Skip to main content
SpringerLink
Log in

Security Modeling of SOA System Using Security Intent DSL

  • Conference paper
Software Engineering and Computer Systems (ICSECS 2011)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 181))

Included in the following conference series:

  • 1550 Accesses

Abstract

Currently most of the enterprises are using SOA and Web Services technologies to build their web information system. MDA principles are used to develop web service and they used UML as a modelling language for business process modelling. Along with the increased connectivity in SOA environment, security risks rise exponentially. Security is not defined during the early phases of development and left onto developer. Properly configuring security requirements in SOA applications is quite difficult for developers because they are not security experts. Furthermore SOA security is cross-domain and all required information are not available at downstream phases. General purpose modelling language like UML lacks the model elements to define the security requirements of the business processes. As a result, business process expert either ignore the security intents in their model or indicate them in textual way. A security intents DSL is presented as a UML profile where security intents can be modelled as stereotypes on UML modelling elements during the business process modelling. Aim is to facilitate the business process expert in modelling the security requirements along the business process modelling. This security annotated business process model will facilitate the security expert in specifying the concrete security implementation. As a proof of work we apply our approach to a typical on-line flight booking system business process.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Menzel, M.T., Meinel, I.C.: Security Requirements Specification in Service-Oriented Business Process Management. In: International Conference on Availability, Reliability and Security, 2009. ARES (2009)

    Google Scholar 

  2. Rodriguez, A., Piattini, E.F.-M.M.: A BPMN Extension for the Modeling of Security Requirements in Business Processes. IEICE - Trans. Inf. Syst. E90-D(4), 745–752 (2007)

    Article  Google Scholar 

  3. Nakamura, Y.T., Imamura, M., Ono, T. K.: Model-driven security based on a Web services security architecture. In: IEEE International Conference on Services Computing (2005)

    Google Scholar 

  4. Satoh, F.N., Mukhi, Y., Tatsubori, N.K., Ono, M.K.: Methodology and Tools for End-to-End SOA Security Configurations. In: IEEE Congress on Services - Part I (2008)

    Google Scholar 

  5. David Basin, J.D., Lodderstedt, T.: Model driven security: From UML models to access control infrastructures. ACM Trans. Softw. Eng. Methodol. 15(1), 39–91 (2006)

    Article  Google Scholar 

  6. Christian Wolter, M.M., Meinel, C., Schaad, A., Miseldine, P.: Model-driven business process security requirement specification. J. Syst. Archit. 55(4), 211–223 (2009)

    Article  Google Scholar 

  7. Alam, M.: Model Driven Security Engineering for the Realization of Dynamic Security Requirements in Collaborative Systems. In: Models in Software Engineering, pp. 278–287 (2007)

    Google Scholar 

  8. Rodríguez, A., Fernández-Medina, E., Piattini, M.: Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes, in Trust and Privacy in Digital Business, p. 51-61 (2006)

    Google Scholar 

  9. Menzel, M.M.: A Security Meta-model for Service-Oriented Architectures. In: IEEE International Conference on Services Computing, SCC 2009 (2009)

    Google Scholar 

  10. Jurjens, J.: UMLsec: Extending UML for Secure Systems Development- Tutorial. In: Proceedings of the 5th International Conference on The Unified Modeling Language. Springer, Heidelberg (2002)

    Google Scholar 

  11. Torsten Lodderstedt, D.A.B., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Proceedings of the 5th International Conference on The Unified Modeling Language. Springer, Heidelberg (2002)

    Google Scholar 

  12. Michal Hafner, R.B., Agreiter, B.: SECTET: an extensible framework for the realization of secure inter-organizational workflows. Emeral Internet Research 16(5), 491–506 (2006)

    Article  Google Scholar 

  13. Mukhtiar Memom, M.H., Breu, R.: SECTISSIMO: A Platform-independent Framework for Security Services. In: MODSEC 2008 Modeling Security Workshop (2008)

    Google Scholar 

  14. Wolter, C., Menzel, M., Meinel, C.: Modelling Security Goals in Business Processes. In: Proc. GI Modellierung 2008, March 2008, GI LNI 127, pp. 197–212. Berlin, Germany (2008)

    Google Scholar 

  15. Baresi, L., et al.: Incorporating Security Requirements into Service Composition: From Modelling to Execution. In: Service-Oriented Computing, pp. 373–388. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  16. Johnston, S.: Modeling security concerns in service-oriented architectures. IBM developerWorks (2004)

    Google Scholar 

  17. Jurjens, J.: Developing Secure System with UMLsec From business process to implementation. Computing Laboratory University of Oxford GB (2001)

    Google Scholar 

  18. Achim, D., Brucker, J.u.D.: Metamodel-based UML Notations for Domain-specific Languages. In: 4th International Workshop on Language Engineering (atem 2007), p. 1 (2007)

    Google Scholar 

  19. Mikael Åkerholm, I.C.: Goran Mustapić Introduction for using UML (2004)

    Google Scholar 

  20. Jürjens, J.: UMLsec: Extending UML for Secure Systems Development. In: UML — The Unified Modeling Language, pp. 1–9 (2002)

    Google Scholar 

  21. Lewis, G., Morris, A., Simanta, E., Wrage, S.: Common Misconceptions about Service-Oriented Architecture. In: Sixth International IEEE Conference on Commercial-off-the-Shelf (COTS)-Based Software Systems, ICCBSS 2007 (2007)

    Google Scholar 

  22. Asit Dan, P.N.: Dependable Service-Oriented Computing. IEEE Internet Computing 2009, 11–15 (March/April 2009)

    Google Scholar 

  23. Philip Bianco, R.K., Merson, P.: Evaluation of Service-Oriented Architecture. Software Engineering Institute/ Carnegie Mellon, 2007. Technical Report, CMU/SEI-2007-TR-015 (September 2007)

    Google Scholar 

  24. O’Brien, L., Bass, L., Merson, P.: Quality Attributes and Service-Oriented Architectures Software Engineering Institute/ Carnegie Mellon, Technical Note: CMU/SEI-2005-TN-014 (September 2005)

    Google Scholar 

  25. Bucchiarone, A., Gnesi, S.: A Survey on Services Composition Languages and Models. In: International Workshop on Web Services Modeling and Testing, WS-MaTe 2006 (2006)

    Google Scholar 

  26. van der Aalst, W.M.P., Dumas, M., ter Hofstede, A.H.M.: Web service composition languages: old wine in New bottles? In: Proceedings of The Euromicro Conference (2003)

    Google Scholar 

  27. Damij, N.: Business process modelling using diagrammatic and tabular Techniques. Business Process Management Journal 13(1), 70–90 (2007)

    Article  Google Scholar 

  28. Rodríguez, A., Fernández-Medina, E., Piattini, M.: Towards CIM to PIM Transformation: From Secure Business Processes Defined in BPMN to Use-Cases. Business Process Management, 408–415 (2007)

    Google Scholar 

  29. Passerone, R.D., Ben Hafaiedh, W., Graf, I., Ferrari, S., Mangeruca, A., Benveniste, L., Josko, A., Peikenkamp, B., Cancila, T., Cuccuru, D., Gerard, A., Terrier, S., Sangiovanni-Vincentelli, F.: Metamodels in Europe: Languages, Tools, and Applications, vol. 26(3), pp. 38–53. Copublished by the IEEE CS and the IEEE CASS (2009)

    Google Scholar 

  30. Michal Hafner, R.B.: Security Engineering for Service-Oriented Architectures. Springer, Heidelberg (2009)

    Google Scholar 

  31. Luján-Mora, S., Trujillo, J., Song, I.-Y.: Extending the UML for Multidimensional Modeling. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) UML 2002. LNCS, vol. 2460, pp. 265–276. Springer, Heidelberg (2002)

    Google Scholar 

  32. Stefanov, V., List, B., Korherr, B.: Extending UML 2 Activity Diagrams with Business Intelligence Objects, In: Data Warehousing and Knowledge Discovery, p. 53-63 (2005)

    Google Scholar 

  33. Menzel, M., Meinel, C.: SecureSOA Modelling Security Requirements for Service-Oriented Architectures. In: IEEE International Conference on Services Computing (SCC) (2010)

    Google Scholar 

  34. Saleem, M.Q., Jaafar, J., Hassan, M.F.: Model Driven Security Frameworks for Addressing Security Problems of Service Oriented Architecture. In: International Symposium in Information Technology, ITSim (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer and Information Sciences, Universiti Teknologi PETRONAS, 31750, Tronoh, Perak Darul Ridzuan, Malaysia

    Muhammad Qaiser Saleem, Jafreezal Jaafar & Mohd Fadzil Hassan

Authors
  1. Muhammad Qaiser Saleem
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jafreezal Jaafar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohd Fadzil Hassan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Faculty of Computer Systems and Software Engineering, Universiti Malaysia Pahang, Lebuhraya Tun Razak, 26300, Gambang, Kuantan, Pahang, Malaysia

    Jasni Mohamad Zain  & Wan Maseri bt Wan Mohd  & 

  2. Information Systems Department, King Saud University, 11543, Riyadh, Saudi Arabia

    Eyas El-Qawasmeh

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Saleem, M.Q., Jaafar, J., Hassan, M.F. (2011). Security Modeling of SOA System Using Security Intent DSL. In: Zain, J.M., Wan Mohd, W.M.b., El-Qawasmeh, E. (eds) Software Engineering and Computer Systems. ICSECS 2011. Communications in Computer and Information Science, vol 181. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22203-0_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22203-0_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22202-3

  • Online ISBN: 978-3-642-22203-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation