The Unified Modeling Language reference manual
The Unified Modeling Language reference manual
The specification and enforcement of authorization constraints in workflow management systems
ACM Transactions on Information and System Security (TISSEC) - Special issue on role-based access control
Enterprise JavaBeans
On the increasing importance of constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Towards a UML based approach to role engineering
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Java Servlet Programming
Convergent Architecture: Building Model-Driven J2EE Systems with UML (OMG Press)
Convergent Architecture: Building Model-Driven J2EE Systems with UML (OMG Press)
Model Driven Architecture: Applying MDA to Enterprise Computing
Model Driven Architecture: Applying MDA to Enterprise Computing
An Authorization Model for Workflows
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Secure role-based workflow models
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Preventing information leakage within workflows that execute among competing organizations
Journal of Systems and Software - Special issue: Software engineering education and training
DPE/PAC: decentralized process engine with product access control
Journal of Systems and Software
Requirements traceability to support evolution of access control
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
EUROMICRO '05 Proceedings of the 31st EUROMICRO Conference on Software Engineering and Advanced Applications
Integrating security policies via Container Portable Interceptors
ARM '05 Proceedings of the 4th workshop on Reflective and adaptive middleware systems
Information flow property preserving transformation of UML interaction diagrams
Proceedings of the eleventh ACM symposium on Access control models and technologies
Visual security protocol modeling
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Communications of the ACM - Privacy and security in highly dynamic systems
ACM-SE 45 Proceedings of the 45th annual southeast regional conference
A formalism for visual security protocol modeling
Journal of Visual Languages and Computing
Security services provision for telematic services at the knowledge and information society
EATIS '07 Proceedings of the 2007 Euro American conference on Telematics and information systems
Use of web service orchestration strategies in operations on digital democracy platform
EATIS '07 Proceedings of the 2007 Euro American conference on Telematics and information systems
UMLtrust: towards developing trust-aware software
Proceedings of the 2008 ACM symposium on Applied computing
Task-based entailment constraints for basic workflow patterns
Proceedings of the 13th ACM symposium on Access control models and technologies
A Comparison of Standard Compliant Ways to Define Domain Specific Languages
Models in Software Engineering
Modeling and analysis of procedural security in (e)voting: the Trentino's approach and experiences
EVT'08 Proceedings of the conference on Electronic voting technology
Automated analysis of security-design models
Information and Software Technology
Editorial: Model-Driven Development for secure information systems
Information and Software Technology
Model-driven business process security requirement specification
Journal of Systems Architecture: the EUROMICRO Journal
CAiSE '09 Proceedings of the 21st International Conference on Advanced Information Systems Engineering
Reusable security use cases for mobile grid environments
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
A transformation approach for security enhanced business processes
SE '08 Proceedings of the IASTED International Conference on Software Engineering
Analysis of Secure Mobile Grid Systems: A systematic approach
Information and Software Technology
A systematic review of security requirements engineering
Computer Standards & Interfaces
Deriving XACML policies from business process models
WISE'07 Proceedings of the 2007 international conference on Web information systems engineering
Modeling of task-based authorization constraints in BPMN
BPM'07 Proceedings of the 5th international conference on Business process management
An approach for implementation of RBAC models with context constraint to business process systems
ACOS'06 Proceedings of the 5th WSEAS international conference on Applied computer science
Systematic design of secure Mobile Grid systems
Journal of Network and Computer Applications
Procedural security analysis: A methodological approach
Journal of Systems and Software
A decade of model-driven security
Proceedings of the 16th ACM symposium on Access control models and technologies
Challenges in model-based evolution and merging of access control policies
Proceedings of the 12th International Workshop on Principles of Software Evolution and the 7th annual ERCIM Workshop on Software Evolution
Tool support for UML-based specification and verification of role-based access control properties
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Capturing security requirements in business processes through a UML 2.0 activity diagrams profile
CoMoGIS'06 Proceedings of the 2006 international conference on Advances in Conceptual Modeling: theory and practice
Development and runtime support for situation-aware security in autonomic computing
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Towards a comprehensive framework for secure systems development
CAiSE'06 Proceedings of the 18th international conference on Advanced Information Systems Engineering
Explicit architectural policies to satisfy NFRs using COTS
MoDELS'05 Proceedings of the 2005 international conference on Satellite Events at the MoDELS
Model driven security for inter-organizational workflows in e-government
TCGOV'05 Proceedings of the 2005 international conference on E-Government: towards Electronic Democracy
A security-focused engineering process for systems of embedded components
Proceedings of the International Workshop on Security and Dependability for Resource Constrained Embedded Systemss
Dynamic enforcement of abstract separation of duty constraints
ACM Transactions on Information and System Security (TISSEC)
Secure by Design: Developing Secure Software Systems from the Ground Up
International Journal of Secure Software Engineering
Not Ready for Prime Time: A Survey on Security in Model Driven Development
International Journal of Secure Software Engineering
Information and Software Technology
| Hi-index | 0.00 |
Model Driven Architecture is an approach to increasing the quality of complex software systems based on creating high-level system models and automatically generating system architectures from the models. We show how this paradigm can be specialized to what we call Model Driven Security. In our specialization, a designer builds a system model along with security requirements, and automatically generates from this a complete, configured security infrastructure.We propose a modular approach to constructing modeling languages supporting this process, which combines languages for modeling system design with languages for modeling security. We present an application to constructing systems from process models, where we combine a UML-based process design language with a security modeling language for formalizing access control requirements. From models in the combined language, we automatically generate security architectures for distributed applications.