Title :
Model driven security
Author_Institution :
Dept. of Comput. Sci., Eidgenossische Tech. Hochschule, Zurich, Switzerland
Abstract :
Summary form only given. We present an approach to integrating security into the system design process. Namely, models are made of system designs along with their security requirements, and security architectures are automatically generated from the resulting security-design models. We call the resulting approach "model driven security" as it represents a specialization of model driven development to the domain of system security. To illustrate these ideas we present SecureUML, a modeling language based on UML for modeling system designs along with their security requirements. From SecureUML models, we automatically generate security architectures, built from declarative and procedural access control mechanisms, for distributed middleware-based applications. The process has been implemented in the ArcStyler tool, which generates security infrastructures based on Sun\´s Enterprise Java Bean standard. We report on case studies using this tool, which illustrate the flexibility and power of our approach.
Keywords :
Unified Modeling Language; authorisation; middleware; ArcStyler tool; Enterprise Java Bean standard; SecureUML modeling language; declarative access control; distributed middleware-based applications; model driven security; procedural access control; security architectures; security requirements; Access control; Availability; Computer science; Computer security; Distributed power generation; Information security; Java; Power system security; Sun; Unified modeling language;
Conference_Titel :
Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on
Print_ISBN :
0-7695-2567-9
DOI :
10.1109/ARES.2006.82
