Abstract
In this paper we report on our experience on using the so-called model-driven security approach in an MDA industrial project. In model-driven security, “designers specify system models along with their security requirements and use tools to automatically generate system architectures from the models.” Our report includes a discussion of the languages that we used to model both the functional and the security system’s requirements, as well as a description of the transformation function that we developed to build from the security-design models the system’s access control infrastructure. The report concludes with the lessons about the feasibility and practical industrial relevance of the model-driven security approach that we learned from this experience.
Research partially supported by Spanish MEC projects TIN2005-09207-C03-03 and TIN2006-15660-C02-01, and by Comunidad de Madrid Program S-0505/TIC/0407. In addition, Christiano Braga’s and Viviane Silva’s research is supported, respectively, by the “Ramón y Cajal” and “Juan de la Cierva” Spanish MEC postdoctoral programmes, and Marina Egea’s research by a Spanish MEC predoctoral grant.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Basin, D., Clavel, M., Doser, J., Egea, M.: A metamodel-based approach for analyzing security-design models. In: Engels, G., Opdyke, B., Schmidt, D.C., Weil, F. (eds.) MODELS 2007. LNCS, vol. 4735, pp. 420–435. Springer, Heidelberg (2007)
Basin, D.A., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology 15(1), 39–91 (2006)
Ferraiolo, D.F., Sandhu, R.S., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for Role-Based Access Control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)
Kleppe, A., Bast, W., Warmer, J.B., Watson, A.: MDA Explained: The Model Driven Architecture–Practice and Promise. Addison-Wesley, Reading (2003)
Object Management Group. Object Constraint Language specification (2004), http://www.omg.org
Object Management Group. Unified Modeling Language specification (2004), http://www.uml.org
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Clavel, M., da Silva, V., Braga, C., Egea, M. (2008). Model-Driven Security in Practice: An Industrial Experience. In: Schieferdecker, I., Hartman, A. (eds) Model Driven Architecture – Foundations and Applications. ECMDA-FA 2008. Lecture Notes in Computer Science, vol 5095. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69100-6_22
Download citation
DOI: https://doi.org/10.1007/978-3-540-69100-6_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69095-5
Online ISBN: 978-3-540-69100-6
eBook Packages: Computer ScienceComputer Science (R0)