Model-Driven Security in Practice: An Industrial Experience
In this paper we report on our experience on using the so-called model-driven security approach in an MDA industrial project. In model-driven security, “designers specify system models along with their security requirements and use tools to automatically generate system architectures from the models.” Our report includes a discussion of the languages that we used to model both the functional and the security system’s requirements, as well as a description of the transformation function that we developed to build from the security-design models the system’s access control infrastructure. The report concludes with the lessons about the feasibility and practical industrial relevance of the model-driven security approach that we learned from this experience.
KeywordsAccess Control Transformation Function Access Control Policy Test Report Authorization Constraint
Unable to display preview. Download preview PDF.
- 4.Kleppe, A., Bast, W., Warmer, J.B., Watson, A.: MDA Explained: The Model Driven Architecture–Practice and Promise. Addison-Wesley, Reading (2003)Google Scholar
- 5.Object Management Group. Object Constraint Language specification (2004), http://www.omg.org
- 6.Object Management Group. Unified Modeling Language specification (2004), http://www.uml.org