Reusable security use cases for mobile grid environments

Due to the growing complexity of software development, developing software through systematic processes is becoming more and more important. Likewise, it is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. In the last years, GRID technology has shown to be the most important one and it allows us to build very complex information systems with different and remarkable features (interoperability between multiple security domains, cross-domain authentication and authorization, dynamic, heterogeneous and limited mobile devices, etc). Traditionally, systems based on GRID Computing have not been developed through adequate methodologies and have not taken into account security requirements throughout their development, only offering security technical solutions at the implementation stages. This paper shows part of a development methodology that we are elaborating for the construction of information systems based on Grid Computing highly dependent on mobile devices where security plays a very important role. Specifically, in this paper, we will present the analysis phase, managed by reusable use cases through which we can define the requirements and needs of these systems obtaining an analysis model that can be used as input to the following phase of the methodology, the design phase of mobile Grid systems.

[1]  Wouter Joosen,et al.  Resolving least privilege violations in software architectures , 2009, 2009 ICSE Workshop on Software Engineering for Secure Systems.

[2]  Sungyoung Lee,et al.  Mobile-to-Grid Middleware: Bridging the Gap Between Mobile and Grid Environments , 2005, EGC.

[3]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[4]  Janet Truitt Jenkins,et al.  Pragmatic Security for Constrained Wireless Networks , 2007 .

[5]  Ivar Jacobson,et al.  The Unified Software Development Process , 1999 .

[6]  R. M. Kolonay Grid interactive service-oriented programming environment , 2004 .

[7]  Felix Bachmann,et al.  Security and Survivability Reasoning Frameworks and Architectural Design Tactics , 2004 .

[8]  Douglas C. Schmidt,et al.  Guest Editor's Introduction: Model-Driven Engineering , 2006, Computer.

[9]  Jan Jürjens,et al.  Secure systems development with UML , 2004 .

[10]  Jack Dongarra,et al.  Scheduling in the Grid application development software project , 2004 .

[11]  Haralambos Mouratidis,et al.  Integrating Security and Software Engineering: Advances and Future Visions , 2006 .

[12]  Young-Bae Ko,et al.  Disconnected Operation Service in Mobile Grid Computing , 2003, ICSOC.

[13]  Antonio Puliafito,et al.  Communication paradigms for mobile grid users , 2003, CCGrid 2003. 3rd IEEE/ACM International Symposium on Cluster Computing and the Grid, 2003. Proceedings..

[14]  Mattia Monga,et al.  A hybrid analysis framework for detecting web application vulnerabilities , 2009, 2009 ICSE Workshop on Software Engineering for Secure Systems.

[15]  M. Angela Sasse,et al.  Bringing security home: a process for developing secure and usable systems , 2003, NSPW '03.

[16]  Ian Foster,et al.  The Grid 2 - Blueprint for a New Computing Infrastructure, Second Edition , 1998, The Grid 2, 2nd Edition.

[17]  David A. Basin,et al.  Model driven security for process-oriented systems , 2003, SACMAT '03.

[18]  Ruth Breu,et al.  Security-critical system development with extended use cases , 2003, Tenth Asia-Pacific Software Engineering Conference, 2003..

[19]  Bashar Nuseibeh,et al.  A framework for security requirements engineering , 2006, SESS '06.

[20]  Philippe Kruchten,et al.  The Rational Unified Process: An Introduction, Second Edition , 2000 .

[21]  Ruth Breu,et al.  Key Issues of a Formally Based Process Model for Security Engineer-ing , 2003 .

[22]  Mario Piattini,et al.  PSecGCM: Process for the Development of Secure Grid Computing based Systems with Mobile Devices , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[23]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[24]  Jarek Nabrzyski,et al.  Grid resource management: state of the art and future trends , 2004 .

[25]  Jan Jürjens,et al.  Towards Development of Secure Systems Using UMLsec , 2001, FASE.

[26]  Marty Humphrey,et al.  Beyond the "device as portal": meeting the requirements of wireless and mobile devices in the legion grid computing system , 2002, Proceedings 16th International Parallel and Distributed Processing Symposium.

[27]  Stuart Kent,et al.  Model Driven Engineering , 2002, IFM.

[28]  Marty Humphrey,et al.  Security for Grids , 2005, Proceedings of the IEEE.

[29]  Jan Jürjens,et al.  UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[30]  Anirban Chakrabarti,et al.  Grid Computing Security: A Taxonomy , 2008, IEEE Security & Privacy.

[31]  Ming Gu,et al.  Enhancing Grid Security Infrastructure to Support Mobile Computing Nodes , 2003, WISA.

[32]  Lillian. Rostad An extended misuse case notation: Including vulnerabilities and the insider threat , 2006 .

[33]  Mario Piattini,et al.  Obtaining Security Requirements for a Mobile Grid System , 2009, Int. J. Grid High Perform. Comput..

[34]  Mario Piattini,et al.  Engineering Process Based on Grid Use Cases for Mobile Grid Systems , 2008, ICSOFT.

[35]  Philippe Kruchten,et al.  What Is the Rational Unified Process ? , 2001 .

[36]  Theodora Varvarigou,et al.  MOBILE GRID COMPUTING: CHANGES AND CHALLENGES OF RESOURCE MANAGEMENT IN A ΜOBILE GRID ENVIRONMENT , 2003 .

[37]  David De Roure,et al.  A Grid Service Infrastructure for Mobile Devices , 2005, 2005 First International Conference on Semantics, Knowledge and Grid.

[38]  Thomas Phan,et al.  Challenge: integrating mobile wireless devices into the computational grid , 2002, MobiCom '02.

[39]  P. Krutchen,et al.  The Rational Unified Process: An Introduction , 2000 .

[40]  Marty Humphrey,et al.  Mobile OGSI.NET: grid computing on mobile devices , 2004, Fifth IEEE/ACM International Workshop on Grid Computing.