Access Granted – Carefully: Securing model information in collaborative modeling

IF 4.1 2区计算机科学 Q1 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Systems and Software Pub Date : 2025-09-19 DOI:10.1016/j.jss.2025.112640

Malvina Latifaj, Federico Ciccozzi, Antonio Cicchetti

{"title":"Access Granted – Carefully: Securing model information in collaborative modeling","authors":"Malvina Latifaj, Federico Ciccozzi, Antonio Cicchetti","doi":"10.1016/j.jss.2025.112640","DOIUrl":null,"url":null,"abstract":"<div><div>The collaborative nature of model-driven software engineering introduces significant challenges in safeguarding the confidentiality and integrity of the collaborative model. Existing access control mechanisms often rely on transient, virtual views lacking persistence and fine-grained permissions, making them unsuitable for scenarios requiring offline collaboration and leading to potential security breaches and user frustration. This work describes a dual-layered approach leveraging role-based access control policies to enhance security in collaborative modeling environments. The first layer utilizes multi-view modeling techniques to create materialized view models tailored to specific user roles, thereby restricting unnecessary access to the entire model. The second layer refines access at the individual element level within these view models, establishing fine-grained permissions enforced by model editors. This proactive enforcement prevents unauthorized actions before they occur, improving user experience and efficiency. The proposed approach, implemented as an Eclipse plugin and demonstrated through an illustrative example, ensures the confidentiality and integrity of shared model data by granting stakeholders access only to information relevant to their specific responsibilities and expertise. By filtering out irrelevant data, the approach also mitigates information overload, enabling stakeholders to concentrate on task-relevant aspects of the model, thereby potentially improving collaborative efficiency and effectiveness.</div></div>","PeriodicalId":51099,"journal":{"name":"Journal of Systems and Software","volume":"231 ","pages":"Article 112640"},"PeriodicalIF":4.1000,"publicationDate":"2025-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Systems and Software","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0164121225003097","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

The collaborative nature of model-driven software engineering introduces significant challenges in safeguarding the confidentiality and integrity of the collaborative model. Existing access control mechanisms often rely on transient, virtual views lacking persistence and fine-grained permissions, making them unsuitable for scenarios requiring offline collaboration and leading to potential security breaches and user frustration. This work describes a dual-layered approach leveraging role-based access control policies to enhance security in collaborative modeling environments. The first layer utilizes multi-view modeling techniques to create materialized view models tailored to specific user roles, thereby restricting unnecessary access to the entire model. The second layer refines access at the individual element level within these view models, establishing fine-grained permissions enforced by model editors. This proactive enforcement prevents unauthorized actions before they occur, improving user experience and efficiency. The proposed approach, implemented as an Eclipse plugin and demonstrated through an illustrative example, ensures the confidentiality and integrity of shared model data by granting stakeholders access only to information relevant to their specific responsibilities and expertise. By filtering out irrelevant data, the approach also mitigates information overload, enabling stakeholders to concentrate on task-relevant aspects of the model, thereby potentially improving collaborative efficiency and effectiveness.

查看原文本刊更多论文

授予访问-小心：在协作建模中保护模型信息

模型驱动软件工程的协作性在保护协作模型的机密性和完整性方面带来了重大挑战。现有的访问控制机制通常依赖于缺乏持久性和细粒度权限的瞬时虚拟视图，这使得它们不适合需要离线协作的场景，并导致潜在的安全漏洞和用户受挫。这项工作描述了一种利用基于角色的访问控制策略来增强协作建模环境中的安全性的双层方法。第一层利用多视图建模技术来创建针对特定用户角色的物化视图模型，从而限制对整个模型的不必要访问。第二层在这些视图模型中的单个元素级别细化访问，建立由模型编辑器强制执行的细粒度权限。这种主动执行可以在未经授权的操作发生之前阻止它们，从而改善用户体验和效率。所建议的方法，作为Eclipse插件实现，并通过一个说明性示例进行了演示，通过只允许涉众访问与其特定职责和专业知识相关的信息，确保了共享模型数据的机密性和完整性。通过过滤掉不相关的数据，该方法还减轻了信息过载，使涉众能够专注于模型的任务相关方面，从而潜在地提高协作效率和有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Systems and Software 工程技术-计算机：理论方法

CiteScore

8.60

自引率

5.70%

发文量

193

审稿时长

16 weeks

期刊介绍： The Journal of Systems and Software publishes papers covering all aspects of software engineering and related hardware-software-systems issues. All articles should include a validation of the idea presented, e.g. through case studies, experiments, or systematic comparisons with other approaches already in practice. Topics of interest include, but are not limited to: •Methods and tools for, and empirical studies on, software requirements, design, architecture, verification and validation, maintenance and evolution •Agile, model-driven, service-oriented, open source and global software development •Approaches for mobile, multiprocessing, real-time, distributed, cloud-based, dependable and virtualized systems •Human factors and management concerns of software development •Data management and big data issues of software systems •Metrics and evaluation, data mining of software development resources •Business and economic aspects of software development processes The journal welcomes state-of-the-art surveys and reports of practical experience for all of these topics.