Model driven security engineering for the realization of dynamic security requirements in collaborative systems

Service Oriented Architectures with underlying technologies like web services and web services orchestration have opened the door to a wide range of novel application scenarios, especially in the context of inter-organizational cooperation. One of the remaining obstacles for a wide-spread use of these techniques is security. Companies and organizations open their systems and core business processes to partners only if a high level of trust can be guaranteed. The emergence of web services security standards provides a valuable and effective paradigm for addressing the security issues arising in the context of inter-organizational cooperation. The low level of abstraction of these standards is, however, still an unresolved issue which makes them inaccessible to the domain expert and remains a major obstacle when aligning security objectives with the customer needs. Their complexity makes implementation easily prone of error. This paper provides a bird eye view of a doctoral work, where an effort is made to develop a conceptual framework - called SECTET in order to apply model driven security engineering techniques for the realization of high-level security requirements.

[1]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[2]  Kasper Østerbye,et al.  Business Process Modeling: Defining Domain Specific Modeling Languages by Use of UML Profiles , 2006, ECMDA-FA.

[3]  Michael H. Böhlen,et al.  E-Government: Towards Electronic Democracy, International Conference, TCGOV 2005, Bolzano, Italy, March 2-4, 2005, Proceedings , 2005, TCGOV.

[4]  Ruth Breu,et al.  Modeling permissions in a (U/X)ML world , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[5]  Markus Schumacher,et al.  Security Engineering with Patterns: Origins, Theoretical Models, and New Applications , 2003 .

[6]  Jean-Marc Jézéquel,et al.  ≪UML≫ 2002 — The Unified Modeling Language , 2002, Lecture Notes in Computer Science.

[7]  Ruth Breu,et al.  Model Driven Security for Inter-organizational Workflows in e-Government , 2005, TCGOV.

[8]  M. Breu,et al.  Model driven security for Web services (MDS4WS) , 2004, 8th International Multitopic Conference, 2004. Proceedings of INMIC 2004..

[9]  Ruth Breu,et al.  A Security Architecture for Inter-Organizational Workflows: Putting Security Standards for Web Services Together , 2005, ICEIS.

[10]  Gustavo Rossi,et al.  Web Engineering , 2001, Lecture Notes in Computer Science.

[11]  Ruth Breu,et al.  Towards a MOF/QVT-Based domain architecture for model driven security , 2006, MoDELS'06.

[12]  Ruth Breu,et al.  Web Service Engineering - Advancing a New Software Engineering Discipline , 2005, ICWE.

[13]  Ruth Breu,et al.  Sectet: an extensible framework for the realization of secure inter-organizational workflows , 2006, Internet Res..

[14]  Ruth Breu,et al.  Modeling Authorization in an SOA based Application Scenario , 2006, IASTED Conf. on Software Engineering.

[15]  Ruth Breu,et al.  A Framework for Modeling Restricted Delegation in Service Oriented Architecture , 2006, TrustBus.

[16]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[17]  Ruth Breu,et al.  Modelling inter-organizational workflow security in a peer-to-peer environment , 2005, IEEE International Conference on Web Services (ICWS'05).

[18]  Markus Schumacher,et al.  Security Engineering with Patterns , 2003, Lecture Notes in Computer Science.

[19]  Axel Uhl,et al.  Model-Driven Architecture , 2002, OOIS Workshops.