Comentarios, discusiones, notas, sobre tendencias en el desarrollo de la tecnología informática, y la importancia de la calidad en la construcción de software.
miércoles, septiembre 28, 2005
Ultimos días en La Serena...
Durante un mes no creo que tenga prácticamente tiempo para nada que no sea organizarnos.
viernes, septiembre 09, 2005
ECMDA: Consistencia en el desarrollo de software conducido por modelos
The following issues fall within the scope of the workshop: Understanding consistency in the context of MDA and UML in particular – informal consistency from different points of views, static and dynamic consistency. Definition of consistency in MDA and UML – set of properties or other techniques, Checking consistency, Ensuring consistency, Model transformation preserving consistency Practical realization, Tools support for checking and ensuring consistency Relationship between consistency and formal techniques and languages Consistency driven development process, A number of artefacts are produced during the software developments process and MDA in particular. Those artefacts are usually expressed in UML and should be related in different way to each other. One of the most important relationship between artefacts is that they should be consistent. Putting this question into the discussion and trying to find answer to this question is the main topic to be addressed during the workshop. (...)
Todo el material es de interés no sólo para abordar el propio problema convocante, sino para entender el uso de OCL, las operaciones de transformación de modelos, y los metamodelos en UML, y aún más en general, el uso de artefactos capaces de generar código.
Un tema que particularmente estimulante, es planteado por Robert Wagner, Holger Giese, y Ulrich Nickel, de la Universidad de Padeborn, Alemania; Flexibilidad en las reglas de consistencia aplicadas:
In most CASE tools, the consistency checks being performed are rather static and predefined as they are hard coded into the tool . Thus, new consistency rules neither can be added nor can existing consistency rules be adapted to special user, enterprise, project, target language, or domain specific demands. However, during large projects you will never obtain a complete set of rules covering all relevant inconsistencies. In fact, the set of consistency rules will be expanded and refined through the whole lifecycle of a project. Thus, for a tool developer it becomes infeasible to identify all consistency rules in advance.Más sobre ECMDA.
In this paper we present a plug-in for a flexible and incremental consistency management realized within the FUJABA TOOL SUITE. FUJABA itself is an Open Source UML CASE tool project. It was started by the software engineering group at the University of Paderborn in fall 1997 and has a special focus on code generation from UML diagrams resulting in a visual programming language. Hence, consistency management was an important issue from the beginnings since consistent specifications are a required prerequisite for an error-free implementation.
Herramientas Comerciales y Open Source participantes. FUJABA.
Historial de conferencias sobre MDA de la asociación.
sábado, septiembre 03, 2005
Una comparación sobre ambiente de seguridad entre Java y .NET
Java and .NET have similar security goals and mechanisms. .NET’s design benefited from past experience with Java. Examples of this cleaner design include the MSIL instruction set, code access security evidences, and the policy configuration. .NET has been able to shield the developer from some of the underlying complexity through their new architecture.No obstante, es necesario recordar que la similitud está en el uso de una máquina virtual, pero que .Net ejecuta múltiples lenguajes sólo sobre Windows, y Java sólo un lenguaje sobre múltiples plataformas. En una decisión de arquitectura, las alternativas por ahora son más amplias sobre Java, sin mencionar la confiabilidad del sistema operativo huésped.
Where Java evolved from an initial platform with limited security capabilities, .NET incorporated more security capability into its original design. With age and new features, much of the legacy code of Java still remains for backwards compatibility including the possibility of a null SecurityManager, and the absolute trust of classes on the bootclasspath. Hence, in several areas .NET has security advantages over Java because of its simpler and cleaner design.
Most of the lessons to learn from Java’s vulnerabilities echo Saltzer and Schroeder’s classic principles, especially economy of mechanism, least privilege and fail-safe defaults. Of course, Java’s designers were aware of these principles, even though in hindsight it seems clear there were occasions where they could
(and should) have been followed more closely than they were. Some areas of design present conflicts between security and other design goals including fail-safe defaults vs. usability and least privilege vs. usability and complexity. For example, the initial stack walk introduced in Java has evolved to a more complex stack walk in both architectures to enable developers limit privileges. In addition, both
platforms default policies could be more restrictive to improve security, but restrictive policies hinder the execution of programs. .NET’s use of multi-level policies with multiple principals provides another example of showing the principles of least privilege and fail-safe defaults in contention with usability and
complexity. Several of the specific complexities that proved to be problematic in Java have been avoided in the .NET design, although .NET introduced new complexities of its own. Despite .NET’s design certainly not being perfect, it does provide encouraging evidence that system designers can learn from past security vulnerabilities and develop more secure systems. We have no doubts, however, that system designers will continue to relearn these principles for many years to come.