Model-Driven Development of Security-Aware GUIs for Data-Centric Application
In this paper, the authors survey a very promising instance of model-driven security: the full generation of security-aware Graphical User Interfaces (GUIs) from models for data-centric applications with access control policies. They describe the modeling concepts and languages employed and how model transformation can be used to automatically lift security policies from data models to GUI models. They work through a case study where they generate a security-aware GUI for a chat-room application. They also present a toolkit that supports the construction of security, data, and GUI models and generates complete, deployable, web applications from these models.