A model-driven approach for securing software architectures

2013 International Conference on Security and Cryptography (SECRYPT) Pub Date : 2013-07-29 DOI:10.5220/0004611305950602

M. A. Neri, M. Guarnieri, E. Magri, S. Mutti, S. Paraboschi

{"title":"A model-driven approach for securing software architectures","authors":"M. A. Neri, M. Guarnieri, E. Magri, S. Mutti, S. Paraboschi","doi":"10.5220/0004611305950602","DOIUrl":null,"url":null,"abstract":"Current IT systems consist usually of several components and services that communicate and exchange data over the Internet. They have security requirements that aim at avoiding information disclosure and at showing compliance with government regulations. In order to effectively handle the security management of complex IT systems, techniques are needed to help the security administrator in the design and configuration of the security architecture. We propose a model-driven security approach for the design and generation of concrete security configurations for software architectures. In our approach the system architect models the architecture of the system by means of UML class diagrams, and then the security administrator adds security requirements to the model by means of Security4UML, a UML profile. From the model enriched with security requirements, the concrete security configuration is derived in a semi-automated way. We present a tool that supports this model-driven approach, and a case study that involves a distributed multi-user meeting scheduler application.","PeriodicalId":174026,"journal":{"name":"2013 International Conference on Security and Cryptography (SECRYPT)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 International Conference on Security and Cryptography (SECRYPT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5220/0004611305950602","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

Abstract

Current IT systems consist usually of several components and services that communicate and exchange data over the Internet. They have security requirements that aim at avoiding information disclosure and at showing compliance with government regulations. In order to effectively handle the security management of complex IT systems, techniques are needed to help the security administrator in the design and configuration of the security architecture. We propose a model-driven security approach for the design and generation of concrete security configurations for software architectures. In our approach the system architect models the architecture of the system by means of UML class diagrams, and then the security administrator adds security requirements to the model by means of Security4UML, a UML profile. From the model enriched with security requirements, the concrete security configuration is derived in a semi-automated way. We present a tool that supports this model-driven approach, and a case study that involves a distributed multi-user meeting scheduler application.

查看原文本刊更多论文

用于保护软件体系结构的模型驱动方法

当前的IT系统通常由几个组件和服务组成，这些组件和服务通过Internet进行通信和交换数据。它们有安全要求，旨在避免信息泄露并显示符合政府法规。为了有效地处理复杂IT系统的安全管理，需要技术来帮助安全管理员进行安全体系结构的设计和配置。我们提出了一种模型驱动的安全方法，用于设计和生成软件架构的具体安全配置。在我们的方法中，系统架构师通过UML类图对系统的体系结构进行建模，然后安全管理员通过Security4UML(一个UML概要文件)向模型添加安全需求。从安全需求丰富的模型中，以半自动化的方式导出具体的安全配置。我们提供了一个支持这种模型驱动方法的工具，以及一个涉及分布式多用户会议调度应用程序的案例研究。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2013 International Conference on Security and Cryptography (SECRYPT)

自引率

0.00%

发文量