High-Fidelity analysis of software systems

Similar documents
The Software Assurance Ecosystem: OMG s Approach to Systems & Software Assurance

We manage the technology that lets you manage your business.

BLU AGE 2009 Edition Agile Model Transformation

Event Metamodel and Profile (EMP) Proposed RFP Updated Sept, 2007

Where We Are. Lexical Analysis. Syntax Analysis. IR Generation. IR Optimization. Code Generation. Machine Code. Optimization.

Modelling in Enterprise Architecture. MSc Business Information Systems

Klocwork Architecture Excavation Methodology. Nikolai Mansurov Chief Scientist & Architect

The Eclipse Modeling Framework and MDA Status and Opportunities

System Assurance. Beyond Detecting. Vulnerabilities. Djenana Campara. Nikolai Mansourov

Introduction to TOIF. Dr. Nikolai Mansourov CTO, KDM Analytics Liaison to OASIS. November 8, 2017 Copyright 2017 OMG. All rights reserved.

International Journal of Scientific & Engineering Research, Volume 4, Issue 7, July-2013 ISSN

How to Harvest Reusable Components in Existing Software. Nikolai Mansurov Chief Scientist & Architect

Announcements. My office hours are today in Gates 160 from 1PM-3PM. Programming Project 3 checkpoint due tomorrow night at 11:59PM.

Executive Summary. Round Trip Engineering of Space Systems. Change Log. Executive Summary. Visas

Computation Independent Model (CIM): Platform Independent Model (PIM): Platform Specific Model (PSM): Implementation Specific Model (ISM):

Chapter 18. Software Reuse

From Object Composition to Model Transformation with the MDA

Implementing a Web Service p. 110 Implementing a Web Service Client p. 114 Summary p. 117 Introduction to Entity Beans p. 119 Persistence Concepts p.

Legacy Modernization to SOA using Compass/VB

WBEM Web-based Enterprise Management

COP4020 Programming Languages. Compilers and Interpreters Robert van Engelen & Chris Lacher

Trustworthy Compilers

Best Practices for Deploying Web Services via Integration

Minsoo Ryu. College of Information and Communications Hanyang University.

SERES: ASEMANTICREGISTRY FOR ENTERPRISE SERVICES. Geir Jevne 9.juni 2011

Undergraduate Compilers in a Day

Model driven Engineering & Model driven Architecture

Software Reuse and Component-Based Software Engineering

Quick tour of the Test and Performance Tools Platform (TPTP) Valentina Popescu IBM Tivoli TPTP AG Lead

Model Driven Data Interoperability (MDMI)

Object-Oriented Design

What is a Data Model?

From Models to Components. Rapid Service Creation with

Il Mainframe e il paradigma dell enterprise mobility. Carlo Ferrarini zsystems Hybrid Cloud

IBM Rational Software Architect

innoq Deutschland GmbH innoq Schweiz GmbH D Ratingen CH-6330 Cham Tel Tel

Object Security. Model Driven Security. Ulrich Lang, Rudolf Schreiner. Protection of Resources in Complex Distributed Systems

Welcome to CSE131b: Compiler Construction

OMG Specifications for Enterprise Interoperability

COSE312: Compilers. Lecture 1 Overview of Compilers

Modeling pilot project at Ericsson Expert Analytics

Rich Hilliard 20 February 2011

IBM CICS Transaction Gateway for Multiplatforms V7.1 delivers access to CICS containers and extended systems monitoring capabilities

System Assurance and Related Standards

1 Executive Overview The Benefits and Objectives of BPDM

Component-based Architecture Buy, don t build Fred Broks

Introduction. Enterprise Java Instructor: Please introduce yourself Name Experience in Java Enterprise Edition Goals you hope to achieve

Get Started on SOA. People Entry Point Interaction and Collaboration Services. Case for an SOA Portal

Joint Agile Delivery Phase 3

Introduction to Compiler Construction

Why Consider Implementation-Level Decisions in Software Architectures?

S1 Informatic Engineering

High-Level Language VMs

Solution overview VISUAL COBOL BUSINESS CHALLENGE SOLUTION OVERVIEW BUSINESS BENEFIT

API Connect. Arnauld Desprets - Technical Sale

A Generic Approach for Compliance Assessment of Interoperability Artifacts

Reinvent Your 2013 Security Management Strategy

The Open Group SOA Ontology Technical Standard. Clive Hatton

Transform Your Business To An Open Hybrid Cloud Architecture. Presenter Name Title Date

Architecture. Readings and References. Software Architecture. View. References. CSE 403, Spring 2003 Software Engineering

CHARLES UNIVERSITY, PRAGUE FACULTY OF MATHEMATICS AND PHYSICS. Master Thesis. Michael Cífka Visual Development of Software Components

White Paper on RFP II: Abstract Syntax Tree Meta-Model

Chapter 10 Web-based Information Systems

Stand: File: gengler_java_e. Java Community Process: Not perfect, but operating very successfully

Dr. Tom Hicks. Computer Science Department Trinity University

MDSE USE CASES. Chapter #3

Whole Platform Foundation. The Long Way Toward Language Oriented Programming

CORBA (Common Object Request Broker Architecture)

Notation Standards for TOGAF:

UML 2.0 UML 2.0. Scott Uk-Jin Lee. Division of Computer Science, College of Computing Hanyang University ERICA Campus

The Model-Driven Semantic Web Emerging Standards & Technologies

Service Oriented Architectures Visions Concepts Reality

Architecture. CSE 403, Winter 2003 Software Engineering.

Chapter 16. Layering a computing infrastructure

Architectures in Context

An Overview to Compiler Design. 2008/2/14 \course\cpeg421-08s\topic-1a.ppt 1

Software Industrialization

OpenEdge Legacy Application Modernization by Example. Mike Fechner, Consultingwerk Ltd.

Introduction to Compiler Construction

Minne menet, Mobiili-Java?

Vocabulary-Driven Enterprise Architecture Development Guidelines for DoDAF AV-2: Design and Development of the Integrated Dictionary

Brian Russell, Chair Secure IoT WG & Chief Engineer Cyber Security Solutions, Leidos

Seminar report Software reuse

Future Directions for SysML v2 INCOSE IW MBSE Workshop January 28, 2017

SaaS Integration. Rick Nucci. Addressing a top 3 priority for SaaS adoption. Founder and CTO Boomi

Extension of GCC with a fully manageable reverse engineering front end

Conceptual Framework

Building High-Assurance Systems out of Software Components of Lesser Assurance Using Middleware Security Gateways

Application Servers in E-Commerce Applications

NooJ Graphical User Interfaces Modernization

OpenESB Keh-Yoe Ong FAST (Field Assistance Support Team)

Component-based software engineering. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 19 Slide 1

challenges in domain-specific modeling raphaël mannadiar august 27, 2009

Overview SENTINET 3.1

AEFP Meeting #9. September 10 th 2015

Semantic Information Modeling for Federation (SIMF)

API, DEVOPS & MICROSERVICES

An Integrated Framework for Multi-layer Certification-based Assurance

Chapter 3 Introduction to Distributed Objects

Fundamentals to Creating Architectures using ISO/IEC/IEEE Standards

Transcription:

High-Fidelity of software systems Dr. Nikolai Mansourov Chief Technology Officer, KDM Analytics http://www.kdmanalytics.com 5 March 2007

Agenda 1. Motivation: of security properties of existing software systems 2. The SwA Ecosystem 3. OMG Knowledge Discovery Meta (KDM) 4. Fidelity of the static 5. Micro KDM high fidelity intermediate representation 6. Platform knowledge in KDM 7. Next steps

SwA Ecosystem Analysis Tools Traditional tools are built as silos software assessment tool Formal Methods extractor reporting reporting KDM KDM extractor SBVR extractor extractor Existing software Economy of tools, COTS components and services emerges Software assurance SwA Ecosystem tools Today s tools have limited interoperability Reverse Engineering Tools

Why KDM? KDM is an OMG foundation for software assurance and modernization! Meta- for describing existing software assets! Includes software, its parts and operating environment! Focuses on structure of existing software to provide context for modernizations! Represents existing software as Entities, Relationships and Attributes! Exchange of information between tool vendors! Language- and platform-independent yet extensible! Spans multiple abstractions yet traceable back to the artifacts

KDM: precise s of existing enterprise software Top-down s specify constraints ( as-required properties ) UML 2.1 Top-Down ing: Architecture CWM Bottom-up Bottom-Up s specify ing: existing Persistent realitydata ( as-is properties ) KDM Bottom-Up ing: Programming Languages, Data, User Interface, Build, Platform, Runtime, Architecture, Business KDM approximates topdown s and can SBVR, BPDM be used to validate compliance with Top-Down ing: requirements Business KDM provides complete CAM, EAI high-fidelity bottom up s of existing Bottom-Up ing: software Data types & Messages Gartner Group

Motivation: High-fidelity static! Fidelity: trustfulness, closeness in sound, facts, color, etc. to the original! Fidelity of the internal! Accuracy! Adequacy! Proper scope

Factors that Limit Fidelity! Low fidelity s! Technical platform considerations (even a high-fidelity may be incomplete)! Other mismatches! Dynamic aspects! Preprocessor! Code generation

Background: Language-dependent s Abstract Syntax Tree (AST) language-dependent; emphasizes form not meaning reporting CASTFunctionDefinition Abstract Syntax Graph (ASG) main field unsigned char CASTCompoundExpression CASTExpressionStatement memcpy CASTExpressionStatement CASTFunctionCallExpression CASTExpressionList CASTTIdExpression CASTExpressionStatement cics_link CASTTIdExpression CASTExpressionList field ABC 3 PROG2 field 3 main ( ) { unsigned char field [ 3 ] ; parser main() { unsigned char field[3]; memcpy(field, ABC,3); EXEC CICS LINK PROGRAM( PROG2 ) COMMAREA(field) LENGTH(sizeof(field)); } Lexical tokens Source code

KDM: Entities-Relationship Term Fact reporting main CASTFunctionDefinition field unsigned char CASTCompoundExpression CASTExpressionStatement memcpy Entity-Relationship Model CASTExpressionStatement CASTFunctionCallExpression CASTExpressionList CASTTIdExpression CASTExpressionStatement cics_link CASTTIdExpression CASTExpressionList field ABC 3 PROG2 field 3 parser KDM is an Entity-Relationship Model container

Micro KDM: Lower-Level s of software reporting parser CASTFunctionDefinition IRLabel IRCallInst IRCallInst CASTCompoundExpression CASTExpressionStatement CASTExpressionStatement IRArgInst CASTExpressionStatement IRArgInst main CASTTIdExpression CASTFunctionCallExpression ABC 3 CASTExpressionList 3 field CASTExpressionList PROG2 CASTTIdExpression unsigned char main memcpy memcpy Intermediate Representation (IR) KDM terms and facts reach down to this level field cics_link cics_link field ABC 3 PROG2 field 3 Example IR:! Sun Compiler 3-address IR! Intel compiler XIL! DEC GEM Compiler for Alpha! Java bytecode! Microsoft CLR! DIANA IR for Ada! SUIF compiler! RTL of GCC compiler! GIMPLE of GCC compiler! LAST of the McCAT compiler

Evaluation target enterprise software system Gartner Group

Programming language is not enough control flow A data flow CICS commarea 4 B 1 2 CICS TS 3 T1 5 6 T2

Typical security pattern, involving platform platform x 2 1 b a c 3 e d Component B f Component A

scenario Composite Applications Custom business processes & analytics Reusable, Executable Services Service Enablement Layer Reusable, Executable Services Traditional Applications Application Platform Business Process Platform Middleware Transaction Systems DBMS Network Systems Operating System / VM Machine Technical Platform SAP AG and D. Frankel, 2005

Platform knowledge! platform provides resources to application code! platform provides services that are related to resources! application code invokes platform services to manage the life-cycle of resources! platform provides component deployment mechanism! platform defines control and data flow between application components! platform provides error handling across application components! platform provides of application components

KDM architecture Higher-level entities and relationships ; Aggregated Relationships; derivative, implicit, experts, analysts Structure Infrastructure Abstractions layer Code UI Build Data Core, kdm, source Action Event Platform Runtime Resource layer Program Elements Resources provided by the runtime platform, managed through The API calls to external packages Primitive entities and relationships; explicit, automatically extracted Conceptual

SwA Ecosystem Analysis Tools Traditional tools are built as silos software assessment tool Formal Methods extractor reporting reporting KDM KDM extractor SBVR extractor extractor Existing software Economy of tools, COTS components and services emerges Software assurance SwA Ecosystem tools Today s tools have limited interoperability Reverse Engineering Tools

Thank you!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback