Model driven security engineering for the realization of dynamic security requirements in collaborative systems

Abstract

Service Oriented Architectures with underlying technologies like web services and web services orchestration have opened the door to a wide range of novel application scenarios, especially in the context of inter-organizational cooperation. One of the remaining obstacles for a wide-spread use of these techniques is security. Companies and organizations open their systems and core business processes to partners only if a high level of trust can be guaranteed. The emergence of web services security standards provides a valuable and effective paradigm for addressing the security issues arising in the context of inter-organizational cooperation. The low level of abstraction of these standards is, however, still an unresolved issue which makes them inaccessible to the domain expert and remains a major obstacle when aligning security objectives with the customer needs. Their complexity makes implementation easily prone of error. This paper provides a bird eye view of a doctoral work, where an effort is made to develop a conceptual framework - called SECTET in order to apply model driven security engineering techniques for the realization of high-level security requirements. © Springer-Verlag Berlin Heidelberg 2007.