A Model Driven Security Engineering Approach to Support Collaborative Tools Deployment Over Clouds
The development of web 2.0 increases the call for agile and simple business process support. SOA (Service oriented Architecture) provides companies a new model to build their IT applications around their business processes and to combine them dynamically with the services of partner companies. Moreover cloud computing offers new business models and deployment opportunities to support adaptive and scalable execution environment. However, to provide services collaboration from several companies, the security policy associate to each company must be respected. So, the Business Process (BP) provides by these companies services inter-connections should be adapted to the security policy of each company and to the platform where it will be deployed. This leads to propose a new platform based on MDE (Model-Driven Engineering) approach to allow companies to build and deploy safely their BP in the Cloud environments.
KeywordsBusiness process Cloud computing Security model MDE
Unable to display preview. Download preview PDF.
- OMG (Object Management Group), (2011). Business Process Model and Notation (BPMN) Version 2.0, http://www.omg.org/spec/BPMN/2.0
- Backes M, Pfitzmann B, Waider M (2003) Security in Business Process Engineering. In: vander Aalst, W.M.P., ter Hofstede, A.H.M., Weske, M. (eds.) BPM 2003. LNCS, vol. 2678,pp. 168–183. Springer, HeidelbergGoogle Scholar
- Herrmann P, Herrmann G (2006) Security requirement analysis of business processes. Electronic Commerce Research 6(3-4), 305–335Google Scholar
- Rodriguez A., Fernandez-Medina E., Piattini M., (2007) A BPMN extension for the modelling of security requirements in business processes, the institute of electronics, Information and Communication Engineers (IEICE), Vol.E90-D, NO.4.Google Scholar
- Mülle J, von Stackelberg S, Klemen A (2011) Security Language for BPMN Process Models, Karlsruhe institute of technology, Germany.Google Scholar
- ANSI (Agence National de la sécurité des SI), (2004). Expression des besoins et identification des objectifs de sécurité. La démarche”, Version 2.Google Scholar
- Club de la sécurité de l’Information Français (CLUSIF), (2010). MEHARI 2010. Guide de la démarche d’analyse et de traitement des risques.Google Scholar
- Dorofee A (2002) Managing information security risks across the enterprise, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA 15213.Google Scholar
- Alberts, C., Dorofee, A., Stevens J., Woody C., (2003). Introduction to the OCTAVE Approach, Carnegie Mellon University, Pittsburgh.Google Scholar
- Moore AP, Ellison R J, (2001) Architectural Refinement for the Design of Survivable Systems, Technical Note (CMU/SEI-2001-TN-008). Software Engineering Institute, Carnegie Mellon University.Google Scholar
- Mell P, Grance T, J (2011) The NIST Definition of Cloud Computing, Recommendations of the National Institute of Standards and Technology, NIST Special Publication 800-145Google Scholar
- Sinclair J, Hudzia B, Lindner M (2011) The first International Conference on Cloud Computing and Services Science, CLOSER 2011 “Architecture for compliance analysis of distributed service based systems”. Belfast, Northern Ireland, U.K.Google Scholar
- US Government, (2001).Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act, Title V, s 505.Google Scholar
- Cloud Cube Model: Selecting Cloud Formations for Secure Collaboration, Jericho Forum, Version 1.0, (April 2009), http://www.opengroup.org/jericho/cloud_cube_model_v1.0.pdf.
- Organization for the Advancement of Structured Information Standards (OASIS), (2009). OASIS: Reference Architecture Foundation for Service Oriented Architecture, Version 1.0.Google Scholar
- Lima Dutra M, Ghodous P, Kuhn O, Minh T (2010) A Generic and Synchronous Ontology-based Architecture for Collaborative Design. Concurrent Engineering, Research and Applications 18(1):65-74, Sage, ISSN 1063 293X.2010.Google Scholar