论文信息 - A Model Driven Approach for Generating Code from Security Requirements

A Model Driven Approach for Generating Code from Security Requirements

Nowadays, Information Systems are present in numerous areas and they usually contain data with special security requirements. However, these requirements do not often receive the attention that they deserve and, on many occasions, they are not considered or are only considered when the system development has nished. On the other hand, the use of model driven approaches has recently demonstrated to o er numerous bene ts. This paper tries to align the use of a model driven development paradigm with the consideration of security requirements from early stages of software development (such as requirements elicitation). With this aim, a security requirements metamodel that formalizes the de nition of this kind of requirements is proposed. Based on this metamodel, a Domain Speci c Language (DSL) has been built which allows both the construction of requirements models with security features and the automatic generation of other software artefacts from them. An application example that illustrates the approach is also shown.

José Ambrosio Toval Álvarez | Jesús García Molina | Fernando Molina | Óscar Sánchez Ramón

[1] Ivan Kurtev,et al. A Metamodeling Approach for Reasoning about Requirements , 2008, ECMDA-FA.

[2] Juha-Pekka Tolvanen,et al. Domain-Specific Modeling: Enabling Full Code Generation , 2008 .

[3] Mario Piattini,et al. A common criteria based security requirements engineering process for the development of secure information systems , 2007, Comput. Stand. Interfaces.

[4] 朱莉,et al. Oracle Label Security技术研究及其实现 , 2006 .

[5] José Ambrosio Toval Álvarez,et al. REMM-Studio: an Integrated Model-Driven Environment for Requirements Specification, Validation and Formatting , 2007, J. Object Technol..

[6] Mario Piattini,et al. A BPMN Extension for the Modeling of Security Requirements in Business Processes , 2007, IEICE Trans. Inf. Syst..

[7] Mario Piattini,et al. Secure information systems development - a survey and comparison , 2005, Comput. Secur..

[8] Mario Piattini,et al. Designing secure databases , 2005, Inf. Softw. Technol..

[9] Sabrina De Capitani di Vimercati,et al. Access Control Policies, Models, and Mechanisms , 2011, Encyclopedia of Cryptography and Security.