Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
GUI generation from annotated source code
TAMODIA '04 Proceedings of the 3rd annual conference on Task models and diagrams
Introducing Security Aspects with Model Transformations
ECBS '05 Proceedings of the 12th IEEE International Conference and Workshops on Engineering of Computer-Based Systems
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Proceedings of the 2008 AOSD workshop on Early aspects
Automatic GUI Generation for Meta-data Based PUCC Sensor Gateway
KES '08 Proceedings of the 12th international conference on Knowledge-Based Intelligent Information and Engineering Systems, Part III
Automated analysis of security-design models
Information and Software Technology
SSG: a model-based development environment for smart, security-aware GUIs
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
A decade of model-driven security
Proceedings of the 16th ACM symposium on Access control models and technologies
Model-driven development of security-aware GUIs for data-centric applications
Foundations of security analysis and design VI
Towards model-driven development of access control policies for web applications
Proceedings of the Workshop on Model-Driven Security
Hi-index | 0.00 |
In many software applications, users access application data using graphical user interfaces (GUIs). There is an important, but little explored, link between visualization and security: when the application data is protected by an access control policy, the GUI should be aware of this and respect the policy. For example, the GUI should not display options to users for actions that they are not authorized to execute on application data. Taking this idea one step further, the application GUI should not just be security-aware, it should also be smart. For example, the GUI should not display options to users for opening other widgets when these widgets will only display options for actions that the users are not authorized to execute on application data. We establish this link between visualization and security using a model-driven development approach. Namely, we define and implement a many-models-to-model transformation that, given a security-design model and a GUI model, makes the GUI model both security-aware and smart.