Security-Driven Model-Based Dynamic Adaptation
Security is a key-challenge for software engineering, especially when considering access control and software evolutions. No satisfying solution exists for maintaining the alignment of access control policies with the business logic. Current implementations of access control rely on the separation between the policy and the application code. In practice, this separation is not so strict and some rules are hardcoded within the application, making the evolution of the policy difficult. The authors propose a new methodology for implementing security-driven applications. From a policy defined by a security expert, they generate an architectural model, reflecting the access control policy.