A Generic Platform for Model Driven Business Security

Due to the distributed nature of software in the Internet age, almost all enterprise business applications are security sensitive. Developing software systems ensuring the required level of security is therefore one of the big challenges in IT in the next decade and a major key for improvement is Software Engineering. Raising the state-of-the-art from Software Engineering to Security Engineering developers have to be supported by concepts, methods and tools for the systematic and cost-effective development of secure solutions. This comprises the specification of security requirements as a basis of a seamless lifecycle of security-critical systems, systematic business driven security risk analysis as a basis for selecting cost-effective solutions and the development of high- level security services as building blocks of component-based software construction. SECTISSIMO focuses on foundational aspects of the development and use of security services following a model driven approach. SECTISSIMO will provide a generic extensible platform for defining and composing security services. Examples of such security services range from confidential document exchange to non-repudiation and rights delegation. Main aspects within the focus of SECTISSIMO are a rigorous layered architecture separating business level aspects, platform independent security solutions and technology dependent controls. Moreover, we will develop a foundational approach for the composition and interference of security services.

The goal of SECTISSIMO has been to provide tool-based concepts for the business oriented enforcement of security requirements in dynamic distributed environments. The field of MDS (Model Driven Security) has been significantly enhanced by integrating pattern refinement concepts into the traditional transformation functions. Furthermore, an enforcement model based on the concept of Security as a service has been investigated. SECTISSIMO builds upon the concepts of our previous framework SECTET a framework for Model driven Security. SECTET supports business partners during the development and distributed management of decentralized, security critical collaborations across domain boundaries. SECTET primarily aimed at the correct technical implementation of business level security requirements: the transformation functions directly generated code artifacts configuring the partners target infrastructures based on the abstract models which defined the functional and security requirements. SECTISSIMOs three-layered approach overcomes the central limitations of the initial two-layered approach and realized the following key innovations: 1. SECTISSIMOs Model Transformation Concept supports a guided refinement process allowing the security engineer to specify platform independent services which are gradually enriched with architectural, platform specific and technical detail. The security engineer can choose from various architectural patterns (e.g., brokered or direct authentication, single-sign-on etc.) for every abstract security requirement. The transformation component supports the refinement process in a generic and flexible way such that a change of pattern or the enhancement of the framework by new patterns have local effects only. 2. SECTISSIMOs Code Generation Component implements an adaptor-style concept facilitating the enrichment of the chosen platform independent patterns with implementation specific detail and the generation of code artifacts complying with various (XML-) standards. The specific format and syntax of code artifacts are configured through meta-models that are loaded into the framework. 3. SECTISSIMOs Security as a Service Reference Architecture (SeAA) transposes the model of Software as a Service to the domain of security architectures. SeAAS resolves a variety of the conceptual issues linked with the current practice to implement security functionality exclusively at the end-point. We could demonstrate both the applicability of SeAAS concerning performance aspects and for realizing complex security requirements of decentralized processes involving two or more domains.