Abstract
Security requirements are typically defined at a business abstract level by non-technical security officers. However, in order to fulfill the security requirements, technical security controls or mechanisms have to be considered and deployed on the target system. Based on these security controls security patterns have to be selected. The MDS (Model Driven Security) approach uses security requirement models at a high level of abstraction to automatically generate security artefacts that configure security services. The main drawback of the current MDS solutions is that they consider just one security pattern for each security requirement. Current SOA and cloud services are scattered across multiple heterogeneous security domains. Partners and clients with different security infrastructures are changing continuously, which requires the support of multiple patterns for the same security service. The challenge is to provide configurable security services that can support different patterns. In order to overcome this shortcoming we propose a framework that integrates pattern refinement to the MDS approach. In this approach a security pattern refinement layer is added to the traditional MDS layers. The pattern refinement layer supports the configuration of one security service with different patterns, which are stored in a pattern catalog. For example, our approach enables the generation of security artefacts that configure a non-repudiation service to support both fair non-repudiation and naive non-repudiation patterns.
This work is supported by QE LaB - Living Models for Open Systems (FFG 822740), COSEMA - funded by the Tiroler Zukunftsstiftung, SecureChange (ICT-FET-231101) EU project, and SECTISSIMO (P-20388) FWF project.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Basin, D., Doser, J., Lodderstedt, T.: Model Driven Security: From UML Models to Access Control Infrastructures. ACM Trans. Softw. Eng. Methodol. 15(1), 39–91 (2006)
Datta, A., Derek, A., Mitchell, J., Pavlovic, D.: A derivation system and compositional logic for security protocols. J. Comput. Secur. 13(3), 423–482 (2005)
David, R., Carlos, G., Fernandez-Medina, E., Piattini, M.: Security patterns and requirements for internet-based applications. Internet Research 16(5), 519–536 (2006)
Delessy, N., Fernandez, E.B.: A Pattern-Driven Security Process for SOA Applications. In: ARES 2008: Proceedings of the 2008 Third International Conference on Availability, Reliability and Security, pp. 416–421. IEEE Computer Society, Washington, DC (2008)
Fernandez, E.B., Washizaki, H., Yoshioka, N.: Abstract Security Patterns. In: SPAQu 2008 - 2nd Int. Workshop on Software Patterns and Quality (2008), http://patterns-wg.fuka.info.waseda.ac.jp/SPAQU/
Hafner, M.: SECTET A Domain Architecture for Model Driven Security. PhD Thesis (November 2006)
Hafner, M., Breu, R.: Security Engineering for Service-oriented Architectures. Springer (October 2008)
Hafner, M., Memon, M., Breu, R.: SeAAS - A Reference Architecture for Security Services in SOA. Journal of Universal Computer Science 15(15), 2916–2936 (2009), http://www.jucs.org/jucs_15_15/seaas_a_reference_architecture
Juerjens, J.: Secure Systems Development with UML. Springer (2004)
Lang, U., Schreiner, R.: Developing Secure Distributed Systems with CORBA. Artech House, Inc., Norwood (2002)
OASIS. Extensible Access Control Markup Language (XACML) (2006), http://www.oasis-open.org
Rodriguez, A., Fernandez-Medina, E., Piattini, M.: A BPMN Extension for the Modeling of Security Requirements in Business Processes. IEICE - Transactions on Information and Systems E90-D(4), 745–752 (2007)
Rosado, D.G., Fernandez-Medina, E., Piattini, M.: Comparison of Security Patterns. IJCSNS -International Journal of Computer Science and Network Security 6(2B), 139–146 (2006)
Satoh, F., Nakamura, Y., Ono, K.: Adding Authentication to Model Driven Security. In: ICWS 2006: Proceedings of the IEEE International Conference on Web Services, pp. 585–594. IEEE Computer Society, Washington, DC (2006)
Schumacher, M.: Security Engineering with Patterns: Origins, Theoretical Models, and New Applications. Springer-Verlag New York, Inc., Secaucus (2003)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)
Wimmel, G., Wisspeintner, A.: Extended Description Techniques for Security Engineering. In: Dupuy, M., Paradinas, P. (eds.) Trusted Information. IFIP, vol. 65, pp. 469–485. Springer, Boston (2002)
Wolter, C., Menzel, M., Christoph, M., et al.: Model-driven business process security requirement specification. J. Syst. Archit. 55(4), 211–223 (2009)
Wolter, C., Menzel, M., Meinel, C.: Modelling Security Goals in Business Processes. In: Modellierung, pp. 197–212 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Katt, B., Gander, M., Breu, R., Felderer, M. (2013). Enhancing Model Driven Security through Pattern Refinement Techniques. In: Beckert, B., Damiani, F., de Boer, F.S., Bonsangue, M.M. (eds) Formal Methods for Components and Objects. FMCO 2011. Lecture Notes in Computer Science, vol 7542. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35887-6_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-35887-6_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35886-9
Online ISBN: 978-3-642-35887-6
eBook Packages: Computer ScienceComputer Science (R0)