Abstract | ||
---|---|---|
We present a novel model-driven methodology for developing secure data-management applications. System developers proceed by modeling three different views of the desired application: its data model, security model, and GUI model. These models formalize respectively the application’s data domain, authorization policy, and its graphical interface together with the application’s behavior. Afterwards a model-transformation function lifts the policy specified by the security model to the GUI model. This allows a separation of concerns where behavior and security are specified separately, and subsequently combined to generate a security-aware GUI model. Finally, a code generator generates a multi-tier application, along with all support for access control, from the security-aware GUI model. We report on applications built using our approach and the associated tool. |
Year | DOI | Venue |
---|---|---|
2014 | 10.1109/TSE.2013.2297116 | Software Engineering, IEEE Transactions |
Keywords | Field | DocType |
authorisation,graphical user interfaces,software engineering,access control,authorization policy,code generator,data model,graphical user intefaces,model-driven methodology,model-transformation function,multitier application,secure data-management applications,security model,security-aware GUI model,GUI models,Model-driven development,access control,model transformation,model-driven security | Data modeling,Model transformation,Data domain,Software engineering,Computer science,Separation of concerns,Real-time computing,Access control,Data model,Data management,Database,Computer security model | Journal |
Volume | Issue | ISSN |
40 | 4 | 0098-5589 |
Citations | PageRank | References |
4 | 0.41 | 13 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
David A. Basin | 1 | 4930 | 281.93 |
Clavel, M. | 2 | 4 | 0.41 |
Egea, M. | 3 | 4 | 0.41 |
de Dios, M.A.G. | 4 | 4 | 0.41 |