• de

A Security Modeling Approach for Web-Service-based Business Processes

The rising need for security in SOA applications requires better support for management of non-functional properties in web-based business processes. Here, the model-driven approach may provide valuable benefits in terms of maintainability and deployment. Apart from modeling the pure functionality of a process, the consideration of security properties at the level of a process model is a promising approach.
In this talk, we present an extension to the ARIS SOA Architect that is capable of modeling security requirements as a separate security model view. Further we provide a transformation that automatically derives WS-SecurityPolicy-conformant security policies from the process model, which in conjunction with the generated WS-BPEL processes and WSDL documents provides the ability to deploy and run the complete security-enhanced process based on Web Services technology.

Zur Person

Prof. Dr. Jörg Schwenk has the chair for Network and Data Security at the Horst Görtz Institute for IT Security at RUB since 2003. From 1993-2001 he worked in the security department of Deutsche Telekom on different projects. He has written more than 60 patents, and more than 50 scientific publications. His research interests include cryptographic protocols (especially multi-party protocols), XML and Web Service security and internet security (especially protection against real world challenges such as pharming or WWW-based attacks).