Technical Reports

Technical Reports - 1999

ifi-99.01
Title:: Rapid Secure Development. Ein Verfahren zur Definition eines Internet-Sicherheitskonzeptes
Author:: D. Damm, Ph. Kirsch, Th. Schlienger, St. Teufel, H. Weidner, U. Zurfluh
Abstract:: Die Nutzung von Online-Diensten des Internet wird für immer mehr Unternehmen zu einem wichtign Geschäfts- und Werbeinstrument. Mit der zunehmenden kommerziellen Nutzung gewinnen auch Sicherheitsaspekte im Internet zunehmend an Bedeutung. Obwohl viele Lösungen zu einzelnen Sicherheitsproblemen existieren, werden diese in der Praxis kaum umgesetzt. Grund dafür sind die Schwierigkeiten bei der Auswahl der einzelnen Sicherheitsmassnahmen und ihre Einbettung in die organisatorischen Abläufe eines Unternehmens. Rapid Secure Development (RSD) ist ein Verfahren zur Konzeption eines gesicherten Internet-Anschlusses für kleinere und mittlere Unternehmen. Es führt den Benutzer in fünf Schritten von der Definition der Internet-Nutzungsszenarien über Auswahl von Internet-Diensten und Gefahrenanalyse bis hin zur Auswahl und Realisierung von Sicherheitsmassnahmen. Das Verfahren entstand als Resultat des SPP-IuK-Projektes "Sichere Nutzung von Online-Diensten" (SINUS). Neben dem eigentlichen Verfahren beinhaltet dieser Bericht eine Einführung in das Informationssicherheitsmanagement und der Internet-Technologie. Im Anhang werden einzelne Sicherheitsmassnahmen, insbesondere der im SINUS-Projekt entstandene Firewall-Prototyp, näher beschrieben. Am Ende wird das Verfahren anhand eines (fiktiven) Beispiels exemplarisch durchgeführt.
Keyword:: Internet, Sicherheit, Sicherheitskonzeption, Sicherheitsmanagement, Firewalls, Kryptographie, Expertensystem
ifi-99.02
Title:: A Reusable Architecture to Construct Active Database Systems
Author:: Hans Fritschi, Stella Gatziu
Abstract:: The construction system FRAMBOISE is intended to provide active database mechanisms by bundling them together out of existing, prefabricated components realizing specific active database tasks. The systems built by means of FRAMBOISE are built according to a common architecture. This reference architecture not only serves as a blueprint to assemble systems but establishes also a context that underlies the design of new components. This paper discusses the function of the reference architecture in the overall FRAMBOISE project and presents it formally by means of an architecture description language.
Keyword:: active database managmement systems, FRAMBOISE, system architecture
ifi-99.03
Title:: Attempto Controlled English (ACE)
Language Manual
Version 3.0
Author:: Norbert E. Fuchs, Uta Schwertel, Rolf Schwitter
Abstract:: Attempto Controlled English (ACE) is a language specifically designed to write specifications. ACE is a controlled natural language, i.e. a subset of English with a domain specific vocabulary and a restricted grammar in the form of a small set of construction and interpretation principles. This means that all ACE sentences are correct English, but that not all English sentences are allowed in ACE. The restriction of full natural language to a controlled subset is essential for ACE to be suitable for specification purposes. The main goals of this restriction are: to support the writing of precise specifications, to reduce ambiguity and vagueness inherent in full natural language, to encourage domain specialists to deliberately choose a clear and unambiguous writing style so that readers of a specification understand it in the same way as the writer, to make specifications computer processable, to render specifications unambiguously translatable into formal specification languages, particularly into first-order logic, and to make specifications executable. In brief, ACE allows domain specialists to express specifications in familiar natural language and to combine this with the rigor of formal specification languages. ACE has been used to specify a simple automatic teller machine, Kemmerer's library data base problem, Schubert's steamroller, and a number of smaller problems. Recently, ACE has also been used as the input language of a theorem prover, and first attempts have been made to interface it to a program synthesiser. Clearly, ACE can be adapted and extended for other purposes requiring precise input, e.g. writing technical documentation or updating databases. The use of ACE presupposes only basic knowledge of English grammar. Note however, that because ACE is a controlled natural language not all standard grammatical notions are directly applicable or suitable for the description of the ACE grammar. Some grammatical notions have a restricted meaning in ACE, while other notions are especially coined for an effective description of the language. The divergences are kept to a minimum so that ACE can be easily learned extending basic grammatical knowledge.
Keyword:: controlled natural language, Attempto Controlled English, ACE, formal specification language, specifications
ifi-99.04
Title:: Metadata Management and Data Warehousing
Author:: Martin Staudt, Anca Vaduva, Thomas Vetterli
Abstract:: This report gives an overview of metadata management in general (Part I) and on the role of metadata for data warehousing (Part II). Because of the complexity and extensive applicability of metadata, a compact, precise definition of the notion may hardly be provided. Therefore, we explain metadata by illustrating the use and the forms it may take within various application areas. In the case of data warehousing, we present a classification of metadata along certain dimensions and we discuss significant aspects of metadata management that have to be considered for the construction of a data warehouse system. Furthermore, this report provides a comprehensive survey and analysis of the state of the art of metadata management in industry and research. The most important standards for representation and interchange of metadata, commercial products and research projects are presented and discussed (as far as the available information allows) for both, the general case and the particular case of data warehousing.
Keyword:: metadata management, data warehousing, metadata standards, commercial products
ifi-99.05
Title:: Algebraic Database Migration to Object Technology
Author:: Andreas Behm, Andreas Geppert, Klaus R. Dittrich
Abstract:: Relational database systems represent the current standard technology for implementing database applications. Now that the object-oriented paradigm becomes more and more mature in all phases of the software engineering process, object-oriented DBMS are seriously considered for the seamless integration of object-oriented applications and data persistence. When reengineering existing applications or constructing new ones on top of relational databases, a large semantic gap between the new object model and the legacy database's model must still be bridged. We propose database migration to resolve this mismatch: the relational schema is transformed into an object-oriented one and the relational data is migrated to an object-oriented database. Existing approaches for migration do not exploit the full potential of the object-oriented paradigm so that the resulting object-oriented schema still "looks rather relational" and retains the drawbacks and weaknesses of the relational schema. We propose a redesign environment which allows to transform relational schemas into adequate object-oriented ones. Schemas and transformation rules are expressed in terms of a new data model, called semi object types (SOT). We also propose a formal foundation for SOT and transformation rules. This formalization makes it possible to automatically generate the input of the data migration process.
Keyword:: OODBMS, Migration, Schema Transformation, Reengineering, Redesign
ifi-99.06
Title:: The Role of Metadata for Data Warehousing
Author:: Martin Staudt, Anca Vaduva, Thomas Vetterli
Abstract:: Metadata has been identified as a key success factor in data warehouse projects. It captures all kinds of information necessary to extract, transform and load data from source systems into the data warehouse, and afterwards to use and interpret the data warehouse contents. This paper gives an overview about the role metadata plays for data warehousing and reviews existing standards, commercial solutions and research actions relevant to metadata management. It turns out that an overall solution for managing all metadata in a central or federated repository is still missing regarding a global metadata schema as well as system aspects and interoperability among involved tools producing metadata. The divergence of proposed standards will probably prevent a breakthrough within the near future.
Keyword:: metadata management, data warehousing, SMART, repository, metadata standards, metamodel
ifi-1999.07
Title:: An Experimental Validation of the ADORA Language
Author:: Stefan Berner, Nancy Schett, Yong Xia, Martin Glinz
Abstract:: ADORA (Analysis and Description of Requirements and Architecture) is an approach to object oriented modeling that is based on object modeling and hierarchical decomposition, using an integrated model. The ADORA language is intended to be used for requirements specifications and high-level, logical views of software architectures. In order to assess the comprehensibility and the appeal of specifications written in ADORA we conducted a controlled experiment with students. We wrote two specifications of the same problem in ADORA and in UML and let the students study them. Then we tested the students' comprehension by asking questions about the contents of the specification and tested how they liked ADORA in comparison to UML by asking questions about personal preferences. In this report we describe the experiment and report the results.
Keyword:: Object-oriented modeling, specification, ADORA, requirements engineering

Back to the page of the ... Technical Reports