Security-Driven Model-Based Dynamic Adaptation

Abstract : Security is a key-challenge for software engineering, especially when considering access control and software evolutions. No satisfying solution exists for maintaining the alignment of access control policies with the business logic. Current implementations of access control rely on the separation between the policy and the application code. In practice, this separation is not so strict and some rules are hard-coded within the application, making the evolution of the policy difficult. We propose a new methodology for implementing security-driven applications. From a policy defined by a security expert, we generate an architectural model, reflecting the access control policy. We leverage the advances in the models@runtime domain to keep this model synchronized with the running system. When the policy is updated, the architectural model is updated, which in turn reconfigures the running system. As a proof of concept, we apply the approach to the development of a library management system.
Type de document :
Communication dans un congrès
25nd IEEE/ACM International Conference on Automated Software Engineering (ASE 2010), 2010, Antwerp, Belgium, Belgium. 2010
Liste complète des métadonnées

Littérature citée [20 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/inria-00538500
Contributeur : Didier Vojtisek <>
Soumis le : lundi 22 novembre 2010 - 16:10:19
Dernière modification le : lundi 25 juin 2018 - 13:18:56
Document(s) archivé(s) le : mercredi 23 février 2011 - 03:28:10

Fichier

Morin10b.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

  • HAL Id : inria-00538500, version 1

Citation

Brice Morin, Tejeddine Mouelhi, Franck Fleurey, Yves Le Traon, Olivier Barais, et al.. Security-Driven Model-Based Dynamic Adaptation. 25nd IEEE/ACM International Conference on Automated Software Engineering (ASE 2010), 2010, Antwerp, Belgium, Belgium. 2010. 〈inria-00538500〉

Partager

Métriques

Consultations de la notice

438

Téléchargements de fichiers

293