|
|
Approach
We propose in this project
a model-driven approach that links visualization
and security. The key idea is that this link is ultimately defined
in terms of data actions, since data actions are
both controlled by the security policy
and triggered by the events supported by
the graphical user interface.
The key component of our proposal is a many-models-to-model transformation
which, given a security-design model
(specifying the access control policy on the application data)
and a GUI model
(specifying the actions triggered by the events supported
by the application's graphical interface),
automatically generates a GUI model that is
both security-aware and smart.
Thus, under our proposal, illustrated below,
the process of modeling a smart, security-aware GUI
has the following parts.
- Software engineers specify the application-data model C.
- Security engineers specify the security-design model
SC
- GUI designers specify the application GUI model
GC.
- A many-models-to-model transformation automatically generates a
smart, security-aware
GUI model
M(GC, SC)
from the security model
SC
and the GUI model
GC.
|
