Enhancing Model Driven Security through Pattern Refinement Techniques
- 626 Downloads
Security requirements are typically defined at a business abstract level by non-technical security officers. However, in order to fulfill the security requirements, technical security controls or mechanisms have to be considered and deployed on the target system. Based on these security controls security patterns have to be selected. The MDS (Model Driven Security) approach uses security requirement models at a high level of abstraction to automatically generate security artefacts that configure security services. The main drawback of the current MDS solutions is that they consider just one security pattern for each security requirement. Current SOA and cloud services are scattered across multiple heterogeneous security domains. Partners and clients with different security infrastructures are changing continuously, which requires the support of multiple patterns for the same security service. The challenge is to provide configurable security services that can support different patterns. In order to overcome this shortcoming we propose a framework that integrates pattern refinement to the MDS approach. In this approach a security pattern refinement layer is added to the traditional MDS layers. The pattern refinement layer supports the configuration of one security service with different patterns, which are stored in a pattern catalog. For example, our approach enables the generation of security artefacts that configure a non-repudiation service to support both fair non-repudiation and naive non-repudiation patterns.
KeywordsSecurity Policy Security Requirement Security Service Security Domain Security Pattern
Unable to display preview. Download preview PDF.
- 5.Fernandez, E.B., Washizaki, H., Yoshioka, N.: Abstract Security Patterns. In: SPAQu 2008 - 2nd Int. Workshop on Software Patterns and Quality (2008), http://patterns-wg.fuka.info.waseda.ac.jp/SPAQU/
- 6.Hafner, M.: SECTET A Domain Architecture for Model Driven Security. PhD Thesis (November 2006)Google Scholar
- 7.Hafner, M., Breu, R.: Security Engineering for Service-oriented Architectures. Springer (October 2008)Google Scholar
- 8.Hafner, M., Memon, M., Breu, R.: SeAAS - A Reference Architecture for Security Services in SOA. Journal of Universal Computer Science 15(15), 2916–2936 (2009), http://www.jucs.org/jucs_15_15/seaas_a_reference_architectureGoogle Scholar
- 9.Juerjens, J.: Secure Systems Development with UML. Springer (2004)Google Scholar
- 11.OASIS. Extensible Access Control Markup Language (XACML) (2006), http://www.oasis-open.org
- 13.Rosado, D.G., Fernandez-Medina, E., Piattini, M.: Comparison of Security Patterns. IJCSNS -International Journal of Computer Science and Network Security 6(2B), 139–146 (2006)Google Scholar
- 19.Wolter, C., Menzel, M., Meinel, C.: Modelling Security Goals in Business Processes. In: Modellierung, pp. 197–212 (2008)Google Scholar