ABSTRACT
Lately, there have been many types of study works addressing the model-driven security so that to incorporate the security verification during system's development process or modeling phase basing on Model-Driven Architecture that deploys Unified Modelling Language standard as the meta-model for different system's abstractions. To the best of our knowledge, most of these works have been addressing security rules verification after deployment phase and without taking into account security infrastructure generation, deducing the source code corresponding to the functional and non-functional aspect at the same time. In this current work, we have concentrated our efforts on non-functional components, business logic, and quality of services of the systems so that to reduce design mistakes and generating secure software applications that respect the criteria's of the software engineering qualities. To do that, we have proposed a new meta-model for Java platform allowing to improve the MDA methodology to inject the security architecture description and security properties verification during software development process. Therefore, security properties will be described in the form of secure models represented through Security profile and enriched through the Object Constraint Language designed to add the security constraints to security models. Basing on the new approach, an Intermediate Structural Model (ISM) is obtained from chosen Platform Specific Model (PSM) to enrich the functional code with other improvements instead generating the source code directly.
In this context, ISM will be improved with security rules and constraints about confidentiality, availability, non-repudiation, data integrity, and data encryption after its generation from sequence diagram of system internal behavior that respects the proposed meta-model. Finally, the final code will be generated from sequence diagram of system's internal behavior such as application security configuration, methods signatures and their bodies, persistent entities, and the security objects.
- A. Lasbahani, M. Chhiba, and A. Tabyaoui, O. Mjihil, Model Driven Architecture Approach for Application Security Integration, Journal of Theoretical and Applied Information, Vol. 95(8), pp. 1655--1668, April, 2017.Google Scholar
- D. Basin, J. Doser, and T. Lodderstedt, Model Driven Security: From UML Models to Access Control Infrastructures, ACM Transactions on Software Engineering and Methodology, Vol. 15(1), pp. 39--91, January, 2006. Google ScholarDigital Library
- T. Lodderstedt, D.A. Basin, J. Doser, Secureuml: A uml-based modeling language for model-driven security, Proceedings of the 5th International Conference on The Unified Modeling Language, Vol. 02, pp. 426--441, London, UK, 2002. Google ScholarDigital Library
- C. Wolter, M. Meznel, C. Meinel, Modeling security goals in business processes, Vol. 127 of LNI, pp. 201--216. Köllen, 2008.Google Scholar
- F. Satoh, Y. Nakamura, K. Ono, Adding Authentication to Model Driven Security, IEEE International Conference on Web Services, pp. 585--594, September, 2006. Google ScholarDigital Library
- F. Satoh, Y. Yamaguchi, Generic security policy transformation framework for ws-security, IEEE Computer Society on ICWS, pp. 513--520, 2007.Google Scholar
- F. Satoh, N. Mukhi, Y. Nakamura, et S. Hirose, Pattern-based policy configuration for SOA applications, IEEE, pp. 13--20, 2008. Google ScholarDigital Library
- F. Satoh, Y. Nakamura, N. Mukhi, M. Tatsubori, K. Ono, Methodology and tools for end-to-end SOA security configurations, in IEEE Congress on Services - Part I. IEEE Computer Society, pp. 307--314, July, 2008. Google ScholarDigital Library
- J. Juerjens, UMLsec: Extending UML for secure systems development, Proceedings of the 5th International Conference on The Unified Modeling Language, UML '02, Springer-Verlag. pp. 412--425, London, UK, 2002. Google ScholarDigital Library
- M. Hafner, M. Breu, R. Breu, and A. Nowak, "Modelling inter-organizational workflow security in a peer-to-peer environment," in ICWS '05: Proceedings of the IEEE International Conference on Web Services (ICWS'05). Washington, DC, USA: IEEE Computer Society, 2005, pp. 533--540. Google ScholarDigital Library
- J. Reznik, T. Ritter, R. Schreiner, U. Lang, Model driven development of security aspects, Electronic Notes in Theoretical Computer Science, Vol. 163(2), pp. 65--79, April, 2007. Google ScholarDigital Library
- C. Girault, R. Valk, Petri-Nets for Systems Engineering. Springer, 2003, Berlin. Google ScholarDigital Library
- C. Larman, Applying UML and Patterns, 3rd Edition, Prentice Hall, ISBN 0-13-148906-2, 2002.Google Scholar
Index Terms
- A New Extension of Larman's Operation Contracts for Security Properties Injection and Verification during the System's Internal Behavior Elaboration
Recommendations
Behavior Modeling with Interaction Diagrams in a UML and OCL Tool
BM-FA '14: Proceedings of the 2014 Workshop on Behaviour Modelling-Foundations and ApplicationsThis contribution discusses system modeling with UML behavior diagrams. We consider statecharts and both kinds of interaction diagrams, i.e., sequence and communication diagrams. We present new implementation features in a UML and OCL modeling tool: (1) ...
Formalization of UML diagrams and their consistency verification: A Z notation based approach
ISEC '08: Proceedings of the 1st India software engineering conferenceIn this paper, we have suggested a methodology for formalizing some of the commonly used UML diagrams that are used in different phases of software development in Z notation, establish their relationship and then represent the "formalized" diagrams ...
Modeling Behavior with Interaction Diagrams in a UML and OCL Tool
Revised Selected Papers of the International Workshops on Behavior Modeling -- Foundations and Applications - Volume 6368This paper discusses system modeling with UML behavior diagrams. We consider statecharts and both kinds of interaction diagrams, i.e., sequence and communication diagrams. We present new implementation features in a UML and OCL modeling tool: 1ï ...
Comments