Software & Systems Modeling

, Volume 13, Issue 2, pp 513–548

Modeling and enforcing secure object flows in process-driven SOAs: an integrated model-driven approach

Theme Section Paper

DOI: 10.1007/s10270-012-0263-y

Cite this article as:
Hoisl, B., Sobernig, S. & Strembeck, M. Softw Syst Model (2014) 13: 513. doi:10.1007/s10270-012-0263-y


In this paper, we present an integrated model-driven approach for the specification and the enforcement of secure object flows in process-driven service-oriented architectures (SOA). In this context, a secure object flow ensures the confidentiality and the integrity of important objects (such as business contracts or electronic patient records) that are passed between different participants in SOA-based business processes. We specify a formal and generic metamodel for secure object flows that can be used to extend arbitrary process modeling languages. To demonstrate our approach, we present a UML extension for secure object flows. Moreover, we describe how platform-independent models are mapped to platform-specific software artifacts via automated model transformations. In addition, we give a detailed description of how we integrated our approach with the Eclipse modeling tools.


Process modelingSecure object flowsSecurity engineeringService-oriented architectureModel-driven developmentUMLSoaMLWeb services

Copyright information

© Springer-Verlag 2012

Authors and Affiliations

  1. 1.New Media Lab, Institute for Information SystemsVienna University of Economics and Business (WU Vienna)ViennaAustria
  2. 2.Secure Business Austria Research (SBA Research)ViennaAustria