Model-driven security for Web services in e-Government system: Ideal and real

Abstract

Web services facilitate agile development and deployment of new services in e-Government systems. Due to their distributed nature, Web services as well as e-Government systems must be secured against various cyber attacks and ensured that only authorized users can have access to valuable and sometimes sensitive information and resources. However, correct and efficient security engineering for Web service-based e-Government systems is not a trivial task. Model-driven security (MDS) is considered to be a promising approach to reduce complexity and increase efficiency in the design and development of secure Web services for e-Government systems. Nevertheless, the practicability of MDS has yet not been fully assessed. In a recent pilot project, we have applied MDS to the design and development of Web services for the actual e-Government system in Austria. Our work shows that despite extensive research work, several aspects of MDS need to be adapted and further developed such that one can really benefit from such an approach in practice. Our work on addressing these aspects provides realistic assessment and valuable insights on the application of MDS to Web services in the real world.