Advances in model-driven security

Advances in Computers

Volumn 93, Issue , 2014, Pages 103-152

  Lúcio, Levi ^a   Zhang, Qin ^b   Nguyen, Phu H ^b   Amrani, Moussa ^b   Klein, Jacques ^b   Vangheluwe, Hans ^a,c   Traon, Yves Le ^b  

^a MCGILL UNIVERSITY   (Canada)

^b UNIVERSITY OF LUXEMBOURG   (Luxembourg)

^c UNIVERSITY OF ANTWERP   (Belgium)

Author keywords

Information security; Model driven engineering; Model driven security; Separation of concerns; Survey

Indexed keywords

EID: 84894657237     PISSN: 00652458     EISSN: None     Source Type: Book Series    
DOI: 10.1016/B978-0-12-800162-2.00003-8     Document Type: Chapter

References (106)

1. Agreiter B., Breu R. Model-driven configuration of SELinux policies. Lecture Notes in Computer Science 2009, vol. 5871:887-904. Springer-Verlag.
2. Alam M., Breu R., Breu M. Model driven security for web services (MDS4WS). Proceedings of the 8th IEEE International Multitopic Conference, INMIC 2004 2004, 498-505. IEEE Computer Society, Lahore, Pakistan.
3. Alam M., Breu R., Hafner M. Model-driven security engineering for trust management in SECTET. Journal of Software 2007, vol. 2:47-59. Academy Publisher.
4. Alam M., Hafner M., Breu R. A constraint based role based access control in the SECTET a model-driven approach. Proceedings of the International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, PST 2006 2006, 13:1-13:13. ACM, Markham, Ontario, Canada.
5. Alam M., Hafner M., Breu R. Constraint based role based access control (CRBAC) for restricted administrative delegation constraints in the SECTET. Proceedings of the International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, PST 2006 2006, 44:1-44:5. ACM, Markham, Ontario, Canada.
6. Alam M., Hafner M., Breu R., Unterthiner S. A framework for modeling restricted delegation in service oriented architecture. Proceedings of the Third International Conference on Trust, Privacy, and Security in Digital Business, TrustBus 2006 2006, 142-151. Springer-Verlag, Krakow, Poland.
7. Alam M., Seifert J.P., Zhang X. A model-driven framework for trusted computing based systems. Proceedings of the 11th IEEE International Enterprise Distributed Object Computing Conference, EDOC 2007 2007, 75-86. IEEE Computer Society, Annapolis, Maryland, USA.
8. Amrani M., Lúcio L., Selim G.M., Combemale B., Dingel J., Vangheluwe H., Le Traon Y., Cordy J.R. A tridimensional approach for studying the formal verification of model transformations. Proceedings of the Fifth IEEE International Conference on Software Testing, Verification and Validation, ICST 2012 2012, 921-928. IEEE Computer Society, Montreal, Canada.
9. Armando A., Basin D., Boichut Y., Chevalier Y., Compagna L., Cuellar J., Drielsma P.H., Heám P.C., Kouchnarenko O., Mantovani J., Mödersheim S., von Oheimb D., Rusinowitch M., Santiago J., Turuani M., Viganò L., Vigneron L. The AVISPA tool for the automated validation of internet security protocols and applications. Proceedings of the 17th International Conference on Computer Aided Verification, CAV 2005 2005, 281-285. Springer-Verlag, The University of Edinburgh, Scotland, UK.
10. Atkinson C., Stoll D., Tunjic C. Orthographic service modeling. Workshops Proceedings of the 15th IEEE International Enterprise Distributed Object Computing Conference, EDOCW 2011 2011, 67-70. IEEE Computer Society, Helsinki, Finland.
11. ATLAS, ATLAS Transformation Language. , 2008. http://www.eclipse.org/m2m/atl/.
12. Basin D., Clavel M., Doser J., Egea M. Automated analysis of security-design models. Information and Software Technology 2009, vol. 51:815-831. Elsevier.
13. Basin D., Clavel M., Egea M. A decade of model-driven security. Proceedings of the 16th ACM Symposium on Access Control Models and Technologies, SACMAT 2011 2011, 1-10. ACM, Innsbruck, Austria.
14. Basin D., Clavel M., Egea M., Schläpfer M. Automatic generation of smart, security-aware GUI models. Proceedings of the International Symposium on Engineering Secure Software and Systems, ESSoS 2010 2010, 201-217. Springer-Verlag, Pisa, Italy.
15. Basin D., Doser J., Lodderstedt T. Model driven security for process-oriented systems. Proceedings of the 8th ACM Symposium on Access Control Models and Technologies, SACMAT 2003 2003, 100-109. ACM, Como, Italy.
16. Basin D., Doser J., Lodderstedt T. Model driven security: from UML models to access control infrastructures. Transactions on Software Engineering and Methodology 2006, vol. 15:39-91. ACM.
17. Best B., Jürjens J., Nuseibeh B. Model-based security engineering of distributed information systems using UMLsec. Proceedings of the 29th International Conference on Software Engineering, ICSE 2007 2007, 581-590. IEEE Computer Society, Minneapolis, MN, USA.
18. Bezivin J. Model driven engineering: an emerging technical space. Lecture Notes in Computer Science 2006, vol. 4143:36-64. Springer-Verlag.
19. Breu R., Hafner M., Innerhofer-Oberperfler F., Wozak F. Model-driven security engineering of service oriented systems. Lecture Notes in Business Information Processing 2008, vol. 5:59-71. Springer-Verlag.
20. Breu R., Hafner M., Weber B., Novak A. Model driven security for inter-organizational workflows in e-Government. Lecture Notes in Computer Science 2005, vol. 3416:122-133. Springer-Verlag.
21. Breu R., Popp G., Alam M. Model based development of access policies. International Journal on Software Tools for Technology Transfer 2007, vol. 9:457-470. Springer-Verlag.
22. Büttner F., Egea M., Cabot J., Gogolla M. Verification of ATL transformations using transformation models and model finders. Proceedings of the 14th International Conference on Formal Engineering Methods, ICFEM 2012 2012, 198-213. Springer-Verlag, Kyoto, Japan.
23. Clarke S. Composition of object-oriented software design models 2001, (Ph.D. thesis), Dublin City University, Ireland.
24. Clarke S., Baniassad E. Aspect-Oriented Analysis and Design: The Theme Approach 2005, Addison-Wesley.
25. Clavel M., Torres da Silva V., Braga C., Egea M. Model-driven security in practice: an industrial experience. Proceedings of 4th European Conference on Model Driven Architecture - Foundations and Applications, ECMDA-FA 2008 2008, 326-337. Springer-Verlag, Berlin, Germany.
26. Cook S., Jones G., Kent S., Wils A.C. Domain-Specific Development with Visual Studio DSL Tools 2007, Addison-Wesley.
27. Cottenier T., Van Den Berg A., Elrad T. The motorola WEAVR: model weaving in a large industrial context. Proceedings of the 6th International Conference on Aspect-Oriented Software Development (Industry Track), AOSD 2007, Vancouver, Canada 2007, .
28. Cysneiros L., Sampaio do Prado Leite J. Non-functional requirements: from elicitation to modelling languages. Proceedings of the 24th International Conference on Software Engineering, ICSE 2002 2002, 699-700. IEEE Computer Society, Orlando, Florida, USA.
29. Decker B.D., Layouni M., Vangheluwe H., Verslype K. A privacy-preserving ehealth protocol compliant with the belgian healthcare system. Lecture Notes in Computer Science 2008, vol. 5057:118-133. Springer.
30. G. Dupe, M. Belaunde, R. Perruchon, H. Besnard, F. Guillard, V. Oliveres, SmartQVT. http://smartqvt.elibel.tm.fr/.
31. Ehrig H., Ehrig K., Prange U., Taentzer G. Fundamentals of Algebraic Graph Transformation (Monographs in Theoretical Computer Science. An EATCS Series) 2006, Springer-Verlag.
32. Fernández-Medina E., Piattini M. Designing secure databases. Information and Software Technology 2005, vol. 47:463-477. Elsevier.
33. Fleurey F., Baudry B., France R., Ghosh S. A generic approach for automatic model composition. Proceedings of the 11th International Workshop on Aspect-Oriented Modeling, AOM at MoDELS 2007 2007, 7-15. Springer-Verlag, Nashville, TN, USA.
34. France R., Ray I., Georg G., Ghosh S. Aspect-oriented approach to early design modelling. IEE Proceedings - Software 2004, vol. 151:173-185. IEEE Computer Society.
35. Guerra E., de Lara J., Wimmer M., Kappel G., Kusel A., Retschitzegger W., Schönböck J., Schwinger W. Automated verification of model transformations based on visual contracts. Automated Software Engineering 2013, vol. 20:5-46. Springer-Verlag.
36. Hafner M., Alam M., Breu R. Towards a MOF/QVT-based domain architecture for model driven security. Lecture Notes in Computer Science 2006, vol. 4199:275-290. Springer-Verlag.
37. Hafner M., Breu M., Breu R., Nowak A. Modeling inter-organizational workflow security in a peer-to-peer environment. Proceedings of the IEEE International Conference on Web Services, ICWS 2005 2005, 533-540. IEEE Computer Society, Orlando, Florida, USA.
38. Hafner M., Breu R. Security Engineering for Service-Oriented Architectures 2009, Springer-Verlag.
39. Hafner M., Breu R., Agreiter B., Nowak A. SECTET: an extensible framework for the realization of secure inter-organizational workflows. Internet Research 2006, vol. 16:491-506. Emerald Group Publishing Limited.
40. Hafner M., Memon M., Alam M. Modeling and enforcing advanced access control policies in healthcare systems with SECTET. Lecture Notes in Computer Science 2008, vol. 5002:132-144. Springer-Verlag.
41. Hatebur D., Heisel M., Jürjens J., Schmidt H. Systematic development of UMLsec design models based on security requirements. Lecture Notes in Computer Science 2011, vol. 6603:232-246. Springer-Verlag.
42. Houmb S., Jürjens J. Developing secure networked web-based systems using model-based risk assessment and UMLsec. Proceedings of the 10th Asia-Pacific Software Engineering Conference, APSection 2003 2003, 488-497. IEEE Computer Society, Chiang Mai, Thailand.
43. Howard M., Lipner S. The Security Development Lifecycle 2006, Microsoft Press.
44. Jackson D. Software Abstractions: Logic, Language and Analysis 2012, MIT Press.
45. Jacobson I., Ng P.W. Aspect-Oriented Software Development with Use Cases 2004, Addison-Wesley.
46. Jensen J., Jaatun M.G. Security in model driven development: a survey. Proceedings of the 6th International Conference on Availability, Reliability and Security, ARES 2011 2011, 704-709. IEEE Computer Society, Vienna, Austria.
47. Jürjens J. Towards development of secure systems using UMLsec. Lecture Notes in Computer Science 2001, vol. 2029:187-200. Springer-Verlag.
48. Jürjens J. Formal semantics for interacting UML subsystems. Proceedings of the IFIP TC6/WG6.1 Fifth International Conference on Formal Methods for Open Object-Based Distributed Systems, FMOODS 2002 2002, 29-43. Wolters Kluwer, University of Twente, Netherlands.
49. Jürjens J. Principles for secure systems design 2002, (Ph.D. thesis), Oxford University, United Kingdom.
50. Jürjens J. UMLsec: extending UML for secure systems development. Lecture Notes in Computer Science 2002, vol. 2460:412-425. Springer-Verlag.
51. Jürjens J. Model-based security engineering with UML. Proceedings of the 4th International School on Foundations of Security Analysis and Design, FOSAD 2004 2004, 42-77. Springer-Verlag, Bertinoro University Residential Center, Italy.
52. Jürjens J. Code security analysis of a biometric authentication system using automated theorem provers. Proceedings of the 21st Annual Computer Security Applications Conference, ACSAC 2005 2005, 138-149. IEEE Computer Society, Tucson, Arizona, USA.
53. Jürjens J. Secure systems development with UML 2005, Springer-Verlag.
54. Jürjens J. Sound methods and effective tools for model-based security engineering with UML. Proceedings of the 27th International Conference on Software Engineering, ICSE 2005 2005, 322-331. IEEE Computer Society, St. Louis, Missouri, USA.
55. Jürjens J. Developing secure embedded systems: pitfalls and how to avoid them. Proceedings of the 29th International Conference on Software Engineering, ICSE 2007 2007, 182-183. IEEE Computer Society, Minneapolis, MN, USA.
56. Jürjens J., Schreck J., Bartmann P. Model-based security analysis for mobile communications. Proceedings of the 30th International Conference on Software Engineering, ICSE 2008 2008, 683-692. IEEE Computer Society, Leipzig, Germany.
57. Kasal K., Heurix J., Neubauer T. Model-driven development meets security: an evaluation of current approaches. Proceedings of the 44th Hawaii International Conference on System Sciences, HICSS-44 2011 2011, 1-9. IEEE Computer Society, Kauai, Hawaii, USA.
58. Khwaja A., Urban J. A synthesis of evaluation criteria for software specifications and specification techniques. International Journal of Software Engineering and Knowledge Engineering 2002, vol. 12:581-599. World Scientific.
59. Kiczales G., Lamping J., Menhdhekar A., Maeda C., Lopes C., Loingtier J., Irwin J. Aspect-oriented programming. Proceedings of the European Conference on Object-Oriented Programming 1997, vol. 1241:220-242. Springer-Verlag.
60. Kienzle J., Al Abed W., Fleurey F., Jézéquel J., Klein J. Aspect-oriented design with reusable aspect models. Lecture Notes in Computer Science 2010, vol. 6210:272-320. Springer-Verlag.
61. Klein J., Fleurey F., Jézéquel J. Weaving multiple aspects in sequence diagrams. Lecture Notes in Computer Science 2007, vol. 4620:167-199. Springer-Verlag.
62. Klein J., Hélouët L., Jézéquel J. Semantic-based weaving of scenarios. Proceedings of the 5th International Conference on Aspect-Oriented Software Development, AOSD 2006 2006, 27-38. ACM, Bonn, Germany.
63. Klein J., Kienzle J., Morin B., Jézéquel J.M. Aspect model unweaving. Proceedings of the 12th International Conference on Model Driven Engineering Languages and Systems, MoDELS 2009 2009, 514-530. Springer-Verlag, Denver, Colorado, USA.
64. Kleppe A.G., Warmer J., Bast W. MDA Explained: The Model Driven Architecture: Practice and Promise 2003, Addison-Wesley.
65. Kramer M.E., Klein J., Steel J.R., Morin B., Kienzle J., Barais O., Jézéquel J. Achieving practical genericity in model weaving through extensibility. Proceedings of the 6th International Conference on the Theory and Practice of Model Transformations, ICMT 2013 2013, 108-124. Springer-Verlag, Budapest, Hungary.
66. Lang U., Schreiner R. Model driven security management: making security management manageable in complex distributed systems. Proceedings of the 1st Workshop on Modeling Security, MODSEC 2008, CEUR Workshop Proceedings (CEUR-WS.org), Toulouse, France 2008, .
67. 3: a tool for multi-formalism and meta-modelling. Proceedings of the 5th International Conference on Fundamental Approaches to Software Engineering, FASE 2002 2002, 174-188. Springer-Verlag, Grenoble, France.
68. Layouni M., Verslype K., Sandikkaya M.T., Decker B.D., Vangheluwe H. Privacy-preserving telemonitoring for ehealth. Lecture Notes in Computer Science 2009, vol. 5645:95-110. Springer.
69. Lloyd J., Jürjens J. Security analysis of a biometric authentication system using UMLsec and JML. Lecture Notes in Computer Science 2009, vol. 5795:77-91. Springer-Verlag.
70. Lodderstedt T. Model driven security from UML models to access control architectures 2003, (Ph.D. thesis), University of Freiburg, Germany.
71. Lodderstedt T., Basin D., Doser J. SecureUML: a UML-based modeling language for model-driven security. Lecture Notes in Computer Science 2002, vol. 2460:426-441. Springer-Verlag.
72. Lúcio L., Barroca B., Amaral V. A technique for automatic validation of model transformations. Proceedings of the 13th International Conference on Model Driven Engineering Languages and Systems, MoDELS 2010 2010, 136-150. Springer-Verlag, Oslo, Norway.
73. Ma Z., Wagner C., Woitsch R., Skopik F., Bleier T. Model-driven security: from theory to application. International Journal of Computer Information Systems and Industrial Management Applications 2013, vol. 5:151-158. MIR Labs.
74. MacDonald N. Model-Driven Security: Enabling a Real-Time, Adaptive Security Infrastructure 2007, Technical Report, Gartner Inc. http://www.gartner.com/id=525109.
75. Metacase, Domain-Specific Modeling with MetaEdit+: 10 times Faster than UML, White Paper, 2009.
76. Moebius N., Stenzel K., Borek M., Reif W. Incremental development of large, secure smart card applications. Proceedings of the 1st International Workshop on Model-Driven Security 2012, 1-6. ACM, Innsbruck, Austria.
77. Moebius N., Stenzel K., Grandy H., Reif W. Model-driven code generation for secure smart card applications. Proceedings of the 20th Australian Software Engineering Conference, ASWEC 2009 2009, 44-53. IEEE Computer Society, Gold Coast, Australia.
78. Moebius N., Stenzel K., Grandy H., Reif W. SecureMDD: a model-driven development method for secure smart card applications. Proceedings of the International Conference on Availability, Reliability and Security, ARES 2009 2009, 841-846. IEEE Computer Society, Fukuoka, Japan.
79. Moebius N., Stenzel K., Reif W. Generating formal specifications for security-critical applications - a model-driven approach. Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems, IWSESS 2009 2009, 68-74. IEEE Computer Society, Washington, DC, USA.
80. Moebius N., Stenzel K., Reif W. Formal verification of application-specific security properties in a model-driven approach. Lecture Notes in Computer Science 2010, vol. 5965:166-181. Springer-Verlag.
81. Moore W., Dean D., Gerber A., Wagenknecht G., Vanderheyden P. Eclipse development using the graphical editing framework and the eclipse modeling framework 2004, IBM Redbooks.
82. Morin B., Barais O., Nain G., Jézéquel J. Taming dynamically adaptive systems with models and aspects. Proceedings of the 31st International Conference on Software Engineering, ICSE 2009 2009, 122-132. IEEE Computer Society, Vancouver, Canada.
83. Morin B., Klein J., Barais O., Jézéquel J. A generic weaver for supporting product lines. Proceedings of the Early Aspects Workshop at ICSE 2008 2008, 11-18. ACM, Leipzig, Germany.
84. Morin B., Klein J., Kienzle J., Jézéquel J. Flexible model element introduction policies for aspect-oriented modeling. Proceedings of the 13th International Conference on Model Driven Engineering Languages and Systems, MoDELS 2010 2010, 63-77. Springer-Verlag, Oslo, Norway.
85. Mosterman P.J., Vangheluwe H. Computer automated multi-paradigm modeling: an introduction. Simulation 2004, vol. 80:433-450. SAGE Publications.
86. Muller P., Fleurey F., Jézéquel J. Weaving executability into object-oriented meta-languages. Proceedings of the 8th International Conference on Model Driven Engineering Languages and Systems, MoDELS 2005 2005, 264-278. Springer-Verlag, Half Moon Resort, Montego Bay, Jamaica.
87. Muñoz J. Information security industry: state of the art. Proceedings of the Security Electronic Business Processes, Highlights of the Information Security Solutions Europe 2008 Conference, ISSE 2008 2009, 84-89. Vieweg+Teubner, Madrid, Spain.
88. Nguyen P.H., Klein J., Kramer M., Le Traon Y. A systematic review of model driven security. Proceedings of the 20th Asia-Pacific Software Engineering Conference, APSEC 2013 2013, IEEE Computer Society, Bangkok, Thailand, p. (to appear).
89. Papadakis M., Malevris N. mutation-based test case generation via a path selection strategy. Information and Software Technology 2012, vol. 54:915-932. Elsevier.
90. Reddy R., Ghosh S., France R.B., Straw G., Bieman J.M., Song E., Georg G. Directives for composing aspect-oriented design class models. Lecture Notes in Computer Science 2006, vol. 3880:75-105. Springer-Verlag.
91. Sánchez O., Molina F., García-Molina J., Toval A. ModelSec: a generative architecture for model-driven security. Journal of Universal Computer Science 2009, vol. 15:2957-2980. Verlag der Technischen Universität Graz.
92. Sandhu R., Coyne E., Feinstein H., Youman C. Role-based access control models. IEEE Computer 1996, vol. 29:38-47. IEEE Computer Society.
93. Selim G.M., Cordy J.R., Dingel J. Analysis of Model Transformations 2012, Technical Report 2012-592, Queen's University.
94. Selim G.M., Cordy J.R., Dingel J. Model transformation testing: the state of the art. Proceedings of the 1st International Workshop on the Analysis of Model Transformations, AMT 2012 2012, 21-26. Springer-Verlag, Innsbruck, Austria.
95. Sendall S., Kozaczynski W. Model transformation: the heart and soul of model-driven software development. IEEE Software 2003, vol. 20:42-45. IEEE Computer Society.
96. Shafiq B., Masood A., Joshi J., Ghafoor A. A role-based access control policy verification framework for real-time systems. Proceedings of the IEEE International Workshop on Object-Oriented Real-Time Dependable Systems 2005, 13-20. IEEE Computer Society, Los Alamitos, CA, USA.
97. Shin M., Gomaa H. Separating application and security concerns in modeling software product lines. Applied Software Product Line Engineering 2009, 337-366. Auerbach Publications Boston, MA, USA. first ed.
98. Stark R.F., Borger E., Schmid J. Java and the java virtual machine: definition, verification, validation 2001, Springer-Verlag.
99. Syriani E. A multi-paradigm foundation for model transformation language engineering 2011, (Ph.D. thesis), McGill University, Canada.
100. Thirioux X., Combemale B., Crégut X., Garoche P.L. A framework to formalise the MDE foundations. Proceedings of the 1st International Workshop on Towers of Models, TOWERS 2007 2007, 14-30. Springer-Verlag, Zürich, Switzerland.
101. Vallecillo A., Gogolla M. Typing model transformations using tracts. Proceedings of the 5th International Conference on the Theory and Practice of Model Transformations, ICMT 2012 2012, 56-71. Springer-Verlag, Prague, Czech Republic.
102. Whittle J., Araújo J. Scenario modelling with aspects. IEE Proceedings - Software 2004, vol. 151:157-172. IEEE Computer Society.
103. Whittle J., Jayaraman P.K., Elkhodary A.M., Moreira A., Araújo J. A unified approach for composing UML aspect models based on graph transformation. Lecture Notes in Computer Science 2009, vol. 5560:191-237. Springer-Verlag.
104. Yu H., Liu D., He X., Yang L., Gao S. Secure software architectures design by aspect orientation. Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems, ICECCS 2005 2005, 47-55. IEEE Computer Society, Shanghai, China.
105. Zhu Z.J., Zulkernine M. A model-based aspect-oriented framework for building intrusion-aware software systems. Information and Software Technology 2009, vol. 51:865-875. Elsevier.
106. Zia M., Posse E., Vangheluwe H. Addressing security requirements through multi-formalism modelling and model transformation. Proceedings of the 2nd International Conference on Software and Data Technologies, ICSOFT (SE) 2007, 129-137. INSTICC Press.