A Model Transformation Methodology for Security Integration and Code Generation from Sequence Diagram of System's Internal Behavior
(*) Corresponding author
Recently, there have been many researches suggesting the inclusion of the security engineering in an early stage of system’s modeling and development of Model Driven Engineering (MDE). This concept consists in deploying Unified Modeling Language (UML) standard as a principal meta-model for different system’s abstractions. Although, most of these works have been addressing the security injection without taking into the account security infrastructure generation, generating the code corresponding to the functional and non-functional aspect at the same time. In this current work, authors have concentrated their efforts on non-functional aspects such as the business logic layer, data flow monitoring, and delivering high-quality services by developing a generic methodology for the security integration and the code generation that consider the security needs during the whole cycle of system development. Practically, a new UML profile for security integration and code generation for Java platforms has been proposed to improve the elements of the source model of Platform Independent Model (PIM) with the security integration rules for the verification and the validation of security policies, and to establish the mapping between annotated elements and the corresponding stereotypes, during the transition from CIM to PIM. The semantic definition of security was made literally by applying Larman’s new operation contracts semantics and security patterns, and concretely by applying the security formalism that was given through the new security metamodel. Finally, the objective is to improve the software applications productivity, interoperability, and generalize security integration on the entire software development life cycle rather than on the implementation phase.
Copyright © 2018 Praise Worthy Prize - All rights reserved.
D . Basin, J.Doser, T. Lodderstedt , Model Driven Security: From UML Models to Access Control Infrastructures, ACM Transactions on Software Engineering and Methodology, Vol. 15, pp. 39-91, 2006.
T. Lodderstedt, D.A. Basin, J. Doser, Secureuml : A uml-based modeling language for model-driven security, Proceedings of the 5th International Conference on The Unified Modelling Language, Vol. 2, pp. 426-441, London, UK, 2002.
C. Wolter, M. Meznel, C. Meinel, Modeling security goals in business processes, Modellierung, Vol. 127, pp. 201-216, Berlin, 2008 [On-line], Available:
F. Satoh, Y. Nakamura, K. Ono, Adding Authentication to Model Driven Security, IEEE International Conference on Web Services, Vol. 127, pp. 585-594, Chicago, IL, USA, 2006.
F. Satoh, Y. Yamaguchi, Generic security policy transformation framework for ws-security, IEEE Computer Society on ICWS, Vol. 92, pp. 513-520, Salt Lake City, UT, USA, 2007.
J. Juerjens, UMLsec: Extending UML for secure systems development, Proceedings of the 5th International Conference on the Unified Modeling Language, vol. 2460, pp. 412-425, London, UK.2002.
M. Hafner, M. Breu, R. Breu, A. Nowak, Modelling inter-organizational workflow security in a peer-to-peer environment, Proceedings of the IEEE International Conference on Web Services (ICWS’05), Vol. 3292, pp. 533-540, Washington, DC, USA. 2005.
J. Reznik, T. Ritter, R. Schreiner, U. Lang, Model driven development of security aspects, Electronic Notes in Theoretical Computer Science, Vol.163, pp. 65-79, 2007.
C. Girault, R. Valk, Petri-Nets for Systems Engineering ( Springer, 2003).
S. Roubi, M. Erramdani, S. Mbarki, A Model Driven Approach based on Interaction Flow Modeling Language to Generate Rich Internet Applications, International Journal of Electrical and Computer Engineering (IJECE), Vol. 6(6): 3073-3079, 2016.
X. Tao, H. Xin, X. Jiwen, S. Shujuan, Security Interaction of Web Services in Heterogeneous Platforms, International Journal of Electrical and Computer Engineering(IJECE), Vol. 12(4):2868-2874, 2014.
Elmagrouni, I., Kenzi, A., Lethrech, M., Kriouile, A., A Development Process for Adaptable Services-Oriented Systems, (2015) International Review on Computers and Software (IRECOS), 10 (7), pp. 773-782.
C. Mahmoudi, Handbook of System Safety and Security (ScienceDirect, 2017).
F. Amato, N. Mazzocca, F. Moscato, Model Driven Design of Security in Orchestrated Cloud Services, Journal of Network and Computer Applications, Vol. 106, 78-89, 2018.
A. Lasbahani, M. Chhiba, A. Tabyaoui, O. Mjihil, Model Driven Architecture Approach for Application Security Integration, Journal of Theoretical and Applied Information, Vol. 95(8): 1655-1668, April, [On-line] 2017, Available : http://www.jatit.org/volumes/Vol95No8/9Vol95No8.pdf
A. Lasbahani, M. Chhiba, O. Mjihil, Deals with integrating of security specifications during software design phase using MDA approach, Proceedings of the Second International Conference on Internet of things and Cloud Computing, Vol. 196, pp. 1-7, Cambridge, UK, March, 2017.
A. Lasbahani, M. Chhiba, A. Tabyaoui, O. Mjihil, International Conference on Information Technology and Communication Systems (Springer, 2018).
A. Lasbahani, M. Chhiba, A. Tabyaoui, O. Mjihil, A New Extension of Larman's Operation Contracts for Security Properties Injection and Verification during the System's Internal Behavior Elaboration, Proceedings of the 2nd International Conference on Computing and Wireless Communication Systems, Vol. 33, pp. 1-6, November, 2017.
B. Thuraisingham, Handbook for Database Security (Springer, 2008).
C. Larman, Applying UML and Patterns(3rd Edition Prentice Hall, 2002).
ATL - a model transformation technology, 2012.
F. Jouault, F. Allilaire, J. Bezivin, I. Kurtev, ATL: a model transformation tool, Science of Computer Programming, Vol. 72 (1–2): 31–39, 2008.
- There are currently no refbacks.
Please send any question about this web site to email@example.com
Copyright © 2005-2023 Praise Worthy Prize