Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
MDA Explained: The Model Driven Architecture: Practice and Promise
MDA Explained: The Model Driven Architecture: Practice and Promise
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
A metamodel-based approach for analyzing security-design models
MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems
From Access Control Policies to an Aspect-Based Infrastructure: A Metamodel-Based Approach
Models in Software Engineering
Engineering secure future internet services
The future internet
A decade of model-driven security
Proceedings of the 16th ACM symposium on Access control models and technologies
A transformation contract to generate aspects from access control policies
Software and Systems Modeling (SoSyM)
Modeling norms in multi-agent systems with NormML
COIN@AAMAS'10 Proceedings of the 6th international conference on Coordination, organizations, institutions, and norms in agent systems
Not Ready for Prime Time: A Survey on Security in Model Driven Development
International Journal of Secure Software Engineering
Hi-index | 0.01 |
In this paper we report on our experience on using the so-called model-driven security approach in an MDA industrial project. In model-driven security, "designers specify system models along with their security requirements and use tools to automatically generate system architectures from the models." Our report includes a discussion of the languages that we used to model both the functional and the security system's requirements, as well as a description of the transformation function that we developed to build from the security-design models the system's access control infrastructure. The report concludes with the lessons about the feasibility and practical industrial relevance of the model-driven security approach that we learned from this experience.