Prevention of Privilege Abuse on NoSQL Databases : Analysis on MongoDB access control / Förebyggande av Privilegier Missbruk på NoSQL-databaser : Analys på MongoDB-åtkomstkontroll

Ishak, Marwah

January 2021

Database security is vital to retain confidentiality and integrity of data as well as prevent security threats such as privilege abuse. The most common form of privilege abuse is excessive privilege abuse, which entails assigning users with excessive privileges beyond their job function, which can be abused deliberately or inadvertently. The thesis’s objective is to determine how to prevent privilege abuse in the NoSQL database MongoDB. Prior studies have noted the importance of access control to secure databases from privilege abuse. Access control is essential to manage and protect the accessibility of the data stored and restrict unauthorised access. Therefore, the study analyses MongoDB’s embedded access control through experimental testing to test various built-in and advanced privileges roles in preventing privilege abuse. The results indicate that privilege abuse can be prevented if users are granted roles composed of the least privileges. Additionally, the results indicate that assigning users with excessive privileges exposes the system to privilege abuse. The study also underlines that an inaccurate allocation of privileges or permissions to users of databases may have profound consequences for the system and organisation, such as data breach and data manipulation. Hence, organisations that utilise information technology should be obliged to protect their interests and databases from others and their members through access control policies. / Datasäkerhet är avgörande för att bevara datats konfidentialitet och integritet samt för att förhindra säkerhetshot som missbruk av privilegier. Missbruk av överflödig privilegier, är den vanligaste formen av privilegier missbruk. Detta innebär att en användare tilldelas obegränsad behörighet utöver det som behövs för deras arbete, vilket kan missbrukas medvetet eller av misstag. Examensarbetets mål är att avgöra hur man kan förhindra missbruk av privilegier i NoSQL-databasen MongoDB. Tidigare studier har noterat vikten av åtkomstkontroll för att säkra databaser från missbruk av privilegier. Åtkomstkontroll är viktigt för att hantera och skydda åtkomlighet för de lagrade data samt begränsa obegränsad åtkomst. Därför analyserar arbetet MongoDBs inbäddade åtkomstkontroll genom experimentell testning för att testa olika inbyggda och avancerade priviligierade roller för att förhindra missbruk av privilegier. Resultaten indikerar att missbruk av privilegier kan förhindras om användare får roller som har färre privilegier. Dessutom visar resultaten att tilldelning av användare med obegränsade privilegier utsätter systemet för missbruk av privilegier. Studien understryker också att en felaktig tilldelning av privilegier eller behörigheter för databasanvändare kan få allvarliga konsekvenser för systemet och organisationen, såsom dataintrång och datamanipulation. Därför bör organisationer som använder informationsteknologi ha som plikt att skydda sina tillgångar och databaser från obehöriga men även företagets medarbetare som inte är beroende av datat genom policys för åtkomstkontroll.

NoSQL databases

MongoDB

Access control

Privilege abuse

Role-based access control

NoSQL-databaser

MongoDB

Åtkomstkontroll

Missbruk av privilegier

Computer Engineering

Datorteknik

RBAC Attack Exposure Auditor. Tracking User Risk Exposure per Role-Based Access Control Permissions

Damrau, Adelaide

01 May 2023

Access control models and implementation guidelines for determining, provisioning, and de-provisioning user permissions are challenging due to the differing approaches, unique for each organization, the lack of information provided by case studies concerning the organization’s security policies, and no standard means of implementation procedures or best practices. Although there are multiple access control models, one stands out, role-based access control (RBAC). RBAC simplifies maintenance by enabling administrators to group users with similar permissions. This approach to managing user permissions supports the principle of least privilege and separation of duties, which are needed to ensure an organization maintains acceptable user access security requirements. However, if not properly maintained, RBAC produces the problem of role explosion. What happens when security administrations cannot maintain the increasing number of roles and their assigned permissions provisioned to the organization users? This paper attempts to solve this problem by implementing a scalable RBAC system and assigning each permission a risk value score determined by the severity of risk it would expose the organization to if someone had unauthorized access to that permission. Using RBAC’s role and permission design, each user will be assigned a risk value score determined by the summation of their roles’ risk based on permission values. This method allows security administrators to view the users and roles with the highest level of risk, therefore prioritizing the highest risk users and roles when maintaining user roles and permissions.

Role-Based Access Control

Principle of Least Privilege

Separation of Duties

Permission

Risk

Role Explosion

Databases and Information Systems

Information Security

Other Computer Sciences

Моделирование бизнес-процессов предприятия на основании процессно-ролевого подхода : магистерская диссертация / Modeling business processes of the enterprise based on the process-role approach

Владимирцева, С. Ю., Vladimirtseva, S. Y.

January 2021

Рано или поздно перед руководством как коммерческой, так и некоммерческой организации встает вопрос о том, как повысить эффективной деятельности. Процессно-ориентированная система управления зарекомендовала себя как наиболее эффективная. Актуальность темы выпускной квалификационной работы обусловлена существующей необходимостью выбора эффективной концепции управления на предприятии некоммерческого сектора. Результатом работы является получение процессно-ориентированных моделей ключевых бизнес-процессов предприятия, а также расчеты экономической эффективности ИТ-проекта по внедрению процессно-ролевого подхода на предприятии. Практическая ценность данной работы заключается в готовности предложенных процессно-ориентированных моделей бизнес-процессов и ИТ-проекта по внедрению процессно-ролевого подхода к использованию на предприятиях некоммерческого сектора. / Sooner or later, before the management of both a commercial and non-commercial organization arises as to how to increase efficient activities. The process-oriented management system has proven itself as the most efficient. The relevance of the topic of final qualifying work is due to the existing necessity of choosing an effective management concept at the enterprise of the non-profit sector. The result of the work is to obtain process-oriented models of key business processes of the enterprise, as well as calculations of the economic efficiency of the IT project to introduce the process-role approach in the enterprise. The practical value of this work is the willingness of the proposed process-oriented models of business processes and the IT project to introduce a process-role approach to use at the non-commercial sector enterprises.

БИЗНЕС-ПРОЦЕСС

MASTER'S THESIS

PROCESS ROLE-BASED APPROACH

NON-PROFIT ORGANIZATION

BUSINESS PROCESS

MODELING BUSINESS PROCESSES

Examining the efficacy of cybersecurity education at Swedish universities : A qualitative inquiry through interviews

Behzadi, Bahareh

January 2024

In today's digital landscape, information technologies (IT) serve as strategic assets for organizations, underscoring the critical role of cybersecurity in safeguarding valuable assets and preserving organizational competitiveness. Cybersecurity practices aim to protect information systems from unauthorized access, data breaches, and cyber threats. Yet, cybersecurity experts face significant challenges in addressing evolving threats, necessitating continuous investment in IT systems and software. Moreover, the complexity of technology ecosystems exacerbates cybersecurity risks. To address these challenges, organizations hire individuals for specific cybersecurity roles, emphasizing the importance of cybersecurity education and training. By aligning with established frameworks like the European Cybersecurity Skills Framework (ECSF), educational programs can prepare students for diverse cybersecurity roles. This research investigates how Swedish universities align their cybersecurity program content with ECSF roles, aiming to enhance cybersecurity education and workforce development. The study utilized two data collection methods to address the research question. Firstly, information on course content was gathered from the websites of universities offering cybersecurity programs. A qualitative framework-based analysis was then conducted to map each course to the defined roles in the ECSF framework. A total of 91 compulsory course contents from 11 cybersecurity programs across various uni-versities were analyzed, excluding optional courses due to student choice variability. Additionally, seven semi-structured interviews were conducted with course coordinators from these programs. These interviews aimed to gather insights from individuals who play a significant role in shaping the educational curriculum at universities. The examination of cybersecurity courses in Swedish universities, aligned with the European Cybersecurity Education and Professional Training Minimum Reference Curriculum framework, provides insights into the educational environment. Despite variations, every role specified in the ECSF framework is addressed by at least one course in Swedish universities, ensuring students receive education. However, specialized courses such as 'Cybersecurity for Artificial Intelligence (AI)' and 'Machine Learning Security' are limited to only one university, indicating the necessity for wider implementation across institutions. Results of interviews revealed the lack of standardized frameworks guiding the design and evaluation of cybersecurity programs at Swedish universities, alongside limited awareness among stakeholders. This highlights the challenges hindering program adaptability in today’s evolving landscape, including faculty recruitment issues and a lack of industry collaboration. Moreover, the absence of systematic assessment methods for program effectiveness underscores a critical area for future exploration.

Cybersecurity educational programs

European cybersecurity skills framework

systematic assessment

role-based education

Information Systems, Social aspects

A Combined Formal Model for Relational Context-Dependent Roles (Extended)

Kühn , Thomas, Böhme, Stephan, Götz, Sebastian, Aßmann, Uwe

17 September 2015

Role-based modeling has been investigated for over 35 years as a promising paradigm to model complex, dynamic systems. Although current software systems are characterized by increasing complexity and context-dependence, all this research had almost no influence on current software development practice, still being discussed in recent literature. One reason for this is the lack of a coherent, comprehensive, readily applicable notion of roles. Researchers focused either on relational roles or context-dependent roles rather then combining both natures. Currently, there is no role-based modeling language sufficiently incorporating both the relational and context-dependent nature of roles together with the various proposed constraints. Hence, this paper formalizes a full-fledged role-based modeling language supporting both natures. To show its sufficiency and adequacy, a real world example is employed.

Rolle

Kontext

Compartment

Relational

kontextabhängig

rollenbasiert

Rollenmodel

formales Model

Role

Context

Compartment

Relational

Context-Dependent

Role-based

Role Model

Formal Model

ddc:004

rvk:SS 5514

Rolle

Graphisches Modell

Objektmodell

Mathematisches Modell

Kontext

Formale Sprache

Design and Implementation of Role-based Architectural Event Modules / Entwurf und Implementierung von rollen-basierten architektonischen Event-Modulen

Rohde, Frank

21 September 2016

This diploma thesis attempts to improve the language-support for coping with the problem of negative emergence in dynamic Systems-of-Systems (SoS). Negative emergence is understood to be the emergence of unintended behaviour among constituent systems of a SoS in response to certain changes to the composition of constituent systems in the SoS. The architecture description language (ADL) "EventArch 2.0" approaches this problem by allowing the SoS-manager to define certain rules to manipulate the original behaviour of certain constituent systems at certain critical points of execution of the SoS to prevent unintended behaviour ("coordination rules"). This thesis approaches a solution to the following problem: to prevent the introduction of unintended behaviour through overly- or underly-restrictive coordination rules, more- or less-restrictive variants of a coordination rule would have to be applied to the SoS depending on the current composition of constituent systems in the SoS. This thesis has the goal to approach this problem by devising a mechanism to dynamically exchange a coordination rule depending on the current composition of constituent systems in the SoS. To achieve that goal, the ADL "EventArch 2.0" is extended to support the dynamic application of a coordination rule to a System-of-Systems. The dynamic application is achieved by connecting coordinators and constituent systems at runtime. As a special characteristic, each coordinator is dedicated to a specific constituent system and is responsible for achieving compliance of that system with respect to a specific coordination rule. It is shown that this architectural setup can be nicely modeled using concepts from the field of "role-based modeling". The solution does therefore employ concepts that are central to the "role-based modeling"-approach: "Role", "Base", and "Compartment". The applicability of the extended language to practical coordination-problems is shown by applying it to a constructed use case in the field of energy-efficient computing. / Die vorliegende Diplomarbeit ist mit der Verbesserung der Sprachunterstützung zur Vermeidung negativer Emergenz in dynamischen Systems-of-Systems (SoS) befasst. Negative Emergenz wird dabei als unerwünschtes Verhalten von an einem SoS beteiligten Systemen verstanden, welches auf Grund von Änderungen in der Zusammensetzung des SoS (d.h. auf Grund des Eintritts oder Austritts von konstituierenden Systemen) aufgetreten ist. Die Architekturbeschreibungssprache "EventArch 2.0" unterstützt den SoS-manager bei der Lösung dieses Problems durch die Möglichkeit das Verhalten der beteiligten Systeme in bestimmten Ausführungsmomenten durch die Definition von Koordinationsregeln zu manipulieren und auf diesem Wege das Auftreten negativer Emergenz zu vermeiden. Die Diplomarbeit ist ein Beitrag zur Lösung des folgenden Problems: Um die Einführung von unerwünschtem Verhalten durch übermäßig- oder unzureichend restriktive Koordinationsregeln zu verhindern, müssten unterschiedliche Varianten einer Koordinationsregel, die sich im Grade ihrer Restriktivität unterscheiden, auf das SoS angewendet werden. Diese Anwendung müßte in Abhängigkeit der aktuellen Zusammensetzung des SoS aus konstituierenden Systemen erfolgen. In der vorliegenden Diplomarbeit wird eine Möglichkeit entwickelt um eine Koordinationsregel zur Laufzeit in Abhängigkeit der aktuellen Zusammensetzung des SoS aus konstituierenden Systemen auszutauschen. Sie leistet damit einen Beitrag zur Lösung des vorgenannten Problems. In der Arbeit wird die Architekturbeschreibungssprache "EventArch 2.0" um die Möglichkeit des dynamischen Austausches von Koordinationsregeln erweitert. Dabei werden Koordinationsregeln angewendet durch die gezielte Verbindung von Koordinatoren und konstituierenden Systemen. Die Besonderheit des Ansatzes besteht darin, dass jedem konstituierenden System ein persönlicher Koordinator zugeordnet wird, d.h. ein Koordinator der ausschließlich für die Anpassung des Verhaltens des jeweiligen Systems an eine bestimmte Koordinationsregel verantwortlich ist. In der Arbeit wird gezeigt, dass dieser architektonische Ansatz durch zentrale Konzepte des Modellierungsansatzes "rollenbasierte Modellierung" modelliert werden kann. In der entwickelten Spracherweiterung werden daher die Konzepte "Rolle", "Basis" und "Compartment" verwendet. Die Anwendbarkeit der erweiterten Sprache, wird durch deren Anwendung auf einen konstruierten Anwendungsfall aus dem Bereich der Energie-effizienten Berechnung gezeigt.

dynamische SoS

rollen-basierte Koordination

peer-to-peer Koordination

negative Emergenz

dynamic SoS

role-based coordination

peer-to-peer coordination

negative emergence

ddc:004

rvk:ST 233

rvk:ST 237

rvk:ST 240

Emergenz

Koordination

Rolle

Data Protection in Transit and at Rest with Leakage Detection

Denis A Ulybyshev (6620474)

15 May 2019

<p>In service-oriented architecture, services can communicate and share data among themselves. This thesis presents a solution that allows detecting several types of data leakages made by authorized insiders to unauthorized services. My solution provides role-based and attribute-based access control for data so that each service can access only those data subsets for which the service is authorized, considering a context and service’s attributes such as security level of the web browser and trust level of service. My approach provides data protection in transit and at rest for both centralized and peer-to-peer service architectures. The methodology ensures confidentiality and integrity of data, including data stored in untrusted cloud. In addition to protecting data against malicious or curious cloud or database administrators, the capability of running a search through encrypted data, using SQL queries, and building analytics over encrypted data is supported. My solution is implemented in the “WAXEDPRUNE” (Web-based Access to Encrypted Data Processing in Untrusted Environments) project, funded by Northrop Grumman Cybersecurity Research Consortium. WAXEDPRUNE methodology is illustrated in this thesis for two use cases, including a Hospital Information System with secure storage and exchange of Electronic Health Records and a Vehicle-to-Everything communication system with secure exchange of vehicle’s and drivers’ data, as well as data on road events and road hazards. </p><p>To help with investigating data leakage incidents in service-oriented architecture, integrity of provenance data needs to be guaranteed. For that purpose, I integrate WAXEDPRUNE with IBM Hyperledger Fabric blockchain network, so that every data access, transfer or update is recorded in a public blockchain ledger, is non-repudiatable and can be verified at any time in the future. The work on this project, called “Blockhub,” is in progress.</p>

Computer System Security

Database Management

Data Privacy

data protection mechanism

role-based access control

attribute-based encryption scheme

Leakage Detection

encrypted search queries

identity management

authentication scheme

blockchain technology application

Um modelo de autorização contextual para o controle de acesso ao prontuário eletrônico do paciente em ambientes abertos e distribuídos. / A contextual authorization model for access control of electronic patient record in open distributed environments.

Motta, Gustavo Henrique Matos Bezerra

05 February 2004

Os recentes avanços nas tecnologias de comunicação e computação viabilizaram o pronto acesso às informações do prontuário eletrônico do paciente (PEP). O potencial de difusão de informações clínicas resultante suscita preocupações acerca da priva-cidade do paciente e da confidencialidade de seus dados. As normas presentes na legislação dispõem que o conteúdo do prontuário deve ser sigiloso, não cabendo o acesso a ele sem a prévia autorização do paciente, salvo quando necessário para be-neficiá-lo. Este trabalho propõe o MACA, um modelo de autorização contextual para o controle de acesso baseado em papéis (CABP) que contempla requisitos de limita-ção de acesso ao PEP em ambientes abertos e distribuídos. O CABP regula o acesso dos usuários ao PEP com base nas funções (papéis) que eles exercem numa organi-zação. Uma autorização contextual usa informações ambientais disponíveis durante o acesso para decidir se um usuário tem o direito e a necessidade de acessar um re-curso do PEP. Isso confere ao MACA flexibilidade e poder expressivo para estabele-cer políticas de acesso ao PEP e políticas administrativas para o CABP que se adap-tam à diversidade ambiental e cultural das organizações de saúde. O MACA ainda permite que os componentes do PEP utilizem o CABP de forma transparente para o usuário final, tornando-o mais fácil de usar quando comparado a outros modelos de CABP. A arquitetura onde a implementação do MACA foi integrada adota o serviço de diretórios LDAP (Lightweight Directory Access Protocol), a linguagem de pro-gramação Java e os padrões CORBA Security Service e Resource Access Decision Fa-cility. Com esses padrões abertos e distribuídos, os componentes heterogêneos do PEP podem solicitar serviços de autenticação de usuário e de autorização de acesso de modo unificado e coerente a partir de múltiplas plataformas. A implementação do MACA ainda tem a vantagem de ser um software livre, de basear-se em componen-tes de software sem custos de licenciamento e de apresentar bom desempenho para as demandas de acesso estimadas. Por fim, a utilização rotineira do MACA no con-trole de acesso ao PEP do InCor-HC.FMUSP, por cerca de 2000 usuários, evidenciam a exeqüibilidade do modelo, da sua implementação e da sua aplicação prática em casos reais. / The recent advances in computing and communication technologies allowed ready access to the electronic patient record (EPR) information. High availability of clinical information raises concerns about patients privacy and data confidentiality of their data. The legal regulation mandates the confidentiality of EPR contents. Everyone has to be authorized by the patients to access their EPR, except when this access is necessary to provide care on their behalf. This work proposes MACA, a contextual authorization model for the role-based access control (RBAC) that considers the ac-cess restrictions requirements for the EPR in open and distributed environments. RBAC regulates user’s access to EPR based on organizational functions (roles). Con-textual authorizations use environmental information available at access time, like user/patient relationship, in order to decide whether a user is allowed to access an EPR resource. This gives flexibility and expressive power to MACA, allowing one to establish access policies for the EPR and administrative policies for the RBAC that considers the environmental and cultural diversity of healthcare organizations. MACA also allows EPR components to use RBAC transparently, making it more user friendly when compared with other RBAC models. The implementation of MACA architecture uses the LDAP (Lightweight Directory Access Protocol) directory server, the Java programming language and the standards CORBA Security Service and Re-source Access Decision Facility. Thus, heterogeneous EPR components can request user authentication and access authorization services in a unified and coherent way across multiple platforms. MACA implementation complies with free software pol-icy. It is based on software components without licensing costs and it offers good performance for the estimated access demand. Finally, the daily use of MACA to control the access of about 2000 users to the EPR at InCor-HC.FMUSP shows the feasibility of the model, of its implementation and the effectiveness of its practical application on real cases.

arquiteturas abertas e distribuídas

autorização contextual

contexto

contexts

contextual authorization

electronic patient record (EPR)

open and distributed architectures

role-based access control (RBAC)

security

segurança

Um modelo de autorização contextual para o controle de acesso ao prontuário eletrônico do paciente em ambientes abertos e distribuídos. / A contextual authorization model for access control of electronic patient record in open distributed environments.

Gustavo Henrique Matos Bezerra Motta

05 February 2004

Os recentes avanços nas tecnologias de comunicação e computação viabilizaram o pronto acesso às informações do prontuário eletrônico do paciente (PEP). O potencial de difusão de informações clínicas resultante suscita preocupações acerca da priva-cidade do paciente e da confidencialidade de seus dados. As normas presentes na legislação dispõem que o conteúdo do prontuário deve ser sigiloso, não cabendo o acesso a ele sem a prévia autorização do paciente, salvo quando necessário para be-neficiá-lo. Este trabalho propõe o MACA, um modelo de autorização contextual para o controle de acesso baseado em papéis (CABP) que contempla requisitos de limita-ção de acesso ao PEP em ambientes abertos e distribuídos. O CABP regula o acesso dos usuários ao PEP com base nas funções (papéis) que eles exercem numa organi-zação. Uma autorização contextual usa informações ambientais disponíveis durante o acesso para decidir se um usuário tem o direito e a necessidade de acessar um re-curso do PEP. Isso confere ao MACA flexibilidade e poder expressivo para estabele-cer políticas de acesso ao PEP e políticas administrativas para o CABP que se adap-tam à diversidade ambiental e cultural das organizações de saúde. O MACA ainda permite que os componentes do PEP utilizem o CABP de forma transparente para o usuário final, tornando-o mais fácil de usar quando comparado a outros modelos de CABP. A arquitetura onde a implementação do MACA foi integrada adota o serviço de diretórios LDAP (Lightweight Directory Access Protocol), a linguagem de pro-gramação Java e os padrões CORBA Security Service e Resource Access Decision Fa-cility. Com esses padrões abertos e distribuídos, os componentes heterogêneos do PEP podem solicitar serviços de autenticação de usuário e de autorização de acesso de modo unificado e coerente a partir de múltiplas plataformas. A implementação do MACA ainda tem a vantagem de ser um software livre, de basear-se em componen-tes de software sem custos de licenciamento e de apresentar bom desempenho para as demandas de acesso estimadas. Por fim, a utilização rotineira do MACA no con-trole de acesso ao PEP do InCor-HC.FMUSP, por cerca de 2000 usuários, evidenciam a exeqüibilidade do modelo, da sua implementação e da sua aplicação prática em casos reais. / The recent advances in computing and communication technologies allowed ready access to the electronic patient record (EPR) information. High availability of clinical information raises concerns about patients privacy and data confidentiality of their data. The legal regulation mandates the confidentiality of EPR contents. Everyone has to be authorized by the patients to access their EPR, except when this access is necessary to provide care on their behalf. This work proposes MACA, a contextual authorization model for the role-based access control (RBAC) that considers the ac-cess restrictions requirements for the EPR in open and distributed environments. RBAC regulates user’s access to EPR based on organizational functions (roles). Con-textual authorizations use environmental information available at access time, like user/patient relationship, in order to decide whether a user is allowed to access an EPR resource. This gives flexibility and expressive power to MACA, allowing one to establish access policies for the EPR and administrative policies for the RBAC that considers the environmental and cultural diversity of healthcare organizations. MACA also allows EPR components to use RBAC transparently, making it more user friendly when compared with other RBAC models. The implementation of MACA architecture uses the LDAP (Lightweight Directory Access Protocol) directory server, the Java programming language and the standards CORBA Security Service and Re-source Access Decision Facility. Thus, heterogeneous EPR components can request user authentication and access authorization services in a unified and coherent way across multiple platforms. MACA implementation complies with free software pol-icy. It is based on software components without licensing costs and it offers good performance for the estimated access demand. Finally, the daily use of MACA to control the access of about 2000 users to the EPR at InCor-HC.FMUSP shows the feasibility of the model, of its implementation and the effectiveness of its practical application on real cases.

arquiteturas abertas e distribuídas

autorização contextual

contexto

segurança

contexts

contextual authorization

electronic patient record (EPR)

open and distributed architectures

role-based access control (RBAC)

security

Generic Quality-Aware Refactoring and Co-Refactoring in Heterogeneous Model Environments

Reimann, Jan

27 August 2015

Software has been subject to change, at all times, in order to make parts of it, for instance, more reusable, better to understand by humans, or to increase efficiency under a certain point of view. Restructurings of existing software can be complex. To prevent developers from doing this manually, they got tools at hand being able to apply such restructurings automatically. These automatic changes of existing software to improve quality while preserving its behaviour is called refactoring. Refactoring is well investigated for programming languages and mature tools exist for executing refactorings in integrated development environments (IDEs). In recent years, the development paradigm of Model-Driven Software Development (MDSD) became more and more popular and we experience a shift in the sense that development artefacts are considered as models which conform metamodels. This can be understood as abstraction, which resulted in the trend that a plethora of new so-called model-based Domain-Specific Languages (DSLs) arose. DSLs have become an integral part in the MDSD and it is obvious that models are subject to change, as well. Thus, refactoring support is required for DSLs in order to prevent users from doing it manually. The problem is that the amount of DSLs is huge and refactorings should not be implemented for new for each of them, since they are quite similar from an abstract viewing. Existing approaches abstract from the target language, which is not flexible enough because some assumptions about the languages have to be made and arbitrary DSLs are not supported. Furthermore, the relation between a strategy which finds model deficiencies that should be improved, a resolving refactoring, and the improved quality is only implicit. Focussing on a particular quality and only detecting those deficiencies deteriorating this quality is difficult, and elements of detected deficient structures cannot be referred to in the resolving refactoring. In addition, heterogeneous models in an IDE might be connected physically or logically, thus, they are dependent. Finding such connections is difficult and can hardly be achieved manually. Applying a restructuring in a model implied by a refactoring in a dependent model must also be a refactoring, in order to preserve the meaning. Thus, this kind of dependent refactorings require an appropriate abstraction mechanism, since they must be specified for dependent models of different DSLs. The first contribution, Role-Based Generic Model Refactoring, uses role models to abstract from refactorings instead of the target languages. Thus, participating structures in a refactoring can be specified generically by means of role models. As a consequence, arbitrary model-based DSLs are supported, since this approach does not make any assumptions regarding the target languages. Our second contribution, Role-Based Quality Smells, is a conceptual framework and correlates deficiencies, their deteriorated qualities, and resolving refactorings. Roles are used to abstract from the causing structures of a deficiency, which then are subject to resolving refactorings. The third contribution, Role-Based Co-Refactoring, employs the graph-logic isomorphism to detect dependencies between models. Dependent refactorings, which we call co-refactorings, are specified on the basis of roles for being independent from particular target DSLs. All introduced concepts are implemented in our tool Refactory. An evaluation in different scenarios complements the thesis. It shows that role models emerged as very powerful regarding the reuse of generic refactorings in arbitrary languages. Role models are suited as an interface for certain structures which are to be refactored, scanned for deficiencies, or co-refactored. All of the presented approaches benefit from it.

Qualitäts-bewusstes Refactoring

Co-Refactoring

heterogene Modell-Landschaften

role-based generic model refactoring

quality-aware refactoring

co-refactoring

heterogeneous model environments

ddc:000

rvk:ST 230