Model-driven Security and Privacy

Model-driven engineering (MDE) is a software development methodology that promotes the use of models during software development.

In this project we aim to provide MDE methodology and tools for buidling large and complex software systems that satisfy their security and privacy requirements by design. Our MDE methodology promotes security and privacy by design by integrating them into the software development process early - as models at the design phase. This facilitates precise documentation and automatic analysis of security and privacy policies. With the appropriate model transformations in place, we can additionally generate an enforcement mechanism that prevents executions not permitted by the modeled policy.
The generated enforcement mechanism is typically implemented as a collection of assertions at critical places in the application code. The assertions check if the policy is satisfied before each (possibly undesirable) action is executed.

An alternative to MDE (and its automatically generated enforcement mechanism) is to manually write the assertions in the application code. This is, unfortunately, the status quo in industry at the moment, and it is typically done ad-hoc resulting in the development of insecure systems. Writing the assertions correctly and then manually evolving them consistently as policies change is an extremely time-consuming and error-prone task. With the current (lack of) abstractions used by software engineers, it is extremely challenging and error-prone to build and maintain complex, secure, and privacy-preserving systems, and to certify that they comply with data protection regulation.