Volume 7, Issue 2, June 2019, Page: 30-38
Model Driven Security: A Systematic Mapping Study
Omar Masmali, Department of Computer Science, The University of Texas, El Paso, USA
Omar Badreddin, Department of Computer Science, The University of Texas, El Paso, USA
Received: Jun. 24, 2019;       Accepted: Jul. 15, 2019;       Published: Aug. 5, 2019
DOI: 10.11648/j.se.20190702.12      View  19      Downloads  8
Model Driven Software Engineering (MDSE) promotes the use of models, rather than code, as the primary development artifacts. Models tend to be more understandable than code and can represent systems are variable levels of abstraction. MDSE promises improved code quality and engineers’ productivity. Many of those benefits have been well examined and evaluated. However, the potential implications of MDSE on software security and reliability is not well understood. Model-Driven Security (MDS) is an approach that can support the process of modeling security requirements at a high level of abstraction in the early stage of software development. In this paper, we conduct a systematic study on MDS methodologies and concepts. The scope of the review is ten years from 2008 to 2018. The study reports on the frequencies of publication over this time period to identify the MDS forums based on seven classifications: online databases, year of publications, type of publication (journal or conference paper), the geographical distribution of the researchers, the main contribution of each paper, MDS approaches, and the security concepts. The majority of studies focused on extensions to existing UML languages suggesting some limitations in the current UML standard support for security. Most studies report on empirical evaluations, and UML Class Diagrams were the most extended language.
Model-Driven Security, Model Based Security, MDS, UML, Systematic Mapping Study
To cite this article
Omar Masmali, Omar Badreddin, Model Driven Security: A Systematic Mapping Study, Software Engineering. Vol. 7, No. 2, 2019, pp. 30-38. doi: 10.11648/j.se.20190702.12
Copyright © 2019 Authors retain the copyright of this article.
This article is an open access article distributed under the Creative Commons Attribution License (http://creativecommons.org/licenses/by/4.0/) which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
L´ucio, L., Zhang, Q., Nguyen, P., Amrani, M., Klein, J., Vangheluwe, H., Traon Y., 2014. Advances in Model-Driven Security. Advances in Computers, Chapter 3, Volume 93, Elsevier.
Firesmith, D., 2007. Engineering safety and security related requirements for software intensive systems. In 29th International Conference on Software Engineering. ICSE.
Breu, R., Hafner, M., Weber, B., Novak A., 2005. Model Driven Security for Inter-Organizational Workflows in e-Government. E-Government: Towards Electronic Democracy.
Lodderstedt, T., Basin, D., Doser, J., 2002. SecureUML: A UML-based modeling language for model-driven security. In Model Engineering, Concepts, and Tools 5th International Conference.
Basin, D., Clavel, M., Egea, M., 2011. A Decade of Model-Driven Security. In 16th ACM symposium on Access control models and technologies. SACMAT.
Basin, D., Doser J., 2006. Model Driven Security: from UML Models to Access Control Infrastructures. ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 15 Issue 1.
Moebius, N., Stenzel, K., Grandy, H., Reif, W., 2009. SecureMDD: A Model-Driven Development Method for Secure Smart Card Applications. In International Conference on Availability, Reliability and Security.
Idani, A., 2017. Model Driven SecureWeb Applications The SeWAT platform. In the Fifth European Conference on the Engineering of Computer-Based Systems.
Fourneret, E., Ochoay, M., Bouquet, F., Botellaz, J. Jürjensy, J., Yousefi, P., 2011. Model-Based Security Verification and Testing for Smart-cards. In Sixth International Conference on Availability, Reliability and Security.
Borek, M., Stenzel, K., Katkalov, K., Reif, W., 2015. Integration and Exchangeability of External Security-Critical Web Services in a Model-Driven Approach. In International Conference on Conceptual Modeling.
Chowdhury, M., 2014. Security Risk Modelling Using SecureUML. In 16th International Conference Computer and Information Technology.
Matulevičius, R., Lakk, H., 2015. A Model-driven Role-based Access Control for SQL Databases. Complex Systems Informatics and Modeling Quarterly. CSIMQ.
Rawat, D., Bajracharya, C., 2015. Cyber Security for Smart Grid Systems: Status, Challenges and Perspectives. In the IEEE Southeast Conference.
Kumar, P., Raj, P., Jelciana, P., 2017. Exploring Data Security Issues and Solutions in Cloud Computing. In the 6th International Conference on Smart Computing and Communications.
Abdallah, R., Yakymets, N., Lanusse, A., 2015. Towards a Model-driven based Security Framework. In 3rd International Conference on Model-Driven Engineering and Software Development. MODELSWARD.
Jurjens, J., Schreck, J., Yu, Y., 2008. Automated Analysis of Permission-Based Security Using UMLsec. In International Conference on Fundamental Approaches to Software Engineering.
Ma, Z., Wagner, C., Bleier, T., 2011. Model-driven security for Web services in e-Government system: ideal and real. In 7th International Conference on Next Generation Web Services Practice.
Jensen, J., Jaatun, M., 2011. Security in Model Driven Development: A Survey. In Sixth International Conference on Availability, Reliability and Security.
Nguyen, P., Klein, J., Traon, Y., Kramer M., 2013. A Systematic Review of Model-Driven Security. In 20th Asia-Pacific Software Engineering Conference.
Felderer, M., Zech, P., Breu, R., Büchler, M., Pretschner, A., 2016. Model-based security testing: a taxonomy and systematic classification. Software Testing Verification and Reliability, Volume 26, Issue 2. Chichester, UK.
Berghe, A., Scandariato, R., Yskout, K., Joosen, W., 2017. Design notations for secure software: a systematic literature review. Software and Systems Modeling, Volume 16, issue 3.
Browse journals by subject