Due to these immediate benefits, most IT departments are implementing this technol-ogy with the h... more Due to these immediate benefits, most IT departments are implementing this technol-ogy with the high-priority objective of mak-ing them operable leaving aside, at least ... MAIN WEB SERVICES SECURITY ISSUES The following section describes some of the major security issues ...
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM ha... more Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references. ... Alam, M., Breu, R. and Hafner, M., Model-driven security engineering for trust ...
The software community is currently paying attention to model transformation. The MDA approach is... more The software community is currently paying attention to model transformation. The MDA approach is particularly orientated towards solving the problems of time, cost and quality associated with software creation. Enterprises are, moreover, aware of the importance that business processes and security have in relation to their competitive position and performance. In our previous work, we have proposed a BPMN extension which can be used to define security requirement in business process specifications. A Secure Business Process description is that of computation independent models in an MDA context. In this paper we propose a CIM to PIM transformation composed of QVT rules. Various UML use cases, which will be part of an information system, are obtained from the secure business process description.
1Dept. Tecnologıas y Sistemas de Información, Univ. Castilla-La Mancha, Ciudad Real, Spain; 2Dept... more 1Dept. Tecnologıas y Sistemas de Información, Univ. Castilla-La Mancha, Ciudad Real, Spain; 2Dept. Lenguajes y Sistemas Informáticos, Universidad de Alicante, Alicante, Spain ... Correspondence: Eduardo Fernández-Medina, Dept. Tecnologıas y Sistemas de ...
During the past years significant standardization work in web services technology has been made. ... more During the past years significant standardization work in web services technology has been made. As a consequence of these initial efforts, web services foundational stable specifications have already been delivered. Now, it is time for the industry to standardize and address the security issues that have risen from this paradigm. Great activity is being carried out on this subject. This article demonstrates, however, that a lot of work needs to be done in web services security. It explains the new web services security threats and mentions the main initiatives and their respective specifications that try to solve them. Unaddressed security issues for each specification are stated. In addition, current general security concerns are detailed and future researches proposed.
Security is a crucial issue for business performance, but usually, it is considered after the bus... more Security is a crucial issue for business performance, but usually, it is considered after the business processes definition. Many security requirements can be expressed at the business process level. A business process model is important for software developers, since they can capture from it the necessary requirements for software design and creation. Besides, business process modeling is the center for conducting and improving how the business is operated. This paper contains a description of our UML 2.0 extension for modeling secure business process through activity diagrams. We will apply this approach to a typical health-care business process.
In the last few years, the field of Web services (WS) security has evolved rapidly producing an i... more In the last few years, the field of Web services (WS) security has evolved rapidly producing an impressive number of WS-based security standards. This fact has caused that organizations are still reticent about adopting technologies based on this paradigm due to the learning curve necessary to integrate security into their practical deployments. In this paper, we present PWSSec (process for Web services security) as a process that enables the integration of a set of specific stages into the traditional phases of WS-based systems development providing them with security. PWSSec is composed of three stages, WSSecReq (Web services security requirements), WSSecArch (Web services security architecture) and WSSecTech (Web services security technologies) that allow the specification of WS-specific security requirements, the definition of the WS-based security architecture and the identification of the security standards that the security architecture must deploy, respectively
Due to these immediate benefits, most IT departments are implementing this technol-ogy with the h... more Due to these immediate benefits, most IT departments are implementing this technol-ogy with the high-priority objective of mak-ing them operable leaving aside, at least ... MAIN WEB SERVICES SECURITY ISSUES The following section describes some of the major security issues ...
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM ha... more Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references. ... Alam, M., Breu, R. and Hafner, M., Model-driven security engineering for trust ...
The software community is currently paying attention to model transformation. The MDA approach is... more The software community is currently paying attention to model transformation. The MDA approach is particularly orientated towards solving the problems of time, cost and quality associated with software creation. Enterprises are, moreover, aware of the importance that business processes and security have in relation to their competitive position and performance. In our previous work, we have proposed a BPMN extension which can be used to define security requirement in business process specifications. A Secure Business Process description is that of computation independent models in an MDA context. In this paper we propose a CIM to PIM transformation composed of QVT rules. Various UML use cases, which will be part of an information system, are obtained from the secure business process description.
1Dept. Tecnologıas y Sistemas de Información, Univ. Castilla-La Mancha, Ciudad Real, Spain; 2Dept... more 1Dept. Tecnologıas y Sistemas de Información, Univ. Castilla-La Mancha, Ciudad Real, Spain; 2Dept. Lenguajes y Sistemas Informáticos, Universidad de Alicante, Alicante, Spain ... Correspondence: Eduardo Fernández-Medina, Dept. Tecnologıas y Sistemas de ...
During the past years significant standardization work in web services technology has been made. ... more During the past years significant standardization work in web services technology has been made. As a consequence of these initial efforts, web services foundational stable specifications have already been delivered. Now, it is time for the industry to standardize and address the security issues that have risen from this paradigm. Great activity is being carried out on this subject. This article demonstrates, however, that a lot of work needs to be done in web services security. It explains the new web services security threats and mentions the main initiatives and their respective specifications that try to solve them. Unaddressed security issues for each specification are stated. In addition, current general security concerns are detailed and future researches proposed.
Security is a crucial issue for business performance, but usually, it is considered after the bus... more Security is a crucial issue for business performance, but usually, it is considered after the business processes definition. Many security requirements can be expressed at the business process level. A business process model is important for software developers, since they can capture from it the necessary requirements for software design and creation. Besides, business process modeling is the center for conducting and improving how the business is operated. This paper contains a description of our UML 2.0 extension for modeling secure business process through activity diagrams. We will apply this approach to a typical health-care business process.
In the last few years, the field of Web services (WS) security has evolved rapidly producing an i... more In the last few years, the field of Web services (WS) security has evolved rapidly producing an impressive number of WS-based security standards. This fact has caused that organizations are still reticent about adopting technologies based on this paradigm due to the learning curve necessary to integrate security into their practical deployments. In this paper, we present PWSSec (process for Web services security) as a process that enables the integration of a set of specific stages into the traditional phases of WS-based systems development providing them with security. PWSSec is composed of three stages, WSSecReq (Web services security requirements), WSSecArch (Web services security architecture) and WSSecTech (Web services security technologies) that allow the specification of WS-specific security requirements, the definition of the WS-based security architecture and the identification of the security standards that the security architecture must deploy, respectively
Uploads
Papers by Eduardo Medina