ Position Paper ] , 2007 .

[40] Indrakshi Ray,et al. Verifiable composition of access control and application features , 2005, SACMAT '05.

[41] David F. Ferraiolo,et al. On the formal definition of separation-of-duty policies and their composition , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[42] C. A. R. Hoare,et al. Proof of correctness of data representations , 1972, Acta Informatica.

[43] Andreas Schaad,et al. A model-checking approach to analysing organisational controls in a loan origination process , 2006, SACMAT '06.

[44] Slim Kallel,et al. Specifying and Monitoring Temporal Properties in Web Services Compositions , 2009, 2009 Seventh IEEE European Conference on Web Services.

[45] Lujo Bauer,et al. Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.

[46] Mary Shaw. Toward Higher-Level Abstractions for Software Systems , 1990, Data Knowl. Eng..

[47] Leslie Lamport. TLZ (Abstract) , 2000 .

[48] Awais Rashid,et al. A State-based Join Point Model for AOP , 2005 .

[49] Cui Zhang,et al. Generating Java Skeletal Code with Design Contracts from Specifications in a Subset of Object Z , 2006, 5th IEEE/ACIS International Conference on Computer and Information Science and 1st IEEE/ACIS International Workshop on Component-Based Software Engineering,Software Architecture and Reuse (ICIS-COMSAR'06).

[50] Grigore Rosu,et al. Mop: an efficient and generic runtime verification framework , 2007, OOPSLA.

[51] Lirong Dai,et al. Towards Aspect-oriented Model-driven Code Generation in the Formal Design Analysis Framework , 2007, Software Engineering Research and Practice.

[52] Jeannette M. Wing. A specifier's introduction to formal methods , 1990, Computer.

[53] Jan Jürjens,et al. UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[54] Philip W. L. Fong. Access control by tracking shallow execution history , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[55] Slim Kallel,et al. ForMAAD Method: An Experimental Design for Air Traffic Control , 2006, Int. Trans. Syst. Sci. Appl..

[56] Volker Stolz,et al. Temporal Assertions using AspectJ , 2006, Electron. Notes Theor. Comput. Sci..

[57] M. Gordon. HOL: A Proof Generating System for Higher-Order Logic , 1988 .

[58] Paul Golder,et al. A new architecture for a collaborative authoring system , 1993, Computer Supported Cooperative Work (CSCW).

[59] Mark Saaltink,et al. The Z/EVES Reference Manual (for Version 1.5) , 1997 .

[60] Indrakshi Ray,et al. An aspect-based approach to modeling access control concerns , 2004, Inf. Softw. Technol..

[61] Colin J. Fidge. Specification and Verification of Real-Time Behaviour Using Z and RTL , 1992, FTRTFT.

[62] Slim Kallel,et al. RDyMASS: Reliable and Dynamic Enforcement of Security Policies for Mobile Agent Systems , 2009, DPM/SETOP.

[63] Ernst-Rüdiger Olderog,et al. Specifying and analyzing security automata using CSP-OZ , 2007, ASIACCS '07.

[64] Slim Kallel,et al. A holistic approach for access control policies: from formal specification to aspect-based enforcement , 2009, Int. J. Inf. Comput. Secur..

[65] David E. Evans,et al. Flexible policy-directed code safety , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[66] Andreas Schaad. Detecting conflicts in a role-based delegation model , 2001, Seventeenth Annual Computer Security Applications Conference.

[67] Emil C. Lupu,et al. The Ponder Policy Specification Language , 2001, POLICY.

[68] Wouter Joosen,et al. Implementing a modular access control service to support application-specific policies in CaesarJ , 2005, AOMD '05.

[69] Lawrence C. Paulson,et al. Isabelle: The Next Seven Hundred Theorem Provers , 1988, CADE.

[70] Flemming Nielson,et al. Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[71] Robert A. Kowalski,et al. The Semantics of Predicate Logic as a Programming Language , 1976, JACM.

[72] B. Kitchenham,et al. Case Studies for Method and Tool Evaluation , 1995, IEEE Softw..

[73] Mahesh Viswanathan,et al. Java-MaC: A Run-Time Assurance Approach for Java Programs , 2004, Formal Methods Syst. Des..

[74] Ernst-Rüdiger Olderog,et al. Linking CSP-OZ with UML and Java: A Case Study , 2004, IFM.

[75] George S. Avrunin,et al. Property specification patterns for finite-state verification , 1998, FMSP '98.

[76] Marco Pistore,et al. Run-Time Monitoring of Instances and Classes of Web Service Compositions , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[77] Klaus Ostermann,et al. Back to the Future: Pointcuts as Predicates over Traces , 2005 .

[78] G. H. Hilderink,et al. Graphical modelling language for specifying concurrency based on CSP , 2003, IEE Proc. Softw..

[79] Sabrina De Capitani di Vimercati,et al. Access Control Policies, Models, and Mechanisms , 2011, Encyclopedia of Cryptography and Security.

[80] Doron Drusinsky,et al. The Temporal Rover and the ATG Rover , 2000, SPIN.

[81] Hanêne Ben-Abdallah,et al. MaC: A Framework for Run-Time Correctness Assurance of Real-Time Systems , 1998 .

[82] Ravi S. Sandhu,et al. PBDM: a flexible delegation model in RBAC , 2003, SACMAT '03.

[83] Gail-Joon Ahn,et al. A rule-based framework for role based delegation , 2001, SACMAT '01.

[84] Yeping He,et al. A Verifiable Formal Specification for RBAC Model with Constraints of Separation of Duty , 2006, Inscrypt.

[85] Mira Mezini,et al. Expressive Pointcuts for Increased Modularity , 2005, ECOOP.

[86] Lujo Bauer,et al. Enforcing Non-safety Security Policies with Program Monitors , 2005, ESORICS.

[87] Ramnivas Laddad. Aspect Oriented Refactoring , 2008 .

[88] Michael Haupt,et al. Efficient control flow quantification , 2006, OOPSLA '06.

[89] Régine Laleau,et al. Reuse of Specification Patterns with the B Method , 2003, ZB.

[90] Fred B. Schneider,et al. Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[91] Kim G. Larsen,et al. A Tutorial on Uppaal , 2004, SFM.

[92] Ratka Resanovica,et al. Software Support for Teaching Petri Nets: P3 , 2003 .

[93] Jim Woodcock,et al. Using Z - specification, refinement, and proof , 1996, Prentice Hall international series in computer science.

[94] Wolfgang Emmerich,et al. The monitorability of service-level agreements for application-service provision , 2007, WOSP '07.

[95] Rémi Douence,et al. Composition, reuse and interaction analysis of stateful aspects , 2004, AOSD '04.

[96] V. Sassone,et al. A distributed calculus for role-based access control , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[97] Karsten Sohr,et al. A temporal-logic extension of role-based access control covering dynamic separation of duties , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[98] Flávio Oquendo. π-Method: a model-driven formal method for architecture-centric software engineering , 2006, SOEN.

[99] Mohamed Jmaiel,et al. Describing dynamic software architectures using an extended UML model , 2006, SAC '06.

[100] Lirong Dai,et al. Formal design analysis framework: an aspect-oriented architectural framework , 2005 .

[101] Nazareno Aguirre,et al. A temporal logic approach to the specification of reconfigurable component-based systems , 2002, Proceedings 17th IEEE International Conference on Automated Software Engineering,.

[102] Krzysztof Sacha,et al. Evaluation of Software Quality , 2005, Software Engineering: Evolution and Emerging Technologies.

[103] Jun Sun,et al. Verification of Computation Orchestration Via Timed Automata , 2006, ICFEM.

[104] Thomas Ledoux,et al. An Aspect-Oriented Approach for Developing Self-Adaptive Fractal Components , 2006, SC@ETAPS.

[105] Leslie Lamport,et al. Proving the Correctness of Multiprocess Programs , 1977, IEEE Transactions on Software Engineering.

[106] David Harel,et al. S2A: A Compiler for Multi-modal UML Sequence Diagrams , 2007, FASE.

[107] Grigore Rosu,et al. Java-MOP: A Monitoring Oriented Programming Environment for Java , 2005, TACAS.

[108] Sam Malek. Effective Realization of Software Architectural Styles with Aspects , 2008, Seventh Working IEEE/IFIP Conference on Software Architecture (WICSA 2008).

[109] Karsten Sohr,et al. Formal specification of role-based security policies for clinical information systems , 2005, SAC '05.

[110] Mohamed Jmaiel,et al. Evaluation and Comparison of ADL Based Approaches for the Description of Dynamic of Software Architectures , 2005, ICEIS.

[111] Ingolf Krüger,et al. Runtime Verification of Interactions: From MSCs to Aspects , 2007, RV.

[112] Nawal Guermouche,et al. Timed Specification For Web Services Compatibility Analysis , 2008, Electron. Notes Theor. Comput. Sci..

[113] Lujo Bauer,et al. Composing security policies with polymer , 2005, PLDI '05.

[114] Raman Kazhamiakin,et al. Representation, Verification, and Computation of Timed Properties in Web , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[115] Stephan Philippi,et al. Automatic code generation from high-level Petri-Nets for model driven systems engineering , 2006, J. Syst. Softw..

[116] Mary Shaw,et al. An Introduction to Software Architecture , 1993, Advances in Software Engineering and Knowledge Engineering.

[117] Hong Yan,et al. DiscoTect: a system for discovering architectures from running systems , 2004, Proceedings. 26th International Conference on Software Engineering.

[118] Slim Kallel,et al. Toward an Aspect Oriented ADL for Embedded Systems , 2010, ECSA.

[119] Joseph E. Urban,et al. A methodology for the objective evaluation of the user/system interfaces of the MADAM system using software engineering principles , 1980, ACM-SE 18.

[120] Ramaswamy Chandramouli,et al. The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[121] Mohamed Jmaiel,et al. Towards a Unified Graph-Based Framework for Dynamic Component-Based Architectures Description in Z , 2004, The IEEE/ACS International Conference on Pervasive Services.

[122] Ingolf H. Krüger,et al. Automating software architecture exploration with M2Aspects , 2006, SCESM '06.

[123] Tian Zhao,et al. Improve pointcut definitions with program views , 2007, SPLAT.

[124] Yves Ledru,et al. Identifying pre-conditions with the Z/EVES theorem prover , 1998, Proceedings 13th IEEE International Conference on Automated Software Engineering (Cat. No.98EX239).

[125] Grigore Rosu,et al. Efficient Monitoring of Parametric Context-Free Patterns , 2008, ASE.

[126] Graeme Smith,et al. Temporal Logic and Z Specifications , 1989, Aust. Comput. J..

[127] Andrew C. Myers,et al. JFlow: practical mostly-static information flow control , 1999, POPL '99.

[128] R. McKenzie,et al. The logic of time representation , 1987 .

[129] Ravi S. Sandhu,et al. Role-based delegation model/hierarchical roles (RBDM1) , 2004, 20th Annual Computer Security Applications Conference.

[130] Kung Chen. Using dynamic aspects for delegating fine-grained access rights , 2005, 12th Asia-Pacific Software Engineering Conference (APSEC'05).

[131] Yliès Falcone,et al. You Should Better Enforce Than Verify , 2010, RV.

[132] Guy Gogniat,et al. A co-design approach for embedded system modeling and code generation with UML and MARTE , 2009, 2009 Design, Automation & Test in Europe Conference & Exhibition.

[133] Boualem Benatallah,et al. A Petri Net-based Model for Web Service Composition , 2003, ADC.

[134] Rémi Douence,et al. A Framework for the Detection and Resolution of Aspect Interactions , 2002, GPCE.

[135] Yaron Goland,et al. Web Services Business Process Execution Language , 2009, Encyclopedia of Database Systems.

[136] Daniel Le Métayer. Describing Software Architecture Styles Using Graph Grammars , 1998, IEEE Trans. Software Eng..

[137] Xiaoping Jia,et al. Code synthesis based on object-oriented design models and formal specifications , 1998, Proceedings. The Twenty-Second Annual International Computer Software and Applications Conference (Compsac '98) (Cat. No.98CB 36241).

[138] Gail-Joon Ahn,et al. Specification and classification of role-based authorization policies , 2003, WET ICE 2003. Proceedings. Twelfth IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003..

[139] Uirá Kulesza,et al. Towards an Integrated Aspect-Oriented Modeling Approach for Software Architecture Design , 2006 .

[140] Feza Buzluca,et al. A UML profile for role-based access control , 2009, SIN '09.

[141] Eric Bodden. Verifying finite-state properties of large-scale programs , 2009 .

[142] Ondrej Lhoták,et al. Adding trace matching with free variables to AspectJ , 2005, OOPSLA '05.

[143] Úlfar Erlingsson,et al. IRM enforcement of Java stack inspection , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[144] Mira Mezini,et al. AO4BPEL: An Aspect-oriented Extension to BPEL , 2007, World Wide Web.

[145] Slim Kallel,et al. Aspect-based enforcement of formal delegation policies , 2008, 2008 Third International Conference on Risks and Security of Internet and Systems.

[146] Frank Budinsky,et al. Eclipse modeling framework : a developer's guide , 2004 .

[147] Wolfgang Emmerich,et al. Efficient online monitoring of web-service SLAs , 2008, SIGSOFT '08/FSE-16.

[148] Steven A. Demurjian,et al. A formal enforcement framework for role-based access control using aspect-oriented programming , 2005, MoDELS'05.

[149] Iris Groher,et al. Generating Aspect Code from UML Models , 2003 .

[150] Laurence Duchien,et al. JAC: A Flexible Solution for Aspect-Oriented Programming in Java , 2001, Reflection.

[151] Howard Foster,et al. A rigorous approach to engineering web service compositions , 2006 .

[152] Indrakshi Ray,et al. Using aspects to design a secure system , 2002, Eighth IEEE International Conference on Engineering of Complex Computer Systems, 2002. Proceedings..

[153] David Notkin,et al. ArchJava: connecting software architecture to implementation , 2002, ICSE '02.

[154] Kevin W. Hamlen,et al. Computability classes for enforcement mechanisms , 2006, TOPL.

[155] Jonathan P. Bowen. Formal Specification and Documentation Using Z: A Case Study Approach , 1996 .

[156] David Harel,et al. On tracing reactive systems , 2011, Software & Systems Modeling.

[157] Gul Agha,et al. Concurrent Object-Oriented Programming and Petri Nets , 2001, Lecture Notes in Computer Science.

[158] Ravi Sandhu,et al. A Role-Based Delegation Model and Some Extensions , 2000 .

[159] Mohamed Jmaiel,et al. Towards a UML profile for the description of dynamic software architectures , 2005, COEA.

[160] Basit Shafiq,et al. A role-based access control policy verification framework for real-time systems , 2005, 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems.

[161] Jian Yang,et al. Specifying Role-Based Access Constraints with Object Constraint Language , 2004, APWeb.

[162] Etienne J. Khayat,et al. Formal Z Specifications of Several Flat Role-Based Access Control Models , 2006, 2006 30th Annual IEEE/NASA Software Engineering Workshop.

[163] J. Michael Spivey,et al. The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[164] Marcelo d'Amorim,et al. A Formal Monitoring-Based Framework for Software Development and Analysis , 2004, ICFEM.

[165] Slim Kallel,et al. From Formal Access Control Policies to Runtime Enforcement Aspects , 2009, ESSoS.

[166] Taewoong Jeon,et al. Architecture modeling language based on UML2.0 , 2004, 11th Asia-Pacific Software Engineering Conference.

[167] Slim Kallel,et al. Modeling and enforcing invariants of dynamic software architectures , 2012, Software & Systems Modeling.

[168] Michael J. Nash,et al. The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[169] Elisa Bertino,et al. TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[170] Kim Guldstrand Larsen,et al. Formal Methods for the Design of Real-Time Systems , 2004, Lecture Notes in Computer Science.

[171] Markus Endler,et al. Programming generic dynamic reconfigurations for distributed applications , 1992, CDS.

[172] Jim Alves-Foss,et al. A Trace-Based Model of the Chinese Wall Security Policy , 1999 .

[173] Mira Mezini,et al. Conquering aspects with Caesar , 2003, AOSD '03.

[174] Yi Deng,et al. Formally analyzing software architectural specifications using SAM , 2004, J. Syst. Softw..

[175] Thaís Vasconcelos Batista,et al. On the Interplay of Aspects and Dynamic Reconfiguration in a Specification-to-Deployment Environment , 2008, ECSA.

[176] William G. Griswold,et al. An Overview of AspectJ , 2001, ECOOP.

[177] Edmund M. Clarke,et al. Verification Tools for Finite-State Concurrent Systems , 1993, REX School/Symposium.

[178] David Basin,et al. Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[179] Elisa Bertino,et al. TRBAC: a temporal role-based access control model , 2000, RBAC '00.

[180] Rajeev Alur,et al. A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[181] Ashraf M. Salem,et al. Code Synthesis for Timed Automata: A Comparison Using Case Study , 2010, ASM.