skip to main content
10.1145/1842752.1842806acmotherconferencesArticle/Chapter ViewAbstractPublication PagesecsaConference Proceedingsconference-collections
research-article

Modeling security for service oriented applications

Published: 23 August 2010 Publication History

Abstract

Security is an important quality attribute for Service Oriented Architecture (SOA) based system. However, there is no sufficient support for modelling security-centric concerns for SOA based application. This paper presents a metamodel called SoaML4Security, which introduces QoS concepts into Service oriented Modelling Language (SoaML) in order to support the modelling of security aspect. We motivate the need of extending SoaML for modelling security concerns from different viewpoints. We describe the process of developing the metamodel, which can support Model Driven Engineering (MDE) approach for service-oriented applications. The use of the extended metamodel has been demonstrated by modelling a real world service-oriented application for security requirements.

References

[1]
Service oriented architecture Modeling Language (SoaML) -- Specification for the UML Profile and Metamodel for Services (UPMS). {Online} 2008. http://www.omg.org/docs/ad/08-08-04.pdf.
[2]
UML Profile for Modelling Quality of Service and Fault Tolerance Characteristics and Mechanisms. s.l.: OMG, 2004. ptc/2004-06-01.
[3]
Non-Functional Property Driven Service Governance: Performance Implications. Liu, Y., Zhu L., Bass, L., Gorton, I., and Staples, M. s.l.: ICSOC, 2007. LNCS 4907, pp. 45--55.
[4]
Metamodeling. Wikipedia. {Online} {Citeret: 20. July 2009.} http://en.wikipedia.org/wiki/Metamodeling.
[5]
Quality Attributes and Service-Oriented Architectures. O"Brien, L., Bass, L. and Merson, P. s.l.: Systems Development in SOA Environments, SDSOA '07: ICSE Workshops, 2007.
[6]
Crnkovic, I., Lau, K., K. and Mirandola, R. (2008) 'SOA and Quality Assurance', Euromicro Conference Software Engineering and Advanced Applications.
[7]
Delessy, N., A., and Fernandez, E., A. (2008) 'A Pattern-Driven Security Process for SOA Applications', Third International Conference on Availability, Reliability and Security, 416--421.
[8]
Han, J., Kowalczyk, R. and Khan, K., M. (2006) 'Security-Oriented Service Composition and Evolution', Software Engineering Conference, 71--78.
[9]
Hug, C., Front, A., Rieu, D. and Sellers B., H., (2009) "A Method to build information systems engineering process metamodels", Journal of Systems and Software, Volume 82, Issue 10. 1730--1742.
[10]
Lang, U. and Schreiner, R. (2007) 'Model Driven Security for Agile SOA-Style Environments', Securing Electronic Business Processes, Vieweg (2007), 147--156.
[11]
Mouelhi, T., Fleurey, F., and Baudry B. (2008) 'A Generic Metamodel For Security Policies Mutation', IEEE International Conference on Software Testing Verification and Validation Workshop (ICSTW'08).
[12]
Basin, D., Doser, J., Clavel, M. And Egea, M. (2007) 'A Metamodel-Baed Approach for Analyzing Security-Design Models', MoDELS 2007, LNCS 4735, 420--435.
[13]
Toma, I. and Foxvog, D. (2006) 'Non-Functional Properties in Web Service', WSMO Working Draft, available: http://www.wsmo.org/TR/d28/d28.4/v0.1/20060616/
[14]
Torry Harris Business Solutions (2009) 'Migration and Security in SOA', White Paper, available: http://systemsintegration.searchsoa.com/document;5133778/soa-abstract.htm {accessed 17 Aug 2009}
[15]
Bass, L., Clements, P. and Kazman, R. (2003) 'Software Architecture in Practice Second Edition', Addison Wesley
[16]
Kazman, R., Abowd, G., Bass, L. and Clements, P. (1996) 'Scenario-Based Analysis of Software Architecture', IEEE Software, Nov. 1996
[17]
Objecteering model-driven modeling and engineering tool, http://www.objecteering.com/index.phpsa

Cited By

View all
  • (2011)Security as a service model in SOAProceedings of the 11th WSEAS international conference on Applied informatics and communications, and Proceedings of the 4th WSEAS International conference on Biomedical electronics and biomedical informatics, and Proceedings of the international conference on Computational engineering in systems applications10.5555/2042791.2042817(117-122)Online publication date: 23-Aug-2011
  • (2011)SOA Integration ModelingProceedings of the 2011 IEEE 15th International Enterprise Distributed Object Computing Conference Workshops10.1109/EDOCW.2011.48(57-66)Online publication date: 29-Aug-2011
  • (2011)Formal Specification of Automatic DMARF Based on CSPProceedings of the 2011 Eighth IEEE International Conference and Workshops on Engineering of Autonomic and Autonomous Systems10.1109/EASe.2011.7(32-39)Online publication date: 27-Apr-2011
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ECSA '10: Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
August 2010
367 pages
ISBN:9781450301794
DOI:10.1145/1842752
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • SAS
  • FIRST

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 August 2010

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. MDE
  2. QOS
  3. SOA
  4. SoaML
  5. security

Qualifiers

  • Research-article

Conference

ECSA '10
Sponsor:
ECSA '10: 4th European Conference on Software Architecture
August 23 - 26, 2010
Copenhagen, Denmark

Acceptance Rates

Overall Acceptance Rate 48 of 72 submissions, 67%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)0
  • Downloads (Last 6 weeks)0
Reflects downloads up to 25 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2011)Security as a service model in SOAProceedings of the 11th WSEAS international conference on Applied informatics and communications, and Proceedings of the 4th WSEAS International conference on Biomedical electronics and biomedical informatics, and Proceedings of the international conference on Computational engineering in systems applications10.5555/2042791.2042817(117-122)Online publication date: 23-Aug-2011
  • (2011)SOA Integration ModelingProceedings of the 2011 IEEE 15th International Enterprise Distributed Object Computing Conference Workshops10.1109/EDOCW.2011.48(57-66)Online publication date: 29-Aug-2011
  • (2011)Formal Specification of Automatic DMARF Based on CSPProceedings of the 2011 Eighth IEEE International Conference and Workshops on Engineering of Autonomic and Autonomous Systems10.1109/EASe.2011.7(32-39)Online publication date: 27-Apr-2011
  • (2010)8th Nordic Workshop on Model-Driven Software Engineering (NW-MODE 2010)Proceedings of the Fourth European Conference on Software Architecture: Companion Volume10.1145/1842752.1842799(243-244)Online publication date: 23-Aug-2010

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media