The Model Driven Software Network

Raise your level of abstraction

With new project in the making (to be confirmed, but things are looking good) I was wondering whether there are any DSLs in existence (and used in practise) that apply to the security domain. In the broadest sense, from modeling surveillance, up to secure transation modeling.

What do you know is out there, and what do you know about it's use and (lack of?) success?

Angelo Hulshout

Views: 78

Reply to This

Replies to This Discussion

ObjectSecurity use MDD in the security domain.

They did a talk at Code Generation 2007: Simplifying Security Policies by using model-driven engineering.
We've worked on security in a number of cases, for instance with the Finnish armed forces. You can guess how much more I'm allowed to say :-).

Since security is rarely the only concern, the trick is to find the best way of integrating the modeling of security information with the modeling of other aspects of the system. I favour separating things out into their own modeling languages only when it becomes necessary. Even with good tool support and the ability to reuse or reference the same objects between models of different types, the burden on the modeler of mentally integrating separate aspects is significant.

When coping with multiple concerns in a single modeling language, strive for brevity - to reduce the mental load of reading the diagrams. 'Convention over configuration' is a big help: figure out what is the most common situation, and let that be the default without any effort by the modeler, and without any extra visual information shown for that case.
Thanks so far. I downloaded the presentation from ObjectSecurity to check it out.

As for the Finnish armed forces: if you tell me in Finnish, noone should be in trouble, since I wouldn't understand it.
Hi all,

I hope the presentation gave a first overview of what we are doing. Please have a look at and if you would like further information.

Ulrich Lang
CEO, ObjectSecurity

PS Our model-driven security approach is currently being deployed in a production environment for a large military agency, i.e.this technology is not "hot air".
I'll have a look later this week, Ulrich, I was distracted by CG2010 last week. Thanks for providing the links.




© 2019   Created by Mark Dalgarno.   Powered by

Badges  |  Report an Issue  |  Terms of Service