Advertisement

Model-Driven Security in Practice: An Industrial Experience

  • Manuel Clavel
  • Viviane da Silva
  • Christiano Braga
  • Marina Egea
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5095)

Abstract

In this paper we report on our experience on using the so-called model-driven security approach in an MDA industrial project. In model-driven security, “designers specify system models along with their security requirements and use tools to automatically generate system architectures from the models.” Our report includes a discussion of the languages that we used to model both the functional and the security system’s requirements, as well as a description of the transformation function that we developed to build from the security-design models the system’s access control infrastructure. The report concludes with the lessons about the feasibility and practical industrial relevance of the model-driven security approach that we learned from this experience.

Keywords

Access Control Transformation Function Access Control Policy Test Report Authorization Constraint 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Basin, D., Clavel, M., Doser, J., Egea, M.: A metamodel-based approach for analyzing security-design models. In: Engels, G., Opdyke, B., Schmidt, D.C., Weil, F. (eds.) MODELS 2007. LNCS, vol. 4735, pp. 420–435. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Basin, D.A., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology 15(1), 39–91 (2006)CrossRefGoogle Scholar
  3. 3.
    Ferraiolo, D.F., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for Role-Based Access Control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)CrossRefGoogle Scholar
  4. 4.
    Kleppe, A., Bast, W., Warmer, J.B., Watson, A.: MDA Explained: The Model Driven Architecture–Practice and Promise. Addison-Wesley, Reading (2003)Google Scholar
  5. 5.
    Object Management Group. Object Constraint Language specification (2004), http://www.omg.org
  6. 6.
    Object Management Group. Unified Modeling Language specification (2004), http://www.uml.org

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Manuel Clavel
    • 1
    • 2
  • Viviane da Silva
    • 2
  • Christiano Braga
    • 2
  • Marina Egea
    • 2
  1. 1.IMDEA Software Institute Madrid 
  2. 2.Facultad de InformáticaUniversidad ComplutenseMadrid 

Personalised recommendations