Increasingly, the success of software systems depends largely on how their security requirements are satisfied. However, developers are challenged in implementing these requirements, mainly because of the gap between the specification and implementation, and the technical complexities of the current software infrastructures. Recently, Model-Driven Security has emerged as a new software development area aimed at overcoming these difficulties. This new paradigm takes advantage of the benefits of the model driven software development techniques for modeling and implementing security concerns. Following this trend, this paper proposes a model driven security approach named ModelSec that offers a generative architecture for managing security requirements, from the requirement elicitation to the implementation stage. This architecture automatically generates security software artifacts (e.g. security rules) by means of a model transformation chain composed of two-steps. Firstly, a security infrastructure dependent model is derived from three models, which express the security restrictions, the design decisions and the information needed on the target platform. Then, security software artifacts are produced from the previously generated model. A Domain-Specific Language for security requirements management has been built, which is based on a metamodel specifically designed for this purpose. An application example that illustrates the approach and the Eclipse tools implemented to support it are also shown.

requirements engineering, requirements metamodelling, model driven engineering, model driven security