Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Technology and Communication Systems

ITCS 2017: International Conference on Information Technology and Communication Systems pp 297–310Cite as

MDA Approach for Application Security Integration with Automatic Code Generation from Communication Diagram

  • Conference paper
  • First Online:

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 640))

Abstract

Recently, there has been much research works treating Model Driven Architecture (MDA) approaches for automatically generating and personalizing applications using the system models. To the best of our knowledge, most of these works have been addressing code generation without taking into account the no-functional aspect: security. In this current work, we are proposing a new contribution to generating secure applications with their security mechanisms basing on MDA approach in order to address both the functional and non-functional aspects during software engineering process.

This paper proposes an MDA-based methodology for integrating security properties during the system design. These properties are formulated by security expert based on security requirements of the organization. In this work, we focus our concentration on some properties such as data encryption, Message Integrity, and Access Control so that to show the importance of this contribution and make in practice the generation of secure applications. To do that, these properties will be incorporated in the form of security models during the system design after their transformation to security tagged values using UML Profile. Moreover, system functional models will be enriched with system security requirements through the profiling concepts which contain a set of tagged values about software security aspect.

Within this context, security models can be merged with system models in different abstraction levels by applying a set of model-to-model transformation. Finally, source code and the configuration files will be generated automatically from communication diagram after its extension by applying a model to code transformation.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. OMG. Object Constraint Language (OCL) Specification, version 2.0 (2006). http://www.omg.org/spec/OCL/2.0/

  2. OMG. MDA GUIDE, Version 1.0.1 Object Management Group document number omg/2003–06-01. http://www.omg.org/docs/omg/03-06-01.pdf

  3. OMG: Object Management Group. www.omg.org. http://www.omg.org/docs/omg/03–06-01.pdf

  4. Girault, C., Valk, R.: Petri-nets for Systems Engineering. Springer, Berlin (2003)

    Google Scholar 

  5. Huang, S.S., Smaragdakis, Y.: Easy language extension with Meta-AspectJ. In: ICSE 06 Proceeding of the 28th International Conference on Software Engineering, pp. 865–868. ACM, New York (2006)

    Google Scholar 

  6. Zook, D., Huang, S.S., Smaragdakis, Y.: Generating AspectJ programs with meta-AspectJ. In: Generative Programming and Component Engineering Conference, GPCE 2004, Vancouver, Canada, vol. 3286, pp. 1–18, October 2004

    Google Scholar 

  7. Code generation through model transformation. http://alexandria.tue.nl/extra2/afstversl/wsk-i/verstraeten2008.pdf

  8. Bouseta, B., El Beggar, O., Gadi, T.: Generating operations specifications from domain class diagram using transition state diagram. Int. J. Comput. Inf. Technol. 2, 29–36 (2013)

    Google Scholar 

  9. El Beggar, O., Bouseta, B., Gadi Taoufiq, T.: Automatic code generation by model transformation from sequence diagram of system’s internal behavior. Int. J. Comput. Inf. Technol. 2, 129–146 (2013)

    Google Scholar 

  10. Hemel, Z., Kats, L.C.L., Visser, E.: Code generation by model transformation a case study in transformation modularity. In: Theory and Practice of Model Transformations. Lecture Notes in Computer Science, vol. 5063, pp 183–198 (2008)

    Google Scholar 

  11. Manoli, A., Cabot, J., Gómez, C., Pelechano, V.: Generating operation specifications from UML class diagrams: a model transformation approach. Data Knowl. Eng. 70, 365–389 (2011)

    Article  Google Scholar 

  12. Fernardez, E.B., Larondo-Petrie, M.M., Sorgente, T., Vanhilst, M.: A methodology to develop secure systems using patterns (2008)

    Google Scholar 

  13. Ahn, G.-J., Shin, M.E.: UML-based representation of role-based access control. In: Proceedings of the 9th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE 2000), pp. 195–200. IEEE Computer Society, June 2000

    Google Scholar 

  14. Basin, D., Doser, J., Lodderstedt, T.: Model driven security for process-oriented systems. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), pp. 100–109. ACM Digital Library, June 2003

    Google Scholar 

  15. Jürjens, J.: UMLsec: extending UML for secure systems development. In: Proceedings of the 5th International Conference on the Unifed Modeling Language (UML 2002). LNCS, vol. 2460, pp. 412–425, October 2002

    Google Scholar 

  16. Basin, D., Doser, J., Lodderstedt, T.: Model driven security for process-oriented systems. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (SACMAT 2003), pp. 100–109. ACM Press, June 2003

    Google Scholar 

  17. Jin, X.: Applying model driven architecture approach to model role based access control system (Doctoral dissertation, University of Ottawa)

    Google Scholar 

  18. Basin, D., Doser, J., Lodderstedt, T.: SecureUML: a UML-based modeling language for model-driven security. In: Proceedings of the 5th International Conference on the Unifed Modeling Language (UML 2002). LNCS, vol. 2460, pp. 426–441, October 2002

    Google Scholar 

  19. Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. (TOSEM) 15, 39–91 (2006)

    Article  Google Scholar 

  20. Fernandez-Medina, E., Trujillo, J., Villarroel, R., Piattini, M.: Developing secure data warehouses with a UML extension. Inf. Syst. 32, 826–856 (2007)

    Article  Google Scholar 

  21. Reznik, J., Ritter, T.: Model driven development of security aspects. In: Proceedings of the Second International Workshop on Aspect-Based and Model-Based Separation of Concerns in Software Systems (ABMB 2006). Electronic Notes in Theoretical Computer Science, vol. 163, pp. 65–79, April 2007

    Google Scholar 

  22. Trujillo, J., Soler, E., Fernández-Medina, E., Piattini, M.: An engineering process for developing secure data warehouses. Inf. Softw. Technol. 51, 1033–1051 (2009)

    Article  Google Scholar 

  23. Blanco, C., García-Rodríguez de Guzmán, I., Fernández-Medina, E., Trujillo, J., Piattini, M.: Applying an MDA-based approach to consider security rules in the development of secure DWs. IEEE Xplore Digit. Libr. 51, 1–25 (2009)

    Google Scholar 

  24. Miller, J., Mukerji, J.: MDA Guide Version 1.0.1. Technical report, Object Management Group (OMG) (2003)

    Google Scholar 

  25. Allilaire, F., Bézivin, J., Jouault, F., Kurtev, I.: ATL—eclipse support for model transformation. In: Proceedings of the Eclipse Technology eXchange Workshop (eTX) at ECOOP (2006)

    Google Scholar 

  26. Object Management Group, Inc. Meta Object Facility (MOF) 2.0 Core Specification, Final Adopted Specification, January 2006

    Google Scholar 

  27. Philippi, S.: Automatic code generation from high-level Petri-Nets for model driven systems engineering. J. Syst. Softw. 79, 1444–1455 (2006)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. RMI Laboratory, FST Settat, Univ Hassan 1, 26000, Settat, Morocco

    Lasbahani Abdellatif, Mostafa Chhiba & Abdelmoumen Tabyaoui

  2. IR2M Laboratory, FST Settat, Univ Hassan 1, 26000, Settat, Morocco

    Oussama Mjihil

Authors
  1. Lasbahani Abdellatif
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mostafa Chhiba
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abdelmoumen Tabyaoui
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Oussama Mjihil
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lasbahani Abdellatif .

Editor information

Editors and Affiliations

  1. ENSA, Khouribga, Morocco

    Gherabi Noreddine

  2. Systems Research Institute, Polish Academy of Sciences, Warsaw, Poland

    Janusz Kacprzyk

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Abdellatif, L., Chhiba, M., Tabyaoui, A., Mjihil, O. (2018). MDA Approach for Application Security Integration with Automatic Code Generation from Communication Diagram. In: Noreddine, G., Kacprzyk, J. (eds) International Conference on Information Technology and Communication Systems. ITCS 2017. Advances in Intelligent Systems and Computing, vol 640. Springer, Cham. https://doi.org/10.1007/978-3-319-64719-7_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-64719-7_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64718-0

  • Online ISBN: 978-3-319-64719-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation