Advertisement

Model Driven Architectural Design of Information Security System

  • Ivan GaidarskiEmail author
  • Zlatogor Minchev
  • Rumen Andreev
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 942)

Abstract

The main objective of the paper is to present model-driven approach to development of Information Security System. We use data centric models, in which the main focus is on the data and we define a conceptual model of Information Security System architecture using the main information security concepts. Its construction is based on the domain analysis organized around the viewpoints “Information Security” and “Information Processing”. The meta-models based on these viewpoints concern different aspects of the data and data protection. They are based on the summary of our practical experience in information security activities. Then the conceptual model is transformed to system design model with the help of UML – class, activity and deployment diagrams that transform the conceptual model of system architecture into actual solution or physical system.

Keywords

Conceptual modeling Data protection Architecture framework UML 

Notes

Acknowledgements

This study is partially supported by a research project grant “Modelling the Architecture of Information Security Systems in Organizations”, Ref. No: 72-00-40-230/10.05.2017, ICT Sciences & Technologies Panel, Program for Young Scientists and PhD Students Support – 2017, Bulgarian Academy of Sciences. Additional gratitude is also given to Information and Communication Technologies for a Single Digital Market in Science, Education and Security (ICTinSES) program of the Ministry of Education and Science, Republic of Bulgaria.

References

  1. 1.
    Hintzbergen, J., Hintzbergen, K.: Foundations of Information Security Based on ISO27001 and ISO27002, p. 149. Zaltbommel, Van Haren (2010)Google Scholar
  2. 2.
    ISO 27001 Official Page. https://www.iso.org/isoiec-27001-information-security.html. Accessed 9 Nov 2018
  3. 3.
    IT Governance Institute: COBIT Security Baseline: An Information Survival Kit, 2nd edn, p. 14. IT Governance Institute (2007)Google Scholar
  4. 4.
    COBIT Resources: http://www.isaca.org/COBIT/Pages/default.aspx. Accessed 9 Nov 2018
  5. 5.
    NIST Special Publications (800 Series): http://www.csrc.nist.gov/publications/PubsSPs.html. Accessed 9 Nov 2018
  6. 6.
    Gramm-Leach-Bliley Act (GLBA) Resources. https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-act. Accessed 9 Nov 2018
  7. 7.
    Anand, S.: Sarbanes-Oxley Guide for Finance and Information Technology Professionals, p. 93. Wiley, Hoboken (2006)Google Scholar
  8. 8.
    Sarbanes-Oxley Act SOX Resources. https://www.sec.gov/about/laws/soa2002.pdf. Accessed 9 Nov 2018
  9. 9.
    Beaver, K., Herold, R.: The Practical Guide to HIPAA Privacy and Security Compliance, 2nd edn, p. 4. Auerbach, Boca Raton (2011)Google Scholar
  10. 10.
    PCI Security Standards. https://www.pcisecuritystandards.org/pci_security/. Accessed 9 Nov 2018
  11. 11.
    EU General Data Protection Regulation Official Page. http://ec.europa.eu/justice/data-protection/reform/index_en.htm. Accessed 9 Nov 2018
  12. 12.
    IEEE Std 1471, IEEE Recommended Practice for Architectural Description of Software-Intensive Systems (2000)Google Scholar
  13. 13.
    ISO/IEC/IEEE 42010:2011 – Systems and Software Engineering – Architecture Description. https://www.iso.org/standard/50508.html. Accessed 9 Nov 2018
  14. 14.
    OMG. Unified Modeling Language (UML), V. 1.5. https://www.omg.org/spec/UML/1.5/About-UML/. Accessed 9 Nov 2018
  15. 15.
    Hilliard, R.: Aspects, concerns, subjects, views. In: First Workshop on Multi- dimensional Separation of Concerns in Object-Oriented Systems (OOPSLA 1999), pp. 1–3 (1999)Google Scholar
  16. 16.
    Industrial Internet of Things Volume G4: Security Framework, pp. 46–61, May 2017. http://www.iiconsortium.org/pdf/IIC_PUB_G4_V1.00_PB.pdf. Accessed 2018/11/9
  17. 17.
    Killmeyer, J.: Information Security Architecture: An Integrated Approach to Security in the Organization, pp. 203–240. CRC Press, Taylor & Francis Group, LLC, Boca Raton (2006)CrossRefGoogle Scholar
  18. 18.
    Rhodes-Ousley, M.: Information Security the Complete Reference, 2nd edn, pp. 303, 234–238. The McGraw-Hill, New York City (2013)Google Scholar
  19. 19.
    Alhir, S.: Understanding the model driven architecture (MDA). Methods Tools 11(3), 17–24 (2003)Google Scholar
  20. 20.
    Fernandez, E.: Security Patterns in Practice, pp. 25–50. Wiley, Hoboken (2013)Google Scholar
  21. 21.
    Dennis, A., Wixom, B., Tegarden, D.: System Analysis & Design – An Object-Oriented Approach with UML, 5th edn, pp. 19–52. Wiley, Hoboken (2015)Google Scholar
  22. 22.
    Perroud, T., Inversini, R.: Enterprise Architecture Patterns, pp. 18–22. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  23. 23.
    Hilliard, R.: Using the UML for architectural description. In: Proceedings of UML 1999. Lecture Notes in Computer Science, vol. 1723, pp. 1–15. Springer (1999)Google Scholar
  24. 24.
    Breu, R., Grosu, R., Huber, F., Rumpe, B., Schwerin, W.: Systems, views and models of UML. In: Schader, M., Korthaus, A. (eds.) The Unified Modeling Language, Technical Aspects and Applications, pp. 3–8. Physica Verlag, Heidelberg (1998)Google Scholar
  25. 25.
    Kong, J., Xu, D., Zeng, X.: UML-based modeling and analysis of security threats. Int. J. Softw. Eng. Knowl. Eng. 20(6), 875–897 (2010)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Ivan Gaidarski
    • 1
    • 3
    Email author
  • Zlatogor Minchev
    • 1
    • 2
  • Rumen Andreev
    • 3
  1. 1.Joint Training Simulation and Analysis Center, Institute of ICTBulgarian Academy of SciencesSofiaBulgaria
  2. 2.Institute of Mathematics and InformaticsBulgarian Academy of SciencesSofiaBulgaria
  3. 3.Institute of Information and Communication TechnologiesSofiaBulgaria

Personalised recommendations