Tutorial 1: Critical Systems Development
with UML and Model-based Testing
Jan Jürjens (Munich University of Technology, DE)
[Tuesday, 23 September 2003 - full day: 09:00-18:00]
Biographical Sketch. Jan
Jurjens is a researcher at TU Munich (Germany). He is the author of a book
on Secure Systems Development with UML (Springer-Verlag, due in 2003) and
over 20 papers in international refereed journals and conferences, mostly
on computer security and software engineering, and has given 4 invited talks
at international conferences. He has created and lectured a course on secure
systems development at the University of Oxford and 15 tutorials on his
research at leading international conferences. He is the initiator and current
chair of the working group on Formal Methods and Software Engineering for
Safety and Security (FoMSESS) within the German Society for Informatics (GI).
He is a member of the executive board of the Division of Safety and Security
within the GI, a member of the advisory board of the Bavarian Competence
Center for Safety and Security, and a member of the IFIP Working Group 1.7
"Theoretical Foundations of Security Analysis and Design". He has been leading
various security-related projects with industry.
Tutorial Abstract. The high quality development of critical systems (be it
dependable, security-critical, real-time, performance-critical, or hybrid
systems) is difficult. Many critical systems are developed, fielded, and
used that do not satisfy their criticality requirements, sometimes with spectacular
failures. Part of the difficulty of critical systems development is that
correctness is often in conflict with cost. Where thorough methods of system
design pose high cost through personnel training and use, they are all too
often avoided. UML offers an unprecedented opportunity for high-quality critical
systems development that is feasible in an industrial context. As the de-facto
standard in industrial modeling, a large number of developers is trained
in UML. Compared to previous notations with a user community of comparable
size, UML is relatively precisely defined. A number of analysis, testing,
simulation, transformation and other tools are developed to assist the every-day
work using UML. However, there are some challenges one has to overcome to
exploit this opportunity, which include the following: adaptation of UML
to critical system application domains, correct use of UML in the application
domains, conflict between flexibility and unambiguity in the meaning of a
notation, improving tool-support for critical systems development with UML.
The tutorial aims to give background
knowledge on using UML for critical systems development and to contribute
to overcoming these challenges. In particular, we consider model-based
testing, where test sequences are generated from an abstract system specification
to provide confidence in the correctness of an implementation. For critical
systems, finding tests likely to detect possible failures or vulnerabilities
is particularly difficult, as they usually involve subtle and complex
execution scenarios (and sometimes the consideration of domain-specific
concepts such as cryptography and random numbers). The tutorial presents
the current academic research and industrial best practice by addressing
the following main subtopics: UML basics, including extension mechanisms;
Applications of UML to dependable systems security-critical systems, real-time
systems, embedded systems; Extensions of UML (UML-RT, UMLsec, . . . ); Using
UML as a formal design technique for the development of critical systems;
Critical systems development methods; Case studies; Modeling, synthesis,
code generation, testing, validation, and verification of critical systems
using UML, in particular using the standard model interchange formats (XMI)
for tool integration and to connect to validation engines. Existing tools;
Model-based testing.
As an example application domain,
we focus on security-critical systems. We also show how to generalize the
approach to the other application domains mentioned
above. The tutorial includes a demo of a prototypical tool for the formal
analysis of UML models for critical requirements, which is based on XMI.
By the end of the tutorial, the participants will have knowledge on how
to use the UML and model-based testing for a methodological approach to critical
systems development. They will be able to use this approach when developing
or analyzing critical systems, by making use of existing solutions and
of sound methods of critical systems development.
The tutorial addresses practitioners
and researchers in critical systems development interested in using UML
and model-based testing (in particular for dependable, security-critical,
or real-time systems). Basic knowledge of object-oriented software is assumed.
No specific knowledge of UML or the various application domains is assumed.
|