Automatic Generation of Security-Aware GUI Models
نویسندگان
چکیده
In typical software applications, users access application data using GUI widgets. There is an important, but little explored, link between visualization and security: when the application data is protected by an access-control policy, the application GUI should be aware of and respect this policy. For example, a widget should not give users options to execute actions on the application data that they are not authorized to execute. However, GUI designers are not (and usually should not be) aware of the application data security policy. To solve this problem, we define in this paper a many-models-to-model transformation that, given a security-aware data model and a GUI model, makes the GUI model also security-aware.
منابع مشابه
Automatic Generation of Smart, Security-Aware GUI Models
In many software applications, users access application data using graphical user interfaces (GUIs). There is an important, but little explored, link between visualization and security: when the application data is protected by an access control policy, the GUI should be aware of this and respect the policy. For example, the GUI should not display options to users for actions that they are not ...
متن کاملModel-Driven Development of Security-Aware GUIs for Data-Centric Applications
In this tutorial we survey a very promising instance of modeldriven security: the full generation of security-aware graphical user interfaces (GUIs) from models for data-centric applications with access control policies. We describe the modeling concepts and languages employed and how model transformation can be used to automatically lift security policies from data models to GUI models. We wor...
متن کاملSecurity testing of session initiation protocol implementations
The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...
متن کاملCAMAC: a context-aware mandatory access control model
Mandatory access control models have traditionally been employed as a robust security mechanism in multilevel security environments such as military domains. In traditional mandatory models, the security classes associated with entities are context-insensitive. However, context-sensitivity of security classes and flexibility of access control mechanisms may be required especially in pervasive c...
متن کاملMetadata Enrichment for Automatic Data Entry Based on Relational Data Models
The idea of automatic generation of data entry forms based on data relational models is a common and known idea that has been discussed day by day more than before according to the popularity of agile methods in software development accompanying development of programming tools. One of the requirements of the automation methods, whether in commercial products or the relevant research projects, ...
متن کامل