Theme Section Paper

Software & Systems Modeling

, Volume 13, Issue 2, pp 513-548

Modeling and enforcing secure object flows in process-driven SOAs: an integrated model-driven approach

  • Bernhard HoislAffiliated withNew Media Lab, Institute for Information Systems, Vienna University of Economics and Business (WU Vienna)Secure Business Austria Research (SBA Research) Email author 
  • , Stefan SobernigAffiliated withNew Media Lab, Institute for Information Systems, Vienna University of Economics and Business (WU Vienna) Email author 
  • , Mark StrembeckAffiliated withNew Media Lab, Institute for Information Systems, Vienna University of Economics and Business (WU Vienna)Secure Business Austria Research (SBA Research) Email author 

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access

Abstract

In this paper, we present an integrated model-driven approach for the specification and the enforcement of secure object flows in process-driven service-oriented architectures (SOA). In this context, a secure object flow ensures the confidentiality and the integrity of important objects (such as business contracts or electronic patient records) that are passed between different participants in SOA-based business processes. We specify a formal and generic metamodel for secure object flows that can be used to extend arbitrary process modeling languages. To demonstrate our approach, we present a UML extension for secure object flows. Moreover, we describe how platform-independent models are mapped to platform-specific software artifacts via automated model transformations. In addition, we give a detailed description of how we integrated our approach with the Eclipse modeling tools.

Keywords

Process modeling Secure object flows Security engineering Service-oriented architecture Model-driven development UML SoaML Web services