Domain-Specific Multi-modeling of Security Concerns in Service-Oriented Architectures

  • Juan Pedro Silva Gallino
  • Miguel de Miguel
  • Javier F. Briones
  • Alejandro Alonso
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7176)

Abstract

As a common reference for many in-development standards and execution frameworks, special attention is being paid to Service-Oriented Architectures. SOAs modeling, however, is an area in which a consensus has not being achieved. Currently, standardization organizations are defining proposals to offer a solution to this problem. Nevertheless, until very recently, non-functional aspects of services have not been considered for standardization processes. In particular, there exists a lack of a design solution that permits an independent development of the functional and non-functional concerns of SOAs, allowing that each concern be addressed in a convenient manner in early stages of the development, in a way that could guarantee the quality of this type of systems. This paper, leveraging on previous work, presents an approach to integrate security-related non-functional aspects (such as confidentiality, integrity, and access control) in the development of services.

Keywords

Access Control Supply Chain Management Security Concern Access Control Model Target Platform 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Apache. Apache CXF (2010)Google Scholar
  2. 2.
    Berre, A.: Service oriented architecture Modeling Language (SoaML)-Specification for the UML Profile and Metamodel for Services, UPMS (2008)Google Scholar
  3. 3.
    CDTI. ITECBANGoogle Scholar
  4. 4.
    Dodd, J., Allen, P., Butler, J., Olding, S., Veryard, R., Wilkes, L.: CBDI-SAE Meta Model for SOA Version 2. Technical report, Everware-CBDI (2007)Google Scholar
  5. 5.
    Elrad, T., Aldawud, O., Bader, A.: Aspect-Oriented Modeling: Bridging the Gap between Implementation and Design. In: Batory, D., Consel, C., Taha, W. (eds.) GPCE 2002. LNCS, vol. 2487, pp. 189–201. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Del Fabro, M.D., Bézivin, J., Jouault, F.: AMW: a generic model weaver. In: Proceedings of the Using Metamodels to Support MDD Workshop, 10th IEEE International Conference on Engineering of Complex Computer Systems, ICECCS 2005 (2005)Google Scholar
  7. 7.
    Finkelsetin, A., Kramer, J., Nuseibeh, B., Finkelstein, L., Goedicke, M.: Viewpoints: A framework for integrating multiple perspectives in system development. International Journal of Software Engineering and Knowledge Engineering 2 (1992)Google Scholar
  8. 8.
    Kelly, S., Tolvanen, J.-P.: Domain-specific modeling: enabling full code generation. Wiley-IEEE, Hoboken, New Jersey (2008)Google Scholar
  9. 9.
    Kim, A., Luo, J., Kang, M.: Security Ontology to Facilitate Web Service Description and Discovery. In: Spaccapietra, S., Atzeni, P., Fages, F., Hacid, M.-S., Kifer, M., Mylopoulos, J., Pernici, B., Shvaiko, P., Trujillo, J., Zaihrayeu, I. (eds.) Journal on Data Semantics IX. LNCS, vol. 4601, pp. 167–195. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Larrucea, X., Alonso, R.: Modelling and Deploying Security Policies. In: WEBIST 2009 - Proceedings of the Fifth International Conference on Web Information Systems and Technologies, Lisboa, Portugal, pp. 411–414. INSTICC Press (2009)Google Scholar
  11. 11.
    Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)Google Scholar
  12. 12.
    Jensen, M., Feja, S.: A Security Modeling Approach for Web-Service-Based Business Processes. In: 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems, ECBS 2009, San Francisco, California, USA, pp. 340–347. IEEE Computer Society (2009)Google Scholar
  13. 13.
    Menzel, M., Meinel, C.: A Security Meta-model for Service-Oriented Architectures. In: 2009 IEEE International Conference on Services Computing, Bangalore, India, pp. 251–259. IEEE (September 2009)Google Scholar
  14. 14.
    Miller, J., Mukerji, J.: MDA Guide Version 1.0.1 (2003)Google Scholar
  15. 15.
    Mouelhi, T., Fleurey, F., Baudry, B., Le Traon, Y.: A Model-Based Framework for Security Policy Specification, Deployment and Testing. In: Czarnecki, K., Ober, I., Bruel, J.-M., Uhl, A., Völter, M. (eds.) MODELS 2008. LNCS, vol. 5301, pp. 537–552. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  16. 16.
    Ortiz, G., Hernández, J.: Service-Oriented Model-Driven Development: Filling the Extra-Functional Property Gap. In: Dan, A., Lamersdorf, W. (eds.) ICSOC 2006. LNCS, vol. 4294, pp. 471–476. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Rashid, A., Sawyer, P., Moreira, A., Araújo, J.: Early Aspects: A Model for Aspect-Oriented Requirements Engineering. In: IEEE International Conference on Requirements Engineering, p. 199 (2002)Google Scholar
  18. 18.
    Satoh, F., Nakamura, Y., Mukhi, N., Tatsubori, M., Ono, K.: Methodology and Tools for End-to-End SOA Security Configurations. In: 2008 IEEE Congress on Services, SERVICES I, Honolulu, Hawaii, USA, pp. 307–314. IEEE Computer Society (2008)Google Scholar
  19. 19.
    Gallino, J.P.S., de Miguel, M.A., Briones, J.F., Alonso, A.: Model-Driven Development of a Web Service-Oriented Architecture and Security Policies. In: 2010 13th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing, Carmona, Spain, pp. 92–96. IEEE Computer Society, Los Alamitos (2010)CrossRefGoogle Scholar
  20. 20.
    SpringSource. Spring Framework (2010)Google Scholar
  21. 21.
    Sutton Jr., S.M.: N degrees of separation: multi-dimensional separation of concerns. In: International Conference on Software Engineering, pp. 107–119 (1999)Google Scholar
  22. 22.
    The Object Management Group (OMG). UML Profile for Modeling QoS and Fault Tolerance Characteristics and Mechanisms Version 1.1 (2008)Google Scholar
  23. 23.
    Web Services Interoperability Organization, http://www.ws-i.org
  24. 24.
    WS-I. Sample Architecture Usage Scenarios (2003)Google Scholar
  25. 25.
    WS-I. Supply Chain Management Sample Architecture (2003)Google Scholar
  26. 26.
    WS-I. Sample Applications Security Architecture Document (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Juan Pedro Silva Gallino
    • 1
  • Miguel de Miguel
    • 1
  • Javier F. Briones
    • 1
  • Alejandro Alonso
    • 1
  1. 1.Universidad Politécnica de Madrid (UPM)Spain

Personalised recommendations