Home            Contact us            FAQs
    
      Journal Home      |      Aim & Scope     |     Author(s) Information      |      Editorial Board      |      MSP Download Statistics

     Research Journal of Applied Sciences, Engineering and Technology


A Qualitative Study of Domain Specific Languages for Model Driven Security

Muhammad Qaiser Saleem
College of Computer Sciences and Information Technology, Al Baha University, Al Baha, Kingdom of Saudi Arabia
Research Journal of Applied Sciences, Engineering and Technology  2014  17:3514-3521
http://dx.doi.org/10.19026/rjaset.7.703  |  © The Author(s) 2014
Received: October 19, 2013  |  Accepted: November 21, 2013  |  Published: May 05, 2014

Abstract

In Model-Driven development, software system design is represented through models which are created using general purpose modeling languages e.g., UML. Later on system artifacts are automatically generated from these models. Model-Driven Security is a specialization of Model-Driven paradigm towards the domain of security, where security objectives are modeled along the system models and security infrastructures are directly generated from these models. Currently available general purpose modeling languages like UML do not have capability to model the security objectives along the system models. Over the past decade, many researchers are trying to address these limitations of the general purpose modeling languages and come up with several Domain Specific Modeling Languages for Model Driven Security. In this study, a comparative study is presented regarding the security Domain Specific Modeling Languages presented by the most prominent researchers for the development of secure system. A success criteria has been defined and these DSLs are critically analyzed based on it to obtain the qualitative results.

Keywords:

Domain specific language, model driven security , model driven software development, software modeling languages,


References

  1. Abbas, T. and T. Charles, 1998. Mixed Methodology Combining Qualitative and Quantitative Approaches. SAGE Publications, Thousand Oaks, Calif.
  2. Achim, D. and J.D. Brucker, 2007. Metamodel-based UML notations for domain-specific languages. Proceeding of 4th International Workshop on Language Engineering (ATEM, 2007).
  3. Alam, M., 2007a. Model driven realization of dynamic security requirements in distributed systems. Ph.D. Thesis, University of Insbruck, Austria.
  4. Alam, M., 2007b. Model Driven Security Engineering for the Realization of Dynamic Security Requirements in Collaborative Systems. In: Kuhne, T. (Ed.), MoDELS 2006 Workshops, LNCS 4364, Springer-Verlag, Berlin, Heidelberg, pp: 278-287.
    CrossRef    
  5. Atkinson, C. and T. Kuhne, 2003. Model-driven development: a metamodeling foundation. IEEE Software, 20(5): 36-41.
    CrossRef    
  6. Basin, D., J. Doser and T. Lodderstedt, 2006. Model driven security: From UML models to access control infrastructures. ACM T. Softw. Eng. Meth., 15(1): 39-91.
    CrossRef    
  7. Basin, D., C. Manuel and E. Marina, 2011. A decade of model-driven security. Proceedings of the 16th ACM Symposium on Access Control Models and Technologies (SACMAT '11), pp: 1-10.
    CrossRef    
  8. Christian, W., M. Michael and M. Christoph, 2008. Modelling security goals in business processes. Proceeding of GI Modellierung 2008. GI LNI 127, Berlin, Germany, pp: 197-212.
  9. Christian, W., M. Michael, M. Christoph, S. Andreas and M. Philip, 2009. Model-driven business process security requirement specification. J. Syst. Archit., 55(4): 211-223.
    CrossRef    
  10. Cresswell, J.W., 2009. Research Design: Quantitative, Qualitative and Mixed Methods Approaches. 3rd Edn., SAGE, Los Angeles.
  11. Dawson, C., 2002. Practical Research Methods: A User Friendly Guide. How to Books, Oxford.
  12. Giovanni, G., M. Beatriz and P. Oscar, 2009. Integration of domain-specific modeling languages and uml through uml profile extension mechanism. Int. J. Comput. Sci. Appl. Technomath. Res. Found., 6(5): 145-174.
  13. Jürjens, J., 2002. UMLsec: Extending UML for secure systems development. Lect. Notes Comput. Sci., 2460: 412-425.
    CrossRef    
  14. Kai, C., S. Janos and N. Sandeep, 2005. Toward a semantic anchoring infrastructure for domain-specific modeling languages. Proceedings of 5th International Conference on Embedded Software (EMSOFT '05), pp: 35-43.
    PMid:15704660    
  15. Klarl, H., C. Wolff and C. Emig, 2009. Identity management in business process modelling: A model-driven approach. Proceeding of 9th International Conference on Business Computer Science Concepts, Technologies, Applications. Vienna, (German), Feb. 25 -27.
    PMid:19283652    
  16. Lodderstedt, T., 2004. Model driven security: From UML models to access control architectures. Ph.D. Thesis, Albert-Ludwig University of Freiberg, Germany.
  17. Loraine, B., H. Christina and T. Malcolm, 2001. How to Research. 2nd Edn., Open University Press, Buckingham, Philadelphia.
    PMid:11317892    
  18. Memon, M., 2011. Security Modeling with pattern refinement for security-as-a-service architecture. Ph. D. Thesis, University of Insbruck, Austria.
  19. Menzel, M. and C. Meinel, 2010. SecureSOA modelling security requirements for service-oriented architectures. Proceeding of IEEE International Conference on Services Computing (SCC), pp: 146-153.
    CrossRef    
  20. Menzel, M., I. Thomas and C. Meinel, 2009. Security requirements specification in service-oriented business process management. Proceeding of International Conference on Availability, Reliability and Security (ARES '09), pp: 41-48.
    CrossRef    
  21. Michal, H. and B. Ruth, 2009. Security Engineering for Service-oriented Architectures. Springer-Verlag, Berlin, Heidelberg, ISBN: 978-3-540-79538-4.
  22. Michal, H., B. Ruth, A. Berthold and N. Andrea, 2006. SECTET: An extensible framework for the realization of secure inter-organizational workflows. Internet Res., 16(5): 491-506.
    CrossRef    
  23. Mukhtiar, M., H. Michael and B. Ruth, 2008. SECTISSIMO: A platform-independent framework for security services. Proceeding of Modeling Security Workshop (MODSEC, 08).
  24. OMG, 2011. OMG Model Driven Architecture. (Accesed on: Oct. 30, 2011).
    Direct Link
  25. Rodríguez, A., F.M. Eduardo and P. Mario, 2006a. Security requirement with a UML 2.0 profile. Proceeding of the 1st International Conference on Availability, Reliability and Security (ARES 2006).
    CrossRef    
  26. Rodríguez, A., F.M. Eduardo and P. Mario, 2006b. Towards a UML 2.0 Extension for the Modeling of Security Requirements in Business Processes. In: Fischer-Hubner, S. et al. (Eds.), TrustBus, 2006. LNCS 4083, Springer-Verlag, Berlin, Heidelberg, pp: 51-61.
    CrossRef    
  27. Rodríguez, A., F.M. Eduardo and P. Mario, 2007a. A BPMN extension for the modeling of security requirements in business processes. IEICE T. Inf. Syst., E90-D(4): 745-752.
    CrossRef    
  28. Rodríguez, A., F.M. Eduardo and P. Mario, 2007b. Towards CIM to PIM transformation: From secure business processes defined in BPMN to use-cases. Lect. Notes Comput. Sci., 4714: 408-415.
    CrossRef    
  29. Roy Grønmo, I.S., 2004. Towards modeling web service composition in UML. Proceeding of the 2nd International Workshop on Web Services: Modeling, Architecture and Infrastructure. Porto, Portugal.
  30. Runeson, P. and M. Höst, 2009. Guidelines for conducting and reporting case study research in software engineering. Empir. Softw. Eng., 14(2): 131-164.
    CrossRef    
  31. Ruth, B., B. Klaus, H. Michael, J. Jan, W. Guido and L. Volkmar, 2003. Key issues of a formally based process model for security engineering. Proceedings of the 16th International Conference on Software and Systems Engineering and their Applications (ICSSEA, 03).
  32. Saleem, M.Q., J. Jaafar and M.F. Hassan, 2012a. Secure business process modelling of SOA applications using UML-SOA-Sec. Int. J. Innov. Comput. I., 8(4): 2729-2746.
  33. Saleem, M.Q., J. Jaafar and M.F. Hassan, 2012b. Model-based security engineering of SOA systems using modified "UML-SOA-Sec. Adv. Inf. Sci. Serv. Sci. (AISS), Int. J. Res. Innov., 4(9): 79-88.
  34. Satoh, F., Y. Nakamura, N.K. Mukhi and M. Tatsubori, 2008. Methodology and tools for end-to-end SOA security configurations. Proceeding of IEEE Congress on Services- Part I. Honolulu, HI, pp: 307-314.
    CrossRef    
  35. Selic, B., 2007. A systematic approach to domain-specific language design using UML. Proceeding of 10th IEEE International Symposium on Object and Component-oriented Real-time Distributed Computing (ISORC '07), pp: 2-9.
    CrossRef    
  36. Tomaž Lukman, M.M., 2008. Model-driven engineering and its introduction with metamodeling tools. Proceeding of 9th International PhD Workshop on Systems and Control: Young Generation Viewpoint. Izola, Slovenia.
  37. Ulrich Lang, R.S., 2009. Top SOA Security Concerns and OpenPMF Model-driven Security. Object Security White-paper, Topics Cloud Computing and Security Management.
  38. Yin, R.K., 2003. Case Study Research Design and Methods. 3rd Edn., Sage, Thousand Oaks, CA.

Competing interests

The authors have no competing interests.

Open Access Policy

This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Copyright

The authors have no competing interests.

ISSN (Online):  2040-7467
ISSN (Print):   2040-7459
Submit Manuscript
   Information
   Sales & Services
Home   |  Contact us   |  About us   |  Privacy Policy
Copyright © 2024. MAXWELL Scientific Publication Corp., All rights reserved