Abstract
E-government services usually process large amounts of confidential data. Therefore, security requirements for the communication between components have to be adhered in a strict way. Hence, it is of main interest that developers can analyze their modularized models of actual systems and that they can detect critical patterns. For this purpose, we present a general and formal framework for critical pattern detection and user-driven correction as well as possibilities for automatic analysis and verification at meta-model level. The technique is based on the formal theory of graph transformation, which we extend to transformations of type graphs with inheritance within a type graph hierarchy. We apply the framework to specify relevant security requirements.
The extended theory is shown to fulfil the conditions of a weak adhesive HLR category allowing us to transfer analysis techniques and results shown for this abstract framework of graph transformation. In particular, we discuss how confluence analysis and parallelization can be used to enable parallel critical pattern detection and elimination.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
AGG Homepage, http://tfs.cs.tu-berlin.de/agg
Mouratidis, H., Giorgini, P. (eds.): Integrating Security and Software Engineering: Advances and Future Vision. Idea Group, IGI Publishing Group (2006)
Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2005)
Haley, C., Moffett, J., Nuseibeh, B.: Security Requirements Engineering: A Framework for Representation and Analysis. IEEE Trans. on Software Engineering 34(1), 133–153 (2008)
Object Management Group: Meta-Object Facility (MOF), Version 2.0. (2006), http://www.omg.org/technology/documents/formal/mof.htm
Ehrig, H., Ehrig, K., Prange, U., Taentzer, G.: Fundamentals of Algebraic Graph Transformation. EATCS Monographs in Theor. Comp. Science. Springer, Heidelberg (2006)
Braatz, B., Brandt, C., Engel, T., Hermann, F., Ehrig, H.: An approach using formally well-founded domain languages for secure coarse-grained IT system modelling in a real-world banking scenario. In: Proc. 18th Australasian Conference on Information Systems (ACIS 2007) (2007)
Federal Office for Information Security (BSI): Chapter IV: Secure Client-Server Architectures for E-Government. In: E-Government Manual. INTESIO 1–179 (2006), http://www.bsi.bund.de/english/topics/egov/6verb
Lara, J., Bardohl, R., Ehrig, H., Ehrig, K., Prange, U., Taentzer, G.: Attributed Graph Transformation with Node Type Inheritance. Theoretical Computer Science 376(3), 139–163 (2007)
Habel, A., Heckel, R., Taentzer, G.: Graph Grammars with Negative Application Conditions. Special issue of Fundamenta Informaticae 26(3,4), 287–313 (1996)
Ehrig, H., Ehrig, K., Ermel, C., Prange, U.: Consistent Integration of Models Based on Views of Visual Languages. In: Fiadeiro, J.L., Inverardi, P. (eds.) FASE 2008. LNCS, vol. 4961, pp. 62–76. Springer, Heidelberg (2008)
Object Management Group: Unified Modeling Language: Superstructure – Version 2.1.1. formal/07-02-05 (2007), http://www.omg.org/technology/documents/formal/uml.htm
Mens, T., Taentzer, G., Müller, D.: Model-driven software refactoring. In: Rech, J., Bunse, C. (eds.) Model-Driven Software Development: Integrating Quality Assurance, pp. 170–203. Idea Group Inc. (2008)
Mens, T., Taentzer, G., Runge, O.: Analysing refactoring dependencies using graph transformation. Software and System Modeling 6(3), 269–285 (2007)
Grunske, L., Geiger, L., Zündorf, A., Van Eetvelde, N., Van Gorp, P., Varro, D.: Using Graph Transformation for Practical Model Driven Software Engineering. In: Beydeda, S., Book, M., Gruhn, V. (eds.) Model-driven Software Development, pp. 91–118. Springer, Heidelberg (2005)
Bottoni, P., Parisi-Presicce, P., Mason, G., Taentzer, G.: Specifying Coherent Refactoring of Software Artefacts with Distributed Graph Transformations. In: van Bommel, P. (ed.) Handbook on Transformation of Knowledge, Information, and Data: Theory and Applications, pp. 95–125. Idea Group Publishing (2005)
Biermann, E., Ehrig, K., Köhler, C., Kuhns, G., Taentzer, G., Weiss, E.: Graphical Definition of In-Place Transformations in the Eclipse Modeling Framework. In: Nierstrasz, O., Whittle, J., Harel, D., Reggio, G. (eds.) MoDELS 2006. LNCS, vol. 4199, pp. 425–439. Springer, Heidelberg (2006)
Schürr, A.: Specification of Graph Translators with Triple Graph Grammars. In: Mayr, E.W., Schmidt, G., Tinhofer, G. (eds.) WG 1994. LNCS, vol. 903, pp. 151–163. Springer, Heidelberg (1995)
Löwe, M., König, H., Peters, M., Schulz, C.: Refactoring Information Systems. In: Proc. Software Evolution through Transformations: Embracing the Chance (SeTra 2006). Electronic Communications of the EASST, vol. 3 (2006)
Corradini, A., Heindel, T., Hermann, F., König, B.: Sesqui-Pushout Rewriting. In: Corradini, A., Ehrig, H., Montanari, U., Ribeiro, L., Rozenberg, G. (eds.) ICGT 2006. LNCS, vol. 4178, pp. 30–45. Springer, Heidelberg (2006)
Bardohl, R., Ehrig, H., de Lara, J., Taentzer, G.: Integrating Meta-Modelling with Graph Transformation for Efficient Visual Language Definition and Model Manipulation. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 214–228. Springer, Heidelberg (2004)
Hermann, F., Ehrig, H., Ermel, C.: Transformation of Type Graphs with Inheritance for Ensuring Security in E-Government Networks (Long Version). Technical Report 2008/07, TU Berlin, Fak. IV (2008), http://iv.tu-berlin.de/TechnBerichte/2008/2008-07.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hermann, F., Ehrig, H., Ermel, C. (2009). Transformation of Type Graphs with Inheritance for Ensuring Security in E-Government Networks. In: Chechik, M., Wirsing, M. (eds) Fundamental Approaches to Software Engineering. FASE 2009. Lecture Notes in Computer Science, vol 5503. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00593-0_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-00593-0_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00592-3
Online ISBN: 978-3-642-00593-0
eBook Packages: Computer ScienceComputer Science (R0)