Abstract
Model Driven Architecture is an approach to increase the quality of complex software systems by creating high-level system models and automatically generating system architectures and components out of these models. We show how this paradigm can be applied to what we call Model Driven Security for inter-organizational workflows in e-government. Our focus is on the realization of security-critical inter-organizational workflows in the context of web services and web service orchestration. Security requirements are specified at an abstract level using UML diagrams. Out of this specification security relevant artifacts are created for the target reference architecture based on upcoming web service security standards.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Austrian Signature Act (Signaturgesetz - SigG), Art. 1 of the Act published in the Austrian Federal Law Gazette, part I, Nr. 190/1999
Federal Act on Provisions Facilitating Electronic Communications with Public Bodies (E-Government Gesetz - E-GovG), Art. 1 of the Act published in the Austrian Federal Law Gazette, part I, Nr. 10/2004, entered into force on 1 March (2004)
Federal Act concerning the Protection of Personal Data (Datenschutzgesetz - DSG2000), published in the Austrian Federal Law Gazette, part I No. 165/1999, on 17 (August 1999)
Austrian Security Manual, http://www.cio.gv.at/securenetworks/sihb/
OECD Guidelines for the Security of Information Systems and Networks, http://www.ftc.gov/bcp/conline/edcams/infosecurity/popups/OECD_guidelines.pdf
Devanbu, P., Stubblebine, S.: Software engineering for security: a roadmap. In: Finkelstein, A. (ed.) The Future of Software Engineering, pp. 227–239. ACM Press, New York (2000)
Ferrari, E., Thuraisingham, B.: Secure Database Systems. In: Piattini, M., Díaz, O. (eds.) Advanced Databases: Technology Design. Artech House, London (2000)
Hall, A., Chapman, R.: Correctness by construction developing a commercial secure system. IEEE Software 19(1), 18–25 (2002)
The authors: Towards a Systematic Development of Secure Systems. Information Systems Security 13(3) (2004)
The authors: Towards Model Driven Security of Inter-Organizational Workflows. Accepted for SAPS (2004)
The authors: Modeling and Realizing Security-Critical Inter-Organizational Workflows. In: W. Dosch, N. Debnath (Eds.): Proceedings IASSE 2004, ISCA (2004) ISBN 1-880843-52-X
BEA, IBM, Microsoft, SAP AG, Siebel Systems Specification: Business Process Execution Language for Web Services Version 1.1 (May 2003), http://www.ibm.com/developerworks/library/ws-bpel
Christensen, E., Curbera, F., Meredith, G., Weerawarana, S.: Web Services Description Language (WSDL) 1.1., http://www.w3.org/TR/wsdl
BEA, IBM, Microsoft: Web services Transaction (WS-Transaction), http://www-6.ibm.com/ developerworks/webservices/library/ws-transpec/
BEA, Intalio, Sun Microsystems, SAP: Web Service Choreography Interface (WSCI) 1.0, http://www.w3.org/TR/wsci/
Arkin: Business Process Modeling Language. BPMI.org, San Mateo (2002) Proposed Final Draft
IBM, Microsoft, VeriSign: Web services Security (WS-Security), http://www-106.ibm.com/developerworks/webservices/library/ws-secure/
Godik, S., Moses, T.: eXtensible Access Control Markup Language (XACML) Version 1.0 3 OASIS Standard, 18 February (2003), http://www.oasis-open.org/committees/xacml/repository
Cantor, S., Kemp, J., Maler, E.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0, Last-Call Working Draft 17, 13 July (2004), http://www.oasis-open.org/committees/download.php/7737/sstc-saml-core-2.0-draft-17.pdf
Lodderstedt, T.: Model Driven Security: from UML Models to Access Control Architectures. Dissertation, Univ. of Freiburg (2003)
Leyman, F., Roller, D.: Production Workflow: Concepts and Techniques. Prentice-Hall, Englewood Cliffs (2000)
UML: http://www.uml.org
OMG, UML 2.0 Superstructure Specification, http://www.omg.org/docs/ptc/03-08-02.pdf
van der Aalst, W.M.P., Weske, M.: The P2P appraoch to Interorganizational Workflows. In: Dittrich, K.R., Geppert, A., Norrie, M.C. (eds.) Proceedings of the 13th International Conference on Advanced Information Systems Engineering (CAiSE 2001), pp. 140–156. Springer, Berlin (2001)
IBM: BPWS4J, http://www.alphaworks.ibm.com/tech/bpws4j
Bertino, E., Castano, S., Ferrari, E.: Securing XML Documents with Author X. IEEE Internet Computing 5(3), 21–31 (2001)
Chadwick, D.W.: RBAC Policies in XML for X.509 Based Privilege Management. In: Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives 2002, pp. 39–54 (2002)
Thompson, M., Essiari, A., Mudumbai, S.: Certificate-based Authorization Policy in a PKI Environment. ACM Transactions on Information and System Security 6(4), 566–588 (2003)
van der Aalst, W.M.P.: Loosely Coupled Interorganizational Workflows: Modeling and Analyzing Workflows Crossing Organizational Boundaries. Information and Management 37(2), 67–75 (2000)
van der Aalst, W.M.P.: Process-oriented Architectures for Electronic Commerce and Interorganizational Workflow. Information Systems 24(8), 639–671 (1999)
Luo, Z., Shet, A., Kochut, K., Miller, J.: Exception Handling in Workflow Systems. Applied Intelligence 13(2), 125–147 (2000)
Grefen, P., Aberer, K., Hoffner, Y., Ludwig, H.: CrossFlow: cross-organizational workflow management in dynamic virtual enterprises. International Journal of Computer Systems Science & Engineering 15(5), 277–290 (2000)
Casati, F., Shan, M.: Event-based Interaction Management for Composite E-Services in eFlow. Information Systems Frontiers 4(1), 19–31 (2002)
Atluri, V., Huang, W.K.: Enforcing Mandatory and Discretionary Security in Workflow Management Systems. In: Proceedings of the 5th European Symposium on Research in Computer Security (1996)
Gudes, E., Olivier, M., van de Riet, R.: Modelling, Specifying and Implementing Workflow Security in Cyberspace. Journal of Computer Security 7(4), 287–315 (1999)
Huang, W.K., Atluri, V.: SecureFlow: A secure Web-enabled Workflow Management System. In: ACM Workshop on Role-Based Access Control 1999, pp. 83–94 (1999)
Wainer, J., Barthelmess, P., Kumar, A.: W-RBAC – A Workflow Security Model Incorporating Controlled Overriding of Constraints. International Journal of Cooperative Information Systems 12(4), 455–485 (2003)
Basin, D., Doser, J., Lodderstedt, T.: Model Driven Security for Process-Oriented Systems. In: 8th ACM Symposium on Access Control Models and Technologies. ACM Press, New York (2003)
Lang, U.: Access Policies for Middleware. PhD Thesis, University of Cambridge (2003)
Lodderstedt, T., Basin, D., Doser, J.: SecureUML: A UML-Based Modeling Language for Model-Driven Security. In: Jézéquel, J.-M., Hussmann, H., Cook, S. (eds.) Proceedings of the 5th International Conference on the Unified Modeling Language, pp. 426–441. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Breu, R., Hafner, M., Weber, B., Novak, A. (2005). Model Driven Security for Inter-organizational Workflows in e-Government. In: Böhlen, M., Gamper, J., Polasek, W., Wimmer, M.A. (eds) E-Government: Towards Electronic Democracy. TCGOV 2005. Lecture Notes in Computer Science(), vol 3416. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-32257-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-32257-3_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25016-6
Online ISBN: 978-3-540-32257-3
eBook Packages: Computer ScienceComputer Science (R0)