Model-Driven Development of Secure Service Applications

2012 35th Annual IEEE Software Engineering Workshop Pub Date : 2012-10-12 DOI:10.1109/SEW.2012.13

M. Borek, Nina Moebius, K. Stenzel, W. Reif

{"title":"Model-Driven Development of Secure Service Applications","authors":"M. Borek, Nina Moebius, K. Stenzel, W. Reif","doi":"10.1109/SEW.2012.13","DOIUrl":null,"url":null,"abstract":"The development of a secure service application is a difficult task and designed protocols are very error-prone. To develop a secure SOA application, application-independent protocols (e.g. TLS or Web service security protocols) are used. These protocols guarantee standard security properties like integrity or confidentiality but the critical properties are applicationspecific (e.g. “a ticket can not be used twice”). For that, security has to be integrated in the whole development process and application-specific security properties have to be guaranteed. This paper illustrates the modeling of a security-critical service application with UML. The modeling is part of an integrated software engineering approach that encompasses model-driven development. Using the approach, an application based on service-oriented architectures (SOA) is modeled with UML. From this model executable code as well as a formal specification to prove the security of the application is generated automatically. Our approach, called SecureMDD, supports the development of security-critical applications and integrates formal methods to guarantee the security of the system. The modeling guidelines are demonstrated with an online banking example.","PeriodicalId":150723,"journal":{"name":"2012 35th Annual IEEE Software Engineering Workshop","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 35th Annual IEEE Software Engineering Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SEW.2012.13","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

Abstract

The development of a secure service application is a difficult task and designed protocols are very error-prone. To develop a secure SOA application, application-independent protocols (e.g. TLS or Web service security protocols) are used. These protocols guarantee standard security properties like integrity or confidentiality but the critical properties are applicationspecific (e.g. “a ticket can not be used twice”). For that, security has to be integrated in the whole development process and application-specific security properties have to be guaranteed. This paper illustrates the modeling of a security-critical service application with UML. The modeling is part of an integrated software engineering approach that encompasses model-driven development. Using the approach, an application based on service-oriented architectures (SOA) is modeled with UML. From this model executable code as well as a formal specification to prove the security of the application is generated automatically. Our approach, called SecureMDD, supports the development of security-critical applications and integrates formal methods to guarantee the security of the system. The modeling guidelines are demonstrated with an online banking example.

查看原文本刊更多论文

安全服务应用的模型驱动开发

安全服务应用程序的开发是一项艰巨的任务，设计的协议非常容易出错。要开发安全的SOA应用程序，需要使用独立于应用程序的协议(例如TLS或Web服务安全协议)。这些协议保证了标准的安全属性，如完整性或机密性，但关键属性是特定于应用程序的(例如“票据不能被使用两次”)。为此，必须将安全性集成到整个开发过程中，并且必须保证特定于应用程序的安全性属性。本文演示了使用UML对安全关键型服务应用程序进行建模。建模是包含模型驱动开发的集成软件工程方法的一部分。使用该方法，可以使用UML对基于面向服务的体系结构(SOA)的应用程序进行建模。从这个模型中可执行的代码以及一个正式的规范来证明应用程序的安全性是自动生成的。我们的方法称为SecureMDD，它支持安全关键型应用程序的开发，并集成了保证系统安全性的正式方法。通过一个在线银行示例演示了建模指南。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2012 35th Annual IEEE Software Engineering Workshop

自引率

0.00%

发文量