摘要： 为提高软件安全性，提出一种基于模型驱动架构(MDA)与统一建模语言(UML)扩展机制的安全软件开发方法。采用UML扩展机制建立系统安全相关的平台无关模型，将软件的安全性分析提前到设计的早期；利用MDA方法进行软件安全属性的建模，降低后期开发的风险与成本。图书管理系统实例验证了该方法的有效性。

关键词: 模型驱动架构, 统一建模语言, 角色访问控制, 安全软件开发, 平台无关模型

Abstract: To improve the safety of the software, this paper proposes a software design and development method which based on Model Driven Architecture(MDA) and United Modeling Language(UML) extension mechanism. It adopts UML extension mechanism to build system safety-related Platform Independent Model(PIM), and brings forward the safety analysis of software at the early stage of design. It realizes software security property modeling with the method of MDA, and reduces risk and cost of later development period. Example of library management system proves the validity of the method.

Key words: Model Driven Architecture(MDA), United Modeling Language(UML), Role-based Access Control(RBAC), secure software development, Platform Independent Model(PIM)

中图分类号: 

• TP311