×

Model-driven development of security-aware GUIs for data-centric applications. (English) Zbl 1344.68069

Aldini, Alessandro (ed.) et al., Foundations of security analysis and design VI. FOSAD tutorial lectures. Berlin: Springer (ISBN 978-3-642-23081-3/pbk). Lecture Notes in Computer Science 6858, 101-124 (2011).
Summary: In this tutorial we survey a very promising instance of model-driven security: the full generation of security-aware graphical user interfaces (GUIs) from models for data-centric applications with access control policies. We describe the modeling concepts and languages employed and how model transformation can be used to automatically lift security policies from data models to GUI models. We work through a case study where we generate a security-aware GUI for a chatroom application. We also present a toolkit that supports the construction of security, data, and GUI models and generates complete, deployable, web applications from these models.
For the entire collection see [Zbl 1222.68004].

MSC:

68P25 Data encryption (aspects in computer science)
PDFBibTeX XMLCite
Full Text: DOI

References:

[1] Basin, D., Clavel, M., Egea, M.: A decade of model driven security. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies (SACMAT 2011). ACM Press, New York (2011) (invited paper, in press)
[2] Basin, D., Clavel, M., Egea, M., Schläpfer, M.: Automatic generation of smart, security-aware GUI models. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 201–217. Springer, Heidelberg (2010) · Zbl 05667790 · doi:10.1007/978-3-642-11747-3_16
[3] Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology 15(1), 39–91 (2006) · Zbl 05459499 · doi:10.1145/1125808.1125810
[4] Care Technologies. Olivanova – the programming machine (2011), http://www.care-t.com
[5] Egea, M., Dania, C., Clavel, M.: MySQL4OCL: A stored procedure-based MySQL code generator for OCL. Electronic Communications of the EASST 36 (2010)
[6] Ferraiolo, D.F., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 4(3), 224–274 (2001) · Zbl 05453940 · doi:10.1145/501978.501980
[7] Kleppe, A., Bast, W., Warmer, J.B., Watson, A.: MDA Explained: The Model Driven Architecture–Practice and Promise. Addison-Wesley, Reading (2003)
[8] Microsoft. Visual studio lightswitch (2010), http://www.microsoft.com/visualstudio/en-us/lightswitch
[9] Mohan, R., Kulkarni, V.: Model driven development of graphical user interfaces for enterprise business applications - experience, lessons learnt and a way forward. In: Schürr, A., Selic, B. (eds.) MODELS 2009. LNCS, vol. 5795, pp. 307–321. Springer, Heidelberg (2009) · Zbl 05617011 · doi:10.1007/978-3-642-04425-0_23
[10] Object Management Group. Object Constraint Language specification Version 2.2 (February 2010), OMG document, http://www.omg.org/spec/OCL/2.2
[11] Schramm, A., Preußner, A., Heinrich, M., Vogel, L.: Rapid UI development for enterprise applications: Combining manual and model-driven techniques. In: Petriu, D.C., Rouquette, N., Haugen, Ø. (eds.) MODELS 2010. LNCS, vol. 6394, pp. 271–285. Springer, Heidelberg (2010) · Zbl 05827701 · doi:10.1007/978-3-642-16145-2_19
[12] Web Models Company. Web ratio – you think, you get (2010), http://www.webratio.com
This reference list is based on information provided by the publisher or from digital mathematics libraries. Its items are heuristically matched to zbMATH identifiers and may contain data conversion errors. In some cases that data have been complemented/enhanced by data from zbMATH Open. This attempts to reflect the references listed in the original paper as accurately as possible without claiming completeness or a perfect matching.