Systematic design of secure Mobile Grid systems

Grid computing has arisen as an evolution of distributed systems mainly focused on the sharing of and remote access to resources in a uniform, transparent, secure, efficient and reliable manner. It is possible to join Grid technology and mobile technology in order to create one of the most promising technologies and developments to appear in recent years, in that they enrich one another and provide new solutions that solve many of the limitations and problems found in different technologies. Security is a very important factor in Mobile Grid Computing and is also difficult to achieve owing to the open nature of wireless networks and heterogeneous and distributed environments. Success in obtaining a secure system originates in incorporating security from the first stages of the development process. It has therefore been necessary to define a development process for this kind of systems in which security is incorporated in all stages of the development and the features and particularities of the Mobile Grid systems are taken into consideration. This paper presents one of the activities of this development process, the design activity, which consists of defining and designing a security software architecture. This architecture will be built from a security architecture, defined as reference architecture, in which security services, interfaces and operations are defined with the purpose of defining a reference security architecture which covers the majority of security requirements identified in the analysis activity. The design activity will build the system architecture that will be the input artefact for the subsequent activity in the process, which is the construction activity.

[1]  M. Angela Sasse,et al.  Bringing security home: a process for developing secure and usable systems , 2003, NSPW '03.

[2]  David A. Basin,et al.  Model driven security for process-oriented systems , 2003, SACMAT '03.

[3]  Debasish Jana,et al.  Privacy and Anonymity Protection in Computational Grid Services , 2009, Int. J. Comput. Sci. Appl..

[4]  Ian Foster,et al.  The Security Architecture for Open Grid Services , 2002 .

[5]  Haralambos Mouratidis,et al.  Integrating Security and Software Engineering: Advances and Future Visions , 2006 .

[6]  Mohammad Ilyas,et al.  Mobile Computing Handbook , 2004 .

[7]  Haralambos Mouratidis,et al.  Secure Tropos: a Security-Oriented Extension of the Tropos Methodology , 2007, Int. J. Softw. Eng. Knowl. Eng..

[8]  Sungyoung Lee,et al.  Mobile-to-Grid Middleware: An Approach for Breaching the Divide Between Mobile and Grid Environments , 2005, ICN.

[9]  Haralambos Mouratidis,et al.  Modelling security and trust with Secure Tropos , 2006 .

[10]  Mario Piattini,et al.  PSecGCM: Process for the Development of Secure Grid Computing based Systems with Mobile Devices , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[11]  Lavanya Ramakrishnan,et al.  Securing next-generation grids , 2004, IT Professional.

[12]  Ramesh Nagappan,et al.  Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[13]  Amin Vahdat,et al.  The CRISIS Wide Area Security Architecture , 1998, USENIX Security Symposium.

[14]  RICHAFID BASKERVILLE,et al.  Information systems security design methods: implications for information systems development , 1993, CSUR.

[15]  Janet Truitt Jenkins,et al.  Pragmatic Security for Constrained Wireless Networks , 2007 .

[16]  Theodora Varvarigou,et al.  MOBILE GRID COMPUTING: CHANGES AND CHALLENGES OF RESOURCE MANAGEMENT IN A ΜOBILE GRID ENVIRONMENT , 2003 .

[17]  Tom Mens,et al.  A Taxonomy of Model Transformation , 2006, GRaMoT@GPCE.

[18]  Mario Piattini,et al.  PWSSec: Process for Web Services Security , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[19]  Eduardo Fernández-Medina,et al.  Security services architecture for Secure Mobile Grid Systems , 2011, J. Syst. Archit..

[20]  Ruth Breu,et al.  Model-Driven Security Engineering for Trust Management in SECTET , 2007, J. Softw..

[21]  Salim Raza Qureshi,et al.  Integration of Mobile Computing with Grid Computing : A Middleware Architecture , 2008 .

[22]  Terry Komperda,et al.  Securing the Grid , 2013 .

[23]  Ian T. Foster,et al.  Security for Grid services , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[24]  Javier Lopez,et al.  Grid Security Architecture: Requirements, Fundamentals, Standards and Models , 2007 .

[25]  Andrew S. Tanenbaum,et al.  Globe: a wide area distributed system , 1999, IEEE Concurr..

[26]  Sushil Jajodia,et al.  Model-Driven Development for secure information systems , 2009, Inf. Softw. Technol..

[27]  Thomas Phan,et al.  Challenge: integrating mobile wireless devices into the computational grid , 2002, MobiCom '02.

[28]  Ivar Jacobson,et al.  The Unified Software Development Process , 1999 .

[29]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[30]  Jack Dongarra,et al.  Scheduling in the Grid application development software project , 2004 .

[31]  Geng Yang,et al.  A Scalable Security Architecture for Grid , 2005, Sixth International Conference on Parallel and Distributed Computing Applications and Technologies (PDCAT'05).

[32]  Jan Jürjens,et al.  Model-based security analysis for mobile communications , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.

[33]  Erika Asnina,et al.  Enterprise Modeling for Information System Development within MDA , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[34]  Daniel Serrano,et al.  Development of Applications Based on Security Patterns , 2009, 2009 Second International Conference on Dependability.

[35]  Haralambos Mouratidis,et al.  A security oriented approach in the development of multiagent systems : applied to the management of the health and social care needs of older people in England , 2004 .

[36]  Young-Koo Lee,et al.  AutoMAGI - an Autonomic middleware for enabling Mobile Access to Grid Infrastructure , 2005, Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services - (icas-isns'05).

[37]  Eduardo Fernández-Medina,et al.  Reusable security use cases for mobile grid environments , 2009, 2009 ICSE Workshop on Software Engineering for Secure Systems.

[38]  Andrew S. Grimshaw,et al.  A new model of security for metasystems , 1999, Future Gener. Comput. Syst..

[39]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[40]  Jie Wu,et al.  On building secure SCADA systems using security patterns , 2009, CSIIRW '09.

[41]  Tobias Straub,et al.  Grid Security Infrastructure , 2006 .

[42]  Thomas Phan,et al.  Integrating Mobile Wireless Devices into the Computational Grid , 2004, Mobile Computing Handbook.

[43]  Mario Piattini,et al.  Developing a Secure Mobile Grid System through a UML Extension , 2010, J. Univers. Comput. Sci..

[44]  R. M. Kolonay Grid interactive service-oriented programming environment , 2004 .

[45]  Eduardo B. Fernández,et al.  Security patterns and secure systems design , 2007, ACM-SE 45.

[46]  Eduardo B. Fernandez,et al.  A Methodology to Develop Secure Systems Using Patterns , 2006 .

[47]  Christian Salzmann,et al.  Towards a model-based and incremental development process for service-based systems , 2004, IASTED Conf. on Software Engineering.

[48]  C.B. Westphall,et al.  Grid-M: Middleware to Integrate Mobile Devices, Sensors and Grid Computing , 2007, 2007 Third International Conference on Wireless and Mobile Communications (ICWMC'07).

[49]  Recommended Practice for Architectural Description of Software-Intensive Systems , 1999 .

[50]  P. Bellavista,et al.  The Handbook of Mobile Middleware , 2006 .

[51]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[52]  Mario Piattini,et al.  Engineering Process Based on Grid Use Cases for Mobile Grid Systems , 2008, ICSOFT.

[53]  Ming Gu,et al.  Enhancing Grid Security Infrastructure to Support Mobile Computing Nodes , 2003, WISA.

[54]  Mario Piattini,et al.  Obtaining Security Requirements for a Mobile Grid System , 2009, Int. J. Grid High Perform. Comput..

[55]  Jorge Luis Nicolas Audy,et al.  A SPEM based Software Process Improvement Meta-model , 2010, ICEIS.

[56]  Marty Humphrey,et al.  Security for Grids , 2005, Proceedings of the IEEE.

[57]  Haeng-Kon Kim,et al.  Automatic Translation Form Requirements Model into Use Cases Modeling on UML , 2005, ICCSA.

[58]  Eduardo Fernández-Medina,et al.  Towards a UML Extension of Reusable Secure Use Cases for Mobile Grid Systems , 2011, IEICE Trans. Inf. Syst..

[59]  Marty Humphrey,et al.  Mobile OGSI.NET: grid computing on mobile devices , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.

[60]  Mario Piattini,et al.  Analysis of Secure Mobile Grid Systems: A systematic approach , 2010, Inf. Softw. Technol..

[61]  Eduardo Fernández-Medina,et al.  Applying a UML Extension to Build Use Cases Diagrams in a Secure Mobile Grid Application , 2009, ER Workshops.

[62]  Sungyoung Lee,et al.  Mobile-to-Grid Middleware: Bridging the Gap Between Mobile and Grid Environments , 2005, EGC.

[63]  Jörn Eichler Towards a Security Engineering Process Model for Electronic Business Processes , 2012, ArXiv.

[64]  David De Roure,et al.  A Grid Service Infrastructure for Mobile Devices , 2005, 2005 First International Conference on Semantics, Knowledge and Grid.

[65]  Ian Foster,et al.  The Grid 2 - Blueprint for a New Computing Infrastructure, Second Edition , 1998, The Grid 2, 2nd Edition.

[66]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.