Model-Driven Security in Practice: An Industrial Experience

Authors:
Manuel Clavel;Viviane Silva;Christiano Braga;Marina Egea
Affiliations:
IMDEA Software Institute, , Madrid, and Facultad de Informática, Universidad Complutense, Madrid,;Facultad de Informática, Universidad Complutense, Madrid,;Facultad de Informática, Universidad Complutense, Madrid,;Facultad de Informática, Universidad Complutense, Madrid,
Venue:
ECMDA-FA '08 Proceedings of the 4th European conference on Model Driven Architecture: Foundations and Applications
Year:
2008

Citing 4
Cited 6

Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
MDA Explained: The Model Driven Architecture: Practice and Promise

MDA Explained: The Model Driven Architecture: Practice and Promise
Model driven security: From UML models to access control infrastructures

ACM Transactions on Software Engineering and Methodology (TOSEM)
A metamodel-based approach for analyzing security-design models

MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems

From Access Control Policies to an Aspect-Based Infrastructure: A Metamodel-Based Approach

Models in Software Engineering
Engineering secure future internet services

The future internet
A decade of model-driven security

Proceedings of the 16th ACM symposium on Access control models and technologies
A transformation contract to generate aspects from access control policies

Software and Systems Modeling (SoSyM)
Modeling norms in multi-agent systems with NormML

COIN@AAMAS'10 Proceedings of the 6th international conference on Coordination, organizations, institutions, and norms in agent systems
Not Ready for Prime Time: A Survey on Security in Model Driven Development

International Journal of Secure Software Engineering

Quantified Score

Hi-index	0.01

Visualization

Abstract

In this paper we report on our experience on using the so-called model-driven security approach in an MDA industrial project. In model-driven security, "designers specify system models along with their security requirements and use tools to automatically generate system architectures from the models." Our report includes a discussion of the languages that we used to model both the functional and the security system's requirements, as well as a description of the transformation function that we developed to build from the security-design models the system's access control infrastructure. The report concludes with the lessons about the feasibility and practical industrial relevance of the model-driven security approach that we learned from this experience.