A Systematic Review of Model-Driven Security

Nguyen, Phu H.; Klein, Jacques; Traon, Yves Le; Kramer, Max

doi:10.1109/apsec.2013.64

Cited by 19 publications

(20 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In the SMS presented in Nguyen et al (2013), we can find a taxonomy focused on specialized model-driven engineering approaches for supporting the development of systems regarding security (also called model-driven security, MDS). This study shows that authorization, especially access control, and confidentiality are the security concerns that are mostly addressed by MDS.…”

Section: Summary Of Secondary Studies Contributionsmentioning

confidence: 99%

See 1 more Smart Citation

Quality in model-driven engineering: a tertiary study

2016

View full text Add to dashboard Cite

Model-driven engineering (MDE) is believed to have a significant impact in software quality. However, researchers and practitioners may have a hard time locating consolidated evidence on this impact, as the available information is scattered in several different publications. Our goal is to aggregate consolidated findings on quality in MDE, facilitating the work of researchers and practitioners in learning about the coverage and main findings of existing work as well as identifying relatively unexplored niches of research that need further attention. We performed a tertiary study on quality in MDE, in order to gain a better understanding of its most prominent findings and existing challenges, as reported in the literature. We identified 22 systematic literature reviews and mapping studies and the most relevant quality attributes addressed by each of those studies, in the context of MDE. Maintainability is clearly the most often studied and reported quality attribute impacted by MDE. Eighty out of 83 research questions in the selected secondary studies have a structure that is more often associated with mapping existing research than with answering more concrete research questions (e.g., comparing two alternative MDE approaches with respect to their impact on a specific quality attribute). We briefly outline the main contributions of each of the selected literature reviews. In the collected studies, we observed a broad coverage of software product quality, although frequently accompanied by notes on how much more empirical research is needed to further validate existing claims. Relatively, little attention seems to be devoted to the impact of MDE on the quality in use of products developed using MDE.

show abstract

Section: Summary Of Secondary Studies Contributionsmentioning

confidence: 99%

“…All but Nguyen et al (2013) make the list of included primary studies available, either directly on the paper or through an online resource (e.g., a companion site for the paper, or a more detailed technical report). Nine secondary studies explicitly assess the quality of the primary studies they include.…”

Section: Quality Evaluation Of Secondary Studiesmentioning

confidence: 99%

Quality in model-driven engineering: a tertiary study

2016

View full text Add to dashboard Cite

show abstract

“…Yet, there is still a big gap before making Mds more easily applicable, and adoptable by industry. In our recent systematic review of Mds [7], the results have shown that there is a lack of approaches dealing with multiple security concerns at the same time. Most current Mds approaches have not extensively dealt with multiple security concerns but rather a specific one, e.g.…”

Section: Introductionmentioning

confidence: 98%

Model-Driven Security with A System of Aspect-Oriented Security Design Patterns

Nguyen

Klein

Traon

2014

Proceedings of the 2nd Workshop on View-Based, Aspect-Oriented and Orthographic Software Modelling

Self Cite

View full text Add to dashboard Cite

Model-Driven Security (Mds) has emerged for more than a decade to propose sound Md methodologies for supporting secure systems development. Yet, there is still a big gap before making Mds more easily applicable, and adoptable by industry. Most current Mds approaches have not extensively dealt with multiple security concerns but rather a specific one, e.g. authorization. Besides, security patterns which are based on domain-independent, time-proven security knowledge and expertise, can be considered as reusable security bricks upon which sound and secure systems can be built. But security patterns are not applied as much as they could be because developers have problems in selecting them and applying them in the right places, especially at the design phase. In this position paper, we propose an exploratory Mds approach based on a System of aspect-oriented Security design Patterns (shortly called SoSPa) in which security design patterns are collected, specified as reusable aspect models to form a coherent system of them that guides developers in systematically selecting the right security design patterns for the job. Our Mds approach allows the selected security design patterns to be automatically composed with the target system model. The woven secure system model can then be used for (partial) code generation, including (configured) security infrastructures.

show abstract

“…Different MDS approaches can be found in [11]. This section briefly presents the closest related work only.…”

Section: Related Workmentioning

confidence: 99%

“…Our recent systematic review of MDS [11] shows that multiple security concerns have not been addressed systematically by existing MDS studies. Indeed, the interrelations or dependencies among security solutions have not been considered systematically by current MDS approaches.…”

Section: Introductionmentioning

confidence: 99%

SoSPa: A system of Security design Patterns for systematically engineering secure systems

Nguyen

Yskout²,

Heyman

et al. 2015

2015 ACM/IEEE 18th International Conference on Model Driven Engineering Languages and Systems (MODELS)

Self Cite

View full text Add to dashboard Cite

Abstract-Model-Driven Security (MDS) for secure systems development still has limitations to be more applicable in practice. A recent systematic review of MDS shows that current MDS approaches have not dealt with multiple security concerns systematically. Besides, catalogs of security patterns which can address multiple security concerns have not been applied efficiently. This paper presents an MDS approach based on a unified System of Security design Patterns (SoSPa). In SoSPa, security design patterns are collected, specified as reusable aspect models to form a coherent system of them that guides developers in systematically addressing multiple security concerns. SoSPa consists of not only interrelated security design patterns but also a refinement process towards their application. We applied SoSPa to design the security of crisis management systems. The result shows that multiple security concerns in the case study have been addressed by systematically integrating different security solutions.

show abstract

A Systematic Review of Model-Driven Security

Cited by 19 publications

References 36 publications

Quality in model-driven engineering: a tertiary study

Quality in model-driven engineering: a tertiary study

Model-Driven Security with A System of Aspect-Oriented Security Design Patterns

SoSPa: A system of Security design Patterns for systematically engineering secure systems

Contact Info

Product

Resources

About