Automatic generation of smart, security-aware GUI models

Authors:
David Basin;Manuel Clavel;Marina Egea;Michael Schläpfer
Affiliations:
ETH Zürich, Switzerland;IMDEA Software Institute, Madrid, Spain;ETH Zürich, Switzerland;ETH Zürich, Switzerland
Venue:
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Year:
2010

Citing 7
Cited 4

Proposed NIST standard for role-based access control

ACM Transactions on Information and System Security (TISSEC)
GUI generation from annotated source code

TAMODIA '04 Proceedings of the 3rd annual conference on Task models and diagrams
Introducing Security Aspects with Model Transformations

ECBS '05 Proceedings of the 12th IEEE International Conference and Workshops on Engineering of Computer-Based Systems
Model driven security: From UML models to access control infrastructures

ACM Transactions on Software Engineering and Methodology (TOSEM)
Multi-step concern refinement

Proceedings of the 2008 AOSD workshop on Early aspects
Automatic GUI Generation for Meta-data Based PUCC Sensor Gateway

KES '08 Proceedings of the 12th international conference on Knowledge-Based Intelligent Information and Engineering Systems, Part III
Automated analysis of security-design models

Information and Software Technology

SSG: a model-based development environment for smart, security-aware GUIs

Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
A decade of model-driven security

Proceedings of the 16th ACM symposium on Access control models and technologies
Model-driven development of security-aware GUIs for data-centric applications

Foundations of security analysis and design VI
Towards model-driven development of access control policies for web applications

Proceedings of the Workshop on Model-Driven Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

In many software applications, users access application data using graphical user interfaces (GUIs). There is an important, but little explored, link between visualization and security: when the application data is protected by an access control policy, the GUI should be aware of this and respect the policy. For example, the GUI should not display options to users for actions that they are not authorized to execute on application data. Taking this idea one step further, the application GUI should not just be security-aware, it should also be smart. For example, the GUI should not display options to users for opening other widgets when these widgets will only display options for actions that the users are not authorized to execute on application data. We establish this link between visualization and security using a model-driven development approach. Namely, we define and implement a many-models-to-model transformation that, given a security-design model and a GUI model, makes the GUI model both security-aware and smart.