skip to main content
10.1145/1998441.1998443acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
keynote

A decade of model-driven security

Published:15 June 2011Publication History

ABSTRACT

In model-driven development, system designs are specified using graphical modeling languages like UML and system artifacts such as code and configuration data are automatically generated from the models. Model-driven security is a specialization of this paradigm, where system designs are modeled together with their security requirements and security infrastructures are directly generated from the models. Over the past decade, we have explored different facets of model-driven security. This research includes different modeling languages, code generators, model analysis tools, and even model transformations. For example, in multi-tier systems, we used model transformations to transform a security policy, formulated for a system's data model, to a security policy governing the behavior of the system's graphical user interface. In this paper, we survey progress made, tool support, and case studies, which attest to the flexibility and power of such a multi-faceted approach to building secure systems.

References

  1. G.-J. Ahn and M. E. Shin. UML-based representation of role-based access control. In Proceedings of the 9th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE'00), pages 195--200. IEEE Computer Society, June 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. G. J. Ahn and M. E. Shin. Role-based authorization constraints specification using object constraint language. In Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE'01), pages 157--162. IEEE Computer Society, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. M. Alam, M. Hafner, and R. Breu. Constraint based role based access control in the SECTET framework: A model-driven approach. Journal of Computer Security, 16(2):223--260, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. M. Alam, J. Seifert, and X. Zhang. A model-driven framework for trusted computing based systems. In Proceedings of the 11th IEEE International Enterprise Distributed Object Computing Conference (EDOC'07), pages 75--87. IEEE Computer Society, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. D. Basin, M. Clavel, J. Doser, and M. Egea. A metamodel-based approach for analyzing security-design models. In G. Engels, B. Opdyke, D. Schmidt, and F. Weil, editors, Proceedings of the 10th International Conference on Model Driven Engineering Languages and Systems (MODELS '07), volume 4735 of LNCS, pages 420--435. Springer-Verlag, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. D. Basin, M. Clavel, J. Doser, and M. Egea. Automated analysis of security-design models. Information and Software Technology, 51(5):815--831, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. D. Basin, M. Clavel, M. Egea, and M. Schlapfer. Automatic generation of smart, security-aware GUI models. In F. Massacci, D. S. Wallach, and N. Zannone, editors, Proceedings of the 2nd International Symposium on Engineering Secure Software and Systems (ESSoS'10), volume 5965 of LNCS, pages 201--217, Pisa, Italy, 2010. Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. D. Basin, J. Doser, and T. Lodderstedt. Model driven security for process-oriented systems. In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT '03), pages 100--109. ACM Press, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. D. Basin, J. Doser, and T. Lodderstedt. Model driven security: From UML models to access control infrastructures. ACM Transactions on Software Engineering and Methodology, 15(1):39--91, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. D. Basin, H. Kuruma, K. Miyazaki, K. Takaragi, and B. Wolff. Verifying a signature architecture: A comparative case study. Formal Aspects of Computing, 19(1):63--91, March 2007. Google ScholarGoogle ScholarCross RefCross Ref
  11. R. Breu, G. Popp, and M. Alam. Model based development of access policies. International Journal on Software Tools for Technology Transfer, 5:457--470, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. C. Burt, B. Bryant, R. Raje, A. Olson, and M. Auguston. Model driven security: Unification of authorization models for fine-grain access control. In Proceedings of the 7th International Enterprise Distributed Object Computing Conference (EDOC'03), pages 159--172. IEEE Computer Society, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. M. Clavel, M. Egea, and M. A. G. de Dios. Building an efficient component for OCL evaluation. Electronic Communications of the EASST, 15, 2008.Google ScholarGoogle Scholar
  14. M. Clavel, M. Egea, and M. A. G. de Dios. Checking unsatisfiability for OCL constraints. Electronic Communications of the EASST, 24, 2009.Google ScholarGoogle Scholar
  15. M. Clavel, V. Silva, C. Braga, and M. Egea. Model-driven security in practice: An industrial experience. In I. Schieferdecker and A. Hartman, editors, Proceedings of 4th European Conference on Model Driven Architecture-Foundations and Applications (ECMDA-FA '08) - Industrial Track, volume 5095 of LNCS, pages 327--338, Berlin-Germany, 2008. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. N. Damianou, N. Dulay, E. Lupu, and M. Sloman. The Ponder policy specification language. In M. Sloman, J. Lobo, and E. C. Lupu, editors, Policies for Distributed Systems and Networks (POLICY '01), volume 1995 of LNCS, pages 18--38, Bristol-United Kingdom, 2001. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. C. Dania and M. Egea. The MySQL4OCL code generator, 2010. http://www.bm1software.com/mysql-ocl/.Google ScholarGoogle Scholar
  18. M. A. G. de Dios, C. Dania, M. Schlapfer, D. Basin, M. Clavel, and M. Egea. SSG: A model-based development environment for smart, security-aware GUIs. In Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering, volume 2, pages 311--312, Cape Town-South Africa, 2010. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. B. Dutertre and L. Moura. Yices: An SMT solver. http://yices.csl.sri.com/, 2008.Google ScholarGoogle Scholar
  20. Eclipse Model to Model (M2M) Project. The operational QVT transformation engine. http://www.eclipse.org/modeling/m2m/, 2011.Google ScholarGoogle Scholar
  21. Eclipse Model to Text (M2T) Project. The Java emitter template (JET) framework for code generation. http://www.eclipse.org/modeling/m2t/, 2011.Google ScholarGoogle Scholar
  22. M. Egea, C. Dania, and M. Clavel. MySQL4OCL: A stored procedure-based MySQL code generator for OCL. Electronic Communications of the EASST, 36, 2010.Google ScholarGoogle Scholar
  23. E. Fernandez-Medina, J. Trujillo, and M. Piattini. Model driven multidimensional modeling of secure data warehouses. European Journal of Information Systems, pages 374--389, 2007.Google ScholarGoogle ScholarCross RefCross Ref
  24. E. Fernández-Medina, J. Trujillo, R. Villarroel, and M. Piattini. Developing secure data warehouses with a UML extension. Information Systems, 32:826--856, September 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. K. Fisler, S. Krishnamurthi, L. Meyerovich, and M. Tschantz. Verification and change-impact analysis of access-control policies. In Proceedings of the 27th International Conference on Software Engineering (ICSE'05), pages 196--205. ACM, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. J. Fox and J. Jürjens. Introducing security aspects with model transformations. In Proceedings of the 12th IEEE International Conference on the Engineering of Computer-Based Systems (ECBS'05), pages 543--549, Washington, DC, USA, 2005. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. C. Haley, J. Moffet, R. Laney, and B. Nuseibeh. A framework for security requirements engineering. In Proceedings of the 2006 Software Engineering for Secure Systems Workshop (SESS'06), pages 35--42, New York, USA, 2006. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. R. Hubert. Convergent Architecture: Building Model Driven J2EE Systems with UML. John Wiley & Sons, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. J. Jürjens. UMLsec: Extending UML for secure systems development. In J. M. Jézéquel, H. Hussmann, and S. Cook, editors, Proceedings of the 5th International Conference on the Unified Modeling Language (UML'02), volume 2460 of LNCS, pages 412--425. Springer-Verlag, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. G. Klein et al. sel4: formal verification of an OS kernel. In Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles, SOSP '09, pages 207--220, New York, NY, USA, 2009. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. T. Lodderstedt. Model Driven Security, from UML Models to Access Control Architectures. PhD thesis, Unversity of Freiburg, Germany, 2003.Google ScholarGoogle Scholar
  32. T. Lodderstedt, D. Basin, and J. Doser. SecureUML: A UML-based modeling language for model-driven security. In J.-M. Jézéquel, H. Hussmann, and S. Cook, editors, Proceedings of the 5th international Conference on the Unified Modeling Language: Model Engineering, Concepts, and Tools (UML'02), volume 2460 of LNCS, pages 426--441. Springer-Verlag, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. F. Marschall and P. Braun. Model transformations for the MDA with BOTL. Technical report, University of Twente, 2003.Google ScholarGoogle Scholar
  34. F. Marschall and P. Braun. Bidirectional object oriented transformation language (BOTL). http://sourceforge.net/projects/botl/, 2005.Google ScholarGoogle Scholar
  35. Object Management Group. Model driven architecture guide v. 1.0.1. Technical report, OMG, 2003. OMG document available at http://www.omg.org/cgi-bin/doc?omg/03-06-01.Google ScholarGoogle Scholar
  36. Object Management Group. Object Constraint Language specification Version 2.2, February 2010. OMG document available at http://www.omg.org/spec/OCL/2.2.Google ScholarGoogle Scholar
  37. M. Schlapfer, M. Egea, D. Basin, and M. Clavel. Automatic generation of security-aware GUI models. In A. Bagnato, editor, Proceegings of the 1st European Workshop on Security in Model Driven Arquitecture (SEC-MDA'09), pages 42--56, Enschede, the Netherlands, 2009. CTIT Workshop Proceedings WP09-06.Google ScholarGoogle Scholar
  38. K. Sohr, G. J. Ahn, M. Gogolla, and L. Migge. Specification and validation of authorisation constraints using UML and OCL. In S. di Vimercati, P. Syverson, and D. Gollmann, editors, Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS '05), volume 3679 of LNCS, pages 64--79. Springer-Verlag, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. K. Sohr, T. Mustafa, X. Bao, and G.-J. Ahn. Enforcing role-based access control policies in web services with UML and OCL. In Proceedings of the 24th Annual Computer Security Applications Conference (ACSAC'08), pages 257--266, Washington DC, USA, 2008. IEEE Computer Society. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. B. Vela, E. Fernandez-Medina, E. Marcos, and M. Piattini. Model driven development of secure XML databases. ACM Sigmod Record, 35(3):22--27, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. D. von Oheimb and V. Lotz. Formal security analysis with interacting state machines. In D. Gollmann, G. Karjoth, and M. Waidner, editors, Proceedings of the 7th European Symposium on Research in Computer Security (ESORICS'02), volume 2502 of Lecture Notes in Computer Science, pages 212--228. Springer Berlin / Heidelberg, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. H. Wang, Y. Zhang, J. Cao, and J. Yang. Specifying role-based access constraints with object constraint language. In Proceedings of the 6th Asia-Pacific Web Conference (APWeb '04), volume 3007 of LNCS, pages 687--696. Springer-Verlag, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  43. C. Wolter, M. Menzel, A. Schaad, P. Miseldine, and C. Meinel. Model-driven business process security requirement specification. Journal of Systems Architecture, 55(4):211--223, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. A. Yie, R. Casallas, D. Deridder, and R. V. D. Straeten. Multi-step concern refinement. In Proceedings of the 2008 AOSD workshop on Early Aspects (EA-AOSD'08), pages 1--8, New York, NY, USA, 2008. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. N. Zhang, M. Ryan, and D. Guelev. Evaluating access control policies through model checking. Information Security, pages 446--460, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. N. Zhang, M. Ryan, and D. Guelev. Synthesising verified access control systems through model checking. Journal of Computer Security, 16(1):1--61, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. A decade of model-driven security

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in
    • Published in

      cover image ACM Conferences
      SACMAT '11: Proceedings of the 16th ACM symposium on Access control models and technologies
      June 2011
      196 pages
      ISBN:9781450306881
      DOI:10.1145/1998441

      Copyright © 2011 ACM

      Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 15 June 2011

      Permissions

      Request permissions about this article.

      Request Permissions

      Check for updates

      Qualifiers

      • keynote

      Acceptance Rates

      Overall Acceptance Rate177of597submissions,30%

      Upcoming Conference

      SACMAT 2024

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader