ModelSec: A Generative Architecture for Model-Driven Security
2009; Verlag der Technischen Universität Graz; Volume: 15; Linguagem: Inglês
ISSN
0948-695X
AutoresÓscar Sánchez Ramón, Fernando Molina, Jesús Garćıa Molina, José Ambrosio Toval Álvarez,
Tópico(s)Service-Oriented Architecture and Web Services
ResumoIncreasingly, the success of software systems depends largely on how their security requirements are satisfied. However, developers are challenged in implement- ing these requirements, mainly because of the gap between the specification and imple- mentation, and the technical complexities of the current software infrastructures. Re- cently, Model-Driven Security has emerged as a new software development area aimed at overcoming these difficulties. This new paradigm takes advantage of the benefits of the model driven software development techniques for modeling and implementing security concerns. Following this trend, this paper proposes a model driven security approach named ModelSec that offers a generative architecture for managing security requirements, from the requirement elicitation to the implementation stage. This ar- chitecture automatically generates security software artifacts (e.g. security rules) by means of a model transformation chain composed of two-steps. Firstly, a security in- frastructure dependent model is derived from three models, which express the security restrictions, the design decisions and the information needed on the target platform. Then, security software artifacts are produced from the previously generated model. A Domain-Specific Language for security requirements management has been built, which is based on a metamodel specifically designed for this purpose. An application example that illustrates the approach and the Eclipse tools implemented to support it are also shown.
Referência(s)