Skip to main content
SpringerLink
Log in

Integration and Exchangeability of External Security-Critical Web Services in a Model-Driven Approach

  • Conference paper
  • First Online:
Book cover Advances in Conceptual Modeling (ER 2015)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 9382))

Included in the following conference series:

  • 1181 Accesses

Abstract

Model-driven approaches facilitate the development of applications by introducing domain-specific abstractions. Our model-driven approach called SecureMDD supports the domain of security-critical applications that use web services. Because many applications use external web services (i.e. services developed and provided by someone else), the integration of such web services is an important task of a model-driven approach. In this paper we present an approach to integrate and exchange external developed web services that use standard or non-standard cryptographic protocols, in security-critical applications. All necessary information is defined in an abstract way in the application model, which means that no manual changes of the generated code are necessary. We also show how security properties for the whole system including external web services can be defined and proved. For demonstration we use a web shop case study that integrates an external payment service.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    www.isse.de/securemdd.

  2. 2.

    axis.apache.org/axis2.

  3. 3.

    jibx.sourceforge.net.

  4. 4.

    xmlmodeling.com/hypermodel/.

References

  1. Armando, A., Arsac, W., Avanesov, T., Barletta, M., Calvi, A., Cappai, A., Carbone, R., Chevalier, Y., Compagna, L., Cuéllar, J., Erzse, G., Frau, S., Minea, M., Mödersheim, S., von Oheimb, D., Pellegrino, G., Ponta, S.E., Rocchetto, M., Rusinowitch, M., Torabi Dashti, M., Turuani, M., Viganò, L.: The AVANTSSAR platform for the automated validation of trust and security of service-oriented architectures. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 267–282. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  2. Bagheri Hariri, B., Calvanese, D., De Giacomo, G., Deutsch, A., Montali, M.: Verification of relational data-centric dynamic systems with external services. In: Proceedings of the 32nd Symposium on Principles of Database Systems, pp. 163–174. ACM (2013)

    Google Scholar 

  3. Baïna, K., Benatallah, B., Casati, F., Toumani, F.: Model-driven web service development. In: Persson, A., Stirna, J. (eds.) CAiSE 2004. LNCS, vol. 3084, pp. 290–306. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  4. Balser, M., Reif, W., Schellhorn, G., Stenzel, K., Thums, A.: Formal system development with KIV. In: Maibaum, T. (ed.) FASE 2000. LNCS, vol. 1783, p. 363. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  5. Benatallah, B., Sheng, Q.Z., Dumas, M.: The self-serv environment for web services composition. Internet Comput. IEEE 7(1), 40–48 (2003)

    Article  Google Scholar 

  6. Borek, M., Moebius, N., Stenzel, K., Reif, W.: Model-driven development of secure service applications. In: 2012 35th Annual IEEE Software Engineering Workshop (SEW), pp. 62–71. IEEE (2012)

    Google Scholar 

  7. Borek, M., Moebius, N., Stenzel, K., Reif, W.: Model checking of security-critical applications in a model-driven approach. In: Hierons, R.M., Merayo, M.G., Bravetti, M. (eds.) SEFM 2013. LNCS, vol. 8137, pp. 76–90. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  8. Borek, M., Moebius, N., Stenzel, K., Reif, W.: Security requirements formalized with OCL in a model-driven approach. In: Model-Driven Requirements Engineering Workshop (MoDRE), pp. 65–73. IEEE (2013)

    Google Scholar 

  9. de Castro, V., Marcos, E., Vela, B.: Representing wsdl with extended uml. Revista Columbiana de Computation, vol. 5 (2004)

    Google Scholar 

  10. Gronmo, R., Skogan, D., Solheim, I., Oldevik, J.: Model-driven web services development. In: 2004 IEEE International Conference on e-Technology, e-Commerce and e-Service, EEE 2004, pp. 42–45. IEEE (2004)

    Google Scholar 

  11. Jensen, M., Feja, S.: A security modeling approach for web-service-based business processes. In: 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems, ECBS 2009, pp. 340–347. IEEE (2009)

    Google Scholar 

  12. Katkalov, K., Moebius, N., Stenzel, K., Borek, M., Reif, W.: Modeling test cases for security protocols with SecureMDD. Comput. Netw. 58, 99–111 (2013)

    Article  Google Scholar 

  13. Mayer, P.: MDD4SOA: model-driven development for service-oriented architectures. Ph.D. thesis, lmu (2010)

    Google Scholar 

  14. Menzel, M.: Model-driven security in service-oriented architectures. Ph.D. thesis, Potsdam University (2011). http://opus.kobv.de/ubp/volltexte/2012/5905/

  15. Moebius, N., Stenzel, K., Reif, W.: Modeling security-critical applications with UML in the secureMDD approach. Int. J. Adv. Soft. 1(1), 59–79 (2008)

    Google Scholar 

  16. Moebius, N., Stenzel, K., Reif, W.: Generating formal specifications for security-critical applications - a model-driven approach. In: ICSE 2009 Workshop: International Workshop on Software Engineering for Secure Systems (SESS 2009). IEEE/ACM Digital Libary (2009)

    Google Scholar 

  17. Moebius, N., Stenzel, K., Reif, W.: Formal verification of application-specific security properties in a model-driven approach. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 166–181. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  18. Nakamura, Y., Tatsubori, M., Imamura, T., Ono, K.: Model-driven security based on a web services security architecture. In: IEEE International Conference on Services Computing, pp. 7–15. IEEE Press (2005)

    Google Scholar 

  19. Nolte, S.: QVT-Operational Mappings: Modellierung mit der Query Views Transformation. Springer, Heidelberg (2009)

    Google Scholar 

  20. Pironti, A., Pozza, D., Sisto, R.: Formally-based semi-automatic implementation of an open security protocol. J. Syst. Softw. 85(4), 835–849 (2012)

    Article  Google Scholar 

  21. Sun Microsystems Inc., Java Card 2.2 Specification (2002). http://java.sun.com/products/javacard/

  22. Thöne, S., Depke, R., Engels, G.: Process-oriented, flexible composition of web services with UML. In: Olivé, À., Yoshikawa, M., Yu, E.S.K. (eds.) ER 2003. LNCS, vol. 2784, pp. 390–401. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Software Engineering, University of Augsburg, Augsburg, Germany

    Marian Borek, Kurt Stenzel, Kuzman Katkalov & Wolfgang Reif

Authors
  1. Marian Borek
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kurt Stenzel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kuzman Katkalov
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Wolfgang Reif
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marian Borek .

Editor information

Editors and Affiliations

  1. University of Skövde, Skövde, Sweden

    Manfred A. Jeusfeld

  2. Indian Institute of Technology, Gujarat, India

    Kamalakar Karlapalem

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Borek, M., Stenzel, K., Katkalov, K., Reif, W. (2015). Integration and Exchangeability of External Security-Critical Web Services in a Model-Driven Approach. In: Jeusfeld, M., Karlapalem, K. (eds) Advances in Conceptual Modeling. ER 2015. Lecture Notes in Computer Science(), vol 9382. Springer, Cham. https://doi.org/10.1007/978-3-319-25747-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25747-1_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25746-4

  • Online ISBN: 978-3-319-25747-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation