Abstract
In this paper we report on our experience on using the so-called model-driven security approach in an MDA industrial project. In model-driven security, “designers specify system models along with their security requirements and use tools to automatically generate system architectures from the models.” Our report includes a discussion of the languages that we used to model both the functional and the security system’s requirements, as well as a description of the transformation function that we developed to build from the security-design models the system’s access control infrastructure. The report concludes with the lessons about the feasibility and practical industrial relevance of the model-driven security approach that we learned from this experience.
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Research partially supported by Spanish MEC projects TIN2005-09207-C03-03 and TIN2006-15660-C02-01, and by Comunidad de Madrid Program S-0505/TIC/0407. In addition, Christiano Braga’s and Viviane Silva’s research is supported, respectively, by the “Ramón y Cajal” and “Juan de la Cierva” Spanish MEC postdoctoral programmes, and Marina Egea’s research by a Spanish MEC predoctoral grant.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Basin, D., Clavel, M., Doser, J., Egea, M.: A metamodel-based approach for analyzing security-design models. In: Engels, G., Opdyke, B., Schmidt, D.C., Weil, F. (eds.) MODELS 2007. LNCS, vol. 4735, pp. 420–435. Springer, Heidelberg (2007)
Basin, D.A., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology 15(1), 39–91 (2006)
Ferraiolo, D.F., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for Role-Based Access Control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)
Kleppe, A., Bast, W., Warmer, J.B., Watson, A.: MDA Explained: The Model Driven Architecture–Practice and Promise. Addison-Wesley, Reading (2003)
Object Management Group. Object Constraint Language specification (2004), http://www.omg.org
Object Management Group. Unified Modeling Language specification (2004), http://www.uml.org
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Clavel, M., da Silva, V., Braga, C., Egea, M. (2008). Model-Driven Security in Practice: An Industrial Experience. In: Schieferdecker, I., Hartman, A. (eds) Model Driven Architecture – Foundations and Applications. ECMDA-FA 2008. Lecture Notes in Computer Science, vol 5095. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69100-6_22
Download citation
DOI: https://doi.org/10.1007/978-3-540-69100-6_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69095-5
Online ISBN: 978-3-540-69100-6
eBook Packages: Computer ScienceComputer Science (R0)