There have been many research works suggesting Model-driven Architecture (MDA) approaches for automatic application generation and personalization. MDA approach allows code generation from platform-specific models (PSMs) by the means of generators that automatically transform models into the source code for a chosen platform to automate software engineering process. Previous works have widely addressed code generation, but they are not considering nonfunctional aspects such as application security. In this current work, we are proposing some additional MDA mechanisms to generate secure applications based on a given set of security policies. In this context, this approach is used for integrating security properties, such as Authorization, Authentication, Communication encryption, Message Integrity, and Confidentiality of critical data, thus security properties will be incorporated in the generated software during the whole development process or in early abstraction stages. In other words, security models will be merged with the system models in different abstraction levels by applying a set of model-to-model transformation. As a result of this process, the system's source code and configuration files will be generated automatically from communication diagrams by applying a model-to-code transformation.
展开▼