Project title	Domain-Specific Languages for Model-Driven Security Engineering
Short title	ModSec
Duration	2 years (2011-12-01 - 2013-11-30)
Funded by	Austrian Research Promotion Agency (FFG) of the Austrian Federal Ministry for Transport, Innovation and Technology (BMVIT)
Programme line	FIT-IT / Trust in IT Systems
Project type	Dissertation Fellowship Project

Security issues in software systems have become a major problem in every day's life, such as software end users, companies, and governments—just to name a few. Current software engineering processes do not emphasize the modeling and design of security properties of software artifacts. Security features are often integrated in an ad-hoc manner and are not planned systematically. Furthermore, security software tests may be skipped due to tight software delivering cycles. Research has repeatedly shown that eliminating errors early in the software development process is far cheaper than fixing security holes at a later stage or in productive systems. However, less effort is put in creating processes which take security concerns from the beginning of software developments into account.

In the ModSec project we build on the concept of Domain-Specific Languages (DSLs) for specifying security requirements in business processes on the modeling-level and automatically transform these models to the system-level. Thereby, emphasizing the integration and test of different security- and process-related DSLs to ensure compliance of model- and system-level implementations.

The proposed approach should allow for a software development cycle considering security aspects in software engineering processes right from the beginning. Thus, research done in the ModSec project will help to minimize the risk of security issues emerging from the development of process-aware information systems. The outcome will be new methods, concepts, and software artifacts in the area of DSL-based Model-Driven Security Engineering (MDSE).


For more information contact Bernhard Hoisl.


Resources

• B. Hoisl: Towards Testing the Integration of MOF/UML-based Domain-specific Modeling Languages. In Proceedings of the 8th IASTED International Conference on Advances in Computer Science (ACS), Editors K. Piromsopa and P. Bhattarakosol, 314-323. Calgary: ACTA Press, 2013.
  • Paper: PDF


• B. Hoisl, S. Sobernig, and M. Strembeck: Higher-Order Rewriting of Model-to-Text Templates for Integrating Domain-specific Modeling Languages. In Proceedings of the 1st International Conference on Model-Driven Engineering and Software Development (MODELSWARD). SciTePress, 2013.
  • Paper: PDF
  • Package org.eclipse.epsilon.egl.dom: Source Files
  • Package org.eclipse.epsilon.eol.dom: Source Files (EpsilonStaticAnalysis Branch) | Patch
  • Integration Scenario: Software Artifacts


• B. Hoisl, M. Strembeck, and S. Sobernig: Towards a Systematic Integration of MOF/UML-based Domain-specific Modeling Languages. In Proceedings of the 16th IASTED International Conference on Software Engineering and Applications (SEA), Editor M. H. Hamza, 337-344. Calgary: ACTA Press, 2012.
  • Paper: PDF


• B. Hoisl, S. Sobernig, and M. Strembeck: Modeling and Enforcing Secure Object Flows in Process-driven SOAs: An Integrated Model-driven Approach. In Software and Systems Modeling (SoSyM), DOI 10.1007/s10270-012-0263-y. Springer, 2012.
  • Paper: PDF
  • SecureObjectFlows Meta-Model: XMI Model | OCL Constraints
  • SecureObjectFlows::Services Meta-Model: OCL Constraints
  • «profile» SOF: XMI and Papyrus Model | OCL Constraints
  • «profile» SOF::Services: XMI Model | OCL Constraints
  • MDD4SOA+SOF: Patch
  • Credit Application Example: MagicDraw Model | XMI Export | Intermediate Model Transformations | WSDL/BPEL Transformations


• B. Hoisl, S. Sobernig, S. Schefer-Wenzl, M. Strembeck, and A. Baumgrass: A Catalog of Reusable Design Decisions for Developing UML- and MOF-based Domain-Specific Modeling Languages. In Technical Reports / Institute for Information Systems and New Media, 2012/01. Vienna: WU Vienna University of Economics and Business, 2012.
  • Paper: PDF
  • Institutional Repository: ePub^WU


• B. Hoisl, S. Sobernig, S. Schefer-Wenzl, M. Strembeck, and A. Baumgrass: Design Decisions for UML and MOF based Domain-specific Language Models: Some Lessons Learned. In Proceedings of the 2nd Workshop on Process-based approaches for Model-Driven Engineering (PMDE), Editors H. Störrle, G. Botterweck, M. Bourdellès, D. Kolovos, R. Paige, E. Roubtsova, J. Rubin, J.-P. Tolvanen, 303-314. Kgs. Lyngby: Technical University of Denmark (DTU), 2012.
  • Paper: PDF


• B. Hoisl and M. Strembeck: A UML Extension for the Model-driven Specification of Audit Rules. In Proceedings of the 2nd International Workshop on Information Systems Security Engineering (WISSE), Editors M. Bajec and J. Eder, 16-30. Berlin: Springer, 2012.
  • Paper: PDF


• B. Hoisl and S. Sobernig: Integrity and Confidentiality Annotations for Service Interfaces in SoaML Models. In Proceedings of the International Workshop on Security Aspects of Process-aware Information Systems (SAPAIS), 673-679. Los Alamitos: IEEE Computer Society, 2011.
  • Paper: PDF
  • «profile» SOF: XMI and Papyrus Model | OCL Constraints
  • «profile» SOF::Services: XMI Model | OCL Constraints
  • Credit Application Example: MagicDraw Model | XMI Export | Intermediate Model Transformations | WSDL/BPEL/WS-SecurityPolicy Transformations


• B. Hoisl and M. Strembeck: Modeling Support for Confidentiality and Integrity of Object Flows in Activity Models. In Proceedings of the 14th International Conference on Business Information Systems (BIS), Editor Witold Abramowicz, 278-289. Berlin: Springer, 2011.
  • Paper: PDF | PDF (Extended Version)
  • SecureObjectFlows Meta-Model: XMI Model | OCL Constraints