Model-Driven Development Meets Security: An Evaluation of Current Approaches

Although our society is critically dependent on software systems, these systems are mainly secured by protection mechanisms during operation instead of considering security issues during software design. Deficiencies in software design are the main reasons for security incidents, resulting in severe economic consequences for (i) the organizations using the software and (ii) the development companies. Lately, model-driven development has been proposed in order to increase the quality and thereby the security of software systems. This paper evaluates current efforts that position security as a fundamental element in model-driven development, highlights their deficiencies and identifies current research challenges. The evaluation shows that applying special-purpose methods to particular aspects of the problem is more suitable than applying generic ones, since (i) the problem can be represented on the proper abstraction level, (ii) the user can build on the knowledge of experts, and (iii) the available tools are more efficient and powerful.