Abstract
In many software applications, users access application data using graphical user interfaces (GUIs). There is an important, but little explored, link between visualization and security: when the application data is protected by an access control policy, the GUI should be aware of this and respect the policy. For example, the GUI should not display options to users for actions that they are not authorized to execute on application data. Taking this idea one step further, the application GUI should not just be security-aware, it should also be smart. For example, the GUI should not display options to users for opening other widgets when these widgets will only display options for actions that the users are not authorized to execute on application data. We establish this link between visualization and security using a model-driven development approach. Namely, we define and implement a many-models-to-model transformation that, given a security-design model and a GUI model, makes the GUI model both security-aware and smart.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Basin, D., Clavel, M., Doser, J., Egea, M.: Automated analysis of security-design models. Information and Software Technology 51(5), 815–831 (2009)
Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology 15(1), 39–91 (2006)
Blankenhorn, K., Walter, W.: Extending UML to GUI modeling (2004), http://www.bitfolge.de/pubs/MC2004_Poster_Blankenhorn.pdf
TATA Research Development and Design Center. Heavyweight extension of UML for GUI modeling: A template based approach (2001), http://www.omg.org/news/meetings/workshops/presentations/uml2001_presentations/10-2_Venkatesh_typesasStereotypes.pdf
Ferraiolo, D.F., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for Role-Based access control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)
Fox, J., Jürjens, J.: Introducing security aspects with model transformations. In: 12th IEEE International Conference on the Engineering of Computer-Based Systems (ECBS 2005), Greenbelt, MD, USA, April 4-7, pp. 543–549 (2005)
BM1 Software Group. The SmartGUI Project (2009), http://www.bm1software.com/
Jelinek, J., Slavik, P.: GUI generation from annotated source code. In: TAMODIA 2004: Proceedings of the 3rd annual Conference on Task Models and Diagrams, pp. 129–136. ACM, New York (2004)
Marschall, F., Braun, P.: Model transformations for the MDA with BOTL. Technical report, University of Twente (2003)
Marschall, F., Braun, P.: Bidirectional object oriented transformation language (2005), http://sourceforge.net/projects/botl/
Ogura, M., Mineno, H., Ishikaw, N., Osano, T., Mizuno, T.: Automatic GUI Generation for Meta-data Based PUCC Sensor Gateway. In: Lovrek, I., Howlett, R.J., Jain, L.C. (eds.) KES 2008, Part III. LNCS (LNAI), vol. 5179, pp. 159–166. Springer, Heidelberg (2008)
Schläpfer, M., Egea, M., Basin, D., Clavel, M.: Automatic generation of security-aware GUI models. In: Bagnato, A. (ed.) European Workshop on Security in Model Driven Arquitecture 2009 (SEC-MDA 2009). Workshop Proceedings Series, vol. WP09-06, pp. 42–56. CTIT, Enschede (2009)
Yie, A., Casallas, R., Deridder, D., Van Der Straeten, R.: Multi-step concern refinement. In: EA 2008: Proceedings of the 2008 AOSD workshop on Early aspects, pp. 1–8. ACM, New York (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Basin, D., Clavel, M., Egea, M., Schläpfer, M. (2010). Automatic Generation of Smart, Security-Aware GUI Models. In: Massacci, F., Wallach, D., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2010. Lecture Notes in Computer Science, vol 5965. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11747-3_16
Download citation
DOI: https://doi.org/10.1007/978-3-642-11747-3_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11746-6
Online ISBN: 978-3-642-11747-3
eBook Packages: Computer ScienceComputer Science (R0)