Abstract
We present a new approach to building secure systems. In our approach, which we call Model Driven Security, designers specify system models along with their security requirements and use tools to automatically generate system architectures from the models including complete, configured security infrastructures. Rather than fixing one particular modeling language for this process, we propose a general schema for constructing such languages that combines languages for modeling systems with languages for modeling security. We present several instances of this schema that combine (both syntactically and semantically) different UML modeling languages with a security modeling language for formalizing access control requirements. From models in the combined languages, we automatically generate security architectures for distributed applications, built from declarative and programmatic access control mechanisms. We have implemented this approach and report on a case-study with the resulting tool.
Cite
CITATION STYLE
Basin, D., Doser, J., & Lodderstedt, T. (2005). Model Driven Security. In Engineering Theories of Software Intensive Systems (pp. 353–398). Springer-Verlag. https://doi.org/10.1007/1-4020-3532-2_12
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
