Software Engineering

| Peer-Reviewed |

Model Driven Security: A Systematic Mapping Study

Received: 24 June 2019    Accepted: 15 July 2019    Published: 05 August 2019
Views:       Downloads:

Share This Article

Abstract

Model Driven Software Engineering (MDSE) promotes the use of models, rather than code, as the primary development artifacts. Models tend to be more understandable than code and can represent systems are variable levels of abstraction. MDSE promises improved code quality and engineers’ productivity. Many of those benefits have been well examined and evaluated. However, the potential implications of MDSE on software security and reliability is not well understood. Model-Driven Security (MDS) is an approach that can support the process of modeling security requirements at a high level of abstraction in the early stage of software development. In this paper, we conduct a systematic study on MDS methodologies and concepts. The scope of the review is ten years from 2008 to 2018. The study reports on the frequencies of publication over this time period to identify the MDS forums based on seven classifications: online databases, year of publications, type of publication (journal or conference paper), the geographical distribution of the researchers, the main contribution of each paper, MDS approaches, and the security concepts. The majority of studies focused on extensions to existing UML languages suggesting some limitations in the current UML standard support for security. Most studies report on empirical evaluations, and UML Class Diagrams were the most extended language.

DOI 10.11648/j.se.20190702.12
Published in Software Engineering (Volume 7, Issue 2, June 2019)
Page(s) 30-38
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2024. Published by Science Publishing Group

Keywords

Model-Driven Security, Model Based Security, MDS, UML, Systematic Mapping Study

References
[1] L´ucio, L., Zhang, Q., Nguyen, P., Amrani, M., Klein, J., Vangheluwe, H., Traon Y., 2014. Advances in Model-Driven Security. Advances in Computers, Chapter 3, Volume 93, Elsevier.
[2] Firesmith, D., 2007. Engineering safety and security related requirements for software intensive systems. In 29th International Conference on Software Engineering. ICSE.
[3] Breu, R., Hafner, M., Weber, B., Novak A., 2005. Model Driven Security for Inter-Organizational Workflows in e-Government. E-Government: Towards Electronic Democracy.
[4] Lodderstedt, T., Basin, D., Doser, J., 2002. SecureUML: A UML-based modeling language for model-driven security. In Model Engineering, Concepts, and Tools 5th International Conference.
[5] Basin, D., Clavel, M., Egea, M., 2011. A Decade of Model-Driven Security. In 16th ACM symposium on Access control models and technologies. SACMAT.
[6] Basin, D., Doser J., 2006. Model Driven Security: from UML Models to Access Control Infrastructures. ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 15 Issue 1.
[7] Moebius, N., Stenzel, K., Grandy, H., Reif, W., 2009. SecureMDD: A Model-Driven Development Method for Secure Smart Card Applications. In International Conference on Availability, Reliability and Security.
[8] Idani, A., 2017. Model Driven SecureWeb Applications The SeWAT platform. In the Fifth European Conference on the Engineering of Computer-Based Systems.
[9] Fourneret, E., Ochoay, M., Bouquet, F., Botellaz, J. Jürjensy, J., Yousefi, P., 2011. Model-Based Security Verification and Testing for Smart-cards. In Sixth International Conference on Availability, Reliability and Security.
[10] Borek, M., Stenzel, K., Katkalov, K., Reif, W., 2015. Integration and Exchangeability of External Security-Critical Web Services in a Model-Driven Approach. In International Conference on Conceptual Modeling.
[11] Chowdhury, M., 2014. Security Risk Modelling Using SecureUML. In 16th International Conference Computer and Information Technology.
[12] Matulevičius, R., Lakk, H., 2015. A Model-driven Role-based Access Control for SQL Databases. Complex Systems Informatics and Modeling Quarterly. CSIMQ.
[13] Rawat, D., Bajracharya, C., 2015. Cyber Security for Smart Grid Systems: Status, Challenges and Perspectives. In the IEEE Southeast Conference.
[14] Kumar, P., Raj, P., Jelciana, P., 2017. Exploring Data Security Issues and Solutions in Cloud Computing. In the 6th International Conference on Smart Computing and Communications.
[15] Abdallah, R., Yakymets, N., Lanusse, A., 2015. Towards a Model-driven based Security Framework. In 3rd International Conference on Model-Driven Engineering and Software Development. MODELSWARD.
[16] Jurjens, J., Schreck, J., Yu, Y., 2008. Automated Analysis of Permission-Based Security Using UMLsec. In International Conference on Fundamental Approaches to Software Engineering.
[17] Ma, Z., Wagner, C., Bleier, T., 2011. Model-driven security for Web services in e-Government system: ideal and real. In 7th International Conference on Next Generation Web Services Practice.
[18] Jensen, J., Jaatun, M., 2011. Security in Model Driven Development: A Survey. In Sixth International Conference on Availability, Reliability and Security.
[19] Nguyen, P., Klein, J., Traon, Y., Kramer M., 2013. A Systematic Review of Model-Driven Security. In 20th Asia-Pacific Software Engineering Conference.
[20] Felderer, M., Zech, P., Breu, R., Büchler, M., Pretschner, A., 2016. Model-based security testing: a taxonomy and systematic classification. Software Testing Verification and Reliability, Volume 26, Issue 2. Chichester, UK.
[21] Berghe, A., Scandariato, R., Yskout, K., Joosen, W., 2017. Design notations for secure software: a systematic literature review. Software and Systems Modeling, Volume 16, issue 3.
Author Information
  • Department of Computer Science, The University of Texas, El Paso, USA

  • Department of Computer Science, The University of Texas, El Paso, USA

Cite This Article
  • APA Style

    Omar Masmali, Omar Badreddin. (2019). Model Driven Security: A Systematic Mapping Study. Software Engineering, 7(2), 30-38. https://doi.org/10.11648/j.se.20190702.12

    Copy | Download

    ACS Style

    Omar Masmali; Omar Badreddin. Model Driven Security: A Systematic Mapping Study. Softw. Eng. 2019, 7(2), 30-38. doi: 10.11648/j.se.20190702.12

    Copy | Download

    AMA Style

    Omar Masmali, Omar Badreddin. Model Driven Security: A Systematic Mapping Study. Softw Eng. 2019;7(2):30-38. doi: 10.11648/j.se.20190702.12

    Copy | Download

  • @article{10.11648/j.se.20190702.12,
      author = {Omar Masmali and Omar Badreddin},
      title = {Model Driven Security: A Systematic Mapping Study},
      journal = {Software Engineering},
      volume = {7},
      number = {2},
      pages = {30-38},
      doi = {10.11648/j.se.20190702.12},
      url = {https://doi.org/10.11648/j.se.20190702.12},
      eprint = {https://download.sciencepg.com/pdf/10.11648.j.se.20190702.12},
      abstract = {Model Driven Software Engineering (MDSE) promotes the use of models, rather than code, as the primary development artifacts. Models tend to be more understandable than code and can represent systems are variable levels of abstraction. MDSE promises improved code quality and engineers’ productivity. Many of those benefits have been well examined and evaluated. However, the potential implications of MDSE on software security and reliability is not well understood. Model-Driven Security (MDS) is an approach that can support the process of modeling security requirements at a high level of abstraction in the early stage of software development. In this paper, we conduct a systematic study on MDS methodologies and concepts. The scope of the review is ten years from 2008 to 2018. The study reports on the frequencies of publication over this time period to identify the MDS forums based on seven classifications: online databases, year of publications, type of publication (journal or conference paper), the geographical distribution of the researchers, the main contribution of each paper, MDS approaches, and the security concepts. The majority of studies focused on extensions to existing UML languages suggesting some limitations in the current UML standard support for security. Most studies report on empirical evaluations, and UML Class Diagrams were the most extended language.},
     year = {2019}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - Model Driven Security: A Systematic Mapping Study
    AU  - Omar Masmali
    AU  - Omar Badreddin
    Y1  - 2019/08/05
    PY  - 2019
    N1  - https://doi.org/10.11648/j.se.20190702.12
    DO  - 10.11648/j.se.20190702.12
    T2  - Software Engineering
    JF  - Software Engineering
    JO  - Software Engineering
    SP  - 30
    EP  - 38
    PB  - Science Publishing Group
    SN  - 2376-8037
    UR  - https://doi.org/10.11648/j.se.20190702.12
    AB  - Model Driven Software Engineering (MDSE) promotes the use of models, rather than code, as the primary development artifacts. Models tend to be more understandable than code and can represent systems are variable levels of abstraction. MDSE promises improved code quality and engineers’ productivity. Many of those benefits have been well examined and evaluated. However, the potential implications of MDSE on software security and reliability is not well understood. Model-Driven Security (MDS) is an approach that can support the process of modeling security requirements at a high level of abstraction in the early stage of software development. In this paper, we conduct a systematic study on MDS methodologies and concepts. The scope of the review is ten years from 2008 to 2018. The study reports on the frequencies of publication over this time period to identify the MDS forums based on seven classifications: online databases, year of publications, type of publication (journal or conference paper), the geographical distribution of the researchers, the main contribution of each paper, MDS approaches, and the security concepts. The majority of studies focused on extensions to existing UML languages suggesting some limitations in the current UML standard support for security. Most studies report on empirical evaluations, and UML Class Diagrams were the most extended language.
    VL  - 7
    IS  - 2
    ER  - 

    Copy | Download

  • Sections