Skip to main content
SpringerLink
Log in

Automatic Generation of Smart, Security-Aware GUI Models

  • Conference paper
Engineering Secure Software and Systems (ESSoS 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5965))

Included in the following conference series:

Abstract

In many software applications, users access application data using graphical user interfaces (GUIs). There is an important, but little explored, link between visualization and security: when the application data is protected by an access control policy, the GUI should be aware of this and respect the policy. For example, the GUI should not display options to users for actions that they are not authorized to execute on application data. Taking this idea one step further, the application GUI should not just be security-aware, it should also be smart. For example, the GUI should not display options to users for opening other widgets when these widgets will only display options for actions that the users are not authorized to execute on application data. We establish this link between visualization and security using a model-driven development approach. Namely, we define and implement a many-models-to-model transformation that, given a security-design model and a GUI model, makes the GUI model both security-aware and smart.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Basin, D., Clavel, M., Doser, J., Egea, M.: Automated analysis of security-design models. Information and Software Technology 51(5), 815–831 (2009)

    Article  Google Scholar 

  2. Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology 15(1), 39–91 (2006)

    Article  Google Scholar 

  3. Blankenhorn, K., Walter, W.: Extending UML to GUI modeling (2004), http://www.bitfolge.de/pubs/MC2004_Poster_Blankenhorn.pdf

  4. TATA Research Development and Design Center. Heavyweight extension of UML for GUI modeling: A template based approach (2001), http://www.omg.org/news/meetings/workshops/presentations/uml2001_presentations/10-2_Venkatesh_typesasStereotypes.pdf

  5. Ferraiolo, D.F., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for Role-Based access control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)

    Article  Google Scholar 

  6. Fox, J., Jürjens, J.: Introducing security aspects with model transformations. In: 12th IEEE International Conference on the Engineering of Computer-Based Systems (ECBS 2005), Greenbelt, MD, USA, April 4-7, pp. 543–549 (2005)

    Google Scholar 

  7. BM1 Software Group. The SmartGUI Project (2009), http://www.bm1software.com/

  8. Jelinek, J., Slavik, P.: GUI generation from annotated source code. In: TAMODIA 2004: Proceedings of the 3rd annual Conference on Task Models and Diagrams, pp. 129–136. ACM, New York (2004)

    Chapter  Google Scholar 

  9. Marschall, F., Braun, P.: Model transformations for the MDA with BOTL. Technical report, University of Twente (2003)

    Google Scholar 

  10. Marschall, F., Braun, P.: Bidirectional object oriented transformation language (2005), http://sourceforge.net/projects/botl/

  11. Ogura, M., Mineno, H., Ishikaw, N., Osano, T., Mizuno, T.: Automatic GUI Generation for Meta-data Based PUCC Sensor Gateway. In: Lovrek, I., Howlett, R.J., Jain, L.C. (eds.) KES 2008, Part III. LNCS (LNAI), vol. 5179, pp. 159–166. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  12. Schläpfer, M., Egea, M., Basin, D., Clavel, M.: Automatic generation of security-aware GUI models. In: Bagnato, A. (ed.) European Workshop on Security in Model Driven Arquitecture 2009 (SEC-MDA 2009). Workshop Proceedings Series, vol. WP09-06, pp. 42–56. CTIT, Enschede (2009)

    Google Scholar 

  13. Yie, A., Casallas, R., Deridder, D., Van Der Straeten, R.: Multi-step concern refinement. In: EA 2008: Proceedings of the 2008 AOSD workshop on Early aspects, pp. 1–8. ACM, New York (2008)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ETH Zürich, Switzerland

    David Basin, Marina Egea & Michael Schläpfer

  2. IMDEA Software Institute, Madrid, Spain

    Manuel Clavel

  3. Universidad Complutense de Madrid, Spain

    Manuel Clavel

Authors
  1. David Basin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Manuel Clavel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marina Egea
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Michael Schläpfer
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento Ingegneria e Scienza dell’Informazione, Università di Trento, Via Sommarive 14, 38050, Povo (Trento), Italy

    Fabio Massacci

  2. Department of Computer Science, Rice University, 3122 Duncan Hall, 6100 Main Street, TX 77005, Houston, USA

    Dan Wallach

  3. Faculty of Mathematics and Computer Science, Eindhoven University of Technology, Den Dolech 2, 5612, Eindhoven, AZ, The Netherlands

    Nicola Zannone

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Basin, D., Clavel, M., Egea, M., Schläpfer, M. (2010). Automatic Generation of Smart, Security-Aware GUI Models. In: Massacci, F., Wallach, D., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2010. Lecture Notes in Computer Science, vol 5965. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11747-3_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-11747-3_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-11746-6

  • Online ISBN: 978-3-642-11747-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation