Model Driven Security for the Realization of Dynamic Security Requirements

Service Oriented Architectures (SOAs) with underlying technologies like web services and web services orchestration have opened the door to a wide range of novel application scenarios, especiallyin the context of inter-organizational cooperation and business process integration. Applications builton web service technologies use plenty of standards like WS-security for the fulfillment of security requirements like confidentiality and integrity and eXtensbile Access Control Markup Language (XACML) for the specification of access policies to name a few. Theseopen standards enable the agreement and interoperability at the technical level, while abstracting theheterogeneity of different proprietary and legacy applications. One of they key problems, web services standards and their securityextensions have incurred is the low-level abstraction of these standards. The complexity involvedin these standards is still an unresolved issue, which makes them inaccessible to the domain expert, and thus prone to error. Model-driven security engineering techniques presented in this work offer a promising approach to alleviate the complexity of these standards.