research-article

Modeling security for service oriented applications

Authors:

Muhammad Ali Babar,

Amit SangroyaAuthors Info & Claims

ECSA '10: Proceedings of the Fourth European Conference on Software Architecture: Companion Volume

Pages 294 - 301

https://doi.org/10.1145/1842752.1842806

Published: 23 August 2010 Publication History

Abstract

Security is an important quality attribute for Service Oriented Architecture (SOA) based system. However, there is no sufficient support for modelling security-centric concerns for SOA based application. This paper presents a metamodel called SoaML4Security, which introduces QoS concepts into Service oriented Modelling Language (SoaML) in order to support the modelling of security aspect. We motivate the need of extending SoaML for modelling security concerns from different viewpoints. We describe the process of developing the metamodel, which can support Model Driven Engineering (MDE) approach for service-oriented applications. The use of the extended metamodel has been demonstrated by modelling a real world service-oriented application for security requirements.

References

[1]

Service oriented architecture Modeling Language (SoaML) -- Specification for the UML Profile and Metamodel for Services (UPMS). {Online} 2008. http://www.omg.org/docs/ad/08-08-04.pdf.

[2]

UML Profile for Modelling Quality of Service and Fault Tolerance Characteristics and Mechanisms. s.l.: OMG, 2004. ptc/2004-06-01.

[3]

Non-Functional Property Driven Service Governance: Performance Implications. Liu, Y., Zhu L., Bass, L., Gorton, I., and Staples, M. s.l.: ICSOC, 2007. LNCS 4907, pp. 45--55.

[4]

Metamodeling. Wikipedia. {Online} {Citeret: 20. July 2009.} http://en.wikipedia.org/wiki/Metamodeling.

[5]

Quality Attributes and Service-Oriented Architectures. O"Brien, L., Bass, L. and Merson, P. s.l.: Systems Development in SOA Environments, SDSOA '07: ICSE Workshops, 2007.

[6]

Crnkovic, I., Lau, K., K. and Mirandola, R. (2008) 'SOA and Quality Assurance', Euromicro Conference Software Engineering and Advanced Applications.

Digital Library

[7]

Delessy, N., A., and Fernandez, E., A. (2008) 'A Pattern-Driven Security Process for SOA Applications', Third International Conference on Availability, Reliability and Security, 416--421.

Digital Library

[8]

Han, J., Kowalczyk, R. and Khan, K., M. (2006) 'Security-Oriented Service Composition and Evolution', Software Engineering Conference, 71--78.

Digital Library

[9]

Hug, C., Front, A., Rieu, D. and Sellers B., H., (2009) "A Method to build information systems engineering process metamodels", Journal of Systems and Software, Volume 82, Issue 10. 1730--1742.

Digital Library

[10]

Lang, U. and Schreiner, R. (2007) 'Model Driven Security for Agile SOA-Style Environments', Securing Electronic Business Processes, Vieweg (2007), 147--156.

[11]

Mouelhi, T., Fleurey, F., and Baudry B. (2008) 'A Generic Metamodel For Security Policies Mutation', IEEE International Conference on Software Testing Verification and Validation Workshop (ICSTW'08).

Digital Library

[12]

Basin, D., Doser, J., Clavel, M. And Egea, M. (2007) 'A Metamodel-Baed Approach for Analyzing Security-Design Models', MoDELS 2007, LNCS 4735, 420--435.

Digital Library

[13]

Toma, I. and Foxvog, D. (2006) 'Non-Functional Properties in Web Service', WSMO Working Draft, available: http://www.wsmo.org/TR/d28/d28.4/v0.1/20060616/

[14]

Torry Harris Business Solutions (2009) 'Migration and Security in SOA', White Paper, available: http://systemsintegration.searchsoa.com/document;5133778/soa-abstract.htm {accessed 17 Aug 2009}

[15]

Bass, L., Clements, P. and Kazman, R. (2003) 'Software Architecture in Practice Second Edition', Addison Wesley

Digital Library

[16]

Kazman, R., Abowd, G., Bass, L. and Clements, P. (1996) 'Scenario-Based Analysis of Software Architecture', IEEE Software, Nov. 1996

Digital Library

[17]

Objecteering model-driven modeling and engineering tool, http://www.objecteering.com/index.phpsa

Cited By

Georgieva JGoranova M(2011)Security as a service model in SOAProceedings of the 11th WSEAS international conference on Applied informatics and communications, and Proceedings of the 4th WSEAS International conference on Biomedical electronics and biomedical informatics, and Proceedings of the international conference on Computational engineering in systems applications10.5555/2042791.2042817(117-122)Online publication date: 23-Aug-2011
https://dl.acm.org/doi/10.5555/2042791.2042817
Todoran IHussain ZGromov N(2011)SOA Integration ModelingProceedings of the 2011 IEEE 15th International Enterprise Distributed Object Computing Conference Workshops10.1109/EDOCW.2011.48(57-66)Online publication date: 29-Aug-2011
https://dl.acm.org/doi/10.1109/EDOCW.2011.48
Ding JZhu HLi Q(2011)Formal Specification of Automatic DMARF Based on CSPProceedings of the 2011 Eighth IEEE International Conference and Workshops on Engineering of Autonomic and Autonomous Systems10.1109/EASe.2011.7(32-39)Online publication date: 27-Apr-2011
https://dl.acm.org/doi/10.1109/EASe.2011.7
Show More Cited By

Index Terms

Modeling security for service oriented applications
1. Software and its engineering
  1. Software organization and properties
    1. Software system structures
      1. Software architectures

Recommendations

UML-based specification and generation of executable web services
SAM'10: Proceedings of the 6th international conference on System analysis and modeling: about models

This paper presents an approach for the development of executable Web services based on model transformation techniques. The approach is based on a new Web service profile for the Unified Modeling Language (UML), which allows an efficient definition of ...
Model driven support for the Service Oriented Architecture modeling language
PESOS '10: Proceedings of the 2nd International Workshop on Principles of Engineering Service-Oriented Systems

Service Oriented Architecture (SOA) is an architectural style that is widely used in distributed and dynamic systems. The Service oriented architecture Modeling Language (SoaML) is an OMG standard for modelling SOA independent of a technology. This ...
An Experience of using SoaML for Modeling a Service-Oriented Architecture for Health Information Systems
ICEIS 2015: Proceedings of the 17th International Conference on Enterprise Information Systems - Volume 3

Service-oriented applications have been modeled with different modeling languages and diagrams, which

suggests a lack of standardization. Although UML concepts for modeling SOA can be regarded as a good

starting point, it is not an entirely feasible ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ECSA '10: Proceedings of the Fourth European Conference on Software Architecture: Companion Volume

August 2010

367 pages

ISBN:9781450301794

DOI:10.1145/1842752

Conference Chair:
Ian Gorton
Pacific Northwest Laboratory
,
Editor:
Carlos E. Cuesta
Rey Juan Carlos University, Spain
,
Program Chair:
Muhammad Ali Babar
IT University of Copenhagen, Denmark

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SAS
FIRST

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 August 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ECSA '10

Sponsor:

ECSA '10: 4th European Conference on Software Architecture

August 23 - 26, 2010

Copenhagen, Denmark

Acceptance Rates

Overall Acceptance Rate 48 of 72 submissions, 67%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
553
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 25 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Georgieva JGoranova M(2011)Security as a service model in SOAProceedings of the 11th WSEAS international conference on Applied informatics and communications, and Proceedings of the 4th WSEAS International conference on Biomedical electronics and biomedical informatics, and Proceedings of the international conference on Computational engineering in systems applications10.5555/2042791.2042817(117-122)Online publication date: 23-Aug-2011
https://dl.acm.org/doi/10.5555/2042791.2042817
Todoran IHussain ZGromov N(2011)SOA Integration ModelingProceedings of the 2011 IEEE 15th International Enterprise Distributed Object Computing Conference Workshops10.1109/EDOCW.2011.48(57-66)Online publication date: 29-Aug-2011
https://dl.acm.org/doi/10.1109/EDOCW.2011.48
Ding JZhu HLi Q(2011)Formal Specification of Automatic DMARF Based on CSPProceedings of the 2011 Eighth IEEE International Conference and Workshops on Engineering of Autonomic and Autonomous Systems10.1109/EASe.2011.7(32-39)Online publication date: 27-Apr-2011
https://dl.acm.org/doi/10.1109/EASe.2011.7
Wasowski ATruscan DKuzniarz LGorton IBabar M(2010)8th Nordic Workshop on Model-Driven Software Engineering (NW-MODE 2010)Proceedings of the Fourth European Conference on Software Architecture: Companion Volume10.1145/1842752.1842799(243-244)Online publication date: 23-Aug-2010
https://dl.acm.org/doi/10.1145/1842752.1842799

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten