VISUAL PROGRAMMING LANGUAGE FOR SECURITY REQUIREMENTS IN BUSINESS PROCESSES AS MODEL-DRIVEN SOFTWARE DEVELOPMENT

Mirad Zadic, Andrea Nowak

2009

Abstract

Our approach is based on a security modeling framework and a Meta Modeling Environment for design and generating of access control and security policies for business processes. The framework introduces a methodology that focuses on both, the modeling as well as the implementation aspect of security-requirements and consists of a suite of tools that facilitates the correct realization and the cost-efficient management of decentralized, security-critical workflows. Currently, the framework is being analyzed for general suitability to domains in business processes, taking basic security requirements like confidentiality, integrity and non-repudiation. We use Model-Driven Development (MDD) approach to creating our solutions based on graphical modeling environment as EMF (Eclipse Modeling Framework), GEF (Graphical Editor Framework) and GEMS (Generic Eclipse Modeling System). This graphical modeling environment makes possible rapidly creating modeling tool from a visual language description or metamodel without any coding in third-generation languages. The framework is prototypically validated through a case study for the systematic realization of e-government related workflows. Realizations of security issues follow the steps from provide methodologies that translate the abstract security requirements into run-time artifacts for the target architecture through model transformation. On this approach for this Case study is develop a Policy Specifications modeling tool based on the metamodel describing syntax of the DSML. The important goal is the automatically generate the security artifacts (enforceable security policies in XACML format) to improve the productivity of the development process and the platform independent design. Our case study defines the Business processes, which provide secure Information between three Domains: Municipality, Environment Ministry and Registry of the Combustion plant - environmental pollution producer.

References

  1. Xin Jin, Master Thesis, University of Ottawa, Ontario, Canada 2006 Applying Model Driven Architecture approach to Model Role Based Access Control System
  2. Taufiq Rochaeli, TUD SEC, Ruben Wolf, Fraunhofer-SIT, Policy Generator, February 10, 2006.
  3. Panos Periorellis, Jake Wu, March 2006, XACML-Role Based Access Control
  4. Markus Völter, openArchitectureWare 4.2 Fact Sheet, voelter@acm.org Date: September 3, 2007
  5. Mirad Zadic, Stockholm, Sweden, 22 - 24 October 2008, A Meta Model Generator for Implementing Access Control and Security Policies in Distributed Systems based on Model-Driven Architecture, eChallenges e2008 Conference & Exhibition
  6. GrTP: Transformation Based Graphical Tool Building Platform, Institute of Mathematics and Computer Science, University of Latvia, Building Tools by Model Transformations in Eclipse, University of Latvia, Audris Kalnins, Oskars Vilitis1, Edgars Celms1
  7. OASIS, 2005. eXtensible Access Control Markup Language (XACML) Version 2.0. http://docs.oasisopen.org/xacml/2.0/access_control-xacml-2.0-corespec-os.pdf
  8. OASIS, 2005, Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. http://docs.oasis-open.org/xacml/2.0/access_controlxacml-2.0-saml-profile-spec-os.pdf
  9. OASIS, 2005. Core and hierarchical role based access control (RBAC) profile of XACML v2.0. http://docs.oasis-open.org/xacml/2.0/access_controlxacml-2.0-rbac-profile1-spec-os.pdf
  10. OASIS, 2005. SAML 2.0 profile of XACML v2.0. http://docs.oasis-open.org/xacml/2.0/access_controlxacml-2.0-saml-profile-spec-os.pdf
  11. OASIS, 2005. Web Service Security SAML Token Profile 1.1. http://www.oasis-open.org/specs/ index.php#wssprofilesv1.0
  12. OASIS, 2003. XACML profile for Web-services. http://www.oasisopen.org/committees/download.php/3661/draft-xacmlwspl-04.pdf
  13. OASIS, 2004. WS-Security 1.1 Core Specification. http://www.oasis-open.org/committees/download.php/ 16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf
  14. W3C, 2006. Web Service Policy 1.2-Framework (WSPolicy). http://www.w3.org/Submission/WS-Policy/
Download


Paper Citation


in Harvard Style

Zadic M. and Nowak A. (2009). VISUAL PROGRAMMING LANGUAGE FOR SECURITY REQUIREMENTS IN BUSINESS PROCESSES AS MODEL-DRIVEN SOFTWARE DEVELOPMENT . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009) ISBN 978-989-674-005-4, pages 29-36. DOI: 10.5220/0002227500290036


in Bibtex Style

@conference{secrypt09,
author={Mirad Zadic and Andrea Nowak},
title={VISUAL PROGRAMMING LANGUAGE FOR SECURITY REQUIREMENTS IN BUSINESS PROCESSES AS MODEL-DRIVEN SOFTWARE DEVELOPMENT},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)},
year={2009},
pages={29-36},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002227500290036},
isbn={978-989-674-005-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)
TI - VISUAL PROGRAMMING LANGUAGE FOR SECURITY REQUIREMENTS IN BUSINESS PROCESSES AS MODEL-DRIVEN SOFTWARE DEVELOPMENT
SN - 978-989-674-005-4
AU - Zadic M.
AU - Nowak A.
PY - 2009
SP - 29
EP - 36
DO - 10.5220/0002227500290036