Title :
A Model-Driven Methodology for Developing Secure Data-Management Applications
Author :
Basin, David ; Clavel, Michael ; Egea, Marina ; de Dios, Miguel A. Garcia ; Dania, Carolina
Author_Institution :
ETH Zurich, Zürich, Switzerland
Abstract :
We present a novel model-driven methodology for developing secure data-management applications. System developers proceed by modeling three different views of the desired application: its data model, security model, and GUI model. These models formalize respectively the application´s data domain, authorization policy, and its graphical interface together with the application´s behavior. Afterwards a model-transformation function lifts the policy specified by the security model to the GUI model. This allows a separation of concerns where behavior and security are specified separately, and subsequently combined to generate a security-aware GUI model. Finally, a code generator generates a multi-tier application, along with all support for access control, from the security-aware GUI model. We report on applications built using our approach and the associated tool.
Keywords :
authorisation; graphical user interfaces; software engineering; access control; authorization policy; code generator; data model; graphical user intefaces; model-driven methodology; model-transformation function; multitier application; secure data-management applications; security model; security-aware GUI model; Authorization; Data models; Graphical user interfaces; Syntactics; Unified modeling language; GUI models; Model-driven development; access control; model transformation; model-driven security;
Journal_Title :
Software Engineering, IEEE Transactions on
DOI :
10.1109/TSE.2013.2297116
