Model-Driven Development of a Secure eHealth Application

We report on our use of ActionGUI to develop a secure eHealth application based on the NESSoS eHealth case study. ActionGUI is a novel model-driven methodology with an associated tool for developing secure data-management applications with three distinguishing features. First, it enables a model-based separation of concerns, where behavior and security are modeled individually and subsequently combined. Second, it supports model-based quality assurance checks, where the properties proven about the models transfer to the generated applications. Finally, for data-management applications, the ActionGUI tool automatically generates complete, ready-to-deploy, security-aware, web applications. We explain these features in the context of the eHealth application.

[1]  Carolina Dania,et al.  OCL 2 FOL + : Coping with Undefinedness , 2013 .

[2]  Nora Koch,et al.  MagicUWE - A CASE Tool Plugin for Modeling Web Applications , 2009, ICWE.

[3]  Christoph Weidenbach,et al.  SPASS Version 3.5 , 2009, CADE.

[4]  Jim Woodcock,et al.  Using Z - specification, refinement, and proof , 1996, Prentice Hall international series in computer science.

[5]  Renate A. Schmidt Automated Deduction - CADE-22, 22nd International Conference on Automated Deduction, Montreal, Canada, August 2-7, 2009. Proceedings , 2009, CADE.

[6]  David A. Basin,et al.  A Model-Driven Methodology for Developing Secure Data-Management Applications , 2014, IEEE Transactions on Software Engineering.

[7]  Nora Koch,et al.  UWE4JSF: A Model-Driven Generation Approach for Web Applications , 2009, ICWE.

[8]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[9]  Clark W. Barrett,et al.  The SMT-LIB Standard Version 2.0 , 2010 .

[10]  Manuel Clavel,et al.  OCL2FOL+: Coping with Undefinedness , 2013, OCL@MoDELS.

[11]  Adam Steele,et al.  Executable visual software modeling—the ZOOM approach , 2007, Software Quality Journal.

[12]  Cevdet Aykanat,et al.  Technical Report , 1978 .

[13]  David A. Basin,et al.  A decade of model-driven security , 2011, SACMAT '11.

[14]  San Murugesan Web engineering , 1999, LINK.

[15]  Nora Koch,et al.  Towards a UML Extension for Hypermedia Design , 1999, UML.

[16]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.