Abstract
Service Oriented Architectures with underlying technologies like web services and web services orchestration have opened the door to a wide range of novel application scenarios, especially in the context of inter-organizational cooperation. One of the remaining obstacles for a wide-spread use of these techniques is security. Companies and organizations open their systems and core business processes to partners only if a high level of trust can be guaranteed. The emergence of web services security standards provides a valuable and effective paradigm for addressing the security issues arising in the context of inter-organizational cooperation. The low level of abstraction of these standards is, however, still an unresolved issue which makes them inaccessible to the domain expert and remains a major obstacle when aligning security objectives with the customer needs. Their complexity makes implementation easily prone of error. This paper provides a bird eye view of a doctoral work, where an effort is made to develop a conceptual framework – called SECTET in order to apply model driven security engineering techniques for the realization of high-level security requirements.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Alam, M., Hafner, M., Breu, R.: Modeling Authorization in a SOA based Application Scenario. In: IASTED Software Engineering (2006)
Jürjens, J.: Secure Systems Development with UML
Alam, M., et al.: A Framework for Modeling Restricted Delegation in Service Oriented Architecture. In: To Appear in TrustBus (2006)
Model Driven Security for Web Services (MDS4WS). INMIC2004, (2004), DOI 10.1109/INMIC.2004.1492930
Alam, M., et al.: Modeling Permissions in a (U/X)ML World. In: IEEE ARES, IEEE Computer Society Press, Los Alamitos (2006)
Hafner, M., et al.: A Security Architecture For Inter-organizational Workflows-Putting WS Security Standards Together. In: ICEIS (2005)
Hafner, M., et al.: Modeling Inter-organizational Workflow Security in a Peer-to-Peer Environment. In: IEEE ICWS, IEEE Computer Society Press, Los Alamitos (2005)
Hafner, M., et al.: SECTET – An Extensible Framework for the Realization of Secure Inter-Organizational Workflows. In: Accepted for ICEIS (2006)
Hafner, M., Alam, M., Breu, R.: A MOF/QVT-based Domain Architecture for Model Driven Security. In: To Appear in IEEE/ACM Models, ACM Press, New York (2006)
Schumacher, M. (ed.): Security Engineering with Patterns. LNCS, vol. 2754, pp. 3–540. Springer, Heidelberg (2003)
Model Driven Architecture. http://www.omg.org/mda
OAW For EMF Example available at. http://www.eclipse.org/gmt/oaw/doc/30_emfExample.pdf
Object Management Group. http://www.omg.org
Query View Transformation: OMG Adapted Specification available at, http://www.omg.org/docs/ptc/05-11-01.pdf
Breu, R., et al.: Model Driven Security for Inter-Organizational Workflows in e-Government. In: Böhlen, M.H., Gamper, J., Polasek, W., Wimmer, M.A. (eds.) TCGOV 2005. LNCS (LNAI), vol. 3416, pp. 3–540. Springer, Heidelberg (2005)
Breu, R., et al.: Web service engineering - advancing a new software engineering discipline. In: Lowe, D.G., Gaedke, M. (eds.) ICWE 2005. LNCS, vol. 3579, Springer, Heidelberg (2005)
Role Based Access Control available at, http://csrc.nist.gov/rbac/
Brahe, S., Osterbye, K.: Business Process Modeling: Defining Domain Specific Modeling Languages by Use of UML Profiles. In: Rensink, A., Warmer, J. (eds.) ECMDA-FA 2006. LNCS, vol. 4066, pp. 241–255. Springer, Heidelberg (2006)
SECTETPL: A Predicative Language for the Specification of Access Rights available at, http://qe-informatik.uibk.ac.at/~muhammad/TechnicalReportSECTETPL.pdf
Lodderstedt, T., Basin, D., Doser, J.: A UML Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) «UML» 2002 - The Unified Modeling Language. Model Engineering, Concepts, and Tools. LNCS, vol. 2460, Springer, Heidelberg (2002)
UML 2.0 OCL Specification available at, http://www.omg.org/docs/ptc/03-10-14.pdf
Web service security specifications, available at, http://www.oasis-open.org/specs/index.php
XACML 2.0 Specification Set. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Alam, M. (2007). Model Driven Security Engineering for the Realization of Dynamic Security Requirements in Collaborative Systems. In: Kühne, T. (eds) Models in Software Engineering. MODELS 2006. Lecture Notes in Computer Science, vol 4364. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69489-2_34
Download citation
DOI: https://doi.org/10.1007/978-3-540-69489-2_34
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69488-5
Online ISBN: 978-3-540-69489-2
eBook Packages: Computer ScienceComputer Science (R0)