Skip to main content
SpringerLink
Log in

Model-Driven Security Engineering of Service Oriented Systems

  • Conference paper
Information Systems and e-Business Technologies (UNISCON 2008)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 5))

Included in the following conference series:

Abstract

In this paper we present the main steps of a process for the systematic development of security critical inter-organizational applications. We employ models of the functional aspects of the system at different layers of abstraction for analyzing security requirements, risks and controls and for generating executable security services.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. SHVT Manual, Fraunhofer Institute for Secure Telecooperation (2004)

    Google Scholar 

  2. Business Process Modeling Notation (BPMN) Information (2006), Available online: http://www.bpmn.org

    Google Scholar 

  3. IHE.net: IT Infrastructure Technical Framework (2006), Available online: http://www.ihe.net

    Google Scholar 

  4. Alberts, C.J., Dorofee, A.J.: Managing information security risks: the OCTAVE approach. Pearson Education, London (2002)

    Google Scholar 

  5. Basin, D., Doser, J., Lodderstedt, T.: Model driven security for process-oriented systems. In: Proc. 8th ACM Symposium on Access Control Models and Technologies, ACM Press, New York (2003)

    Google Scholar 

  6. Breu, R., Popp, G., Alam, M.: Model-based development of access policies. Journal for Software Tools and Technology Transfer (STTT) 9, 457–470 (2007)

    Article  Google Scholar 

  7. Datta, A., Derek, A., Mitchell, J.C., Pavlovic, D.: A derivation system and compositional logic for security protocols. Journal of Computer Security 13, 423–482 (2005)

    Google Scholar 

  8. Giorgini, P., et al.: ST-Tool: A CASE Tool for Modeling and Analyzing Trust Requirements. In: Herrmann, P., Issarny, V., Shiu, S.C.K. (eds.) iTrust 2005. LNCS, vol. 3477, Springer, Heidelberg (2005)

    Google Scholar 

  9. Federal Office for Information Security (BSI). IT Baseline Protection Manual (2003), Available online: http://www.bsi.bund.de/english/gshb/manual/index.htm

    Google Scholar 

  10. Gutierrez, C., Fernandez-Medina, E., Piattini, M.: Security risk analysis in web services systems. In: Proc. SECRYPT 2006, pp. 425–430 (2006)

    Google Scholar 

  11. Hafner, M., Agreiter, B., Breu, R., Nowak, A.: SECTET — An Extensible Framework for the Realization of Secure Inter-Organizational Workflows. Journal of Internet Research (2006)

    Google Scholar 

  12. Hailey, C., Laney, R., Moffett, J., Nuseibeh, B.: Security requirements engineering, a framework for representation and analysis. IEEE Transactions on Software Engineering (to appear, 2007)

    Google Scholar 

  13. Jürjens, J.: Secure Systems Development with UML. Springer, Heidelberg (2004)

    Google Scholar 

  14. Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 426–441. Springer, Heidelberg (2002)

    Google Scholar 

  15. Peltier, T.R.: Risk analysis and risk management. Information Systems Security 13(4), 44–56 (2004)

    Article  Google Scholar 

  16. Innerhofer-Oberperfler, F., Breu, R., Yautsiukhin, A.: Quantitative assessment of enterprise security systems (submitted)

    Google Scholar 

  17. Raptis, D., Dimitrakos, T., Gran, B.A., Stølen, K.: The CORAS Approach for Model-based Risk Management applied to e-Commerce Domain. In: Proc. CMS-2002, pp. 169–181 (2002)

    Google Scholar 

  18. Rodriguez, A., Fernandez-Medina, E., Piattini, M.: Capturing Security Requirements in Business Processes Through a UML 2.0 Activity Diagrams Profile. In: Roddick, J.F., Benjamins, V.R., Si-said Cherfi, S., Chiang, R., Claramunt, C., Elmasri, R.A., Grandi, F., Han, H., Hepp, M., Lytras, M., Mišić, V.B., Poels, G., Song, I.-Y., Trujillo, J., Vangenot, C. (eds.) ER Workshops 2006. LNCS, vol. 4231, pp. 32–42. Springer, Heidelberg (2006)

    Google Scholar 

  19. Schabetsberger, T., Ammenwerth,, Breu, R., Hoerbst, A., Goebel, G., Penz, R., Schindelwig, K., Toth, H., Vogl, R., Wozak, F.: E-Health Approach to Link-up Actors in the Health Care System of Austria. Stud. Health Technol. Inform. 124

    Google Scholar 

  20. Service Central de la Securite des Systemes d’Information. Expression of needs and identification of safety objectives (EBIOS) (online, 1997)

    Google Scholar 

  21. Wozak, F., Ammenwerth, E., Breu, M., Penz, R., Schabetsberger, T., Vogl, R., Wurz, M.: Medical Data GRIDs as approach towards secure cross enterprise document sharing (based on IHE XDS). In: Proc. MIE 2006, pp. 377–383 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Universität Innsbruck, Technikerstrasse 21a, 6020, Innsbruck, Austria

    Ruth Breu, Michael Hafner & Frank Innerhofer-Oberperfler

  2. Medical Informatics and Technology, University of Health Sciences, 6060, Hall in Tirol, Austria

    Florian Wozak

Authors
  1. Ruth Breu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Hafner
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Frank Innerhofer-Oberperfler
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Florian Wozak
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Engineering and Advanced Technology, Massey University, Private Bag 756, Wellington, New Zealand

    Roland Kaschek

  2. Institute of Applied Informatics Research Group Application Engineering, Alpen-Adria-Universität Klagenfurt, Universitätsstraße 65-67, 9020, Klagenfurt, Austria

    Christian Kop , Claudia Steinberger  & Günther Fliedl ,  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Breu, R., Hafner, M., Innerhofer-Oberperfler, F., Wozak, F. (2008). Model-Driven Security Engineering of Service Oriented Systems. In: Kaschek, R., Kop, C., Steinberger, C., Fliedl, G. (eds) Information Systems and e-Business Technologies. UNISCON 2008. Lecture Notes in Business Information Processing, vol 5. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78942-0_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-78942-0_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-78941-3

  • Online ISBN: 978-3-540-78942-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation