Estrategia Guiada por Modelos para incluir Aspectos de Seguridad en Sistemas Empotrados Basados en Servicios Web

Gallino, Juan Pedro Silva; de Miguel, Miguel; Briones, Javier F.; Alonso, Alejandro

doi:10.1016/j.riai.2013.11.006

Información del artículo

Resumen

Texto completo

Bibliografía

Descargar PDF

Estadísticas

Resumen

En los sistemas distribuidos modernos, como la Internet o Web de las Cosas, la seguridad juega un papel preponderante. Debe prestarse especial atencio’n a la consideracio’n de estos aspectos en las primeras etapas de desarrollo. En este contexto, el desarrollo guiado por modelos de requisitos no funcionales (NF) presenta especial intere's, ya que aborda dichas caracter’ısticas NF en la etapa de disen¿o, cuando todav’ıa se pueden realizar ana’lisis, y au’n hay margen para modificaciones antes de que e'stas sean muy costosas. El uso de estas metodolog’ıas guiadas por modelos ofrece beneficios tales como el aumento de la productividad, una mayor reutilizacio’n de los elementos de disen¿o, o una mejor mantenibilidad del sistema. Este art’ıculo presenta una estrategia de desarrollo que permite integrar aspectos NF de seguridad (confidencialidad, integridad, y control de acceso) en los sistemas de software empotrado.

Palabras clave:

Desarrollo Guiado por Modelos

Perfil de Dispositivos para Servicios Web

Pol’ıticas de Servicios Web

Seguridad en Servicios Web

Abstract

In modern distributed systems, such as in the Internet or Web of Things, security plays a fundamental role. Special atention must be placed, then, in considering these aspects in the first stages of development. In this context, the model-driven development of non functional (NF) requirements is of great interest, as it addresses those NF characteristics in the design stage, when analyses can be performed, and there is room for changes while they are still not too costly. The use of modeldriven methodologies brings with them some intrinsic benefits, such as the increase in productivity, a greater reuse of design elements, or an improved maintainability of the system. This paper presents a development strategy that allows integrating non-functional security aspects (such as as confidentiality, integrity, or access control) in embedded systems design.

Keywords:

MDD DPWS

WS-Policy

WS-SecurityPolicy

Texto completo

Referencias no citadas

Asnar et al., 2009, Blet and Simo’n, 2011, CDTI, 2006, Chung et al., 2000, de Miguel et al., 2008, Didonet del Fabro et al., 2005, Dodd et al., 2007, Eby, 2007, Elrad et al., 2002, Guinard et al., 2011, Hernandez et al., 2009, Illner et al., 2006, Illner et al., 2005, ISO/IEC, 2011, Kim et al., 2007, Langer et al., 2011, Meiko Jensen and Sven Feja, 2009, Menzel and Meinel, 2009, Microsoft, 2012a, Microsoft, 2012b, Mouelhi et al., 2010, Nabil and Mohamed, 2012, OASIS, 2006, OASIS, 2009, OMG, 2007, OMG, 2008, OMG, 2009, OMG, 2011, Ortiz and Herna’ndez, 2006, Satoh et al., 2008, Shopov et al., 2007, Silva Gallino et al., 2010, Silva Gallino et al., 2011b, Silva Gallino et al., 2011a, SOA4D, 2007, Tarr et al., 1999, Theorin et al., 2012, Unger et al., 2012, Wada et al., 2008 and WS4D, 2007.

Referencias

[Asnar et al., 2009]

Asnar, Y., Felici, M., Kokolakis, S., Li, K., Saidane, A., Yautsiukhin, A. 2009. Serenity Project Deliverable A1.D5.1 - Preliminary version of S&D Metrics.

[Blet and Simo’n, 2011]

Blet, N. S., Simo’n, J. L. 2011. SOA en automatizacio’n de pymes manufacture-ras. Iberoamericana de Engenharia Industrial [2175-8018] 3 (2), 190.

[CDTI, 2006]

CDTI, 2006. ITECBAN, Infraestructura Tecnolo’gica y Metodolo’gica de Soporte para un Core Bancario. URL: http://www.daedalus.es/i-d-i/proyectos-nacionales/itecban/.

[Chung et al., 2000]

L. Chung, B.A. Nixon, E. Young, J. Mylopoulus.

Non-functional re- quirements in software engineering.

Kluwer Academic Publishing, (2000),

[de Miguel et al., 2008]

M.A. de Miguel, F. Briones, J. Silva Gallino, J.P. Alonso, A. Jun.

Integration of safety analysis in model-driven software development.

IET Software, 2 (2008), pp. 260-280

[Didonet del Fabro et al., 2005]

M. Didonet del Fabro, J. Be’zivin, F. Jouault.

AMW: a generic model weaver.

En: Proceedings of the Using metamodels to support MDD Works- hop, 10th IEEE International Conference on Engineering of Complex Com- puter Systems., (2005),

[Dodd et al., 2007]

Dodd, J., Allen, P., Butler, J., Olding, S., Veryard, R., Wilkes, L., 2007. Cbdi- sae meta model for soa version 2. Tech. rep., Everware-CBDI. URL: http://www.cbdiforum.com/public/meta_model_v2.php.

[Eby, 2007]

Eby, M., Apr. 2007. Integrating Security Modeling into Embedded System Design. Masterthesis, Vanderbilt University. URL: http://etd.library.vanderbilt.edu/available/etd-04022007-092035/.

[Elrad et al., 2002]

T. Elrad, O. Aldawud, A. Bader.

Aspect-Oriented Modeling: Bridging the Gap between Implementation and Design.

pp. 189-201

[Guinard et al., 2011]

D. Guinard, I. Ion, S. Mayer.

In search of an internet of things ser- vice architecture: Rest or ws-*?. a developers’ perspective.

pp. 326-337

[Hernandez et al., 2009]

V. Hernandez, L. Lopez, O. Prieto, J.F. Martinez, A.B. Garcia, A.D. Silva.

SOA en automatizacio’n de pymes manufactureras.

Third Inter- national Conference on Emerging Security Information Systems and Tech- nologies, (2009), pp. 87-92

[Illner et al., 2006]

Illner, S., Krumm, H., Lu¿ck, I., Pohl, A., Bobek, A., Bohn, H., Golatowski, F. 2006. Model-based management of embedded service systems - an applied approach. En: AINA (2). IEEE Computer Society, pp. 519-523.

[Illner et al., 2005]

Illner, S., Pohl, A., Krumm, H., nov. 2005. Model-driven security management of embedded service systems. En: Industrial Electronics Society, 2005. IE- CON 2005. 31st Annual Conference of IEEE. p. 6 pp. DOI: 10.1109/IECON.2005.1569326.

[ISO/IEC, 2011]

ISO/IEC, 2011. ISO/IEC 25010 Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – System and software quality models. ISO, Geneva, Switzerland.

[Kim et al., 2007]

Kim, A., Luo, J., Kang, M., 2007. Security Ontology to Facilitate Web Service Description and Discovery. En: Journal on Data Semantics IX. Vol. 4601 of Lecture Notes in Computer Science. Springer Berlin, pp. 167-195.

[Langer et al., 2011]

Langer, P., Wieland, K., Wimmer, M., Cabot, J. 2011. From uml profiles to emf profiles and beyond. En: Bishop, J., Vallecillo, A., (Eds.), Objects, Models, Components, Patterns. Vol. 6705 of Lecture Notes in Computer Science. Springer Berlin Heidelberg, pp. 52-67.

[Meiko Jensen and Sven Feja, 2009]

Meiko Jensen, Sven Feja.

A Security Modeling Approach for Web- Service-Based Business Processes. En: 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems, ECBS 2009, San Francisco, California.

USA. IEEE Computer Society, (2009), pp. 340-347

[Menzel and Meinel, 2009]

M. Menzel, C. Meinel.

A Security Meta-model for Service- Oriented Architectures. En: 2009 IEEE International Conference on Servi- ces Computing. IEEE, Bangalore, India, (Sep 2009), pp. 251-259

[Microsoft, 2012a]

Microsoft, 2012a. Micro Framework Web Page. URL: http://www.microsoft.com/en-us/netmf/default.aspx.

[Microsoft, 2012b]

Microsoft, 2012b. WSDAPI. URL: http://msdn.microsoft.com/en-us/library/windows/desktop/aa826001%28v=vs.85%29.aspx.

[Mouelhi et al., 2010]

T. Mouelhi, F. Fleurey, B. Baudry, Y. Le Traon.

A model-based frame- work for security policy specification, deployment and testing. Model Dri- ven Engineering Languages and Systems 5301/2010, (2010), pp. 537-552

[Nabil and Mohamed, 2012]

Nabil, S., Mohamed, B. 2012. Security ontology for semantic scada. En: Malki, M., Benbernou, S., Benslimane, S.M., Lehireche, A., (Eds.), ICWIT. Vol. 867 of CEUR Workshop Proceedings. CEUR-WS.org, pp. 179-192.

[OASIS, 2006]

OASIS, 2006. Web services security: Soap message security 1.1 (ws-security 2004). Security 2003 (February), 76. URL: http://docs.oasis-open.org/wss/v1.1/wss-v1. 1-spec-os-SOAPMessageSecurity.pdf.

[OASIS, 2009]

OASIS, 2009. Devices Profile for Web Services Version 1.1. OASIS (July). URL: http://docs.oasis-open.org/ws-dd/dpws/1.1/pr-01/wsdd-dpws-1.1-spec-pr-01.html.

[OMG, 2007]

OMG, 2007. Specification. A UML Profile for MARTE.

[OMG, 2008]

OMG, 2008. UML Profile for Modeling QoS and Fault Tolerance Characteris- tics and Mechanisms Version 1.1.

[OMG, 2009]

OMG, 2009. Service oriented architecture Modeling Language (SoaML)- Specification for the UML Profile and Metamodel for Services.(UPMS).

[OMG, 2011]

OMG, 2011. Business Process Model and Notation (BPMN). DOI: 10.1007/s11576-008-0096-z.

[Ortiz and Herna’ndez, 2006]

G. Ortiz, J. Herna’ndez.

Service-oriented model-driven development: Filling the extra-functional property gap. Service-Oriented Computing– ICSOC 2006 4294/2006, (2006), pp. 471-476

[Satoh et al., 2008]

Satoh, F., Nakamura, Y., Mukhi, N., Tatsubori, M., Ono, K., 2008. Methodo- logy and Tools for End-to-End SOA Security Configurations. En: 2008 IEEE Congress on Services, SERVICES I. IEEE Computer Society, Honolulu, Ha- waii, USA, pp. 307-314.

[Shopov et al., 2007]

Shopov, M., Matev, H., Spasov, G., 2007. Evaluation of Web Services Imple- mentation for ARM-based Embedded System. En: Proceedings of ELEC- TRONICS’07. Sozopol, Bulgaria, pp. 79-84.

[Silva Gallino et al., 2010]

Silva Gallino, J.P., de Miguel, M.A., Briones, J.F., Alonso, A., 2010. Model-Driven Development of a Web Service-Oriented Architecture and Security Policies. En: 2010 13th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing. IEEE Computer Society, Los Alamitos, CA, USA, Carmona, Spain, pp. 92-96.

[Silva Gallino et al., 2011b]

Silva Gallino, J.P., de Miguel, M.A., Briones, J.F., Alonso, A., 2011b. Domain-Specific Multi-Modeling of Security Concerns in Service-Oriented Architectures. LNCS - 8th International Workshop on Web Services and For- mal Methods, WS-FM’11.

[Silva Gallino et al., 2011a]

Silva Gallino, J.P. and de Miguel, M.A. and Briones, J.F. and Alonso, A., 2011a. Multi Domain-Specific Modeling of the Security Concerns of Service-Oriented Architectures. Services Computing, IEEE International Conference on 0, 761-762. DOI: 10.1109/SCC. 2011.102.

[SOA4D, 2007]

SOA4D, 2007. Web Page. URL: https://forge.soa4d.org/.

[Tarr et al., 1999]

Tarr, P., Ossher, H., Harrison, W., Sutton Jr., S.M., 1999. N degrees of separa- tion: multi-dimensional separation of concerns. International Conference on Software Engineering, 107-119.

[Theorin et al., 2012]

Theorin, A., Ollinger, L., Johnsson, C., May 2012. Service-oriented process control with grafchart and the devices profile for web services. En: 14th IFAC Symposium on Information Control Problems in Manufacturing (IN- COM). Bucharest, Romania.

[Unger et al., 2012]

Unger, S., Pfeiffer, S., Timmermann, D. may 2012. Dethroning transport layer security in the embedded world. En: New Technologies, Mobility and Secu- rity (NTMS), 2012 5th International Conference on. pp. 1-5. DOI: 10.1109/NTMS. 2012.6208685.

[Wada et al., 2008]

Wada, H., Suzuki, J., Oba, K., 2008. Early Aspects for Non-Functional Proper- ties in Service Oriented Business Processes. Services, IEEE Congress on 0, 231-238. DOI: 10.1109/SERVICES-1.2008.76.

[WS4D, 2007]

WS4D, 2007. Web Page. URL: http://www.ws4d.org/.

Indexada en:

Síguenos:

Indexada en:

Síguenos:

Suscríbase a la newsletter