Issue No. 04 - April (2014 vol. 40)
David Basin , ETH Zürich, Zürich, Switzerland
Manuel Clavel , IMDEA Software, Campus de Montegancedo, s/n, Pozuelo de Alarcon, Madrid, Spain
Marina Egea , ATOS Research & Innovation, Madrid, Spain
Miguel A. Garcia de Dios , IMDEA Software, Campus de Montegancedo, s/n, Pozuelo de Alarcon, Madrid, Spain
Carolina Dania , IMDEA Software, Campus de Montegancedo, s/n, Pozuelo de Alarcon, Madrid, Spain
We present a novel model-driven methodology for developing secure data-management applications. System developers proceed by modeling three different views of the desired application: its data model, security model, and GUI model. These models formalize respectively the application’s data domain, authorization policy, and its graphical interface together with the application’s behavior. Afterwards a model-transformation function lifts the policy specified by the security model to the GUI model. This allows a separation of concerns where behavior and security are specified separately, and subsequently combined to generate a security-aware GUI model. Finally, a code generator generates a multi-tier application, along with all support for access control, from the security-aware GUI model. We report on applications built using our approach and the associated tool.
Data models, Graphical user interfaces, Unified modeling language, Authorization, Syntactics
D. Basin, M. Clavel, M. Egea, M. A. de Dios and C. Dania, "A Model-Driven Methodology for Developing Secure Data-Management Applications," in IEEE Transactions on Software Engineering, vol. 40, no. 4, pp. 324-337, 2014.