| Submitted to Communications of the ACM. Model Driven Security (2008) | |||||||||||||||
Abstract | |||||||||||||||
| We present Model Driven Security, a new approach to building secure systems. In Model Driven Security, designers specify high-level system models along with their security properties and use tools to automatically generate technology-specific system architectures from the models, including complete, configured security infrastructures. Initial experience with this approach using support tools suggests that Model Driven Security both simplifies the system development process and substantially improves the quality and maintainability of the resulting systems. Model Driven Security Security is an integral part of most modern IT systems and designing such systems requires properly identifying, integrating, and configuring different security technologies. Examples include access control for preventing unauthorized access to system resources, encryption to ensure the confidentiality of data during network transmissions, and digital signatures for electronic contract signing. Although a large number of security architectures and technologies are available, we hear daily accounts of security vulnerabilities and failures. Why is it so difficult to engineer robust, secure systems? A glance at the system development processes typically used suggests one reason: security is often managed in an ad-hoc fashion where requirements are analyzed and | |||||||||||||||
Publication details | |||||||||||||||
| |||||||||||||||