Tool support for code generation from a UMLsec property

Montrieux, Lionel; Jürjens, Jan; Haley, Charles B.; Yu, Yijun; Schobbens, Pierre‐Yves; Toussaint, Hubert

doi:10.1145/1858996.1859074

Cited by 10 publications

(3 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [7] one can find a successful evaluation of how UMLsec properties can be transferred into actual code. The downside of this kind of modeling is that it does not scale well for additional roles and it increases the complexity of the model.…”

Section: Discussionmentioning

confidence: 99%

Using Model Driven Security Approaches in Web Application Development

Hochreiner

Kieseberg

et al. 2014

Information and Communication Technology

View full text Add to dashboard Cite

Abstract. With the rise of Model Driven Engineering (MDE) as a software development methodology, which increases productivity and, supported by powerful code generation tools, allows a less error-prone implementation process, the idea of modeling security aspects during the design phase of the software development process was first suggested by the research community almost a decade ago. While various approaches for Model Driven Security (MDS) have been proposed during the years, it is still unclear, how these concepts compare to each other and whether they can improve the security of software projects. In this paper, we provide an evaluation of current MDS approaches based on a simple web application scenario and discuss the strengths and limitations of the various techniques, as well as the practicability of MDS for web application security in general.

show abstract

Section: Discussionmentioning

confidence: 99%

Using Model Driven Security Approaches in Web Application Development

Hochreiner

Kieseberg

et al. 2014

Information and Communication Technology

View full text Add to dashboard Cite

show abstract

“…Montrieux et al presented a tool that generates Java and AspectJ code from a UML model with a verified UMLsec property [35]. Although the tool can be utilized for testing at the implementation level, it handles only RBAC as the target security design pattern, enforcing the security property to be checked.…”

Section: Aspect-oriented Programmingmentioning

confidence: 99%

Implementation Support of Security Design Patterns Using Test Templates

et al. 2016

View full text Add to dashboard Cite

Security patterns are intended to support software developers as the patterns encapsulate security expert knowledge. However, these patterns may be inappropriately applied because most developers are not security experts, leading to threats and vulnerabilities. Here we propose a support method for security design patterns in the implementation phase of software development. Our method creates a test template from a security design pattern, consisting of an "aspect test template" to observe the internal processing and a "test case template". Providing design information creates a test from the test template with a tool. Because our test template is reusable, it can easily perform a test to validate a security design pattern. In an experiment involving four students majoring in information sciences, we confirm that our method can realize an effective test, verify pattern applications, and support pattern implementation.

show abstract

“…Yet, these patterns are not validated [16,39]. Also, note that UMLSec does not provide templates for defining security constraints and its support for code generation is limited [25]. The template mechanism of PbSD provides abstraction over the implementation technology, thus enabling technology independent specification as well as guidance for the developers in fined grained security specification; this mechanism is missing in UMLSec.…”

Section: Application Developmentmentioning

confidence: 99%