Paper Info
Title
A Model-Driven Methodology for Developing Secure Data-Management Applications
Abstract
We present a novel model-driven methodology for developing secure data-management applications. System developers proceed by modeling three different views of the desired application: its data model, security model, and GUI model. These models formalize respectively the application’s data domain, authorization policy, and its graphical interface together with the application’s behavior. Afterwards a model-transformation function lifts the policy specified by the security model to the GUI model. This allows a separation of concerns where behavior and security are specified separately, and subsequently combined to generate a security-aware GUI model. Finally, a code generator generates a multi-tier application, along with all support for access control, from the security-aware GUI model. We report on applications built using our approach and the associated tool.
Year
DOI
Venue
2014
10.1109/TSE.2013.2297116
Software Engineering, IEEE Transactions  
Keywords
Field
DocType
authorisation,graphical user interfaces,software engineering,access control,authorization policy,code generator,data model,graphical user intefaces,model-driven methodology,model-transformation function,multitier application,secure data-management applications,security model,security-aware GUI model,GUI models,Model-driven development,access control,model transformation,model-driven security
Data modeling,Model transformation,Data domain,Software engineering,Computer science,Separation of concerns,Real-time computing,Access control,Data model,Data management,Database,Computer security model
Journal
Volume
Issue
ISSN
40
4
0098-5589
Citations 
PageRank 
References 
4
0.41
13
Authors
4
Name
Order
Citations
PageRank
David A. Basin14930281.93
Clavel, M.240.41
Egea, M.340.41
de Dios, M.A.G.440.41