论文信息 - Automatic Generation of Smart, Security-Aware GUI Models

Automatic Generation of Smart, Security-Aware GUI Models

In many software applications, users access application data using graphical user interfaces (GUIs). There is an important, but little explored, link between visualization and security: when the application data is protected by an access control policy, the GUI should be aware of this and respect the policy. For example, the GUI should not display options to users for actions that they are not authorized to execute on application data. Taking this idea one step further, the application GUI should not just be security-aware, it should also be smart. For example, the GUI should not display options to users for opening other widgets when these widgets will only display options for actions that the users are not authorized to execute on application data. We establish this link between visualization and security using a model-driven development approach. Namely, we define and implement a many-models-to-model transformation that, given a security-design model and a GUI model, makes the GUI model both security-aware and smart.

David A. Basin | Manuel Clavel | Marina Egea | Michael Schläpfer

[1] Pavel Slavík,et al. GUI generation from annotated source code , 2004, TAMODIA '04.

[2] David A. Basin,et al. Automated analysis of security-design models , 2009, Inf. Softw. Technol..

[3] Jan Jürjens,et al. Introducing Security Aspects with Model Transformations , 2005, ECBS.

[4] Wilhelm Walter,et al. Extending UML to GUI Modeling , 2004, Mensch & Computer.

[5] Ramaswamy Chandramouli,et al. The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[6] Hiroshi Mineno,et al. Automatic GUI Generation for Meta-data Based PUCC Sensor Gateway , 2008, KES.

[7] Lakhmi C. Jain,et al. Knowledge-Based Intelligent Information and Engineering Systems , 2004, Lecture Notes in Computer Science.

[8] David Basin,et al. Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[9] Frank Marschall,et al. Model Transformations for the MDA with BOTL , 2003 .

[10] Dirk Deridder,et al. Multi-step concern refinement , 2008 .