The Community for Technology Leaders
Green Image
Issue No. 04 - April (2014 vol. 40)
ISSN: 0098-5589
pp: 324-337
David Basin , ETH Zürich, Zürich, Switzerland
Manuel Clavel , IMDEA Software, Campus de Montegancedo, s/n, Pozuelo de Alarcon, Madrid, Spain
Marina Egea , ATOS Research & Innovation, Madrid, Spain
Miguel A. Garcia de Dios , IMDEA Software, Campus de Montegancedo, s/n, Pozuelo de Alarcon, Madrid, Spain
Carolina Dania , IMDEA Software, Campus de Montegancedo, s/n, Pozuelo de Alarcon, Madrid, Spain
ABSTRACT
We present a novel model-driven methodology for developing secure data-management applications. System developers proceed by modeling three different views of the desired application: its data model, security model, and GUI model. These models formalize respectively the application’s data domain, authorization policy, and its graphical interface together with the application’s behavior. Afterwards a model-transformation function lifts the policy specified by the security model to the GUI model. This allows a separation of concerns where behavior and security are specified separately, and subsequently combined to generate a security-aware GUI model. Finally, a code generator generates a multi-tier application, along with all support for access control, from the security-aware GUI model. We report on applications built using our approach and the associated tool.
INDEX TERMS
Data models, Graphical user interfaces, Unified modeling language, Authorization, Syntactics
CITATION
David Basin, Manuel Clavel, Marina Egea, Miguel A. Garcia de Dios, Carolina Dania, "A Model-Driven Methodology for Developing Secure Data-Management Applications", IEEE Transactions on Software Engineering, vol. 40, no. , pp. 324-337, April 2014, doi:10.1109/TSE.2013.2297116
195 ms
(Ver 3.3 (11022016))