Abstract:In many software applications, users access application data using graphical user interfaces (GUIs). There is an important, but little explored, link between visualization and security: when the application data is protected by an access control policy, the GUI should be aware of this and respect the policy. For example, the GUI should not display options to users for actions that they are not authorized to execute on application data. Taking this idea one step further, the application GUI should not just be s… Show more
“…Conversely to UWE, the resulting diagrams are overloaded as subjects like users are not modeled separately. ActionGUI [1] is a MDD approach that uses SecureUML and ComponentUML to model access control rules, and a GUI model enriched with OCL constraints.…”
We introduce a UML-based notation for graphically modeling systems' security aspects in a simple and intuitive way and a model-driven process that transforms graphical specifications of access control policies in XACML. These XACML policies are then translated in FACPL, a policy language with a formal semantics, and the resulting policies are evaluated by means of a Java-based software tool.
“…Conversely to UWE, the resulting diagrams are overloaded as subjects like users are not modeled separately. ActionGUI [1] is a MDD approach that uses SecureUML and ComponentUML to model access control rules, and a GUI model enriched with OCL constraints.…”
We introduce a UML-based notation for graphically modeling systems' security aspects in a simple and intuitive way and a model-driven process that transforms graphical specifications of access control policies in XACML. These XACML policies are then translated in FACPL, a policy language with a formal semantics, and the resulting policies are evaluated by means of a Java-based software tool.
“…In [1] we propose a model-based approach to linking visualization and security. The key idea is that this link is ultimately defined in terms of data actions, since data actions are both controlled by the security policy and triggered by the events supported by the graphical user interface.…”
Section: Model-based Development Of Smart Security-aware Guismentioning
confidence: 99%
“…This editor supports a language, named GUI [1,3], for modeling the behavioral properties of GUIs, namely what are the actions associated to the different events that are supported by the GUI. In a nutshell, this language can be used to model GUIs that con-sist of widgets (buttons, entries, labels) that are displayed inside containers (windows, combo-boxes), which are themselves widgets.…”
We present a development environment for automatically building smart, security-aware GUIs following a model-based approach. Our environment consists of a number of plugins that have been developed using the Eclipse framework and includes three model editors, a model-transformation tool, and a code generator.
“…The backbone of this approach, illustrated in Figure 1, is a model transformation that automatically lifts the access control policy modeled at the level of the data to the level of the GUI [2]. More precisely, given a security model (specifying the access control policy on the application data) and a GUI model (specifying the actions triggered by the events supported by the GUI's widgets), our model transformation generates a GUI model that is security-aware.…”
Abstract. In this tutorial we survey a very promising instance of modeldriven security: the full generation of security-aware graphical user interfaces (GUIs) from models for data-centric applications with access control policies. We describe the modeling concepts and languages employed and how model transformation can be used to automatically lift security policies from data models to GUI models. We work through a case study where we generate a security-aware GUI for a chatroom application. We also present a toolkit that supports the construction of security, data, and GUI models and generates complete, deployable, web applications from these models.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.