Cited By
View all- Caruccio LDeufemia VPolese G(2015)A Wizard Based EUDWeb Development ProcessEmpowering Organizations10.1007/978-3-319-23784-8_14(173-185)Online publication date: 4-Oct-2015
Supporting Access Control within a Mockup-based EUDWeb Environment
Authors: 
Loredana Caruccio, 
Vincenzo Deufemia, Christopher D'Souza, 
Athula Ginige, Giuseppe PoleseAuthors Info & Claims
Loredana Caruccio, Vincenzo Deufemia, Christopher D'Souza, Athula Ginige, Giuseppe PoleseAuthors Info & ClaimsPages 88 - 97
Abstract
End-user development (EUD) is receiving increasing attention, due to the necessity of frequent extensions and personalizations of applications. In particular, EUDWeb technologies have focused on the support of web development tasks which are generally perceived to be complex by end-user developers. However an area of neglect within current EUDWeb environments is the support for the specification and implementation of access control, although it is perceived as a particularly complex task. Thus, in this paper we propose an EUDWeb approach and tool for the specification and generation of web applications embedding access control mechanisms. We extended a previous mockup-based EUDWeb approach by introducing visual assistance mechanisms enabling the specification of role-based access control policies and their plugging within the application logic.
References
[1]
Balsamiq. Balsamiq mockups. http://balsamiq.com/. last accessed: June 9th, 2014.
[2]
D. Basin, J. Doser, and T. Lodderstedt. Model-driven security: From UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol., 15(1):39--91, Jan. 2006.
[3]
I. Bouchrika, L. Ait-Oubelli, A. Rabir, and N. Harrathi. Mockup-based navigational diagram for the development of interactive web applications. In Proceedings of the International Conference on Information Systems and Design of Communication, ISDOC '13, pages 27--32, New York, NY, USA, 2013. ACM.
[4]
D. Bricklin, B. Frankston, and D. Fylstra. VisiCalc, software arts. http://www.bricklin.com/history/intro.htm, 1979. last accessed: June 9th, 2014.
[5]
S. K. Chang, G. Polese, M. Cibelli, and R. Thomas. Visual authorization modeling in e-commerce applications. IEEE MultiMedia, 10(1):44--54, Jan. 2003.
[6]
O. Chudnovskyy, T. Nestler, M. Gaedke, F. Daniel, J. I. Fernández-Villamor, V. Chepegin, J. A. Fornas, S. Wilson, C. Kögler, and H. Chang. End-user-oriented telco mashups: The OMELETTE approach. In Proceedings of the International Conference on World Wide Web, WWW '12, pages 235--238, New York, NY, USA, 2012. ACM.
[7]
A. Coyette and J. Vanderdonckt. A sketching tool for designing anyuser, anyplatform, anywhere user interfaces. In M. Costabile and F. Paternó, editors, Human-Computer Interaction - INTERACT 2005, volume 3585 of Lecture Notes in Computer Science, pages 550--564. Springer Berlin Heidelberg, 2005.
[8]
V. Deufemia, C. D'Souza, and A. Ginige. Visually modelling data intensive web applications to assist end-user development. In Proceedings of the 6th International Symposium on Visual Information Communication and Interaction, VINCI '13, pages 17--26, New York, NY, USA, 2013. ACM.
[9]
C. D'Souza and A. Ginige. MVC-MC: A rich internet application architecture for optimal separation of concerns. In International Conference on Computer and Software Modeling, ICCSM '10, pages 78--82, 2010.
[10]
D. F. Ferraiolo, R. D. Kuhn, and R. Chandramouli. Role-Based Access Control. Artech House, Inc., Norwood, MA, USA, 2007.
[11]
M. Giordano and G. Polese. Visual computer-managed security: A framework for developing access control in enterprise applications. IEEE Software, 30(5):62--69, 2013.
[12]
M. Giordano, G. Polese, G. Scanniello, and G. Tortora. A system for visual role-based policy modelling. Journal of Visual Languages and Computing, 21(1):41 -- 64, 2010.
[13]
A. Heydon, M. Maimone, J. D. Tygar, J. Wing, and A. Zaremski. Miró: Visual specification of security. IEEE Transactions on Software Engineering, 16(10):1185--1197, Oct 1990.
[14]
J. A. Hoagland, R. Pandey, and K. N. Levitt. Security policy specification using a graphical approach. Technical report, University of California, 1998.
[15]
A. J. Ko, R. Abraham, L. Beckwith, A. Blackwell, M. Burnett, M. Erwig, C. Scaffidi, J. Lawrance, H. Lieberman, B. Myers, M. B. Rosson, G. Rothermel, M. Shaw, and S. Wiedenbeck. The state of the art in end-user software engineering. ACM Comput. Surv., 43(3):21:1--21:44, Apr. 2011.
[16]
M. Koch, L. V. Mancini, and F. Parisi-Presicce. A graph-based formalism for RBAC. ACM Trans. Inf. Syst. Secur., 5(3):332--365, Aug. 2002.
[17]
B. W. Lampson. Protection. SIGOPS Oper. Syst. Rev., 8(1):18--24, Jan. 1974.
[18]
J. Lin, J. Wong, J. Nichols, A. Cypher, and T. A. Lau. End-user programming of mashups with Vegemite. In Proceedings of the 14th International Conference on Intelligent User Interfaces, IUI '09, pages 97--106, New York, NY, USA, 2009. ACM.
[19]
D. Lizcano, F. Alonso, J. Soriano, and G. López. A new end-user composition model to empower knowledge workers to develop rich internet applications. J. Web Eng., 10(3):197--233, Sept. 2011.
[20]
B. A. Myers. Creating user interfaces by demonstration. Academic Press, San Diego, CA, USA, 1998.
[21]
B. A. Myers and W. Buxton. Creating highly-interactive and graphical user interfaces by demonstration. SIGGRAPH Comput. Graph., 20(4):249--258, Aug. 1986.
[22]
T. Nestler, A. Namoun, and A. Schill. End-user development of service-based interactive web applications at the presentation layer. In Proceedings of the 3rd ACM SIGCHI Symposium on Engineering Interactive Computing Systems, EICS '11, pages 197--206, New York, NY, USA, 2011. ACM.
[23]
C. Neumann, R. A. Metoyer, and M. Burnett. End-user strategy programming. Journal of Visual Languages and Computing, 20(1):16 -- 29, 2009.
[24]
J. Nichols and T. Lau. Mobilization by demonstration: Using traces to re-author existing web sites. In Proceedings of the 13th International Conference on Intelligent User Interfaces, IUI '08, pages 149--158, New York, NY, USA, 2008. ACM.
[25]
OASIS. Oasis extensible access control markup language (XACML) v2.0 specification. http://www.oasis-open.org/committees/xacml/. last accessed: June 9th, 2014.
[26]
T. O'Reilly. What is web 2.0? Design patterns and business models for the next generation of software. http://oreilly.com/web2/archive/what-is-web-20.html, 2005. last accessed: June 9th, 2014.
[27]
F. Pérez, P. Valderas, and J. Fons. Towards the involvement of end-users within model-driven development. In Proceedings of the Third International Conference on End-user Development, IS-EUD'11, pages 258--263, Berlin, Heidelberg, 2011. Springer-Verlag.
[28]
J. M. Rivero, J. Grigera, G. Rossi, E. R. Luna, and N. Koch. Improving agility in model-driven web engineering. In S. Nurcan, editor, CAiSE Forum, volume 734 of CEUR Workshop Proceedings, pages 163--170. CEUR-WS.org, 2011.
[29]
J. M. Rivero, G. Rossi, J. Grigera, J. Burella, E. R. Luna, and S. Gordillo. From mockups to user interface models: An extensible model-driven approach. In Proceedings of the 10th International Conference on Current Trends in Web Engineering, ICWE'10, pages 13--24, Berlin, Heidelberg, 2010. Springer-Verlag.
[30]
J. Rode, M. B. Rosson, and M. A. Pérez Quiñones. End user development of web applications. In H. Lieberman, F. Paternó, and V. Wulf, editors, End User Development, volume 9 of Human-Computer Interaction Series, pages 161--182. Springer Netherlands, 2006.
[31]
R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. Computer, 29(2):38--47, Feb. 1996.
[32]
H. Störrle. Model-driven development of user interface prototypes: An integrated approach. In Proceedings of the European Conference on Software Architecture, ECSA '10, pages 261--268, New York, NY, USA, 2010. ACM.
[33]
R. K. Thomas and R. S. Sandhu. Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In Proceedings of the IFIP TC11 WG11.3 11th International Conference on Database Securty XI: Status and Prospects, pages 166--181. Chapman & Hall, Ltd., 1998.
[34]
M. Toomim, S. M. Drucker, M. Dontcheva, A. Rahimi, B. Thomson, and J. A. Landay. Attaching UI enhancements to websites with end users. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI '09, pages 1859--1868, New York, NY, USA, 2009. ACM.
[35]
F. Valverde and O. Pastor. Facing the technological challenges of web 2.0: A RIA model-driven engineering approach. In Proceedings of the 10th International Conference on Web Information Systems Engineering, WISE '09, pages 131--144, Berlin, Heidelberg, 2009. Springer-Verlag.
[36]
N. Zhang, M. Ryan, and D. P. Guelev. Synthesising verified access control systems in XACML. In Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, FMSE '04, pages 56--65, New York, NY, USA, 2004. ACM.
Index Terms
- Supporting Access Control within a Mockup-based EUDWeb Environment
Recommendations
Constraints-based access control
Das'01: Proceedings of the fifteenth annual working conference on Database and application securityThe most important aspect of security in a database after establishing the authenticity of the user is its access control mechanism. The ability of this access control mechanism to express the security policy can make or break the system.This paper ...
Task-role-based access control model
There are many information objects and users in a large company. It is an important issue how to control user's access in order that only authorized user can access information objects. Traditional access control models-- discretionary access control, ...
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsRole-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Comments
Information & Contributors
Information
Published In
August 2014
262 pages
ISBN:9781450327657
DOI:10.1145/2636240
- Editor:
- Tony Huang,
- General Chairs:
- Tomasz Bednarz,
- Weidong Huang,
- Program Chairs:
- Quang Vinh Nguyen,
- Yingcai Wu
Copyright © 2014 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 05 August 2014
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
VINCI '14
VINCI '14: The 7th International Symposium on Visual Information Communication and Interaction
August 5 - 8, 2014
Sydney NSW, Australia
Acceptance Rates
VINCI '14 Paper Acceptance Rate 21 of 62 submissions, 34%;
Overall Acceptance Rate 71 of 193 submissions, 37%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 87Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 25 Feb 2025
Other Metrics
Citations
Cited By
View all- Caruccio LDeufemia VPolese G(2015)A Wizard Based EUDWeb Development ProcessEmpowering Organizations10.1007/978-3-319-23784-8_14(173-185)Online publication date: 4-Oct-2015
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in