The Community for Technology Leaders
Green Image
Issue No. 04 - April (2014 vol. 40)
ISSN: 0098-5589
pp: 324-337
David Basin , ETH Zürich, Zürich, Switzerland
Manuel Clavel , IMDEA Software, Campus de Montegancedo, s/n, Pozuelo de Alarcon, Madrid, Spain
Marina Egea , ATOS Research & Innovation, Madrid, Spain
Miguel A. Garcia de Dios , IMDEA Software, Campus de Montegancedo, s/n, Pozuelo de Alarcon, Madrid, Spain
Carolina Dania , IMDEA Software, Campus de Montegancedo, s/n, Pozuelo de Alarcon, Madrid, Spain
ABSTRACT
We present a novel model-driven methodology for developing secure data-management applications. System developers proceed by modeling three different views of the desired application: its data model, security model, and GUI model. These models formalize respectively the application’s data domain, authorization policy, and its graphical interface together with the application’s behavior. Afterwards a model-transformation function lifts the policy specified by the security model to the GUI model. This allows a separation of concerns where behavior and security are specified separately, and subsequently combined to generate a security-aware GUI model. Finally, a code generator generates a multi-tier application, along with all support for access control, from the security-aware GUI model. We report on applications built using our approach and the associated tool.
INDEX TERMS
Data models, Graphical user interfaces, Unified modeling language, Authorization, Syntactics,model transformation, Model-driven development, model-driven security, access control, GUI models
CITATION
David Basin, Manuel Clavel, Marina Egea, Miguel A. Garcia de Dios, Carolina Dania, "A Model-Driven Methodology for Developing Secure Data-Management Applications", IEEE Transactions on Software Engineering, vol. 40, no. , pp. 324-337, April 2014, doi:10.1109/TSE.2013.2297116
197 ms
(Ver )