基于web服务的业务流程的安全建模方法

2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems Pub Date : 2009-04-14 DOI:10.1109/ECBS.2009.14

Meiko Jensen, Sven Feja

{"title":"基于web服务的业务流程的安全建模方法","authors":"Meiko Jensen, Sven Feja","doi":"10.1109/ECBS.2009.14","DOIUrl":null,"url":null,"abstract":"The rising need for security in SOA applications requires better support for management of non-functional properties in web-based business processes. Here, the model-driven approach may provide valuable benefits in terms of maintainability and deployment. Apart from modeling the pure functionality of a process, the consideration of security properties at the level of a process model is a promising approach. In this work-in-progress paper we present an extension to the ARIS SOA Architect that is capable of modeling security requirements as a separate security model view. Further we provide a transformation that automatically derives WS-Security Policy-conformant security policies from the process model, which in conjunction with the generated WS-BPEL processes and WSDL documents provides the ability to deploy and run the complete security-enhanced process based on Web Service technology.","PeriodicalId":263562,"journal":{"name":"2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems","volume":"794 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"47","resultStr":"{\"title\":\"A Security Modeling Approach for Web-Service-Based Business Processes\",\"authors\":\"Meiko Jensen, Sven Feja\",\"doi\":\"10.1109/ECBS.2009.14\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The rising need for security in SOA applications requires better support for management of non-functional properties in web-based business processes. Here, the model-driven approach may provide valuable benefits in terms of maintainability and deployment. Apart from modeling the pure functionality of a process, the consideration of security properties at the level of a process model is a promising approach. In this work-in-progress paper we present an extension to the ARIS SOA Architect that is capable of modeling security requirements as a separate security model view. Further we provide a transformation that automatically derives WS-Security Policy-conformant security policies from the process model, which in conjunction with the generated WS-BPEL processes and WSDL documents provides the ability to deploy and run the complete security-enhanced process based on Web Service technology.\",\"PeriodicalId\":263562,\"journal\":{\"name\":\"2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems\",\"volume\":\"794 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-04-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"47\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ECBS.2009.14\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ECBS.2009.14","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 47

摘要

SOA应用程序中对安全性日益增长的需求要求对基于web的业务流程中的非功能属性的管理提供更好的支持。在这里，模型驱动的方法可以在可维护性和部署方面提供有价值的好处。除了对流程的纯功能进行建模之外，在流程模型级别考虑安全属性也是一种很有前途的方法。在这篇正在进行的论文中，我们提出了对ARIS SOA Architect的扩展，该扩展能够将安全需求建模为单独的安全模型视图。此外，我们还提供了一个转换，该转换自动从流程模型派生符合WS-Security policy的安全策略，该转换与生成的WS-BPEL流程和WSDL文档结合使用，提供了基于Web服务技术部署和运行完整的安全性增强流程的能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

A Security Modeling Approach for Web-Service-Based Business Processes

The rising need for security in SOA applications requires better support for management of non-functional properties in web-based business processes. Here, the model-driven approach may provide valuable benefits in terms of maintainability and deployment. Apart from modeling the pure functionality of a process, the consideration of security properties at the level of a process model is a promising approach. In this work-in-progress paper we present an extension to the ARIS SOA Architect that is capable of modeling security requirements as a separate security model view. Further we provide a transformation that automatically derives WS-Security Policy-conformant security policies from the process model, which in conjunction with the generated WS-BPEL processes and WSDL documents provides the ability to deploy and run the complete security-enhanced process based on Web Service technology.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems

自引率

0.00%

发文量