Abstract
Security in general and database protection from unauthorized access in particular, are crucial for organizations. It has long been accepted that security requirements should be considered from the early stages of the development process. However, such requirements tend to be neglected or dealt-with only at the end of the development process. The Security Modeling Tool presented in this paper aims at guiding and enforcing developers, in particular database designers, to deal with database authorization requirements from the early stages of the development process. In this paper we demonstrate how the Security Modeling Tool assists the various stakeholders in designing secure database code and describe the tool architecture.
Chapter PDF
Similar content being viewed by others
References
Dhillon, G.S.: Information Security Management: Global Challenges in the New Millennium. IGI Publishing (2001)
Eclipse Modeling Framework (2011), http://www.eclipse.org/modeling/emf/
Jouault, F., Allilaire, F., Bézivin, J., Kurtev, I.: ATL: A model transformation tool. Science of Computer Programming. Science of Computer Programming 72(1-2), 31–39 (2008)
Reinhartz-Berger, I., Sturm, A.: Utilizing Domain Models for Application Design and Validation. Information & Software Technology 51(8), 1275–1289 (2009)
Schumacher, M.: Security Engineering with Patterns: Origins, Theoretical Models, and New Applications. Springer-Verlag New York, Inc., Secaucus (2003)
Shoval, P.: Functional and Object-Oriented Analysis and Design - An Integrated Methodology. IGI Publishing, Hershey (2007)
Standard Widget Toolkit (2011), http://www.eclipse.org/swt/
StringTemplate (2011), http://www.stringtemplate.org/
TOPCASED (2011), http://www.topcased.org/
Eclipse (2011), http://www.eclipse.org/
Dresden OCL Toolkit (2011), http://www.dresden-ocl.org/index.php/DresdenOCL
ATL (2011), http://eclipse.org/atl/
Standard Widget Toolkit (2011), http://www.eclipse.org/swt/
Abramov, J., Sturm, A., Shoval, P.: A Pattern Based Approach for Secure Database Design. In: Salinesi, C., Pastor, O. (eds.) CAiSE Workshops 2011. LNBIP, vol. 83, pp. 637–651. Springer, Heidelberg (2011)
Basin, D., Doser, J., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Transaction on Software Engineering and Methodologies 15(1), 39–91 (2006)
Fernandez, E.B., Larrondo-Petrie, M.M., Sorgente, T., VanHilst, M.: A methodology to develop secure systems using patterns. In: Mouratidis, H., Giorgini, P. (eds.) Integrating Security and Software Engineering: Advances and Future Vision. IDEA Press (2006)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)
Mouratidis, H., Giorgini, P.: Secure Tropos: a Security-Oriented Extension of the Tropos Methodology. International Journal of Software Engineering and Knowledge Engineering 17, 285–309 (2007)
Jurjens, J.: Secure Systems Development with UML. Springer (2005)
Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design patterns: elements of reusable object-oriented software. Addison-Wesley Professional (1995)
Hafner, M., Breu, R.: Security Engineering for Service oriented Architectures. Springer (2009)
Ray, I., France, R.B., Li, N., Georg, G.: An aspect-based approach to modeling access control concerns. Information & Software Technology 46, 575–587 (2004)
Fernández-Medina, E., Piattini, M.: Designing secure databases. Information & Software Technology 47(7), 463–477 (2005)
Mouratidis, H., Jurjens, J.: From goal-driven security requirements engineering to secure design. International Journal on Intelligent Systems 25(8), 813–840 (2010)
Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering. John Wiley & Sons (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Abramov, J., Anson, O., Sturm, A., Shoval, P. (2012). Tool Support for Enforcing Security Policies on Databases. In: Nurcan, S. (eds) IS Olympics: Information Systems in a Diverse World. CAiSE 2011. Lecture Notes in Business Information Processing, vol 107. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29749-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-29749-6_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29748-9
Online ISBN: 978-3-642-29749-6
eBook Packages: Computer ScienceComputer Science (R0)