Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Issue title: Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Subtitle: A model-driven approach
Article type: Research Article
Authors: Alam, Muhammad | Hafner, Michael | Breu, Ruth
Affiliations: Research Group “Quality Engineering” Universität Innsbruck, Austria. E-mail: muhammad.alam@uibk.ac.at, m.hafner@uibk.ac.at, ruth.breu@uibk.ac.at
Abstract: With respect to Service Oriented Architectures (SOA's) paradigm, the core Role Based Access Control (RBAC) has several limitations. In SOA, permissions to execute web services are not assigned statically to roles but are associated with a set of Permission Assignment Constraints (PAC) upon the fulfilment of which a role is assigned a permission to execute a web service. Further, the RBAC does not support partial inheritance which is an integral requirement in SOA. A major challenge in SOA is the inheritance of permissions associated with PAC in the presence of role hierarchies. This contribution has three objectives. First we propose an extension to Role Based Access Control (available at http://csrc.nist.gov/rbac/), which we call Constraint based RBAC (CRBAC), in order to make RBAC applicable to the dynamic environment of SOA. Within CRBAC, a high-level language – called SECTET-PL (available at http://qe-informatik.uibk.ac.at/~muhammad/TechnicalReportSECTETPL.pdf) is used for the specification of PAC. Being part of the SECTET-framework for model-driven security for B2B-workflows, SECTET-PL is a policy language influenced by OCL (available at http://www.omg.org/docs/ptc/03-10-14.pdf) and interpreted in the context of UML models. Using the Model Driven Architecture (MDA) (available at http://www.omg.org/mda) paradigm, we then describe the transformation of high-level security models to low-level web services standard artefacts with the help of the Eclipse Modelling Framework and OpenArchitectureWare. Finally, we present the target architecture of the SECTET-framework used to realize the security artefacts generated from the transformations and thus completes the cycle of MDA.
Keywords: Domain specific language, model driven architecture, model driven engineering, service oriented architecture
DOI: 10.3233/JCS-2008-16206
Journal: Journal of Computer Security, vol. 16, no. 2, pp. 223-260, 2008
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl