Issue No.04 - April (2014 vol.40)
Carolina Dania , IMDEA Software, Campus de Montegancedo, s/n, Pozuelo de Alarcon, Madrid, Spain
We present a novel model-driven methodology for developing secure data-management applications. System developers proceed by modeling three different views of the desired application: its data model, security model, and GUI model. These models formalize respectively the application’s data domain, authorization policy, and its graphical interface together with the application’s behavior. Afterwards a model-transformation function lifts the policy specified by the security model to the GUI model. This allows a separation of concerns where behavior and security are specified separately, and subsequently combined to generate a security-aware GUI model. Finally, a code generator generates a multi-tier application, along with all support for access control, from the security-aware GUI model. We report on applications built using our approach and the associated tool.
Data models, Graphical user interfaces, Unified modeling language, Authorization, Syntactics,model transformation, Model-driven development, model-driven security, access control, GUI models
Carolina Dania, "A Model-Driven Methodology for Developing Secure Data-Management Applications", IEEE Transactions on Software Engineering, vol.40, no. 4, pp. 324-337, April 2014, doi:10.1109/TSE.2013.2297116