An Aspect-Oriented Approach to Modeling Pervasive Dependability Features Robert France
advertisement
An Aspect-Oriented Approach to Modeling Pervasive Dependability Features Robert France Department of Computer Science Colorado State University University of Oslo, 2005 MDD Research at CSU • Professors – – – – Robert France: modeling, formal methods Sudipto Ghosh: distributed systems, testing Jim Bieman: metrics, empirical studies Indrakshi Ray: security, databases • Research Scientist: Geri Georg • Students: Raghu Reddy, Devon Simmonds, Eunjee Song, Dinh-Trong Trung, Dan Matheson, … • Model-Driven Development Research Areas (http://www.colostate.edu/~france) – Testing UML Models – Domain-specific modeling using patterns – Aspect-oriented modeling (AOM) University of Oslo, 2005 Problem How do we engineer dependable software systems? How can we systematically incorporate pervasive security features into a software system? University of Oslo, 2005 Outline • Motivation • Overview of Aspect-Oriented Modeling (AOM) • Separating Security Features: Modeling Access Control • Limitations and Open Issues • AOM versus AOP • Conclusion University of Oslo, 2005 Motivation • Some factors contributing to complexity – Designers of dependable systems must address multiple, competing functional and nonfunctional concerns – The manner in which an objective is realized or treated can affect how other objectives are treated • Need techniques for balancing functional and nonfunctional objectives University of Oslo, 2005 Motivation - 2 • A design modularization based on the a subset of features may result in the distribution of elements of features across design modules. – Design decomposition strategy typically based on functional features – Pervasive dependability features (e.g., security, fault tolerance University of Oslo, 2005 Motivating Example • Consider a system that manages information about clients and resources that is required to protect access to managed information and to be fault tolerant. – A decomposition strategy based on functional concerns can result in classes representing concepts such as Resource Management, Resource Repository, Client Management, Client Repository. • Decomposition based on functional concepts results in distributed access control and replication features – The classes representing functional concepts will also include fault tolerance and security functionality University of Oslo, 2005 An Example of Crosscutting Features Access control feature replication feature University of Oslo, 2005 The problem with cross-cutting features • … understanding and changing them! – Information is distributed – Maintaining consistency in the presence of changes is problematic – Difficult to consider alternative treatments • Lack of attention to balancing concerns early in the development cycle can lead to major rearchitecting in later stages of development University of Oslo, 2005 A solution: Aspect-Oriented Modeling (AOM) • Localize crosscutting features – Eases understanding of crosscutting features – Eases evolution of features – Eases replacement of features with alternatives • Aspect-oriented modeling allows developers to conceptualize, describe and communicate crosscutting features separately University of Oslo, 2005 Key Concepts • A concern is a problem and a set of properties that determines acceptable solutions. – Concerns are addressed/treated in a design • A concern solution (or feature) model is a description of a solution that addresses the problem represented by the concern • A feature (description) that is distributed across the modules of a model is said to crosscut the model • An aspect model is a description of a crosscutting feature. University of Oslo, 2005 Isolating Crosscutting Features Crosscutting features can be isolated if distributed elements have common structural and behavioral features – Isolated features can be described as patterns University of Oslo, 2005 Checks whether caller can carry out operation Performs operation Stores authorizations University of Oslo, 2005 The Access Control Aspect Model University of Oslo, 2005 instantiation of AuthorizationRepository University of Oslo, 2005 instantiation of instantiation of AuthorizationRepository AuthorizationRepository University of Oslo, 2005 Aspect Models • (Generic) aspect model: A feature pattern describing common properties of distributed elements of a crosscutting feature • Context-specific aspect model: An instantiation of a (generic) aspect model – Instantiating an aspect model essentially determines where an aspect is to be woven in a base model – Similar to defining join points in AOP University of Oslo, 2005 Aspect-Oriented Design Modeling • An AOM design model consists of – a primary model: reflects core design decisions – aspect models: each describes a crosscutting feature – composition directives: constrain how aspect models are composed with the primary model University of Oslo, 2005 A Basic AOM Approach Model Composition Composition Directives University of Oslo, 2005 Composed Model Composition Process Overview • Composition involves 1. Instantiating aspect models to produce contextspecific aspect models 2. Composing context-specific aspect and primary models • Step 2 uses a basic name-based composition procedure – • Elements in the context-specific aspect are merged with elements with the same names in the primary model Composition directives can be used to override the default name-based procedure University of Oslo, 2005 (Generic) aspect model Context-specific aspect models Primary model University of Oslo, 2005
