Skip to main content
SpringerLink
Log in

Model-Driven Development of a Secure eHealth Application

  • Chapter
Engineering Secure Future Internet Services and Systems

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8431))

Abstract

We report on our use of ActionGUI to develop a secure eHealth application based on the NESSoS eHealth case study. ActionGUI is a novel model-driven methodology with an associated tool for developing secure data-management applications with three distinguishing features. First, it enables a model-based separation of concerns, where behavior and security are modeled individually and subsequently combined. Second, it supports model-based quality assurance checks, where the properties proven about the models transfer to the generated applications. Finally, for data-management applications, the ActionGUI tool automatically generates complete, ready-to-deploy, security-aware, web applications. We explain these features in the context of the eHealth application.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 16.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ActionGUI. The ActionGUI project (2013), http://www.actiongui.org

  2. Barrett, C., Stump, A., Tinelli, C.: The SMT-LIB Standard: Version 2.0. In: Gupta, A., Kroening, D. (eds.) Proceedings of the 8th International Workshop on Satisfiability Modulo Theories, Edinburgh, UK (2010)

    Google Scholar 

  3. Basin, D., Clavel, M., Egea, M., de Dios, M.A.G., Dania, C.: A model-driven methodology for developing secure data-management applications. IEEE Transactions on Software Engineering (to appear, 2014)

    Google Scholar 

  4. Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology 15(1), 39–91 (2006)

    Article  Google Scholar 

  5. Basin, D.A., Clavel, M., Egea, M.: A decade of model-driven security. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies (SACMAT 2011), Innsbruck, Austria, vol. 1998443, pp. 1–10 (2011)

    Google Scholar 

  6. Busch, M.: Integration of security aspects in web engineering. Master’s thesis, Institut für Informatik, Ludwig-Maximilians-Universität, München, Germany (2011)

    Google Scholar 

  7. Busch, M., Koch, N.: MagicUWE - a case tool plugin for modeling web applications. In: Gaedke, M., Grossniklaus, M., Díaz, O. (eds.) ICWE 2009. LNCS, vol. 5648, pp. 505–508. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  8. Dania, C., Clavel, M.: OCL2FOL+: Coping with Undefinedness. In: Cabot, J., Gogolla, M., Ráth, I., Willink, E.D. (eds.) OCL@MoDELS. CEUR Workshop Proceedings, vol. 1092, pp. 53–62. CEUR-WS.org (2013)

    Google Scholar 

  9. Ferraiolo, D.F., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)

    Article  Google Scholar 

  10. Jia, X., Steele, A., Qin, L., Liu, H., Jones, C.: Executable visual software modeling—the ZOOM approach. Software Quality Control 15, 27–51 (2007)

    Article  Google Scholar 

  11. Kroiss, C., Koch, N., Knapp, A.: UWE4JSF: A model-driven generation approach for web applications. In: Gaedke, M., Grossniklaus, M., Díaz, O. (eds.) ICWE 2009. LNCS, vol. 5648, pp. 493–496. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  12. NESSoS. The European Network of Excellence on Engineering Secure Future internet Software Services and Systems (2010), http://www.nessos-project.eu

  13. Object Management Group. Object constraint language specification version 2.3.1. Technical report, OMG (2012), http://www.omg.org/spec/OCL/2.3.1

  14. Weidenbach, C.: SPASS input syntax version 1.5 (1999)

    Google Scholar 

  15. Weidenbach, C., Dimova, D., Fietzke, A., Kumar, R., Suda, M., Wischnewski, P.: SPASS version 3.5. In: Schmidt, R.A. (ed.) CADE-22. LNCS, vol. 5663, pp. 140–145. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  16. Woodcock, J., Davies, J.: Using Z: specification, refinement, and proof. Prentice-Hall, Inc., Upper Saddle River (1996)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IMDEA Software Institute, Madrid, Spain

    Miguel A. García de Dios, Carolina Dania & Manuel Clavel

  2. ETH Zürich, Switzerland

    David Basin

Authors
  1. Miguel A. García de Dios
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Carolina Dania
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Basin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Manuel Clavel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. INKO, Software Engineering, Universität Duisburg-Essen, 47048, Duisburg, Germany

    Maritta Heisel

  2. Department of Computer Science, KU Leuven, Celestijnenlaan 200A, 3001, Heverlee, Belgium

    Wouter Joosen

  3. Computer Science Department, Network, Information and Computer Security Lab, University of Malaga, 29071, Malaga, Spain

    Javier Lopez

  4. Istituto di Informatica e Telematica (IIT), Consiglio Nazionale delle Ricerche (CNR), Via G. Moruzzi 1, 56124, Pisa, Italy

    Fabio Martinelli

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this chapter

Cite this chapter

de Dios, M.A.G., Dania, C., Basin, D., Clavel, M. (2014). Model-Driven Development of a Secure eHealth Application. In: Heisel, M., Joosen, W., Lopez, J., Martinelli, F. (eds) Engineering Secure Future Internet Services and Systems. Lecture Notes in Computer Science, vol 8431. Springer, Cham. https://doi.org/10.1007/978-3-319-07452-8_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-07452-8_4

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-07451-1

  • Online ISBN: 978-3-319-07452-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation