|Project title||Domain-Specific Languages for Model-Driven Security Engineering|
|Duration||2 years (2011-12-01 - 2013-11-30)|
|Funded by||Austrian Research Promotion Agency (FFG) of the Austrian Federal Ministry for Transport, Innovation and Technology (BMVIT)|
|Programme line||FIT-IT / Trust in IT Systems|
|Project type||Dissertation Fellowship Project|
Security issues in software systems have become a major problem in every day's life, such as software end users, companies, and governments—just to name a few. Current software engineering processes do not emphasize the modeling and design of security properties of software artifacts. Security features are often integrated in an ad-hoc manner and are not planned systematically. Furthermore, security software tests may be skipped due to tight software delivering cycles. Research has repeatedly shown that eliminating errors early in the software development process is far cheaper than fixing security holes at a later stage or in productive systems. However, less effort is put in creating processes which take security concerns from the beginning of software developments into account.
In the ModSec
project we build on the concept of Domain-Specific Languages (DSLs) for specifying security requirements in business processes on the modeling-level and automatically transform these models to the system-level. Thereby, emphasizing the integration and test of different security- and process-related DSLs to ensure compliance of model- and system-level implementations.
The proposed approach should allow for a software development cycle considering security aspects in software engineering processes right from the beginning. Thus, research done in the ModSec
project will help to minimize the risk of security issues emerging from the development of process-aware information systems. The outcome will be new methods, concepts, and software artifacts in the area of DSL-based Model-Driven Security Engineering (MDSE).
For more information contact Bernhard Hoisl
- B. Hoisl: Towards Testing the Integration of MOF/UML-based Domain-specific Modeling Languages. In Proceedings of the 8th IASTED International Conference on Advances in Computer Science (ACS), Editors K. Piromsopa and P. Bhattarakosol, 314-323. Calgary: ACTA Press, 2013.
- B. Hoisl, S. Sobernig, and M. Strembeck: Higher-Order Rewriting of Model-to-Text Templates for Integrating Domain-specific Modeling Languages. In Proceedings of the 1st International Conference on Model-Driven Engineering and Software Development (MODELSWARD). SciTePress, 2013.
- B. Hoisl, M. Strembeck, and S. Sobernig: Towards a Systematic Integration of MOF/UML-based Domain-specific Modeling Languages. In Proceedings of the 16th IASTED International Conference on Software Engineering and Applications (SEA), Editor M. H. Hamza, 337-344. Calgary: ACTA Press, 2012.
- B. Hoisl, S. Sobernig, and M. Strembeck: Modeling and Enforcing Secure Object Flows in Process-driven SOAs: An Integrated Model-driven Approach. In Software and Systems Modeling (SoSyM), DOI 10.1007/s10270-012-0263-y. Springer, 2012.
- B. Hoisl, S. Sobernig, S. Schefer-Wenzl, M. Strembeck, and A. Baumgrass: A Catalog of Reusable Design Decisions for Developing UML- and MOF-based Domain-Specific Modeling Languages. In Technical Reports / Institute for Information Systems and New Media, 2012/01. Vienna: WU Vienna University of Economics and Business, 2012.
- B. Hoisl, S. Sobernig, S. Schefer-Wenzl, M. Strembeck, and A. Baumgrass: Design Decisions for UML and MOF based Domain-specific Language Models: Some Lessons Learned. In Proceedings of the 2nd Workshop on Process-based approaches for Model-Driven Engineering (PMDE), Editors H. Störrle, G. Botterweck, M. Bourdellès, D. Kolovos, R. Paige, E. Roubtsova, J. Rubin, J.-P. Tolvanen, 303-314. Kgs. Lyngby: Technical University of Denmark (DTU), 2012.
- B. Hoisl and M. Strembeck: A UML Extension for the Model-driven Specification of Audit Rules. In Proceedings of the 2nd International Workshop on Information Systems Security Engineering (WISSE), Editors M. Bajec and J. Eder, 16-30. Berlin: Springer, 2012.
- B. Hoisl and S. Sobernig: Integrity and Confidentiality Annotations for Service Interfaces in SoaML Models. In Proceedings of the International Workshop on Security Aspects of Process-aware Information Systems (SAPAIS), 673-679. Los Alamitos: IEEE Computer Society, 2011.
- B. Hoisl and M. Strembeck: Modeling Support for Confidentiality and Integrity of Object Flows in Activity Models. In Proceedings of the 14th International Conference on Business Information Systems (BIS), Editor Witold Abramowicz, 278-289. Berlin: Springer, 2011.