Abstract
Recently, there has been much research works treating Model Driven Architecture (MDA) approaches for automatically generating and personalizing applications using the system models. To the best of our knowledge, most of these works have been addressing code generation without taking into account the no-functional aspect: security. In this current work, we are proposing a new contribution to generating secure applications with their security mechanisms basing on MDA approach in order to address both the functional and non-functional aspects during software engineering process.
This paper proposes an MDA-based methodology for integrating security properties during the system design. These properties are formulated by security expert based on security requirements of the organization. In this work, we focus our concentration on some properties such as data encryption, Message Integrity, and Access Control so that to show the importance of this contribution and make in practice the generation of secure applications. To do that, these properties will be incorporated in the form of security models during the system design after their transformation to security tagged values using UML Profile. Moreover, system functional models will be enriched with system security requirements through the profiling concepts which contain a set of tagged values about software security aspect.
Within this context, security models can be merged with system models in different abstraction levels by applying a set of model-to-model transformation. Finally, source code and the configuration files will be generated automatically from communication diagram after its extension by applying a model to code transformation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
OMG. Object Constraint Language (OCL) Specification, version 2.0 (2006). http://www.omg.org/spec/OCL/2.0/
OMG. MDA GUIDE, Version 1.0.1 Object Management Group document number omg/2003–06-01. http://www.omg.org/docs/omg/03-06-01.pdf
OMG: Object Management Group. www.omg.org. http://www.omg.org/docs/omg/03–06-01.pdf
Girault, C., Valk, R.: Petri-nets for Systems Engineering. Springer, Berlin (2003)
Huang, S.S., Smaragdakis, Y.: Easy language extension with Meta-AspectJ. In: ICSE 06 Proceeding of the 28th International Conference on Software Engineering, pp. 865–868. ACM, New York (2006)
Zook, D., Huang, S.S., Smaragdakis, Y.: Generating AspectJ programs with meta-AspectJ. In: Generative Programming and Component Engineering Conference, GPCE 2004, Vancouver, Canada, vol. 3286, pp. 1–18, October 2004
Code generation through model transformation. http://alexandria.tue.nl/extra2/afstversl/wsk-i/verstraeten2008.pdf
Bouseta, B., El Beggar, O., Gadi, T.: Generating operations specifications from domain class diagram using transition state diagram. Int. J. Comput. Inf. Technol. 2, 29–36 (2013)
El Beggar, O., Bouseta, B., Gadi Taoufiq, T.: Automatic code generation by model transformation from sequence diagram of system’s internal behavior. Int. J. Comput. Inf. Technol. 2, 129–146 (2013)
Hemel, Z., Kats, L.C.L., Visser, E.: Code generation by model transformation a case study in transformation modularity. In: Theory and Practice of Model Transformations. Lecture Notes in Computer Science, vol. 5063, pp 183–198 (2008)
Manoli, A., Cabot, J., Gómez, C., Pelechano, V.: Generating operation specifications from UML class diagrams: a model transformation approach. Data Knowl. Eng. 70, 365–389 (2011)
Fernardez, E.B., Larondo-Petrie, M.M., Sorgente, T., Vanhilst, M.: A methodology to develop secure systems using patterns (2008)
Ahn, G.-J., Shin, M.E.: UML-based representation of role-based access control. In: Proceedings of the 9th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2000), pp. 195–200. IEEE Computer Society, June 2000
Basin, D., Doser, J., Lodderstedt, T.: Model driven security for process-oriented systems. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), pp. 100–109. ACM Digital Library, June 2003
Jürjens, J.: UMLsec: extending UML for secure systems development. In: Proceedings of the 5th International Conference on the Unifed Modeling Language (UML 2002). LNCS, vol. 2460, pp. 412–425, October 2002
Basin, D., Doser, J., Lodderstedt, T.: Model driven security for process-oriented systems. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), pp. 100–109. ACM Press, June 2003
Jin, X.: Applying model driven architecture approach to model role based access control system (Doctoral dissertation, University of Ottawa)
Basin, D., Doser, J., Lodderstedt, T.: SecureUML: a UML-based modeling language for model-driven security. In: Proceedings of the 5th International Conference on the Unifed Modeling Language (UML 2002). LNCS, vol. 2460, pp. 426–441, October 2002
Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. (TOSEM) 15, 39–91 (2006)
Fernandez-Medina, E., Trujillo, J., Villarroel, R., Piattini, M.: Developing secure data warehouses with a UML extension. Inf. Syst. 32, 826–856 (2007)
Reznik, J., Ritter, T.: Model driven development of security aspects. In: Proceedings of the Second International Workshop on Aspect-Based and Model-Based Separation of Concerns in Software Systems (ABMB 2006). Electronic Notes in Theoretical Computer Science, vol. 163, pp. 65–79, April 2007
Trujillo, J., Soler, E., Fernández-Medina, E., Piattini, M.: An engineering process for developing secure data warehouses. Inf. Softw. Technol. 51, 1033–1051 (2009)
Blanco, C., García-Rodríguez de Guzmán, I., Fernández-Medina, E., Trujillo, J., Piattini, M.: Applying an MDA-based approach to consider security rules in the development of secure DWs. IEEE Xplore Digit. Libr. 51, 1–25 (2009)
Miller, J., Mukerji, J.: MDA Guide Version 1.0.1. Technical report, Object Management Group (OMG) (2003)
Allilaire, F., Bézivin, J., Jouault, F., Kurtev, I.: ATL—eclipse support for model transformation. In: Proceedings of the Eclipse Technology eXchange Workshop (eTX) at ECOOP (2006)
Object Management Group, Inc. Meta Object Facility (MOF) 2.0 Core Specification, Final Adopted Specification, January 2006
Philippi, S.: Automatic code generation from high-level Petri-Nets for model driven systems engineering. J. Syst. Softw. 79, 1444–1455 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Abdellatif, L., Chhiba, M., Tabyaoui, A., Mjihil, O. (2018). MDA Approach for Application Security Integration with Automatic Code Generation from Communication Diagram. In: Noreddine, G., Kacprzyk, J. (eds) International Conference on Information Technology and Communication Systems. ITCS 2017. Advances in Intelligent Systems and Computing, vol 640. Springer, Cham. https://doi.org/10.1007/978-3-319-64719-7_25
Download citation
DOI: https://doi.org/10.1007/978-3-319-64719-7_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64718-0
Online ISBN: 978-3-319-64719-7
eBook Packages: EngineeringEngineering (R0)