May 19, 2009
Manuel Clavel
Automatic Generation of Smart, Security-Aware GUI Model Abstract: In many software applications, users access application data using graphical user interfaces (GUIs).There is an important, but little explored, link between visualization and security: when the application data is protected by an access control policy, the GUI should be aware of this and respect this policy. For example, the GUI should not display options to users for actions that they are not authorized to execute on application data.
Directly hardcoding the security policy within the GUI is inadequate.GUI designers are not (and usually should not be) aware of the application data security policy.We propose a solution based on model transformations in a model-driven development setting.We define a many-models-to-model transformation that, given a security-aware data model and a GUI model, makes the GUI model security-aware and also smart. Then, we define a second transformation that, given a security-aware GUI model, also makes this model smart. Smartness is relevant since events can not only trigger actions on application data, but also also on GUI widgets. For example, the resulting GUI widgets will not give users the option to open other widgets when this would allow users to execute unauthorized actions on the application data. Overall, we aim to provide GUI designers with better models and tools for building and analyzing GUIs for security-critical applications.
Comments: on-going work, in collaboration with David Basin (ETH Zürich), Marina Egea (ETH Zürich), and Michael Schläpfer (ETH Zürich).