The Model Driven Software Network
Raise your level of abstraction
DSLs in the security domain?
With new project in the making (to be confirmed, but things are looking good) I was wondering whether there are any DSLs in existence (and used in practise) that apply to the security domain. In the broadest sense, from modeling surveillance, up to secure transation modeling.
What do you know is out there, and what do you know about it's use and (lack of?) success?
Angelo Hulshout
What do you know is out there, and what do you know about it's use and (lack of?) success?
Angelo Hulshout
Views: 0
Replies to This Discussion
-
Permalink Reply by Mark Dalgarno on
-
ObjectSecurity use MDD in the security domain.
They did a talk at Code Generation 2007: Simplifying Security Policies by using model-driven engineering.
-
Permalink Reply by Steven Kelly on
-
We've worked on security in a number of cases, for instance with the Finnish armed forces. You can guess how much more I'm allowed to say :-).
Since security is rarely the only concern, the trick is to find the best way of integrating the modeling of security information with the modeling of other aspects of the system. I favour separating things out into their own modeling languages only when it becomes necessary. Even with good tool support and the ability to reuse or reference the same objects between models of different types, the burden on the modeler of mentally integrating separate aspects is significant.
When coping with multiple concerns in a single modeling language, strive for brevity - to reduce the mental load of reading the diagrams. 'Convention over configuration' is a big help: figure out what is the most common situation, and let that be the default without any effort by the modeler, and without any extra visual information shown for that case.
-
Permalink Reply by Angelo Hulshout on -
Thanks so far. I downloaded the presentation from ObjectSecurity to check it out.
As for the Finnish armed forces: if you tell me in Finnish, noone should be in trouble, since I wouldn't understand it.
-
Permalink Reply by Dr. Ulrich Lang on
-
Hi all,
I hope the presentation gave a first overview of what we are doing. Please have a look at www.modeldrivensecurity.org and www.objectsecurity.com if you would like further information.
Ulrich Lang
CEO, ObjectSecurity
PS Our model-driven security approach is currently being deployed in a production environment for a large military agency, i.e.this technology is not "hot air".
-
Permalink Reply by Angelo Hulshout on
-
I'll have a look later this week, Ulrich, I was distracted by CG2010 last week. Thanks for providing the links.
© 2012 Created by Mark Dalgarno.
Powered by 
.
