Security-Driven Model-Based Dynamic Adaptation

Brice Morin 1 Tejeddine Mouelhi 2 Franck Fleurey 3 Yves Le Traon 4 Olivier Barais 1 Jean-Marc Jézéquel 1
1 TRISKELL - Reliable and efficient component based software engineering
IRISA - Institut de Recherche en Informatique et Systèmes Aléatoires, Inria Rennes – Bretagne Atlantique
2 RSM - Département Réseaux, Sécurité et Multimédia
3 SINTEF - Stiftelsen for INdustriell og TEknisk Forskning
4 CSC - Computer Science and Communications Research Unit [Luxembourg]
Abstract : Security is a key-challenge for software engineering, especially when considering access control and software evolutions. No satisfying solution exists for maintaining the alignment of access control policies with the business logic. Current implementations of access control rely on the separation between the policy and the application code. In practice, this separation is not so strict and some rules are hard-coded within the application, making the evolution of the policy difficult. We propose a new methodology for implementing security-driven applications. From a policy defined by a security expert, we generate an architectural model, reflecting the access control policy. We leverage the advances in the models@runtime domain to keep this model synchronized with the running system. When the policy is updated, the architectural model is updated, which in turn reconfigures the running system. As a proof of concept, we apply the approach to the development of a library management system.
Type de document :
Communication dans un congrès
25nd IEEE/ACM International Conference on Automated Software Engineering (ASE 2010), 2010, Antwerp, Belgium, Belgium. 2010
Liste complète des métadonnées

Littérature citée [20 références]  Voir  Masquer  Télécharger
https://hal.inria.fr/inria-00538500
Contributeur : Didier Vojtisek <>
Soumis le : lundi 22 novembre 2010 - 16:10:19
Dernière modification le : vendredi 16 novembre 2018 - 01:23:09
Document(s) archivé(s) le : mercredi 23 février 2011 - 03:28:10

Fichier

Morin10b.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : inria-00538500, version 1

Collections

INRIA | IRISA | IRISA-D4 | UR1-UFR-ISTIC | UNIV-RENNES

Citation

Brice Morin, Tejeddine Mouelhi, Franck Fleurey, Yves Le Traon, Olivier Barais, et al.. Security-Driven Model-Based Dynamic Adaptation. 25nd IEEE/ACM International Conference on Automated Software Engineering (ASE 2010), 2010, Antwerp, Belgium, Belgium. 2010. 〈inria-00538500〉

Exporter

BibTeX TEI DC DCterms EndNote

Partager

Métriques

Consultations de la notice

489

Téléchargements de fichiers

297

Contact


archive-ouverte@inria.fr