Skip to Main content Skip to Navigation
Conference papers

Security-Driven Model-Based Dynamic Adaptation

Abstract : Security is a key-challenge for software engineering, especially when considering access control and software evolutions. No satisfying solution exists for maintaining the alignment of access control policies with the business logic. Current implementations of access control rely on the separation between the policy and the application code. In practice, this separation is not so strict and some rules are hard-coded within the application, making the evolution of the policy difficult. We propose a new methodology for implementing security-driven applications. From a policy defined by a security expert, we generate an architectural model, reflecting the access control policy. We leverage the advances in the models@runtime domain to keep this model synchronized with the running system. When the policy is updated, the architectural model is updated, which in turn reconfigures the running system. As a proof of concept, we apply the approach to the development of a library management system.
Document type :
Conference papers
Complete list of metadata

Cited literature [20 references]  Display  Hide  Download
Contributor : Didier Vojtisek Connect in order to contact the contributor
Submitted on : Monday, November 22, 2010 - 4:10:19 PM
Last modification on : Thursday, January 20, 2022 - 4:18:37 PM
Long-term archiving on: : Wednesday, February 23, 2011 - 3:28:10 AM


Files produced by the author(s)


  • HAL Id : inria-00538500, version 1


Brice Morin, Tejeddine Mouelhi, Franck Fleurey, Yves Le Traon, Olivier Barais, et al.. Security-Driven Model-Based Dynamic Adaptation. 25nd IEEE/ACM International Conference on Automated Software Engineering (ASE 2010), 2010, Antwerp, Belgium, Belgium. ⟨inria-00538500⟩



Les métriques sont temporairement indisponibles