首页    期刊浏览 2024年11月23日 星期六
登录注册

文章基本信息

  • 标题:MODEL-BASED SECURITY ENGINEERING OF SOA SYSTEM USING SECURITY INTENT DSL
  • 本地全文:下载
  • 作者:Muhammad Qaiser Saleem ; Jafreezal Jaafar ; Mohd Fadzil Hassan
  • 期刊名称:International Journal of New Computer Architectures and their Applications
  • 印刷版ISSN:2220-9085
  • 出版年度:2011
  • 卷号:1
  • 期号:3
  • 页码:565-580
  • 出版社:Society of Digital Information and Wireless Communications
  • 摘要:Currently most of the enterprises are using SOA and web services technologies to build their web information system. They are using MDA principles for design and development of WIS and using UML as a modelling language for business process modelling. Along with the increased connectivity in SOA environment, security risks rise exponentially. Security is not defined during the early phases of development and left onto developer. Properly configuring security requirements in SOA applications is quite difficult for developers because they are not security experts. Furthermore SOA security is cross-domain and all required information are not available at downstream phases. Furthermore, business process expert; who is the actual stakeholder of the business process model is unable to specify security objectives due to lake of security modelling elements in a general purpose modelling languages like UML. As a result, business process expert either ignore the security intents in their model or indicate them in textual way. A security intents DSL is presented as a UML profile where security intents can be modelled as stereotypes on UML modelling elements during the business process modelling. Aim is to facilitate the business process expert in modelling the security requirements along the business process modelling. This security annotated business process model will facilitate the architectural team in specifying the concrete security implementation. As a proof of work we apply our approach to a typical on-line flight booking system business process.
  • 关键词:Service Oriented ; Architecture; Model Driven ; Security; Unified Modeling ; Language; Business Process ; Modeling; Security Intents
国家哲学社会科学文献中心版权所有