Article

Model driven security for process-oriented systems

Authors:

David Basin,

Jürgen Doser,

Torsten LodderstedtAuthors Info & Claims

SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

Pages 100 - 109

https://doi.org/10.1145/775412.775425

Published: 02 June 2003 Publication History

Get Access

Abstract

Model Driven Architecture is an approach to increasing the quality of complex software systems based on creating high-level system models and automatically generating system architectures from the models. We show how this paradigm can be specialized to what we call Model Driven Security. In our specialization, a designer builds a system model along with security requirements, and automatically generates from this a complete, configured security infrastructure.We propose a modular approach to constructing modeling languages supporting this process, which combines languages for modeling system design with languages for modeling security. We present an application to constructing systems from process models, where we combine a UML-based process design language with a security modeling language for formalizing access control requirements. From models in the combined language, we automatically generate security architectures for distributed applications.

References

[1]

V. Atluri and W.-K. Huang. An authorization model for workflows. In Proceedings of the Fifth European Symposium on Research in Computer Security, Rome, Italy, volume 1146 of LNCS, pages 44--64. Springer, 1996.

Digital Library

Google Scholar

[2]

E. Bertino, E. Ferrari, and V. Atluri. An approach for the specification and enforcement of authorization constraints in workflow management systems. ACM Transactions on Information Systems Security, 2(1):65--104, February 1999.

Digital Library

Google Scholar

[3]

P. Epstein and R. S. Sandhu. Towards a UML Based Approach to Role Engineering. In Proceedings of 4th ACM Workshop on Role-Based Access Control, pages 145--152, 1999.

Digital Library

Google Scholar

[4]

D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security (TISSEC), 4(3):224--274, 2001.

Digital Library

Google Scholar

[5]

D. S. Frankel. Model Driven Architecture trademark : Applying MDA trademark to Enterprise Computing. John Wiley & Sons, 2003.

Digital Library

Google Scholar

[6]

R. Hubert. Convergent Architecture: Building Model Driven J2EE Systems with UML. John Wiley & Sons, Inc., 2001.

Digital Library

Google Scholar

[7]

J. Hunter. Java Servlet Programming, 2nd Edition. O'Reilly & Associates, 2001.

Digital Library

Google Scholar

[8]

T. Jaeger. On the increasing importance of constraints. In Proceedings of 4th ACM Workshop on Role-Based Access Control, pages 33--42, 1999.

Digital Library

Google Scholar

[9]

J. Jürjens. UMLsec: extending UML for secure systems development. In UML 2002 - The Unified Modeling Language. Model Engineering, Languages, Concepts, and Tools. 5th International Conference, Dresden, Germany, September/October 2002, Proceedings, volume 2460 of LNCS, pages 412--425. Springer, 2002.

Digital Library

Google Scholar

[10]

S. Kandala and R. Sandhu, editors. Secure Role-Based Workflow Models, volume 215 of IFIP Conference Proceedings. Kluwer, 2002.

Digital Library

Google Scholar

[11]

T. Lodderstedt, D. A. Basin, and J. Doser. SecureUML: A UML-based modeling language for model-driven security. In UML 2002 - The Unified Modeling Language. Model Engineering, Languages, Concepts, and Tools. 5th International Conference, Dresden, Germany, September/October 2002, Proceedings, volume 2460 of LNCS, pages 426--441. Springer, 2002.

Digital Library

Google Scholar

[12]

R. Monson-Haefel. Enterprise JavaBeans (3rd Edition). O'Reilly & Associates, 2001.

Digital Library

Google Scholar

[13]

J. Rumbaugh, I. Jacobson, and G. Booch. The Unified Modeling Language Reference Manual. Addison-Wesley, 1998.

Digital Library

Google Scholar

Cited By

View all

Ye TZhuang YQiao G(2023)MDSSEDInformation and Software Technology10.1016/j.infsof.2023.107287163:COnline publication date: 1-Nov-2023
https://dl.acm.org/doi/10.1016/j.infsof.2023.107287
El-Attar M(2022)Empirically Evaluating the Effect of the Physics of Notations on Model ConstructionIEEE Transactions on Software Engineering10.1109/TSE.2021.306034448:7(2455-2475)Online publication date: 1-Jul-2022
https://doi.org/10.1109/TSE.2021.3060344
Konev A(2022)Functional Modeling as a Basis for Classifying Security Threats2022 International Siberian Conference on Control and Communications (SIBCON)10.1109/SIBCON56144.2022.10003024(1-6)Online publication date: 17-Nov-2022
https://doi.org/10.1109/SIBCON56144.2022.10003024
Show More Cited By

Index Terms

Model driven security for process-oriented systems

Recommendations

Model driven security: From UML models to access control infrastructures

We present a new approach to building secure systems. In our approach, which we call Model Driven Security, designers specify system models along with their security requirements and use tools to automatically generate system architectures from the ...
Model driven support for the Service Oriented Architecture modeling language
PESOS '10: Proceedings of the 2nd International Workshop on Principles of Engineering Service-Oriented Systems

Service Oriented Architecture (SOA) is an architectural style that is widely used in distributed and dynamic systems. The Service oriented architecture Modeling Language (SoaML) is an OMG standard for modelling SOA independent of a technology. This ...
Modeling and enforcing secure object flows in process-driven SOAs: an integrated model-driven approach

In this paper, we present an integrated model-driven approach for the specification and the enforcement of secure object flows in process-driven service-oriented architectures (SOA). In this context, a secure object flow ensures the confidentiality and ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

June 2003

246 pages

ISBN:1581136811

DOI:10.1145/775412

General Chair:
Elena Ferrari
University of Insubria, Italy
,
Program Chair:
David Ferraiolo
National Institute of Standards & Technology, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 June 2003

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SACMAT03

Sponsor:

SACMAT03: 8th ACM Symposium on Access Control Models and Technologies 2003

June 2 - 3, 2003

Como, Italy

Acceptance Rates

SACMAT '03 Paper Acceptance Rate 23 of 63 submissions, 37%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

121
Total Citations
View Citations
1,757
Total Downloads

Downloads (Last 12 months)16
Downloads (Last 6 weeks)1

Reflects downloads up to 10 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Ye TZhuang YQiao G(2023)MDSSEDInformation and Software Technology10.1016/j.infsof.2023.107287163:COnline publication date: 1-Nov-2023
https://dl.acm.org/doi/10.1016/j.infsof.2023.107287
El-Attar M(2022)Empirically Evaluating the Effect of the Physics of Notations on Model ConstructionIEEE Transactions on Software Engineering10.1109/TSE.2021.306034448:7(2455-2475)Online publication date: 1-Jul-2022
https://doi.org/10.1109/TSE.2021.3060344
Konev A(2022)Functional Modeling as a Basis for Classifying Security Threats2022 International Siberian Conference on Control and Communications (SIBCON)10.1109/SIBCON56144.2022.10003024(1-6)Online publication date: 17-Nov-2022
https://doi.org/10.1109/SIBCON56144.2022.10003024
Ye TZhuang YQiao G(2022)MBIPV: a model-based approach for identifying privacy violations from software requirementsSoftware and Systems Modeling10.1007/s10270-022-01072-322:4(1251-1280)Online publication date: 8-Dec-2022
https://doi.org/10.1007/s10270-022-01072-3
Buck COlenberger CSchweizer AVölter FEymann T(2021)Never trust, always verifyComputers and Security10.1016/j.cose.2021.102436110:COnline publication date: 29-Dec-2021
https://dl.acm.org/doi/10.1016/j.cose.2021.102436
Mili SNguyen NChelouah R(2021)Model‐driven architecture based security analysisSystems Engineering10.1002/sys.2158124:5(307-321)Online publication date: 21-May-2021
https://doi.org/10.1002/sys.21581
Ferraris DFernandez-Gago CLopez J(2020)A model-driven approach to ensure trust in the IoTHuman-centric Computing and Information Sciences10.1186/s13673-020-00257-310:1Online publication date: 14-Dec-2020
https://doi.org/10.1186/s13673-020-00257-3
Foley SRooney V(2018)A grounded theory approach to security policy elicitationInformation & Computer Security10.1108/ICS-12-2017-008626:4(454-471)Online publication date: 8-Oct-2018
https://doi.org/10.1108/ICS-12-2017-0086
Rehman SGruhn VShafiq SInayat I(2018)A Systematic Mapping Study on Security Requirements Engineering Frameworks for Cyber-Physical SystemsSecurity, Privacy, and Anonymity in Computation, Communication, and Storage10.1007/978-3-030-05345-1_37(428-442)Online publication date: 7-Dec-2018
https://doi.org/10.1007/978-3-030-05345-1_37
Bernardeschi CDi Natale MDini GVarano DShin SShin DLencastre M(2017)Modeling and generation of secure component communications in AUTOSARProceedings of the Symposium on Applied Computing10.1145/3019612.3019682(1473-1480)Online publication date: 3-Apr-2017
https://dl.acm.org/doi/10.1145/3019612.3019682
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Model driven security: From UML models to access control infrastructures

Model driven support for the Service Oriented Architecture modeling language

Modeling and enforcing secure object flows in process-driven SOAs: an integrated model-driven approach