Model-Driven Development of a Secure eHealth Application

  • Miguel A. García de Dios
  • Carolina Dania
  • David Basin
  • Manuel Clavel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8431)


We report on our use of ActionGUI to develop a secure eHealth application based on the NESSoS eHealth case study. ActionGUI is a novel model-driven methodology with an associated tool for developing secure data-management applications with three distinguishing features. First, it enables a model-based separation of concerns, where behavior and security are modeled individually and subsequently combined. Second, it supports model-based quality assurance checks, where the properties proven about the models transfer to the generated applications. Finally, for data-management applications, the ActionGUI tool automatically generates complete, ready-to-deploy, security-aware, web applications. We explain these features in the context of the eHealth application.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    ActionGUI. The ActionGUI project (2013),
  2. 2.
    Barrett, C., Stump, A., Tinelli, C.: The SMT-LIB Standard: Version 2.0. In: Gupta, A., Kroening, D. (eds.) Proceedings of the 8th International Workshop on Satisfiability Modulo Theories, Edinburgh, UK (2010)Google Scholar
  3. 3.
    Basin, D., Clavel, M., Egea, M., de Dios, M.A.G., Dania, C.: A model-driven methodology for developing secure data-management applications. IEEE Transactions on Software Engineering (to appear, 2014)Google Scholar
  4. 4.
    Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology 15(1), 39–91 (2006)CrossRefGoogle Scholar
  5. 5.
    Basin, D.A., Clavel, M., Egea, M.: A decade of model-driven security. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies (SACMAT 2011), Innsbruck, Austria, vol. 1998443, pp. 1–10 (2011)Google Scholar
  6. 6.
    Busch, M.: Integration of security aspects in web engineering. Master’s thesis, Institut für Informatik, Ludwig-Maximilians-Universität, München, Germany (2011)Google Scholar
  7. 7.
    Busch, M., Koch, N.: MagicUWE - a case tool plugin for modeling web applications. In: Gaedke, M., Grossniklaus, M., Díaz, O. (eds.) ICWE 2009. LNCS, vol. 5648, pp. 505–508. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Dania, C., Clavel, M.: OCL2FOL+: Coping with Undefinedness. In: Cabot, J., Gogolla, M., Ráth, I., Willink, E.D. (eds.) OCL@MoDELS. CEUR Workshop Proceedings, vol. 1092, pp. 53–62. (2013)Google Scholar
  9. 9.
    Ferraiolo, D.F., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)CrossRefGoogle Scholar
  10. 10.
    Jia, X., Steele, A., Qin, L., Liu, H., Jones, C.: Executable visual software modeling—the ZOOM approach. Software Quality Control 15, 27–51 (2007)CrossRefGoogle Scholar
  11. 11.
    Kroiss, C., Koch, N., Knapp, A.: UWE4JSF: A model-driven generation approach for web applications. In: Gaedke, M., Grossniklaus, M., Díaz, O. (eds.) ICWE 2009. LNCS, vol. 5648, pp. 493–496. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    NESSoS. The European Network of Excellence on Engineering Secure Future internet Software Services and Systems (2010),
  13. 13.
    Object Management Group. Object constraint language specification version 2.3.1. Technical report, OMG (2012),
  14. 14.
    Weidenbach, C.: SPASS input syntax version 1.5 (1999)Google Scholar
  15. 15.
    Weidenbach, C., Dimova, D., Fietzke, A., Kumar, R., Suda, M., Wischnewski, P.: SPASS version 3.5. In: Schmidt, R.A. (ed.) CADE-22. LNCS, vol. 5663, pp. 140–145. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  16. 16.
    Woodcock, J., Davies, J.: Using Z: specification, refinement, and proof. Prentice-Hall, Inc., Upper Saddle River (1996)zbMATHGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Miguel A. García de Dios
    • 1
  • Carolina Dania
    • 1
  • David Basin
    • 2
  • Manuel Clavel
    • 1
  1. 1.IMDEA Software InstituteMadridSpain
  2. 2.ETH ZürichSwitzerland

Personalised recommendations