Hasso-Plattner-Institut
 
    • de
 

... one of the research topics of the team of Prof. Dr. Christoph Meinel

Getting from abstract security requirements to a secure SOA is the challenge in the area of model-driven security. To facilitate a consistent security configuration of multiple systems in an SOA, dependencies and contradictions between different requirements need to be taken into consideration. Therefore, a conceptional security model has been developed that enables the description of security policies as a set of abstract security intentions, which can be translated automatically into concrete security policies (e.g. WS-Policy).

From System Design Modells to SOA Security Policies

Service-oriented Architectures (SOA) facilitate the provision and orchestration of business services to enable a faster adoption to changing business demands. The usage of services in different and changing security contexts requires a dynamic adaption of security mechanisms and requirements.

To facilitate and simplify the generation of enforceable security policies, we foster a model-driven approach based on the model-ling of security intentions in system design models. These security intentions are translated to a security meta-model for SOA that is used to generate Web Service policies.

Fig.1: Modell-driven Security Engineering in SOA

A security design language for SOA

Our security design language Secure-SOA enables the defnition and formal verifcation of security intentions in any system design language. As a proof of concept, we integrated SecureSOA  in Fundamental Modelling Concept (FMC) Block Diagrams.

Fig. 2: FMC enhanced with SecureSOA

Pattern-driven generation of security policies

To generate security confgurations based on modelled security intentions, a transformation is performed using security patterns. These patterns provide expertise knowledge to determine an appropriate strategy to secure services and resources.

Fig. 3: Security Patterns for SOA

Further Information

Proof of Concept

Visit the project page of our Service Security LAB.

Other Links

... to our Research
              Security Engineering - Learning & Knowledge Tech - Design Thinking - former
... to our Teaching
              Tele-Lectures - MOOCs - Labs - Systems 
... to our Publications
              Books - Journals - Conference-Papers - Patents
... and to our Annual Reports.