Integration and exchangeability of external security-critical web services in a model-driven approach

Abstract

Model-driven approaches facilitate the development of applications by introducing domain-specific abstractions. Our model-driven approach called SecureMDD supports the domain of security-critical applications that use web services. Because many applications use external web services (i.e. services developed and provided by someone else), the integration of such web services is an important task of a modeldriven approach. In this paper we present an approach to integrate and exchange external developed web services that use standard or nonstandard cryptographic protocols, in security-critical applications. All necessary information is defined in an abstract way in the application model, which means that no manual changes of the generated code are necessary. We also show how security properties for the whole system including external web services can be defined and proved. For demonstration we use a web shop case study that integrates an external payment service.