Security in model driven development: A survey

Proceedings of the 2011 6th International Conference on Availability, Reliability and Security, ARES 2011

Volumn , Issue , 2011, Pages 704-709

  Jensen, Jostein ^a   Jaatun, Martin Gilje ^b  

^a NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

^b SINTEF ICT   (Norway)

Author keywords

[No Author keywords available]

Indexed keywords

EMPIRICAL RESEARCH; EMPIRICAL STUDIES; MODEL DRIVEN DEVELOPMENT;

SOFTWARE RELIABILITY; SURVEYS;

SOFTWARE DESIGN;

EID: 80455173460     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2011.110     Document Type: Conference Paper

References (46)

1. A. Kleppe, J. Warmer, and W. Bast, MDA Explained. Addison-Wesley, 2003.
2. K. R. van Wyk and G. McGraw, "Bridging the gap between software development and information security," IEEE Security & Privacy, vol. 3, no. 5, pp. 75-79, 2005. (Pubitemid 41560450)
3. B. Boehm and V. Basili, "Top 10 list [software development]," Computer, vol. 34, no. 1, pp. 135 -137, Jan. 2001.
4. I. A. Tøndel, M. G. Jaatun, and P. H. Meland, "Security Requirements for the Rest of Us: A Survey," IEEE Software, vol. 25, no. 1, 2008.
5. M. Howard and S. Lipner, The Security Development Lifecycle. Microsoft Press, 2006.
6. G. McGraw, Software Security: Building Security In. Addison-Wesley, 2006.
7. B. Kitchenham, "Procedures for Performing Systematic Reviews," Keele University, Tech. Rep. TR/SE-0401, 2004.
8. T. Dybå, T. Dingsøyr, and G. K. Hanssen, "Applying Systematic Reviews to Diverse Study Types: An Experience Report," in Proceedings of First International Symposium on Empirical Software Engineering and Measurement, 2007, pp. 225-234.
9. D. Basin, J. Doser, and T. Lodderstedt, "Model Driven Security for Process-Oriented Systems," in Proceedings of the eighth ACM symposium on Access control models and technologies. ACM Press, 2003, pp. 100-109.
10. -, "Model driven security: From UML models to access control infrastructures," ACM Transactions on Software Engineering Methodology, vol. 15, no. 1, pp. 39-91, 2006. (Pubitemid 43947939)
11. M. Clavel, V. Silva, C. Braga, and M. Egea, "Model-Driven Security in Practice: An Industrial Experience." Berlin, Germany: Springer-Verlag, 2008, pp. 326-337.
12. M. M. Alam, R. Breu, and M. Breu, "Model driven security for Web services (MDS4WS)," in Proceedings of 8th International Multitopic Conference, INMIC 2004., 2004, pp. 498-505.
13. R. Breu, M. Hafner, B. Weber, and A. Novak, "Model driven security for inter-organizational workflows in e-government," in E-Government: Towards Electronic Democracy, vol. 3416. Springer Verlag, 2005, pp. 122-133. (Pubitemid 41451179)
14. M. Hafner, M. Breu, R. Breu, and A. Nowak, "Modelling interorganizational workflow security in a peer-to-peer environment," in Proceedings of International Conference on Web Services. ICWS 2005., 2005, p. 540.
15. M. Hafner and R. Breu, Security Engineering for Service-Oriented Architectures. Springer Verlag, 2009.
16. M. Alam, M. Hafner, and R. Breu, "A constraint based role based access control in the SECTET a model-driven approach," in Proceedings of the 2006 International Conference on Privacy, Security and Trust. ACM, 2006, pp. 1-13.
17. -, "Constraint based role based access control (CRBAC) for restricted administrative delegation constraints in the SECTET," in Proceedings of the 2006 International Conference on Privacy, Security and Trust. ACM, 2006, pp. 1-5.
18. M. Alam, M. Hafner, R. Breu, and S. Unterthiner, "A framework for modelling restricted delegation of rights in the SECTET," Computer Systems Science and Engineering, vol. 22, no. Compendex, pp. 289-305, 2007. (Pubitemid 351211826)
19. M. Alam, R. Breu, and M. Hafner, "Model-Driven Security Engineeringfor Trust Management in SECTET," Journal of Software, vol. 2, no. 1, 2007.
20. M. Alam, J. P. Seifert, and Z. Xinwen, "A Model-Driven Framework for Trusted Computing Based Systems," in 11th IEEE International Enterprise Distributed Object Computing Conference. EDOC 2007., 2007, pp. 75-75.
21. M. Hafner, M. Alam, and R. Breu, "Towards a MOF/QVT-based domain architecture for model driven security," in Proceedings of 9th International Conference on Model Driven Engineering Languages and Systems, MoDELS 2006, vol. 4199 LNCS. Springer Verlag, 2006, pp. 275-290. (Pubitemid 44618565)
22. E. Fernandez-Medina, J. Jurjens, J. Trujillo, and S. Jajodia, "Model-Driven Development for secure information systems," Information and Software Technology, vol. 51, pp. 809-814, 2009.
23. E. Soler, J. Trujillo, E. Fernandez-Medina, and M. Piattini, "A framework for the development of secure data warehouses based on MDA and QVT," in Proceedings of Second International Conference on Availability, Reliability and Security, ARES 2007:, 2007, pp. 294-300.
24. -, "A set of QVT relations to transform PIM to PSM in the design of secure data warehouses," in Proceedings of Second International Conference on Availability, Reliability and Security. ARES 2007, 2007.
25. -, "Application of QVT for the Development of Secure Data Warehouses: A case study," in Proceedings of Second International Conference on Availability, Reliability and Security. ARES2007, 2007.
26. C. Blanco, E. Fernandez-Medina, J. Trujillo, and M. Piattini, "Implementing multidimensional security into olap tools," in Proceedings of 3rd International Conference on Availability, Security, and Reliability, ARES 2008, 2008, pp. 1248-1253.
27. C. Blanco, I. G. R. de Guzman, E. Fernandez-Medina, J. Trujillo, and M. Piattini, "Automatic Generation of Secure Multidimensional Code for Data Warehouses: An MDA Approach," in On the Move to Meaningful Internet Systems, vol. 5332. Springer Verlag, 2008, pp. 1052-1068.
28. E. Soler, J. Trujillo, C. Blanco, and E. Fernandez-Medina, "Designing Secure Data Warehouses by Using MDA and QVT," Journal of Universal Computer Science, vol. 15, no. 8, pp. 1607-1641, 2009.
29. E. Soler, V. Stefanov, J.-N. Mazon, J. Trujillo, E. Fernandez-Madina, and M. Piattini, "Towards comprehensive requirement analysis for data warehouses: Considering security requirements," in Proceedings of Third International Conference on Availability, Reliability and Security, ARES2008, 2008, pp. 104-111.
30. J. Trujillo, E. Soler, E. Fernandez-Medina, and M. Piattini, "A UML 2.0 profile to define security requirements for Data Warehouses," Computer Standards & Interfaces, vol. 31, no. 5, pp. 969-983, 2009.
31. C. Blanco, R. Perez-Castillo, A. Hernandez, E. Fernandez-Medina, and J. Trujillo, "Towards a Modernization Process for Secure Data Warehouses," in Data Warehousing and Knowledge Discovery. Springer-Verlag, 2009, pp. 24-35.
32. J. Trujillo, E. Soler, E. Fernandez-Medina, and M. Piattini, "An engineering process for developing Secure Data Warehouses," Information and Software Technology, vol. 51, pp. 1033-1051, 2009.
33. A. Rodriguez, E. Fernandez-Medina, and M. Piattini, "Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes," in Trust and Privacy in Digital Business. Springer Verlag, 2006, pp. 51-61. (Pubitemid 44577491)
34. -, "Security requirement with a UML 2.0 profile," in The First International Conference on Availability, Reliability and Security, 2006. ARES 2006., 2006, p. 8 pp.
35. -, "Towards CIM to PIM transformation: From secure business processes defined in BPMN to use-cases," in Business Process Management, ser. Lecture Notes in Computer Science, G. Alonso, P. Dadam, and M. Rosemann, Eds., 2007, vol. 4714, pp. 408-415.
36. -, "CIM to PIM transformation: A reality," in Research and Practical Issues of Enterprise Information Systems II, ser. International Federation for Information Processing, L. D. Xu, A. M. Tjoa, and S. S. Chaudhry, Eds. Springer Verlag, 2008, vol. 255, pp. 1239-1249.
37. N. Moebius, K. Stenzel, H. Grandy, and W. Reif, "SecureMDD: A Model-Driven Development Method for Secure Smart Card Applications," in International Conference on Availability, Reliability and Security ARES '09., 2009, pp. 841-846.
38. -, "Model-Driven Code Generation for Secure Smart Card Applications," in Australian Software Engineering Conference. ASWEC '09., 2009, pp. 44-53.
39. N. Moebius, K. Stenzel, and W. Reif, "Generating formal specifications for security-critical applications - a model-driven approach," in ICSE Workshop on Software Engineering for Secure Systems, 2009. SESS '09., 2009, pp. 68-74.
40. J. McDermott, "Visual security protocol modeling." Lake Arrowhead, California: ACM, 2005, pp. 97-109.
41. J. Jürjens, Secure Systems Development with UML. Springer, 2005.
42. B. Best, J. Jurjens, and B. Nuseibeh, "Model-Based Security Engineering of Distributed Information Systems Using UMLsec," in Proceedings of the 29th international conference on Software Engineering, ser. ICSE '07, 2007, pp. 581-590. (Pubitemid 47430692)
43. J. Jürjens, J. Schreck, and P. Bartmann, "Model-based security analysis for mobile communications," in Proceedings of the 30th international conference on Software engineering, ser. ICSE '08. ACM, 2008, pp. 683-692.
44. J. Lloyd and J. Jürjens, "Security Analysis of a Biometric Authentication System Using UMLsec and JML," in Proceedings of the 12th International Conference on Model Driven Engineering Languages and Systems, ser. MODELS '09. Springer-Verlag, 2009, pp. 77-91.
45. T. H. Haug, "A Systematic Review of Empirical Research on Model- Driven Development with UML," University of Oslo, Tech. Rep. Master's Thesis, 2007.
46. "CVE - Common Vulnerabilities and Exposures (CVE)." [Online]. Available: http://cve.mitre.org/