Model Driven Implementation of Security Management Process

Bruno A. Mozzaquatro, Ricardo Jardim-Gonçalves, Carlos Agostinho


Services composition involves many time and effort to describe high-level requirements of the business process. To this purpose, the Model Driven Service Engineering Architecture (MDSEA) is a methodology to distinguish the business view and technical point of view in products and services and to agilize the software development. Such capabilities demand more effective process applied to specify, evaluate, communicate and design the system as well as system functionalities and security issues. Security aspects are critical when it involves privacy of data exchange of devices. In this context, the definition of security artifacts during the design of a business process consumes time of system funcionalities development. This paper proposes an implementation of a security management process using the methodology MDSEA as support to promote model transformations from business model to specific artifacts and configurations. This support enables to enrich a solid business model with technical details by specialists.


  1. Agostinho, C., C?ernÈ, J., and Jardim-Goncalves, R. (2012). Mda-based interoperability establishment using language independent information models. In International IFIP Working Conference on Enterprise Interoperability, pages 146-160. Springer.
  2. Atkinson, C. and Kuhne, T. (2003). Model-driven development: a metamodeling foundation. IEEE Software, 20(5):36-41.
  3. Bahill, A. T. and Gissing, B. (1998). Re-evaluating systems engineering concepts using systems thinking. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 28(4):516-527.
  4. Basin, D., Doser, J., and Lodderstedt, T. (2003). Model driven security for process-oriented systems. In Proceedings of the eighth ACM symposium on Access control models and technologies, pages 100-109. ACM.
  5. Bazoun, H., Ribault, J., Zacharewicz, G., Ducq, Y., and Boyé, H. (2016). Slmtoolbox: Enterprise service process modeling and simulation by coupling devs and services workflow. International Journal of Simulation and Process Modelling.
  6. Bazoun, H., Zacharewicz, G., Ducq, Y., and Boye, H. (2013). Transformation of extended actigram star to bpmn2.0 and simulation model in the frame of model driven service engineering architecture. In Proceedings of the Symposium on Theory of Modeling & Simulation-DEVS Integrative M&S Symposium, page 20. Society for Computer Simulation International.
  7. Bazoun, H., Zacharewicz, G., Ducq, Y., and Boyé, H. (2014). Slmtoolbox: An implementation of mdsea for servitisation and enterprise interoperability. In Enterprise Interoperability VI, pages 101-111. Springer.
  8. Bézivin, J. (2006). Model driven engineering: An emerging technical space. In Generative and transformational techniques in software engineering, pages 36-64. Springer.
  9. Brucker, A. D., Hang, I., Lückemeyer, G., and Ruparel, R. (2012). Securebpmn: Modeling and enforcing access control requirements in business processes. In Proceedings of the 17th ACM symposium on Access Control Models and Technologies, pages 123-126. ACM.
  10. Butun, I., Morgera, S. D., and Sankar, R. A survey of intrusion detection systems in wireless sensor networks. IEEE Communications Surveys & Tutorials, 16(1):266-282.
  11. Chen, D. (2015). A methodology for developing service in virtual manufacturing environment. Annual Reviews in Control, 39:102-117.
  12. De Castro, V., Marcos, E., and Vara, J. M. (2011). Applying cim-to-pim model transformations for the serviceoriented development of information systems. Information and Software Technology, 53(1):87-105.
  13. Debar, H., Curry, D. A., and Feinstein, B. S. (2007). The intrusion detection message exchange format (idmef). IETF, NEtwork Working Group.
  14. Derdour, M., Alti, A., Gasmi, M., and Roose, P. (2015). Security architecture metamodel for model driven security. Journal of Innovation in Digital Ecosystems, 2(1):55-70.
  15. Ducq, Y., Agostinho, C., Chen, D., Zacharewicz, G., and Goncalves, R. (2014). Generic methodology for service engineering based on service modelling and model transformation. Manufacturing Service Ecosystem. Achievements of the European 7th FP FoFICT Project MSEE: Manufacturing SErvice Ecosystem (Grant No. 284860). Eds. Weisner S, Guglielmina C, Gusmeroli S, Doumeingts G, pages 41-49.
  16. Hossain, M. S. and Raghunathan, V. (2010). Aegis: A lightweight firewall for wireless sensor networks. InInternational Conference on Distributed Computing in Sensor Systems, pages 258-272. Springer.
  17. Jürjens, J. (2002). Umlsec: Extending uml for secure systems development. In International Conference on The Unified Modeling Language , pages 412-425. Springer.
  18. Lambert, J. H., Jennings, R. K., and Joshi, N. N. (2006). Integration of risk identification with business process models. Systems engineering, 9(3):187-198.
  19. Lodderstedt, T., Basin, D., and Doser, J. (2002). Secureuml: A uml-based modeling language for model-driven security. In International Conference on the Unified Modeling Language, pages 426-441. Springer.
  20. Mellor, S. J., Clark, T., and Futagami, T. (2003). Modeldriven development: guest editors' introduction. IEEE software, 20(5):14-18.
  21. Menzel, M., Thomas, I., and Meinel, C. (2009). Security requirements specification in service-oriented business process management. In Availability, Reliability and Security, 2009. ARES'09. International Conference on, pages 41-48. IEEE.
  22. Mozzaquatro, B. A., Jardim-goncalves, R., and Agostinho, C. (2015). Towards a reference ontology for security in the internet of things. In IEEE International Workshop on Measurement and Networking, pages 1-6.
  23. Mozzaquatro, B. A., Melo, R., Agostinho, C., and JardimGoncalves, R. (2016). An ontology-based security framework for decision-making in industrial systems. In Proceedings of the 4th International Conference on Model-Driven Engineering and Software Development, pages 779-788.
  24. Münch, J., Armbrust, O., Kowalczyk, M., and Soto, M. (2012). Process modeling notations and tools. In Software Process Definition and Management , pages 111- 138. Springer.
  25. Patel, H. B., Jinwala, D. C., and Patel, D. R. (2016). Baseline intrusion detection framework for 6lowpan devices. In Adjunct Proceedings of the 13th International Conference on Mobile and Ubiquitous Systems: Computing Networking and Services, pages 72-76. ACM.
  26. Ren, J. and Taylor, R. (2005). A secure software architecture description language. In Workshop on Software Security Assurance Tools, Techniques, and Metrics, pages 82-89.
  27. Seidewitz, E. (2003). What models mean. IEEE software, 20(5):26.
  28. Selic, B. (2003). The pragmatics of model-driven development. IEEE software, 20(5):19.
  29. Wolter, C., Menzel, M., Schaad, A., Miseldine, P., and Meinel, C. (2009). Model-driven business process security requirement specification. Journal of Systems Architecture, 55(4):211-223.

Paper Citation

in Harvard Style

Mozzaquatro B., Jardim-Gonçalves R. and Agostinho C. (2017). Model Driven Implementation of Security Management Process . In Proceedings of the 5th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD, ISBN 978-989-758-210-3, pages 229-238. DOI: 10.5220/0006329602290238

in Bibtex Style

author={Bruno A. Mozzaquatro and Ricardo Jardim-Gonçalves and Carlos Agostinho},
title={Model Driven Implementation of Security Management Process},
booktitle={Proceedings of the 5th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD,},

in EndNote Style

JO - Proceedings of the 5th International Conference on Model-Driven Engineering and Software Development - Volume 1: MODELSWARD,
TI - Model Driven Implementation of Security Management Process
SN - 978-989-758-210-3
AU - Mozzaquatro B.
AU - Jardim-Gonçalves R.
AU - Agostinho C.
PY - 2017
SP - 229
EP - 238
DO - 10.5220/0006329602290238