Abstract
Model-driven approaches facilitate the development of applications by introducing domain-specific abstractions. Our model-driven approach called SecureMDD supports the domain of security-critical applications that use web services. Because many applications use external web services (i.e. services developed and provided by someone else), the integration of such web services is an important task of a model-driven approach. In this paper we present an approach to integrate and exchange external developed web services that use standard or non-standard cryptographic protocols, in security-critical applications. All necessary information is defined in an abstract way in the application model, which means that no manual changes of the generated code are necessary. We also show how security properties for the whole system including external web services can be defined and proved. For demonstration we use a web shop case study that integrates an external payment service.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
axis.apache.org/axis2.
- 3.
jibx.sourceforge.net.
- 4.
xmlmodeling.com/hypermodel/.
References
Armando, A., Arsac, W., Avanesov, T., Barletta, M., Calvi, A., Cappai, A., Carbone, R., Chevalier, Y., Compagna, L., Cuéllar, J., Erzse, G., Frau, S., Minea, M., Mödersheim, S., von Oheimb, D., Pellegrino, G., Ponta, S.E., Rocchetto, M., Rusinowitch, M., Torabi Dashti, M., Turuani, M., Viganò, L.: The AVANTSSAR platform for the automated validation of trust and security of service-oriented architectures. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 267–282. Springer, Heidelberg (2012)
Bagheri Hariri, B., Calvanese, D., De Giacomo, G., Deutsch, A., Montali, M.: Verification of relational data-centric dynamic systems with external services. In: Proceedings of the 32nd Symposium on Principles of Database Systems, pp. 163–174. ACM (2013)
Baïna, K., Benatallah, B., Casati, F., Toumani, F.: Model-driven web service development. In: Persson, A., Stirna, J. (eds.) CAiSE 2004. LNCS, vol. 3084, pp. 290–306. Springer, Heidelberg (2004)
Balser, M., Reif, W., Schellhorn, G., Stenzel, K., Thums, A.: Formal system development with KIV. In: Maibaum, T. (ed.) FASE 2000. LNCS, vol. 1783, p. 363. Springer, Heidelberg (2000)
Benatallah, B., Sheng, Q.Z., Dumas, M.: The self-serv environment for web services composition. Internet Comput. IEEE 7(1), 40–48 (2003)
Borek, M., Moebius, N., Stenzel, K., Reif, W.: Model-driven development of secure service applications. In: 2012 35th Annual IEEE Software Engineering Workshop (SEW), pp. 62–71. IEEE (2012)
Borek, M., Moebius, N., Stenzel, K., Reif, W.: Model checking of security-critical applications in a model-driven approach. In: Hierons, R.M., Merayo, M.G., Bravetti, M. (eds.) SEFM 2013. LNCS, vol. 8137, pp. 76–90. Springer, Heidelberg (2013)
Borek, M., Moebius, N., Stenzel, K., Reif, W.: Security requirements formalized with OCL in a model-driven approach. In: Model-Driven Requirements Engineering Workshop (MoDRE), pp. 65–73. IEEE (2013)
de Castro, V., Marcos, E., Vela, B.: Representing wsdl with extended uml. Revista Columbiana de Computation, vol. 5 (2004)
Gronmo, R., Skogan, D., Solheim, I., Oldevik, J.: Model-driven web services development. In: 2004 IEEE International Conference on e-Technology, e-Commerce and e-Service, EEE 2004, pp. 42–45. IEEE (2004)
Jensen, M., Feja, S.: A security modeling approach for web-service-based business processes. In: 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems, ECBS 2009, pp. 340–347. IEEE (2009)
Katkalov, K., Moebius, N., Stenzel, K., Borek, M., Reif, W.: Modeling test cases for security protocols with SecureMDD. Comput. Netw. 58, 99–111 (2013)
Mayer, P.: MDD4SOA: model-driven development for service-oriented architectures. Ph.D. thesis, lmu (2010)
Menzel, M.: Model-driven security in service-oriented architectures. Ph.D. thesis, Potsdam University (2011). http://opus.kobv.de/ubp/volltexte/2012/5905/
Moebius, N., Stenzel, K., Reif, W.: Modeling security-critical applications with UML in the secureMDD approach. Int. J. Adv. Soft. 1(1), 59–79 (2008)
Moebius, N., Stenzel, K., Reif, W.: Generating formal specifications for security-critical applications - a model-driven approach. In: ICSE 2009 Workshop: International Workshop on Software Engineering for Secure Systems (SESS 2009). IEEE/ACM Digital Libary (2009)
Moebius, N., Stenzel, K., Reif, W.: Formal verification of application-specific security properties in a model-driven approach. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 166–181. Springer, Heidelberg (2010)
Nakamura, Y., Tatsubori, M., Imamura, T., Ono, K.: Model-driven security based on a web services security architecture. In: IEEE International Conference on Services Computing, pp. 7–15. IEEE Press (2005)
Nolte, S.: QVT-Operational Mappings: Modellierung mit der Query Views Transformation. Springer, Heidelberg (2009)
Pironti, A., Pozza, D., Sisto, R.: Formally-based semi-automatic implementation of an open security protocol. J. Syst. Softw. 85(4), 835–849 (2012)
Sun Microsystems Inc., Java Card 2.2 Specification (2002). http://java.sun.com/products/javacard/
Thöne, S., Depke, R., Engels, G.: Process-oriented, flexible composition of web services with UML. In: Olivé, À., Yoshikawa, M., Yu, E.S.K. (eds.) ER 2003. LNCS, vol. 2784, pp. 390–401. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Borek, M., Stenzel, K., Katkalov, K., Reif, W. (2015). Integration and Exchangeability of External Security-Critical Web Services in a Model-Driven Approach. In: Jeusfeld, M., Karlapalem, K. (eds) Advances in Conceptual Modeling. ER 2015. Lecture Notes in Computer Science(), vol 9382. Springer, Cham. https://doi.org/10.1007/978-3-319-25747-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-25747-1_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-25746-4
Online ISBN: 978-3-319-25747-1
eBook Packages: Computer ScienceComputer Science (R0)