A Systematic Review of Model-Driven Security

NGUYEN, Phu Hong; KLEIN, Jacques; Kramer, Max; LE TRAON, Yves

Demander un accès

Communication publiée dans un ouvrage (Colloques, congrès, conférences scientifiques et actes)

A Systematic Review of Model-Driven Security

NGUYEN, Phu Hong; KLEIN, Jacques; Kramer, Max et al.

2013 • In The 20th Asia-Pacific Software Engineering Conference Proceedings

Peer reviewed

Permalien
https://hdl.handle.net/10993/10115

Documents (1)Envoyer vers Détails Statistiques Bibliographie Publications similaires

Documents

Texte intégral

paperAPSEC2013.pdf

Preprint Auteur (236.01 kB)

Demander un accès

Tous les documents dans ORBilu sont protégés par une licence d'utilisation.

Envoyer vers

RIS BibTex APA Chicago Permalink X Linkedin

Détails

Mots-clés :

systematic review; model-driven security; model; survey; security

Résumé :

[en] To face continuously growing security threats and requirements, sound methodologies for constructing secure systems are required. In this context, Model-Driven Security (MDS) has emerged since more than a decade ago as a specialized Model-Driven Engineering approach for supporting the development of secure systems. MDS aims at improving the productivity of the development process and quality of the resulting secure systems, with models as the main artifact. This paper presents how we systematically examined existing published work in MDS and its results. The systematic review process, which is based on a formally designed review protocol, allowed us to identify, classify, and evaluate different MDS approaches. To be more specific, from thousands of relevant papers found, a final set of the most relevant MDS publications has been identified, strictly selected, and reviewed. We present a taxonomy for MDS, which is used to synthesize data in order to classify and evaluate the selected MDS approaches. The results draw a wide picture of existing MDS research showing the current status of the key aspects in MDS as well as the identified most relevant MDS approaches.We discuss the main limitations of the existing MDS approaches and suggest some potential research directions based on these insights.

Centre de recherche :

Interdisciplinary Centre for Security, Reliability and Trust (SnT)

Disciplines :

Sciences informatiques

Auteur, co-auteur :

NGUYEN, Phu Hong ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

KLEIN, Jacques ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Kramer, Max; Karlsruhe Institute of Technology > Software Design and Quality Group

LE TRAON, Yves ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Langue du document :

Anglais

Titre :

A Systematic Review of Model-Driven Security

Date de publication/diffusion :

décembre 2013

Nom de la manifestation :

The 20th Asia-Pacific Software Engineering Conference (APSEC 2013)

Organisateur de la manifestation :

APSEC

Lieu de la manifestation :

Bangkok, Thaïlande

Date de la manifestation :

2-5 December 2013

Manifestation à portée :

International

Titre de l'ouvrage principal :

The 20th Asia-Pacific Software Engineering Conference Proceedings

Peer reviewed :

Peer reviewed

Intitulé du projet de recherche :

I2R-SER-PFN-10MITE > MITER: Modeling, Composing and Testing of Security Concerns > 01/01/2011 - 31/12/2013 > LE TRAON Yves

Organisme subsidiant :

the Fonds National de la Recherche (FNR), Luxembourg

Disponible sur ORBilu :

depuis le 07 novembre 2013

Statistiques

Nombre de vues

290 (dont 12 Unilu)

Nombre de téléchargements

6 (dont 2 Unilu)

Voir plus de statistiques

citations Scopus^®

citations Scopus^®
sans auto-citations

Bibliographie

B. Agreiter and R. Breu. "Model-Driven Configuration of SELinux Policies". In: On the Move to Meaningful Internet Systems: OTM 2009. Vol. 5871. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2009, pp. 887-904.
M. Alam, J.-P. Seifert, and X. Zhang. "A Model-Driven Framework for Trusted Computing Based Systems". In: Enterprise Distributed Object Computing Conference, 2007. EDOC 2007. 11th IEEE International. 2007, pp. 75-75.
M. Alam, R. Breu, and M. Breu. "Model driven security for Web services (MDS4WS)". In: Multitopic Conference, 2004. Proceedings of INMIC 2004. 8th International. 2004, pp. 498-505.
R. Alam MAlameu and M. Hafner. "Modeling permissions in a (U/X)ML world". In: Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on. 2006, pages.
D. Basin, M. Clavel, and M. Egea. "A decade of model-driven security". In: Proceedings of the 16th ACM symposium on Access control models and technologies. SACMAT '11. ACM, 2011, pp. 1-10
D. Basin, J. Doser, and T. Lodderstedt. "Model driven security for process-oriented systems". In: Proceedings of the eighth ACM symposium on Access control models and technologies. SACMAT '03. ACM, 2003, pp. 100-109.
D. Basin, J. Doser, and T. Lodderstedt. "Model driven security: From UML models to access control infrastructures". In: ACM Trans. Softw. Eng. Methodol. 15.1 (Jan. 2006), pp. 39-91.
D. Basin et al. "A Metamodel-Based Approach for Analyzing Security-Design Models". In: Model Driven Engineering Languages and Systems. Vol. 4735. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2007, pp. 420-435.
B. Best, J. Jürjens, and B. Nuseibeh. "Model-Based Security Engineering of Distributed Information Systems Using UMLsec". In: 29th International Conference on Software Engineering, 2007. ICSE 2007. 2007, pp. 581-590.
J. Bezivin. "Model Driven Engineering: An Emerging Technical Space". In: GTTSE, pp.36-64 (2006).
C. Blanco et al. "Applying an MDA-Based Approach to Consider Security Rules in the Development of Secure DWs". In: International Conference on Availability, Reliability and Security, 2009. ARES '09. 2009, pp. 528-533.
R. Breu et al. "Model-Driven Security Engineering of Service Oriented Systems". English. In: Information Systems and e-Business Technologies. Vol. 5. Lecture Notes in Business Information Processing. Springer Berlin Heidelberg, 2008, pp. 59-71.
A. Brucker, J. Doser, and B. Wolff. "A Model Transformation Semantics and Analysis Methodology for SecureUML". In: Model Driven Engineering Languages and Systems. Vol. 4199. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2006, pp. 306-320.
K.-Y. Cai and D. Card. "An analysis of research topics in software engineering-2006". In: Journal of Systems and Software 81.6 (2008). Agile Product Line Engineering, pp. 1051-1058.
M. Clavel et al. "Model-Driven Security in Practice: An Industrial Experience". In: Model Driven Architecture-Foundations and Applications. Vol. 5095. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2008, pp. 326-337.
L. Cysneiros and J. Sampaio do Prado Leite. "Nonfunctional requirements: from elicitation to modelling languages". In: Proceedings of the 24th International Conference on Software Engineering, 2002. ICSE 2002. 2002, pp. 699-700.
D. Hatebur et al. "Systematic Development of UMLsec Design Models Based on Security Requirements". In: Fundamental Approaches to Software Engineering. Vol. 6603. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2011, pp. 232-246
S. Houmb and J. Jürjens. "Developing secure networked Web-based systems using model-based risk assessment and UMLsec". In: Tenth Asia-Pacific Software Engineering Conference, 2003. 2003, pp. 488-497.
J. Hutchinson et al. "Empirical assessment of MDE in industry". In: Proceedings of the 33rd International Conference on Software Engineering. ICSE '11. ACM, 2011, pp. 471-480.
J. Jensen and M. G. Jaatun. "Security in Model Driven Development: A Survey". In: Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security. ARES '11. IEEE Computer Society, 2011, pp. 704-709.
J. Jürjens. "Model-based security engineering for real". In: FM 2006: Formal Methods (2006), pp. 600-606.
J. Jürjens. "Model-based security engineering with UML". In: Foundations of Security Analysis and Design III (2005), pp. 42-77.
J. Jürjens. "UMLsec: Extending UML for secure systems development". In: «UML»2002-The Unified Modeling Language (2002).
K. Kasal, J. Heurix, and T. Neubauer. "Model-Driven Development Meets Security: An Evaluation of Current Approaches". In: Proceedings of the 2011 44th Hawaii International Conference on System Sciences. HICSS '11. IEEE Computer Society, 2011, pp. 1-9.
A. A. Khwaja and J. E. Urban. "A Synthesis of Evaluation Criteria for Software Specifications and Specification Techniques". In: International Journal of Software Engineering and Knowledge Engineering 12.05 (2002), pp. 581-599. eprint: http://www.worldscientific.com/doi/pdf/10.1142/S0218194002001062.
D.-K. Kim and P. Gokhale. "A Pattern-Based Technique for Developing UML Models of Access Control Systems". In: Computer Software and Applications Conference, 2006. COMPSAC '06. 30th Annual International. Vol. 1. 2006, pp. 317-324.
B. Kitchenham. "Guidelines for performing systematic literature reviews in software engineering". In: EBSE Technical Report (2007).
T. Lodderstedt, D. Basin, and J. Doser. "SecureUML: A UML-Based Modeling Language for Model-Driven Security". English. In: «UML»2002-The Unified Modeling Language. Vol. 2460. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2002, pp. 426-441
M. McDougall, R. Alur, and C. Gunter. "A modelbased approach to integrating security policies for embedded devices". In: Proceedings of the fourth ACM international conference on Embedded software-EMSOFT '04 (2004), p. 211.
"Modeling Security Critical SOA Applications". English. In: Security Engineering for Service-Oriented Architectures. Springer Berlin Heidelberg, 2009, pp. 93-119.
N. Moebius, K. Stenzel, and W. Reif. "Generating formal specifications for security-critical applications-A model-driven approach". In: Software Engineering for Secure Systems, 2009. SESS '09. ICSE Workshop on. 2009, pp. 68-74.
N. Moebius and K. Stenzel. "Model-Driven Code Generation for Secure Smart Card Applications". In: The 20th Australian Software Engineering Conference (2009), pp. 44-53.
N. Moebius, K. Stenzel, and W. Reif. "Formal Verification of Application-Specific Security Properties in a Model-Driven Approach Example: A Copycard Application". In: (2010), pp. 166-181.
N. Moebius et al. "Incremental Development of large, secure Smart Card Applications". In: mdsec2012. pst.ifi.lmu.de (2012), pp. 1-6.
N. Moebius et al. "SecureMDD: A Model-Driven Development Method for Secure Smart Card Applications". In: Availability, Reliability and Security, 2009. ARES '09. International Conference on. 2009, pp. 841-846.
B. Morin et al. "Security-driven model-based dynamic adaptation". In: Proceedings of the IEEE/ACM international conference on Automated software engineering. ASE '10. ACM, 2010, pp. 205-214.
P. Sánchez et al. "Model-driven development for early aspects". In: Information and Software Technology 52.3 (2010), pp. 249-273.
E. Soler et al. "Designing Secure Data Warehouses by Using MDA and QVT". In: J. UCS 15.8 (2009), pp. 1607-1641.
E. Soler et al. "A Framework for the Development of Secure Data Warehouses based on MDA and QVT". In: The Second International Conference on Availability, Reliability and Security, 2007. ARES 2007. 2007, pp. 294-300.
E. Soler et al. "A set of QVT relations to transform PIM to PSM in the Design of Secure Data Warehouses". In: The Second International Conference on Availability, Reliability and Security, 2007. ARES 2007. 2007, pp. 644-654.
E. Soler et al. "Application of QVT for the Development of Secure Data Warehouses: A case study". In: The Second International Conference on Availability, Reliability and Security, 2007. ARES 2007. 2007, pp. 829-836.
R. Villarroel et al. "Using UML Packages for Designing Secure Data Warehouses". In: Computational Science and Its Applications-ICCSA 2006. Vol. 3982. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2006, pp. 1024-1034.
C. Wohlin and R. Prikladnicki. "Systematic literature reviews in software engineering". In: Information and Software Technology 55.6 (2013), pp. 919-920.