JOURNAL OF SOFTWARE (JSW)
ISSN : 1796-217X
Volume : 2    Issue : 1    Date : February 2007

Model-Driven Security Engineering for Trust Management in SECTET
Muhammad Alam, Ruth Breu, and Michael Hafner
Page(s): 47-59
Full Text:
PDF (1,966 KB)


Abstract
Service Oriented Architectures with underlying technologies like web services and web services
orchestration have opened the door to a wide range of novel application scenarios, especially in the
context of inter-organizational cooperation. One of the remaining obstacles for a widespread use of
these techniques is security. Companies and organizations open their systems and core business
processes to partners only if a high level of trust can be guaranteed. The emergence of web
services security standards provides a valuable and effective paradigm for addressing the security
issues arising in the context of inter-organizational cooperation. The low level of abstraction of these
standards is, however, still an unresolved issue which makes them inaccessible to the domain
expert and remains a major obstacle when aligning security objectives with the customer needs.
Their complexity makes implementation easily prone of error. The SECTET – a model-driven
security engineering framework for B2B-workflows – facilitates the design and implementation of
secure inter-organizational workflows. This contribution has three objectives. First we present a
high-level domain specific language – called SECTET-PL. Being part of the SECTET-framework,
SECTET-PL is a policy language influenced by Object Constraint Language and interpreted in the
context of UML models.We then detail the Meta Object Facility based metamodels for the integration
of business requirements with the security requirements. Finally, using Model Driven Architecture
paradigm, we describe the transformation of high-level security models to low-level web services
standard artefacts with the help of Eclipse Modelling Framework and OpenArchitectureWare.

Index Terms
Domain Specific Language, Model Driven Architecture, Model Driven Engineering, Service Oriented
Architecture