Realizing model driven security for inter-organizational workflows with WS-CDL and UML 2.0

The growing popularity of standards related to Web services, Web services security and workflows boosted the implementation of powerful infrastructures supporting interoperability for inter-organizational workflows. Nevertheless, the realization of such workflows is a very complex task, in many aspects still bound to low-level technical knowledge and error-prone. We provide a framework for the realization and the management of security-critical workflows based on the paradigm of Model Driven Security. The framework complies with a hierarchical stack of Web services specifications and related technologies. In this paper, we introduce a UML based approach for the modeling of security-critical inter-organizational workflows and map it to the Web Services Choreography Description Language. Our approach is based on a set of security patterns, which are integrated into UML class and activity diagrams. A tool translates the models into executable artifacts configuring a reference architecture based on Web services.

[1]  Gerti Kappel,et al.  Comparing WSDL-Based and ebXML-Based Approaches for B2B Protocol Specification , 2003, ICSOC.

[2]  Ehud Gudes,et al.  Modeling, Specifying and Implementing Workflow Security in Cyberspace , 1999, J. Comput. Secur..

[3]  Giovanni Della-Libera,et al.  Web Services Trust Language (WS-Trust) , 2002 .

[4]  Remco M. Dijkman,et al.  Service-Oriented Design: A Multi-Viewpoint Approach , 2004, Int. J. Cooperative Inf. Syst..

[5]  Mark O'Neill,et al.  Web Services Security , 2003 .

[6]  Amit P. Sheth,et al.  Exception Handling in Workflow Systems , 2004, Applied Intelligence.

[7]  Akhil Kumar,et al.  W-RBAC - A Workflow Security Model Incorporating Controlled Overriding of Constraints , 2003, Int. J. Cooperative Inf. Syst..

[8]  Daniel Roth,et al.  Web Services Policy Framework (WS- Policy) , 2002 .

[9]  Vijayalakshmi Atluri,et al.  SecureFlow: a secure Web-enabled workflow management system , 1999, RBAC '99.

[10]  Wil M. P. van der Aalst,et al.  Loosely coupled interorganizational workflows: : modeling and analyzing workflows crossing organizational boundaries , 2000, Inf. Manag..

[11]  San Murugesan Web engineering , 1999, LINK.

[12]  Matjaz B. Juric,et al.  Business process execution language for web services , 2004 .

[13]  Mark Bartel,et al.  Xml-Signature Syntax and Processing , 2000 .

[14]  Ewa Orlowska,et al.  Service-Oriented Computing - ICSOC 2003 , 2003, Lecture Notes in Computer Science.

[15]  Ruth Breu,et al.  Modeling permissions in a (U/X)ML world , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[16]  Fabio Casati,et al.  Event-Based Interaction Management for Composite E-Services in eFlow , 2002, Inf. Syst. Frontiers.

[17]  Michael H. Böhlen,et al.  E-Government: Towards Electronic Democracy, International Conference, TCGOV 2005, Bolzano, Italy, March 2-4, 2005, Proceedings , 2005, TCGOV.

[18]  Mario Piattini,et al.  Web Services Security: Is the Problem Solved? , 2004, Inf. Secur. J. A Glob. Perspect..

[19]  Vijayalakshmi Atluri,et al.  Enforcing Mandatory and Discretionary Security in Workflow Management Systems , 1997, J. Comput. Secur..

[20]  Ruth Breu,et al.  Model Driven Security for Inter-organizational Workflows in e-Government , 2005, TCGOV.

[21]  David Carlson,et al.  Modeling XML Applications with UML: Practical e-Business Applications , 2001 .

[22]  Donald E. Eastlake,et al.  XML-Signature Syntax and Processing , 2001, RFC.

[23]  Anthony Hall,et al.  Correctness by Construction: Developing a Commercial Secure System , 2002, IEEE Softw..

[24]  Ruth Breu,et al.  A Security Architecture for Inter-Organizational Workflows: Putting Security Standards for Web Services Together , 2005, ICEIS.

[25]  Karl Aberer,et al.  CrossFlow: Cross-Organizational Workflow Management in Dynamic Virtual Enterprises , 2000 .

[26]  Ruth Breu,et al.  Towards a Systematic Development of Secure Systems , 2004, Inf. Secur. J. A Glob. Perspect..

[27]  D. Eastlake,et al.  XML Encryption Syntax and Processing , 2003 .

[28]  Ruth Breu,et al.  Modelling inter-organizational workflow security in a peer-to-peer environment , 2005, IEEE International Conference on Web Services (ICWS'05).

[29]  Giovanni Della-Libera,et al.  Web Services Security Policy Language (WS-SecurityPolicy) , 2002 .

[30]  Ruth Breu,et al.  Modeling and Realizing Security-Critical Inter-Organizational Workflows , 2004, IASSE.

[31]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[32]  Ruth Breu,et al.  Web Service Engineering - Advancing a New Software Engineering Discipline , 2005, ICWE.