course 4 13 march 2019 [email protected]/scoala/2019/pe/courses/pe04.pdf · sequence...
TRANSCRIPT
From previous courses…
UML Diagrams:◦ Interactions (Sequence, Collaboration)
◦ Behaviour (States, Activities)
◦ Structure (Deployment)
C4 Model
Forward & Reverse Engineering
2
Diagrams
UML Diagrams
Use Case Diagrams
Class Diagrams
3
4
5
6
Sequence Diagram contents the sequence of actions which occur in the system, each object invocation methods, as well as the order in timein which these invocations take place
A sequence diagram is bi-dimensional◦ On the vertical axis it shows the life of the object
The lifeline of the objects (graphic: dotted line)
The activation period in which an object takes control of execution (graphic rectangle on the lifeline)
◦ The horizontal axis shows the sequence of creation orthe invocations
messages ordered in time (graphic: darts)
7
8
9
Emphasizes the structural organization of the objects participating in the interaction
It illustrates better complex ramifications, iterations and concurrent behavior
May contain:◦ Objects, classes, actors
◦ Links between them
◦ Messaging
10
11
12
State Diagrams, Activity Diagrams
Basic elements
◦ Event
◦ Action
◦ Activity
13
Contain:◦ States
◦ Transitions
14
Composite state with under state sequentially active:
15
Composite state with under state parallel active:
16
Used to model the dynamics of a process or operation
Highlights execution control from one activity to another
It is attached to:◦ A class (models an use case)
◦ A package
◦ Implementation of operations
17
18
19
Model the hardware environment where the project will work
Example: to describe a web site a deployment diagram will contain hardware components for◦ web server,
◦ server applications,
◦ server database
Software components on each of these◦ The web application
◦ Database
◦ The way in which they are connected: JDBC, REST, RMI
20
21
Package:◦ It is a logical container for elements between which we
have connections
◦ Defines a namespace
◦ All UML elements can be grouped into packages (most packages are used to group classes)
◦ A package may contain subpackages => creates a tree structure (similar to organizing files / folders)
22
Relations:◦ dependence <<access>> = privat import
◦ dependence <<import>> = public import
Both relationships allow use of elements found in the destination package by the evidence in the source package without the need of qualifying the names of items in the package destination (similar to import directive in java)
These types of diagrams are provided in class diagrams
23
Elements from Types are imported in ShoppingCart and then areimported by WebShop
Elements from Auxiliary can be accessed only from ShoppingCart and cannot be referred from WebShop
24
Divide large systems into smaller and more manageable subsystems
Allowing iterative parallel development
Defining clear interfaces between packages forcode reuse (eg. Packages for graphic interface,for enabling connection to BD, etc ...)
25
Diagrams are neither too complicated nor too simple: the goal is effective communication
Give suggestive names for components
Elements arranged so that the lines do not intersect
Try not to show too many kinds of relationships once (avoid complicated diagrams)
If necessary, make more diagrams of the same type
26
Context, Containers, Components and Code
Provides different levels of abstraction, each of
which is relevant to a different audience
Avoid ambiguity in your diagrams by including a
sufficient amount of text as well as a key/legend
for the notation you use
27
Shows the software system you are building
How it fits into the world in terms of the people who use it and the other software systems it interacts with
Colours - Systems already exist (the greyboxes) and those to be built (blue)
28
Zooms into the software system, and shows the containers (applications, data stores, microservices, etc.)
29
Zooms into an individual container to show the components inside it
30
Zoom into an individual component to show how that component is implemented
31
https://tobiashochguertel.github.io/c4-draw.io/
https://structurizr.com/express
https://www.infoq.com/articles/C4-architecture-model
https://c4model.com/
32
33
A traditional process of moving from high-level abstractions and logical to the implementation-independent designs to the physical implementation of a system
FE follows a sequence of going from requirements through designing its implementation
34
Reverse engineering (RE) is the process of discovering the technological principles of a device, object or system through analysis of its structure, function and operation
To try to make a new device or program that does the same thing without copying anything from the original
Reverse engineering has its origins in the analysis of hardware for commercial or military advantage
35
Interoperability
Lost documentation
Product analysis
Security auditing
Removal of copy protection, circumvention of access restrictions
Creation of unlicensed/unapproved duplicates
Academic/learning purposes
Curiosity
Competitive technical intelligence (understand what your competitor is actually doing versus what they say they are doing)
Learning: Learn from others mistakes36
RE1: Reverse engineering of mechanical devices
RE2: Reverse engineering of integrated
circuits/smart cards
RE3: Reverse engineering for military
applications
RE4: Reverse engineering of software
37
38
39
Rapid prototyping
FullCure materials
40
41
42
RE is an invasive and destructive form of analyzing a smart card
The attacker grinds away layer by layer of the smart card and takes pictures with an electron microscope
Engineers employ sensors to detect and prevent this attack
43
44
45
Satellite TV
Security card
Phone card
Ticket card
Bank card
46
Reverse engineering is often used by militaries in order to copy other nations' technologies, devices or information that have been obtained by regular troops in the fields or by intelligence operations
It was often used during the Second World War and the Cold War
Well-known examples from WWII and later include: rocket, missile, bombers, China has reversed many examples of US and Russian hardware, from fighter aircraft to missiles and HMMWV cars
47
US – B-29 URSS – Tupolev Tu-4
48
Chinese J-20, Black Eagle US F-22, Russian Sukhoi T-50
49
US -AIM-9 Sidewinder Soviet - Vympel K-13
50
51
52
Reverse engineering is the process of analyzing a subject system to create representations of the system at a higher level of abstraction
In practice, two main types of RE emerge: ◦ Source code is available (but it is poorly documented)
◦ There is no source code available for the software
Black box testing in software engineering has a lot in common with reverse engineering
53
54
55
public class Test
{
private int n;
private int m;
public static void main(String args[])
{
for(int i=1;i<10;i++)
System.out.println("Test");
}
}
56
Link: http://www.steike.com/code/java-reverse-engineering/
jad.exe FileName.class => FileName.jad
57
58
59
File -> Import Sources...
60
61
Forward engineering:◦ Class diagrams -> .java files (ArgoUML)
◦ .java files -> .class files (NetBeans)
Reverse engineering: ◦ .class files -> .java files (JAD Decompiler)
◦ .java files -> Class Diagrams (ArgoUML)
62
UML Diagrams:◦ Interactions
◦ Behavior
◦ Structure
C4 Model: context, container, component,
code
63
Ovidiu Gheorghieş, Course 5 IP
www.uml.org
Reverse Engineering and Design Discovery: A Taxonomy, Chikofsky, E.J. and Cross, J., January, 1990
64
DJ Java Decompiler 3.10.10.93: http://www.softpedia.com/progDownload/DJ-Java-Decompiler-Download-13481.html
Open Office: http://ro.wikipedia.org/wiki/OpenOffice.org UML Reverse Engineering for Existing Java, C# , and Visual Basic .NET Code:
http://www.altova.com/umodel/uml-reverse-engineering.html Reverse Engineering:
http://en.wikipedia.org/wiki/Reverse_engineering PROTO 3000 3D Engineering Solutions:
http://www.proto3000.com/services.aspx HAR2009: http://www.degate.org/HAR2009/ Degate: http://www.degate.org/screenshots/ Inteligent: http://www.intelligentrd.com/ Smartphones RE: http://www.cytraxsolutions.com/2011/
01/smartphones-security-and-reverse.html
65