Model Driven Security for the Realization of Dynamic Security Requirements

Service Oriented Architectures (SOAs) with underlying technologies like web services and web services orchestration have opened the door to a wide range of novel application scenarios especially in the con­text of inter-organizational cooperation and business process inte­gration. Applications built on web service technologies use plenty of standards like WS-security for the fulfillment of security requirements like confidentiality and integrity and eXtensbile Access Control Markup Language (XACML) for the specification of access policies to name a few. These open standards enable the agreement and interoperability at the technical level while abstracting the heterogeneity of different proprietary and legacy applications. One of they key problems web services standards and their security extensions have incurred is the low-level abstraction of these standards. The complexity involved in these standards is still an unresolved issue which makes them in­accessible to the domain expert and thus prone to error. Model-driven security engineering techniques presented in this work offer a promising approach to alleviate the complexity of these standards.