We present a novel model-driven methodology for
developing secure data-management applications. System developers proceed by
modeling three different views of the desired application: its data model,
security model, and GUI model. These models formalize respectively the
application’s data domain, authorization policy, and its graphical interface together
with the application’s behavior. Afterwards a model-transformation function
lifts the policy specified by the security model to the GUI model. This allows
a separation of concerns where behavior and security are specified separately,
and subsequently combined to generate a security-aware GUI model. Finally, a
code generator generates a multi-tier application, along with all support for
access control, from the security-aware GUI model. We report on applications
built using our approach and the associated tool
No comments:
Post a Comment