Software & Systems Modeling

, Volume 13, Issue 2, pp 513–548

Modeling and enforcing secure object flows in process-driven SOAs: an integrated model-driven approach

Theme Section Paper


In this paper, we present an integrated model-driven approach for the specification and the enforcement of secure object flows in process-driven service-oriented architectures (SOA). In this context, a secure object flow ensures the confidentiality and the integrity of important objects (such as business contracts or electronic patient records) that are passed between different participants in SOA-based business processes. We specify a formal and generic metamodel for secure object flows that can be used to extend arbitrary process modeling languages. To demonstrate our approach, we present a UML extension for secure object flows. Moreover, we describe how platform-independent models are mapped to platform-specific software artifacts via automated model transformations. In addition, we give a detailed description of how we integrated our approach with the Eclipse modeling tools.


Process modeling Secure object flows Security engineering Service-oriented architecture Model-driven development UML SoaML Web services 

Copyright information

© Springer-Verlag 2012

Authors and Affiliations

  1. 1.New Media Lab, Institute for Information SystemsVienna University of Economics and Business (WU Vienna)ViennaAustria
  2. 2.Secure Business Austria Research (SBA Research)ViennaAustria

Personalised recommendations