We propose in this project
a model-driven approach that links visualization
and security. The key idea is that this link is ultimately defined
in terms of data actions, since data actions are
both controlled by the security policy
and triggered by the events supported by
the graphical user interface.
The key component of our proposal is a many-models-to-model transformation
which, given a security-design model
(specifying the access control policy on the application data)
and a GUI model
(specifying the actions triggered by the events supported
by the application's graphical interface),
automatically generates a GUI model that is
both security-aware and smart.
Thus, under our proposal, illustrated below,
the process of modeling a smart, security-aware GUI
has the following parts.
- Software engineers specify the application-data model C.
- Security engineers specify the security-design model
- GUI designers specify the application GUI model
- A many-models-to-model transformation automatically generates a
from the security model
and the GUI model