Lionel Montrieux

Learn More
Following the ``convention over configuration" paradigm, model-driven development (MDD) generates code to implement the ``default'' behaviour that has been specified by a template separate from the input model, reducing the decision effort of developers. For flexibility, users of MDD are allowed to customise the model and the generated code in parallel. A(More)
This demo presents a tool to generate code from verified Role-Based Access Control properties defined using UMLsec. It can either generate Java code, or generate Java code for the UML model and AspectJ code for enforcing said RBA properties. Both approaches use the Java Authentication and Authorization Service (JAAS) to enforce access control.
It has been argued that security perspectives, of which access control is one, should be taken into account as early as possible in the software development process. Towards that goal, we present in this paper a tool supporting our modelling approach to specify and verify access control in accordance to the NIST standard Role-Based Access Control (RBAC).(More)
Access Control plays a crucial part in software security, as it is responsible for making sure that users have access to the resources they need while being forbidden from accessing resources they do not need. Access control models such as Role-Based Access Control have been developed to help system administrators deal with the increasing complexity of the(More)
The integration of domain-specific concepts in a model-driven engineering (MDE) approach raises a number of interesting research questions. There are two possibilities to represent these concepts. The first one focuses on models that contain domain-specific concepts only, i.e. domain-specific modelling languages (DSML). The second one advocates the(More)
Security is concerned with the protection of assets from intentional harm. Secure systems provide capabilities that enable such protection to satisfy some security requirements. In a world increasingly populated with mobile and ubiquitous computing technology, the scope and boundary of security systems can be uncertain and can change. A single functional(More)
Self-adaptive access control, in which self-* properties are applied to protecting systems, is a promising solution for the handling of malicious user behaviour in complex infrastructures. A major challenge in self-adaptive access control is ensuring that chosen adaptations are valid, and produce a satisfiable model of access. The contribution of this paper(More)
Security requirements are concerned with protecting assets of a system from harm. Implemented as code aspects to weave protection mechanisms into the system, security requirements need to be validated when changes are made to the programs during system evolution. However, it was not clear for developers whether existing validation procedures such as test(More)
In self-adaptive systems, an adaptation strategy can apply to several implementations of a target system. Reusing this strategy requires models of the target system that are independent of its implementation. In particular, configuration files must be transformed into abstract configurations, but correctly synchronizing these two representations is not(More)