JSW 2007 Vol.2(1): 47-59 ISSN: 1796-217X
doi: 10.4304/jsw.2.1.47-59
doi: 10.4304/jsw.2.1.47-59
Model-Driven Security Engineering for Trust Management in SECTET
Masoom Alam, Ruth Breu, Michael Hafner
Research Group, Quality Engineering University of Innsbruck, Austria
Abstract—Service Oriented Architectures with underlying technologies like web services and web services orchestration have opened the door to a wide range of novel application scenarios, especially in the context of inter-organizational cooperation. One of the remaining obstacles for a widespread use of these techniques is security. Companies and organizations open their systems and core business processes to partners only if a high level of trust can be guaranteed. The emergence of web services security standards provides a valuable and effective paradigm for addressing the security issues arising in the context of inter-organizational cooperation. The low level of abstraction of these standards is, however, still an unresolved issue which makes them inaccessible to the domain expert and remains a major obstacle when aligning security objectives with the customer needs. Their complexity makes implementation easily prone of error. The SECTET – a model-driven security engineering framework for B2B-workflows – facilitates the design and implementation of secure inter-organizational workflows. This contribution has three objectives. First we present a high-level domain specific language – called SECTET-PL. Being part of the SECTET-framework, SECTET-PL is a policy language influenced by Object Constraint Language and interpreted in the context of UML models.We then detail the Meta Object Facility based metamodels for the integration of business requirements with the security requirements. Finally, using Model Driven Architecture paradigm, we describe the transformation of high-level security models to low-level web services standard artefacts with the help of Eclipse Modelling Framework and Open Architecture Ware.
Index Terms—Domain Specific Language, Model Driven Architecture, Model Driven Engineering, Service Oriented Architecture
Abstract—Service Oriented Architectures with underlying technologies like web services and web services orchestration have opened the door to a wide range of novel application scenarios, especially in the context of inter-organizational cooperation. One of the remaining obstacles for a widespread use of these techniques is security. Companies and organizations open their systems and core business processes to partners only if a high level of trust can be guaranteed. The emergence of web services security standards provides a valuable and effective paradigm for addressing the security issues arising in the context of inter-organizational cooperation. The low level of abstraction of these standards is, however, still an unresolved issue which makes them inaccessible to the domain expert and remains a major obstacle when aligning security objectives with the customer needs. Their complexity makes implementation easily prone of error. The SECTET – a model-driven security engineering framework for B2B-workflows – facilitates the design and implementation of secure inter-organizational workflows. This contribution has three objectives. First we present a high-level domain specific language – called SECTET-PL. Being part of the SECTET-framework, SECTET-PL is a policy language influenced by Object Constraint Language and interpreted in the context of UML models.We then detail the Meta Object Facility based metamodels for the integration of business requirements with the security requirements. Finally, using Model Driven Architecture paradigm, we describe the transformation of high-level security models to low-level web services standard artefacts with the help of Eclipse Modelling Framework and Open Architecture Ware.
Index Terms—Domain Specific Language, Model Driven Architecture, Model Driven Engineering, Service Oriented Architecture
Cite: Masoom Alam, Ruth Breu, Michael Hafner, " Model-Driven Security Engineering for Trust Management in SECTET," Journal of Software vol. 2, no. 1, pp. 47-59, 2007.
General Information
ISSN: 1796-217X (Online)
Frequency: Quarterly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, CNKI, Google Scholar, ProQuest, INSPEC(IET), ULRICH's Periodicals Directory, WorldCat, etc
E-mail: jsweditorialoffice@gmail.com
-
Mar 01, 2024 News!
Vol 19, No 1 has been published with online version [Click]
-
Jan 04, 2024 News!
JSW will adopt Article-by-Article Work Flow
-
Apr 01, 2024 News!
Vol 14, No 4- Vol 14, No 12 has been indexed by IET-(Inspec) [Click]
-
Apr 01, 2024 News!
Papers published in JSW Vol 18, No 1- Vol 18, No 6 have been indexed by DBLP [Click]
-
Nov 02, 2023 News!
Vol 18, No 4 has been published with online version [Click]