A flexible authorization mechanism for relational data management systems
ACM Transactions on Information Systems (TOIS)
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Flexible access control policy specification with constraint logic programming
ACM Transactions on Information and System Security (TISSEC)
MAC and UML for secure software design
Proceedings of the 2004 ACM workshop on Formal methods in security engineering
A Model-Based Framework for Security Policy Specification, Deployment and Testing
MoDELS '08 Proceedings of the 11th international conference on Model Driven Engineering Languages and Systems
An Aspect-Oriented and Model-Driven Approach for Managing Dynamic Variability
MoDELS '08 Proceedings of the 11th international conference on Model Driven Engineering Languages and Systems
Using MDE to Build a Schizophrenic Middleware for Home/Building Automation
ServiceWave '08 Proceedings of the 1st European Conference on Towards a Service-Based Internet
Taming Dynamically Adaptive Systems using models and aspects
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Dynamic event-based access control as term rewriting
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Term rewriting for access control
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Weaving executability into object-oriented meta-languages
MoDELS'05 Proceedings of the 8th international conference on Model Driven Engineering Languages and Systems
Towards model-centric engineering of a dynamic access control product line
Proceedings of the 16th International Software Product Line Conference - Volume 2
Toward a model-driven access-control enforcement mechanism for pervasive systems
Proceedings of the Workshop on Model-Driven Security
MDSE@R: model-driven security engineering at runtime
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Model-driven adaptive delegation
Proceedings of the 12th annual international conference on Aspect-oriented software development
A Systematic Survey of Self-Protecting Software Systems
ACM Transactions on Autonomous and Adaptive Systems (TAAS) - Special Section on Best Papers from SEAMS 2012
Hi-index | 0.00 |
Security is a key-challenge for software engineering, especially when considering access control and software evolutions. No satisfying solution exists for maintaining the alignment of access control policies with the business logic. Current implementations of access control rely on the separation between the policy and the application code. In practice, this separation is not so strict and some rules are hard-coded within the application, making the evolution of the policy difficult. We propose a new methodology for implementing security-driven applications. From a policy defined by a security expert, we generate an architectural model, reflecting the access control policy. We leverage the advances in the models@runtime domain to keep this model synchronized with the running system. When the policy is updated, the architectural model is updated, which in turn reconfigures the running system. As a proof of concept, we apply the approach to the development of a library management system.