A Model-Driven Methodology for Developing Secure Data-Management Applications

Author

Basin, David ; Clavel, Michael ; Egea, Marina ; de Dios, Miguel A. Garcia ; Dania, Carolina

Author_Institution

ETH Zurich, Zürich, Switzerland

Volume

40

Issue

4

fYear

2014

fDate

Apr-14

Firstpage

324

Lastpage

337

Abstract

We present a novel model-driven methodology for developing secure data-management applications. System developers proceed by modeling three different views of the desired application: its data model, security model, and GUI model. These models formalize respectively the application´s data domain, authorization policy, and its graphical interface together with the application´s behavior. Afterwards a model-transformation function lifts the policy specified by the security model to the GUI model. This allows a separation of concerns where behavior and security are specified separately, and subsequently combined to generate a security-aware GUI model. Finally, a code generator generates a multi-tier application, along with all support for access control, from the security-aware GUI model. We report on applications built using our approach and the associated tool.

Keywords

authorisation; graphical user interfaces; software engineering; access control; authorization policy; code generator; data model; graphical user intefaces; model-driven methodology; model-transformation function; multitier application; secure data-management applications; security model; security-aware GUI model; Authorization; Data models; Graphical user interfaces; Syntactics; Unified modeling language; GUI models; Model-driven development; access control; model transformation; model-driven security;

fLanguage

English

Journal_Title

Software Engineering, IEEE Transactions on

Publisher

ieee

ISSN

0098-5589

Type

jour

DOI

10.1109/TSE.2013.2297116

Filename

6698396