Skip to main content
Book cover

European Conference on Model Driven Architecture - Foundations and Applications

ECMDA-FA 2008: Model Driven Architecture – Foundations and Applications pp 326–337Cite as

Model-Driven Security in Practice: An Industrial Experience

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNPSE,volume 5095)

Abstract

In this paper we report on our experience on using the so-called model-driven security approach in an MDA industrial project. In model-driven security, “designers specify system models along with their security requirements and use tools to automatically generate system architectures from the models.” Our report includes a discussion of the languages that we used to model both the functional and the security system’s requirements, as well as a description of the transformation function that we developed to build from the security-design models the system’s access control infrastructure. The report concludes with the lessons about the feasibility and practical industrial relevance of the model-driven security approach that we learned from this experience.

Keywords

  • Access Control
  • Transformation Function
  • Access Control Policy
  • Test Report
  • Authorization Constraint

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Research partially supported by Spanish MEC projects TIN2005-09207-C03-03 and TIN2006-15660-C02-01, and by Comunidad de Madrid Program S-0505/TIC/0407. In addition, Christiano Braga’s and Viviane Silva’s research is supported, respectively, by the “Ramón y Cajal” and “Juan de la Cierva” Spanish MEC postdoctoral programmes, and Marina Egea’s research by a Spanish MEC predoctoral grant.

This is a preview of subscription content, access via your institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-540-69100-6_22
  • Chapter length: 12 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   99.00
Price excludes VAT (USA)
  • ISBN: 978-3-540-69100-6
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   129.00
Price excludes VAT (USA)
Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Basin, D., Clavel, M., Doser, J., Egea, M.: A metamodel-based approach for analyzing security-design models. In: Engels, G., Opdyke, B., Schmidt, D.C., Weil, F. (eds.) MODELS 2007. LNCS, vol. 4735, pp. 420–435. Springer, Heidelberg (2007)

    CrossRef  Google Scholar 

  2. Basin, D.A., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology 15(1), 39–91 (2006)

    CrossRef  Google Scholar 

  3. Ferraiolo, D.F., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for Role-Based Access Control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)

    CrossRef  Google Scholar 

  4. Kleppe, A., Bast, W., Warmer, J.B., Watson, A.: MDA Explained: The Model Driven Architecture–Practice and Promise. Addison-Wesley, Reading (2003)

    Google Scholar 

  5. Object Management Group. Object Constraint Language specification (2004), http://www.omg.org

  6. Object Management Group. Unified Modeling Language specification (2004), http://www.uml.org

Download references

Author information

Authors and Affiliations

  1. IMDEA Software Institute,  , Madrid,  

    Manuel Clavel

  2. Facultad de Informática, Universidad Complutense, Madrid,  

    Manuel Clavel, Viviane da Silva, Christiano Braga & Marina Egea

Authors
  1. Manuel Clavel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Viviane da Silva
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christiano Braga
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Marina Egea
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

    Rights and permissions

    Reprints and Permissions

    Copyright information

    © 2008 Springer-Verlag Berlin Heidelberg

    About this paper

    Cite this paper

    Clavel, M., da Silva, V., Braga, C., Egea, M. (2008). Model-Driven Security in Practice: An Industrial Experience. In: Schieferdecker, I., Hartman, A. (eds) Model Driven Architecture – Foundations and Applications. ECMDA-FA 2008. Lecture Notes in Computer Science, vol 5095. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69100-6_22

    Download citation

    • DOI: https://doi.org/10.1007/978-3-540-69100-6_22

    • Publisher Name: Springer, Berlin, Heidelberg

    • Print ISBN: 978-3-540-69095-5

    • Online ISBN: 978-3-540-69100-6

    • eBook Packages: Computer ScienceComputer Science (R0)