ABSTRACT
There are many recent propositions treating Model Driven Architecture (MDA) approaches to perform and automate code generation from design models. To the best of our knowledge and research, most of these propositions have been only focused on functional aspect by allowing code generation without considering this the non-functional aspect at the same time so that to generate secure object-oriented software basing on MDA approach. In this context, we are adding further details to integrate the security policies required in the form of secure models. The systems specification models will be enhanced with security requirements at different abstraction levels through a set of transformation models. Improving functional models with security constraints allow us to incorporate the security needs and automating generating secure applications with their security infrastructure using MDA approach. After carrying out a modification on MDA processes and UML meta-model to cover a better representation of security policies of an organization by updating different existing software engineering process to take into account nonfunctional aspect along with their functional aspect.
This work presents a new methodology based on MDA approach and existing security technologies for allowing the integration of the proposed security requirements, which are obtained from security experts, during the system design. Within this context, we have focused on the essential elements of security, such as data encryption, Message Integrity, and Access Control in order to express the importance of merging both the functional and non-functional aspects altogether. We have chosen these properties to practically illustrate how to generate secure applications including their security policies. Then the source code will be obtained automatically from Platform Specific Models (PSM) by applying a set of model transformations and using a code generator designed for this mission. In addition, we can inject also other security-related properties, such as Availability, Traceability, non-repudiation, and Scalability issues during the whole development process by following the same methodology. these properties will be treated in the future work.
- C. Girault, R. Valk, Petri-nets for systems engineering, Springer, 2003, berlin. Google ScholarDigital Library
- S.S. Huang,Y. Smaragdakis, "Easy language extension with Meta- AspectJ," In ICSE 06 Proceeding of the 28th International Conference on Software Engineering, ACM, New York (2006), pp. 865--868 Google ScholarDigital Library
- D. Zook, S.S Huang, Y. Smaragdakis, "Generating AspectJ Programs with Meta-AspectJ," In Generative Programming and Component Engineering Conference, GPCE 2004, Vancouver, Canada, vol. 3286, Oct. 2004, pp. 1--18Google Scholar
- S. Philippi, "Automatic code generation from high-level Petri-Nets for model driven systems engineering,", The Journal of Systems and Software, vol. 79, Oct. 2006, pp. 1444--1455.Google ScholarCross Ref
- Code generation through model transformation http://alexandria.tue.nl/extra2/afstversl/wsk-i/verstraeten2008.pdf.Google Scholar
- B. Bouseta, O. El Beggar, T. Gadi," Generating operations specifications from domain class diagram using transition state diagram," international journal of computer and information technology, vol.02, Jan. 2013, pp. 29--36.Google Scholar
- O. El Beggar, B. Bouseta, T. Gadi Taoufiq, "automatic code generation by model transformation from sequence diagram of system's internal behavior," international journal of computer and information technology, vol.02, Nov.2013, pp. 129--146.Google Scholar
- Z. Hemel, L.C.L Kats, E. Visser, "Code Generation by Model Transformation A Case Study in Transformation Modularity, Chapter Theory and Practice of Model Transformations," series Lecture Notes in Computer Science, vol.5063, pp 183--198. Google ScholarDigital Library
- O. E Beggar, B. Bousetta, T. Gadi, "Automatic code generation by model transformation from sequence diagram of system's internal behavior," International Journal of Computer and Information Technology, vol.01, Nov.2012, pp. 129--146.Google Scholar
- A. Manoli, J. Cabot, C. Gómez, V. Pelechano, "Generating operation specifications from UML class diagrams: A model transformation approach," Data & Knowledge Engineering, vol.70, Apr. 2011, pp. 365--389 Google ScholarDigital Library
- E.B Fernardez, M.M Larondo-Petrie, T.Sorgente, M. Vanhilst, a Methodology to develop secure systems using patterns.Google Scholar
- G.-J. Ahn, M. E. Shin, "UML-based representation of role-based access control," In Proceedings of the 9th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE'00), IEEE Computer Society, Jun.2000, pp. 195--200. Google ScholarDigital Library
- D. Basin, J. Doser, and T. Lodderstedt, "Model driven security for process-oriented systems," In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT '03), ACM Digital Library, Jun.2OO3, pp.100--109 Google ScholarDigital Library
- J. Jürjens, "UMLsec: Extending UML for secure systems development," In Proceedings of the 5th International Conference on the Unifed Modeling Language (UML'02), LNCS, Oct.2002, vol. 2460, pp. 412--425 Google ScholarDigital Library
- X. Jin, Applying model driven architecture approach to model role based access control system (Doctoral dissertation, University of Ottawa).Google Scholar
- D. Basin, J. Doser, T. Lodderstedt, "SecureUML: A UML-Based Modeling Language for Model-Driven Security," In Proceedings of the 5th International Conference on the Unifed Modeling Language (UML'02), LNCS, Oct.2002, vol. 2460, pp. 426--441 Google ScholarDigital Library
- E.B Fernardez, M.M Larondo-Petrie, T.Sorgente, M.Vanhilst, a Methodology to develop secure systems using patterns.Google Scholar
- D. Basin, J. Doser, T. Lodderstedt, "Model driven security: From UML models to access control infrastructures," ACM Transactions on Software Engineering and Methodology (TOSEM), Jun.2006, vol. 15, pp. 39--91. Google ScholarDigital Library
- E. Fernandez-Medina, J. Trujillo, R. Villarroel, M. Piattini, "Developing secure data warehouses with a UML extension," Information Systems, Sep.2007, vol.32, pp.826--856. Google ScholarDigital Library
- J. Reznik, T. Ritter, "Model Driven Development of Security Aspects," In Proceedings of the Second International Workshop on Aspect-Based and Model-Based Separation of Concerns in Software Systems (ABMB 2006), Electronic Notes in Theoretical Computer Science, Apr.2007, vol. 163, pp. 65--79. Google ScholarDigital Library
- J. Trujillo, E. Soler, E. Fernández-Medina, M. Piattini, "An engineering process for developing Secure Data Warehouses," Information and Software Technology, Jun.2009, vol.51, pp. 1033--1051. Google ScholarDigital Library
- C. Blanco, I. García-Rodríguez de Guzmán, E. Fernández-Medina, J. Trujillo,M. Piattini, "Applying an MDA-Based Approach to Consider Security Rules in the Development of Secure DWs," IEEE Xplore digital library, Jun.2009, vol. 51, Issue 6, pp. 1--25.Google Scholar
- J. Miller, J. Mukerji, MDA Guide Version 1.0.1. Technical report, Object Management Group (OMG), 2003.Google Scholar
- OMG, « Object Constraint Language (OCL) Specification, version 2.0 », 2006. http://www.omg.org/spec/OCL/2.0/.Google Scholar
- D. Basin, J. Doser, T. Lodderstedt, "Model driven security for process-oriented systems," In Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT '03), ACM Press, Jun.2003, pp. 100--109. Google ScholarDigital Library
- F. Allilaire, J. Bézivin, F. Jouault, I. Kurtev, ATL - Eclipse Support for Model Transformation (2006) : Proc. of the Eclipse Technology eXchange Workshop (eTX) at ECOOP.Google Scholar
Recommendations
Integrating software architecture into a MDA framework
EWSA'06: Proceedings of the Third European conference on Software ArchitectureModel Driven Development (MDD) is one of the main trends in Software Engineering nowadays. Its main feature is to consider models as first-class concepts. Model Driven Architecture (MDA), the MDD proposal by the OMG, defines an infrastructure which ...
MDA Redux: Practical Realization of Model Driven Architecture
ICCBSS '08: Proceedings of the Seventh International Conference on Composition-Based Software Systems (ICCBSS 2008)Models and model-based transformations are a key part of effective automated software development approaches. Unfortunately, early enthusiasm for Model Driven Architecture (MDA) has dissipated to the point that many people are openly skeptical of the ...
Unifying Modeling and Programming with Valkyrie
MODELSWARD 2019: Proceedings of the 7th International Conference on Model-Driven Engineering and Software DevelopmentRaising the level of abstraction when developing a software system is the driving force behind Model-driven software development (MDSD) - a software engineering paradigm which gained more and more attention during the last decade. The current state of ...
Comments