Skip to main content
SpringerLink
Log in

Model Driven Security Engineering for the Realization of Dynamic Security Requirements in Collaborative Systems

  • Conference paper
Models in Software Engineering (MODELS 2006)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 4364))

Abstract

Service Oriented Architectures with underlying technologies like web services and web services orchestration have opened the door to a wide range of novel application scenarios, especially in the context of inter-organizational cooperation. One of the remaining obstacles for a wide-spread use of these techniques is security. Companies and organizations open their systems and core business processes to partners only if a high level of trust can be guaranteed. The emergence of web services security standards provides a valuable and effective paradigm for addressing the security issues arising in the context of inter-organizational cooperation. The low level of abstraction of these standards is, however, still an unresolved issue which makes them inaccessible to the domain expert and remains a major obstacle when aligning security objectives with the customer needs. Their complexity makes implementation easily prone of error. This paper provides a bird eye view of a doctoral work, where an effort is made to develop a conceptual framework – called SECTET in order to apply model driven security engineering techniques for the realization of high-level security requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alam, M., Hafner, M., Breu, R.: Modeling Authorization in a SOA based Application Scenario. In: IASTED Software Engineering (2006)

    Google Scholar 

  2. Jürjens, J.: Secure Systems Development with UML

    Google Scholar 

  3. Alam, M., et al.: A Framework for Modeling Restricted Delegation in Service Oriented Architecture. In: To Appear in TrustBus (2006)

    Google Scholar 

  4. Model Driven Security for Web Services (MDS4WS). INMIC2004, (2004), DOI 10.1109/INMIC.2004.1492930

    Google Scholar 

  5. Alam, M., et al.: Modeling Permissions in a (U/X)ML World. In: IEEE ARES, IEEE Computer Society Press, Los Alamitos (2006)

    Google Scholar 

  6. Hafner, M., et al.: A Security Architecture For Inter-organizational Workflows-Putting WS Security Standards Together. In: ICEIS (2005)

    Google Scholar 

  7. Hafner, M., et al.: Modeling Inter-organizational Workflow Security in a Peer-to-Peer Environment. In: IEEE ICWS, IEEE Computer Society Press, Los Alamitos (2005)

    Google Scholar 

  8. Hafner, M., et al.: SECTET – An Extensible Framework for the Realization of Secure Inter-Organizational Workflows. In: Accepted for ICEIS (2006)

    Google Scholar 

  9. Hafner, M., Alam, M., Breu, R.: A MOF/QVT-based Domain Architecture for Model Driven Security. In: To Appear in IEEE/ACM Models, ACM Press, New York (2006)

    Google Scholar 

  10. Schumacher, M. (ed.): Security Engineering with Patterns. LNCS, vol. 2754, pp. 3–540. Springer, Heidelberg (2003)

    MATH  Google Scholar 

  11. Model Driven Architecture. http://www.omg.org/mda

  12. OAW For EMF Example available at. http://www.eclipse.org/gmt/oaw/doc/30_emfExample.pdf

  13. Object Management Group. http://www.omg.org

  14. Query View Transformation: OMG Adapted Specification available at, http://www.omg.org/docs/ptc/05-11-01.pdf

  15. Breu, R., et al.: Model Driven Security for Inter-Organizational Workflows in e-Government. In: Böhlen, M.H., Gamper, J., Polasek, W., Wimmer, M.A. (eds.) TCGOV 2005. LNCS (LNAI), vol. 3416, pp. 3–540. Springer, Heidelberg (2005)

    Google Scholar 

  16. Breu, R., et al.: Web service engineering - advancing a new software engineering discipline. In: Lowe, D.G., Gaedke, M. (eds.) ICWE 2005. LNCS, vol. 3579, Springer, Heidelberg (2005)

    Google Scholar 

  17. Role Based Access Control available at, http://csrc.nist.gov/rbac/

  18. Brahe, S., Osterbye, K.: Business Process Modeling: Defining Domain Specific Modeling Languages by Use of UML Profiles. In: Rensink, A., Warmer, J. (eds.) ECMDA-FA 2006. LNCS, vol. 4066, pp. 241–255. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  19. SECTETPL: A Predicative Language for the Specification of Access Rights available at, http://qe-informatik.uibk.ac.at/~muhammad/TechnicalReportSECTETPL.pdf

  20. Lodderstedt, T., Basin, D., Doser, J.: A UML Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) «UML» 2002 - The Unified Modeling Language. Model Engineering, Concepts, and Tools. LNCS, vol. 2460, Springer, Heidelberg (2002)

    Google Scholar 

  21. UML 2.0 OCL Specification available at, http://www.omg.org/docs/ptc/03-10-14.pdf

  22. Web service security specifications, available at, http://www.oasis-open.org/specs/index.php

  23. XACML 2.0 Specification Set. http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml

Download references

Author information

Authors and Affiliations

  1. Research Group Quality Engineering – Institut für Informatik, University of Innsbruck, Austria

    Muhammad Alam

Authors
  1. Muhammad Alam
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Thomas Kühne

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer Berlin Heidelberg

About this paper

Cite this paper

Alam, M. (2007). Model Driven Security Engineering for the Realization of Dynamic Security Requirements in Collaborative Systems. In: Kühne, T. (eds) Models in Software Engineering. MODELS 2006. Lecture Notes in Computer Science, vol 4364. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69489-2_34

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-69489-2_34

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-69488-5

  • Online ISBN: 978-3-540-69489-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation