Convergent Architecture: Building Model-Driven J2EE Systems with UML (OMG Press)
Convergent Architecture: Building Model-Driven J2EE Systems with UML (OMG Press)
Formal Security Analysis with Interacting State Machines
ESORICS '02 Proceedings of the 7th European Symposium on Research in Computer Security
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
UML-Based Representation of Role-Based Access Control
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Role-Based Authorization Constraints Specification Using Object Constraint Language
WETICE '01 Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Model driven security for process-oriented systems
Proceedings of the eighth ACM symposium on Access control models and technologies
Model Driven Security: Unification of Authorization Models for Fine-Grain Access Control
EDOC '03 Proceedings of the 7th International Conference on Enterprise Distributed Object Computing
Introducing Security Aspects with Model Transformations
ECBS '05 Proceedings of the 12th IEEE International Conference and Workshops on Engineering of Computer-Based Systems
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
A framework for security requirements engineering
Proceedings of the 2006 international workshop on Software engineering for secure systems
Model driven development of secure XML databases
ACM SIGMOD Record
Verifying a signature architecture: a comparative case study
Formal Aspects of Computing
Developing secure data warehouses with a UML extension
Information Systems
Model based development of access policies
International Journal on Software Tools for Technology Transfer (STTT)
A Model-Driven Framework for Trusted Computing Based Systems
EDOC '07 Proceedings of the 11th IEEE International Enterprise Distributed Object Computing Conference
Synthesising verified access control systems through model checking
Journal of Computer Security
Constraint based role based access control in the SECTET-framework: A model-driven approach
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Proceedings of the 2008 AOSD workshop on Early aspects
Model-Driven Security in Practice: An Industrial Experience
ECMDA-FA '08 Proceedings of the 4th European conference on Model Driven Architecture: Foundations and Applications
Enforcing Role-Based Access Control Policies in Web Services with UML and OCL
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Automated analysis of security-design models
Information and Software Technology
Model-driven business process security requirement specification
Journal of Systems Architecture: the EUROMICRO Journal
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
SSG: a model-based development environment for smart, security-aware GUIs
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
Specification and validation of authorisation constraints using UML and OCL
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Evaluating access control policies through model checking
ISC'05 Proceedings of the 8th international conference on Information Security
Automatic generation of smart, security-aware GUI models
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
A metamodel-based approach for analyzing security-design models
MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems
Model-driven development of security-aware GUIs for data-centric applications
Foundations of security analysis and design VI
Formal enforcement and management of obligation policies
Data & Knowledge Engineering
Recovering role-based access control security models from dynamic web applications
ICWE'12 Proceedings of the 12th international conference on Web Engineering
Not Ready for Prime Time: A Survey on Security in Model Driven Development
International Journal of Secure Software Engineering
| Hi-index | 0.00 |
In model-driven development, system designs are specified using graphical modeling languages like UML and system artifacts such as code and configuration data are automatically generated from the models. Model-driven security is a specialization of this paradigm, where system designs are modeled together with their security requirements and security infrastructures are directly generated from the models. Over the past decade, we have explored different facets of model-driven security. This research includes different modeling languages, code generators, model analysis tools, and even model transformations. For example, in multi-tier systems, we used model transformations to transform a security policy, formulated for a system's data model, to a security policy governing the behavior of the system's graphical user interface. In this paper, we survey progress made, tool support, and case studies, which attest to the flexibility and power of such a multi-faceted approach to building secure systems.