TY - GEN
T1 - Augmented enterprise models as a foundation for generating security-related software
T2 - Workshop on Model-Driven Security, MDsec 2012
AU - Goldstein, Anat
AU - Frank, Ulrich
PY - 2012/12/1
Y1 - 2012/12/1
N2 - The research presented in this paper is aimed at developing a holistic modelling method that comprehensively considers and integrates technical, organizational, behavioral and business aspects - all crucial to create and manage secure IT systems. Our method relies on Multi-perspective Enterprise Modeling (MEMO) and extends it to support security concepts. The focus of this paper is twofold: 1. identifying opportunities for using enterprise models for generating security related code; 2. defining requirements, which should be satisfied by the modelling method in order to support such security-related code generation. In order to identify opportunities for code generation, we apply a technique for developing domain specific modelling languages (DSML) that is chiefly based on a structured analysis of use scenarios including prototypical diagrams. It is supplemented by work found in literature and validated with practitioners. Our analysis results in the identification of three areas in which MEMO IT security models can be used for automatic creation of code: access control, report generation and encryption and in 9 corresponding requirements that the modelling language should satisfy.
AB - The research presented in this paper is aimed at developing a holistic modelling method that comprehensively considers and integrates technical, organizational, behavioral and business aspects - all crucial to create and manage secure IT systems. Our method relies on Multi-perspective Enterprise Modeling (MEMO) and extends it to support security concepts. The focus of this paper is twofold: 1. identifying opportunities for using enterprise models for generating security related code; 2. defining requirements, which should be satisfied by the modelling method in order to support such security-related code generation. In order to identify opportunities for code generation, we apply a technique for developing domain specific modelling languages (DSML) that is chiefly based on a structured analysis of use scenarios including prototypical diagrams. It is supplemented by work found in literature and validated with practitioners. Our analysis results in the identification of three areas in which MEMO IT security models can be used for automatic creation of code: access control, report generation and encryption and in 9 corresponding requirements that the modelling language should satisfy.
KW - DSML
KW - IT security
KW - MEMO
KW - enterprise modeling
KW - model driven security
KW - security code generation
UR - http://www.scopus.com/inward/record.url?scp=84873852967&partnerID=8YFLogxK
U2 - 10.1145/2422498.2422506
DO - 10.1145/2422498.2422506
M3 - Conference contribution
AN - SCOPUS:84873852967
SN - 9781450318068
T3 - Proceedings of the Workshop on Model-Driven Security, MDsec 2012
BT - Proceedings of the Workshop on Model-Driven Security, MDsec 2012
Y2 - 1 October 2012 through 5 October 2012
ER -