A cookbook for using the model-view controller user interface paradigm in Smalltalk-80
Journal of Object-Oriented Programming
Constraints for role-based access control
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
The Unified Modeling Language reference manual
The Unified Modeling Language reference manual
On the increasing importance of constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
The RSL99 language for role-based separation of duty constraints
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Towards a UML based approach to role engineering
RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Role-based authorization constraints specification
ACM Transactions on Information and System Security (TISSEC)
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
C# Com+ Programming
Java Servlet Programming
Enterprise JavaBeans
Convergent Architecture: Building Model-Driven J2EE Systems with UML (OMG Press)
Convergent Architecture: Building Model-Driven J2EE Systems with UML (OMG Press)
Model Driven Architecture: Applying MDA to Enterprise Computing
Model Driven Architecture: Applying MDA to Enterprise Computing
Towards Development of Secure Systems Using UMLsec
FASE '01 Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering
A Comparison of Statecharts Variants
ProCoS Proceedings of the Third International Symposium Organized Jointly with the Working Group Provably Correct Systems on Formal Techniques in Real-Time and Fault-Tolerant Systems
UML-Based Representation of Role-Based Access Control
WETICE '00 Proceedings of the 9th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
Role-Based Authorization Constraints Specification Using Object Constraint Language
WETICE '01 Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
A Relational Approach to Defining Transformations in a Metamodel
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Specifying and analyzing security automata using CSP-OZ
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
A risk-driven security analysis method and modelling language
BT Technology Journal
Security risk mitigation for information systems
BT Technology Journal
Engineering Trust Management into Software Models
MISE '07 Proceedings of the International Workshop on Modeling in Software Engineering
Computer-aided Support for Secure Tropos
Automated Software Engineering
Towards the development of a rigorous model-driven domain-specific software engineering environment
ACST'07 Proceedings of the third conference on IASTED International Conference: Advances in Computer Science and Technology
From security patterns to implementation using petri nets
Proceedings of the fourth international workshop on Software engineering for secure systems
Journal of Systems and Software
Proceedings of the 2008 AOSD workshop on Early aspects
AFPL, an Abstract Language Model for Firewall ACLs
ICCSA '08 Proceedings of the international conference on Computational Science and Its Applications, Part II
Model-Driven Security in Practice: An Industrial Experience
ECMDA-FA '08 Proceedings of the 4th European conference on Model Driven Architecture: Foundations and Applications
Proceedings of the 4th ACM workshop on Quality of protection
A formal security policy for xenon
Proceedings of the 6th ACM workshop on Formal methods in security engineering
Towards the development of privacy-aware systems
Information and Software Technology
A Model-Driven Approach for the Specification and Analysis of Access Control Policies
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Automated analysis of security-design models
Information and Software Technology
An aspect-oriented methodology for designing secure applications
Information and Software Technology
Model-Based Development of firewall rule sets: Diagnosing model inconsistencies
Information and Software Technology
Editorial: Model-Driven Development for secure information systems
Information and Software Technology
From Formal Access Control Policies to Runtime Enforcement Aspects
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
From Access Control Policies to an Aspect-Based Infrastructure: A Metamodel-Based Approach
Models in Software Engineering
Extending access control models with break-glass
Proceedings of the 14th ACM symposium on Access control models and technologies
A verification framework for access control in dynamic web applications
C3S2E '09 Proceedings of the 2nd Canadian Conference on Computer Science and Software Engineering
MDA-Based Framework for Automatic Generation of Consistent Firewall ACLs with NAT
ICCSA '09 Proceedings of the International Conference on Computational Science and Its Applications: Part II
Towards a Modernization Process for Secure Data Warehouses
DaWaK '09 Proceedings of the 11th International Conference on Data Warehousing and Knowledge Discovery
S&D Pattern Deployment at Organizational Level: A Prototype for Remote Healthcare System
Electronic Notes in Theoretical Computer Science (ENTCS)
A UML profile for role-based access control
Proceedings of the 2nd international conference on Security of information and networks
Generating formal specifications for security-critical applications - A model-driven approach
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
An Aspect-Oriented Approach for Software Security Hardening: from Design to Implementation
Proceedings of the 2009 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the Eighth SoMeT_09
Model-Driven Configuration of SELinux Policies
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
Incorporating Security Requirements into Service Composition: From Modelling to Execution
ICSOC-ServiceWave '09 Proceedings of the 7th International Joint Conference on Service-Oriented Computing
International Journal of Information and Computer Security
Defining and transforming security rules in an MDA approach for DWs
International Journal of Business Intelligence and Data Mining
A system for visual role-based policy modelling
Journal of Visual Languages and Computing
Model driven development of secure XML data warehouses: a case study
Proceedings of the 2010 EDBT/ICDT Workshops
A systematic review of security requirements engineering
Computer Standards & Interfaces
Conceptual modeling of privacy-aware web service protocols
CAiSE'07 Proceedings of the 19th international conference on Advanced information systems engineering
SSG: a model-based development environment for smart, security-aware GUIs
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
Information and Software Technology
Constructing authorization systems using assurance management framework
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
A comparison of software design security metrics
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Lightweight modeling and analysis of security concepts
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
A tool-supported method for the design and implementation of secure distributed applications
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Modeling process-related RBAC models with extended UML activity models
Information and Software Technology
Systematic design of secure Mobile Grid systems
Journal of Network and Computer Applications
A conceptual meta-model for secured information systems
Proceedings of the 7th International Workshop on Software Engineering for Secure Systems
A decade of model-driven security
Proceedings of the 16th ACM symposium on Access control models and technologies
An integrated approach for identity and access management in a SOA context
Proceedings of the 16th ACM symposium on Access control models and technologies
Validation of security policies by the animation of Z specifications
Proceedings of the 16th ACM symposium on Access control models and technologies
Automating information flow control in component-based distributed systems
Proceedings of the 14th international ACM Sigsoft symposium on Component based software engineering
A transformation contract to generate aspects from access control policies
Software and Systems Modeling (SoSyM)
Modeling norms in multi-agent systems with NormML
COIN@AAMAS'10 Proceedings of the 6th international conference on Coordination, organizations, institutions, and norms in agent systems
Model-driven development of security-aware GUIs for data-centric applications
Foundations of security analysis and design VI
Validation of security-design models using Z
ICFEM'11 Proceedings of the 13th international conference on Formal methods and software engineering
A model transformation semantics and analysis methodology for SecureUML
MoDELS'06 Proceedings of the 9th international conference on Model Driven Engineering Languages and Systems
Journal of Systems and Software
SecTOOL: supporting requirements engineering for access control
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Realizing Model Transformation Chain interoperability
Software and Systems Modeling (SoSyM)
Secrecy UML method for model transformations
ABZ'10 Proceedings of the Second international conference on Abstract State Machines, Alloy, B and Z
Formally based semi-automatic implementation of an open security protocol
Journal of Systems and Software
A practical application of our MDD approach for modeling secure XML data warehouses
Decision Support Systems
Idea: efficient evaluation of access control constraints
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Automatic generation of smart, security-aware GUI models
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
SBMF'11 Proceedings of the 14th Brazilian conference on Formal Methods: foundations and Applications
Engineering self-protection for autonomous systems
FASE'06 Proceedings of the 9th international conference on Fundamental Approaches to Software Engineering
Security and safety of assets in business processes
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment
Information and Software Technology
SecureBPMN: modeling and enforcing access control requirements in business processes
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Modeling secure mobile agent systems
KES-AMSTA'12 Proceedings of the 6th KES international conference on Agent and Multi-Agent Systems: technologies and applications
Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL
Information and Software Technology
Behavioral singletons to consistently handle global states of security patterns
DAIS'12 Proceedings of the 12th IFIP WG 6.1 international conference on Distributed Applications and Interoperable Systems
Dynamic enforcement of abstract separation of duty constraints
ACM Transactions on Information and System Security (TISSEC)
A metamodel-based approach for analyzing security-design models
MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems
Role approach in access control development with the usage control concept
CISIM'12 Proceedings of the 11th IFIP TC 8 international conference on Computer Information Systems and Industrial Management
Towards an approach to design and enforce security in web service composition
International Journal of Web Engineering and Technology
Toward a model-driven access-control enforcement mechanism for pervasive systems
Proceedings of the Workshop on Model-Driven Security
Incremental development of large, secure smart card applications
Proceedings of the Workshop on Model-Driven Security
Configuring private data management as access restrictions: from design to enforcement
ICSOC'12 Proceedings of the 10th international conference on Service-Oriented Computing
Information Systems and e-Business Management
JavaSPI: A Framework for Security Protocol Implementation
International Journal of Secure Software Engineering
Not Ready for Prime Time: A Survey on Security in Model Driven Development
International Journal of Secure Software Engineering
Towards Security Assurance in Round-Trip Engineering: A Type-Based Approach
Electronic Notes in Theoretical Computer Science (ENTCS)
Compositional verification of application-level security properties
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Model-driven adaptive delegation
Proceedings of the 12th annual international conference on Aspect-oriented software development
Secure federation of semantic information services
Decision Support Systems
An access control framework for hybrid policies
Proceedings of the 6th International Conference on Security of Information and Networks
Designing flexible access control models for the cloud
Proceedings of the 6th International Conference on Security of Information and Networks
Enforcement of entailment constraints in distributed service-based business processes
Information and Software Technology
Software and Systems Modeling (SoSyM)
Hi-index | 0.00 |
We present a new approach to building secure systems. In our approach, which we call Model Driven Security, designers specify system models along with their security requirements and use tools to automatically generate system architectures from the models, including complete, configured access control infrastructures. Rather than fixing one particular modeling language for this process, we propose a general schema for constructing such languages that combines languages for modeling systems with languages for modeling security. We present several instances of this schema that combine (both syntactically and semantically) different UML modeling languages with a security modeling language for formalizing access control requirements. From models in the combined languages, we automatically generate access control infrastructures for server-based applications, built from declarative and programmatic access control mechanisms. The modeling languages and generation process are semantically well-founded and are based on an extension of Role-Based Access Control. We have implemented this approach in a UML-based CASE-tool and report on experiments.