Model Driven Security Framework for Definition of Security Requirements for SOA Based Applications Authors: Muhammad Qaisar Saleem, Jafreezal Jaafar, and.

Slides:

Advertisements

Similar presentations

Ernst Oberortner Vienna University of Technology.

Advertisements

© 2012 Open Grid Forum Simplifying Inter-Clouds October 10, 2012 Hyatt Regency Hotel Chicago, Illinois, USA.

Page 1 Copyright © 2010 Data Access Technologies, Inc. Model Driven Solutions May 2009 Cory Casanave Architecture of Services SOA for E-Government Conference.

Aligning Business and IT Models in Service-Oriented Architectures using BPMN and SoaML Brian Elvesæter, Dima Panfilenko, Sven Jacobi & Christian Hahn MDI2010.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

E-Business Risks Chapter Seven. E-Business Models EDI Web pages The online environment Distributed e-business and intranets Supply chain linkage Collaborative.

Overview of OASIS SOA Reference Architecture Foundation (SOA-RAF)

Securing the Broker Pattern Patrick Morrison 12/08/2005.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

A Pattern-Driven Security Process for SOA Applications

© 2006 IBM Corporation IBM Software Group Relevance of Service Orientated Architecture to an Academic Infrastructure Gareth Greenwood, e-learning Evangelist,

Amit, Keyur, Sabhay and Saleh Model Driven Architecture in the Enterprise.

L4-1-S1 UML Overview © M.E. Fayad SJSU -- CmpE Software Architectures Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I.

Ontologies Reasoning Components Agents Simulations An Overview of Model-Driven Engineering and Architecture Jacques Robin.

Model Driven Architecture (MDA) Partha Kuchana. Agenda What is MDA Modeling Approaches MDA in a NutShell MDA Models SDLC MDA Models (an Example) MDA -

Cloud Usability Framework

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

Roles and Responsibilities Jahangheer Shaik. Service Specification Specification requires development of three inter-related documents CIM, PIM and PSM.

FIM-ig Federated Identity Management Interest Group.

Methodology and Tools for End-to-End SOA Configurations By: Fumiko satoh, Yuichi nakamura, Nirmal K. Mukhi, Michiaki Tatsubori, Kouichi ono.

Bridging the chasm between MDE and the world of compilation Nondini Das 1.

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

IIIAURJCUPV Task 7.1 Software architecture and computation model E. Marcos C. Acuña Task 7.2 Multiagent System Platform A. Espinosa Task.

MagicNET: Security Architecture for Discovery and Adoption of Mobile Agents Presented By Mr. Muhammad Awais Shibli.

Using MDA in Web Software Architectures Santiago Meliá Cristina Cachero Jaime Gómez Universidad de Alicante Spain.

Faculty of Informatics and Information Technologies Slovak University of Technology Peter Kajsa and Ľubomír Majtás Design.

1 A Web Specific Language for Content Management Systems Viðar Svansson, Roberto E. Lopez-Herrejon Computing Laboratory University of Oxford.

CSCE 548 Secure Software Development Test 1 Review.

Secure Systems Research Group - FAU A Pattern-Driven Process for Secure Service-Oriented Applications Ph.D Dissertation Defense Candidate: N. A. Delessy,

Mihir Daptardar Software Engineering 577b Center for Systems and Software Engineering (CSSE) Viterbi School of Engineering 1.

Computer Science and Engineering 1 Service-Oriented Architecture Security 2.

Introduction to MDA (Model Driven Architecture) CYT.

Secure Systems Research Group - FAU Securing Service-Oriented Architectures using a Model-driven Approach Nelly A Delessy.

ETICS2 All Hands Meeting VEGA GmbH INFSOM-RI Uwe Mueller-Wilm Palermo, Oct ETICS Service Management Framework Business Objectives and “Best.

Secure Systems Research Group - FAU Classifying security patterns E.B.Fernandez, H. Washizaki, N. Yoshioka, A. Kubo.

University of Southern California Center for Systems and Software Engineering Model-Based Software Engineering Supannika Koolmanojwong Spring 2013.

COMPAS Compliance-driven Models, Languages, and Architectures for Services "The COMPAS project will design and implement novel models, languages, and an.

Abstract We present two Model Driven Engineering (MDE) tools, namely the Eclipse Modeling Framework (EMF) and Umple. We identify the structure and characteristic.

Unified Modeling Language* Keng Siau University of Nebraska-Lincoln *Adapted from “Software Architecture and the UML” by Grady Booch.

Semantic Web Technologies Research Topics and Projects discussion Brief Readings Discussion Research Presentations.

L6-S1 UML Overview 2003 SJSU -- CmpE Advanced Object-Oriented Analysis & Design Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I College.

XASTRO Metamodel. CCSDS SAWG2 Presentation Outline XASTRO-1 Metamodel XASTRO-2 Metamodel Alignment with Model Driven Architecture.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

MDA – Model Driven Architecture Olivier Riboux. Overview What is MDA? The Challenges MDA addresses Developing in the MDA Benefits / Conclusion Case Study:

Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

KEYSTONE EUROPEAN CROSS DOMAIN PKI ARCHITECTURE Sokratis K. Katsikas Professor & Head Dept. of Information & Communication Systems University of the Aegean.

Challenges in the Business Digital Ecosystems Pierfranco Ferronato, Soluta.net DBE Principal Architect Digital Ecosystem Workshop, 18 May 2005 “Towards.

STASIS Open WorkshopPage 1 Modelling Interoperability: The Modelling Framework of BREIN STASIS Open Workshop BOC Asset Management.

Chapter 5 System Modeling. What is System modeling? System modeling is the process of developing abstract models of a system, with each model presenting.

© Drexel University Software Engineering Research Group (SERG) 1 The OASIS SOA Reference Model Brian Mitchell.

MDA and Separation of Aspects: An approach based on multiples views and Subject Oriented Design Quercus Software Engineering Group Computer Science Department.

Aspect Oriented Security Tim Hollebeek, Ph.D.

31 March Learning design: models for computers, for engineers or for teachers? Jean-Philippe PERNIN (*,**) Anne LEJEUNE (**) (*) Institut national.

Yu, et al.’s “A Model-Driven Development Framework for Enterprise Web Services” In proceedings of the 10 th IEEE Intl Enterprise Distributed Object Computing.

Ontologies Reasoning Components Agents Simulations An Overview of Model-Driven Engineering and Architecture Jacques Robin.

Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Chapter 5 – System Modeling Lecture 1 1Chapter 5 System modeling.

7/2/2016 1:52 AM HL7 SOA-Aware Enterprise Architecture Executive Summary HITSP October 28, 2008 Executive Summary HITSP October 28, 2008.

World-Leading Research with Real-World Impact!

Service-centric Software Engineering 1

Introduction to UML.

Execute your Processes

Enabling the business-based Internet of Things and Services

Smart Meter Data Privacy: A Survey

Presentation transcript:

Model Driven Security Framework for Definition of Security Requirements for SOA Based Applications Authors: Muhammad Qaisar Saleem, Jafreezal Jaafar, and Mohd Fadzil Hassan An ICCAIE Publication Presented by Raef Mousheimish

Overview Background –Service oriented architecture Web Services –Model Driven Software Development Model Driven Security Current MDS Approaches –Frameworks –Problems Proposed MDS Framework –Case study Conclusion & Future Works References

Service Oriented Architecture (SOA) The SOA is the dominant paradigm nowadays when building business application It facilitates the merging of Business IT Domain SOA Functional Business Application

Web Services (WSs) When applying the SOA on the Web, WSs are the primary concepts. Business Process = distributed and collaborative WSs Business Process -Organizational assets and resources -Different security infrastructure

Model Driven Software Development (MDSD) PIM PSM ISM Modeling Languages:

Model Driven Security (MDS) The research community projected the MDSD to the security domain They created the MDS frameworks MDS frameworks are considered an acceptable and an applicable solution to adopt in the SOA Extend the modeling languages to add security concepts to the model The Application model PIM The Application model PIM And the Security Goals

Typical MDS illustration 1.Security Goals in the Business Requirement Analysis 2.Security intents when modeling at the PIM level 3.The concrete security configuration at the PSM level

CURRENT MDS APPROACHES Hafner et al. [1] Memon et al. [2] Wolter et al. [3]

Hafner et al. [1] ISM PSM PIM It’s called SECTEC Security Objectives: Access Rights (Authentication and Authorization) Security Annotation are at the PIM level integrated with the application model Adopt OMG’s MDE approach

Memon et al. [2] ISM PSM It’s called SECTTISSIMO Extension for the SECTEC framework Security Objectives: Access Rights (Authentication and Authorization), non- repudiation, right delegation, single sign-on privacy, and auditing. Security Annotation are at the PIM level but in a different sub-layer from the application model Abstract Security Service Model Application model

Wolter et al. [3] Detailed discussion about the different abstract security concepts, e.g. confidentiality, auditing, availability… Developed security policy for the all the aforementioned security concepts The first aim of the framework is the secure interaction between objects, and the necessary information to be stored about these interactions A new level of abstraction is introduced. i.e. the Computational independent model (CIM) ISM PSM PIM CIM

Problems in the Current MDS Approaches No Sufficient information to generate an enforceable security configuration Security experts and business experts have different understandings on the notion of security, e.g. : –Business experts: just authorization –Security experts: certificate based authorization, four-eyes-principle, break- glass policy…

The Proposed MDS framework Business process expert will define the security goals along with the business process modeling The security information must be sufficient for the security expert to: Model security solution for the system Perform some tool- supported transformation to generate the executable artifacts Security Objectives: use identity information and associated rights, information on different forms, service function

Case Study: Online Student Information System Collaborating services (Accounting, Registration and examination departments) Security concepts must be represented and annotated with the application model at the PIM level After studying the security requirements of the system, the authors got this model

Conclusion & Future Works Conclusions: –The Incorporation of security requirements into early stages of software development will improve the security –Must break the misunderstandings between the business and the security experts Future Works: –Development of a Domain Specific Language (DSL) for the proposed MDS, to help business experts to annotate more semantically the security requirements of a specific domain

Critics The authors highlighted the problems of the current approaches but they didn’t resolve it at all –The misunderstandings between domain experts are never addressed – The authors didn’t show how this MDS framework provides sufficient security information: Than the other frameworks To generate a enforceable security configuration They said that they are going to use the BPMN modeling language and they didn’t They use indifferently the two concepts: non-repudiation and availability

References 1.Michal Hafner, R.B., Berthold Agreiter, SECTET: an extensible framework for the realization of secure inter- organizational workflows. Emeral Internet Research, Vol.16 No. 5,2006: p. pp Memom, M., M. Hafner, and R. Breu, SECTISSIMO: A Platform-independent Framework for Security Services. MODSEC08 Modeling Security Workshop, Wolter, C., et al., Model-driven business process security requirement specification. J. Syst. Archit., (4): p

THANK YOU Presented by Raef Mousheimish