SECURE BUSINESS PROCESS MODELLING OF SOA APPLICATIONS USING 'UML-SOA-SEC'

摘要

Nowadays enterprises are implementing their WIS through SOA using Web services. They are using MDA principles for design and development of WIS and using UML as a modelling language for business process modelling. Along with the increased connectivity in SOA applications, security risks rise exponentially. Security is not defined during the early phases of system development and left onto the developer. Properly configuring security requirements in SOA applications is quite difficult for developers because they are not security experts. Furthermore, SOA security is cross-domain and all required information is not available at downstream phases. Moreover, focus of the currently available security standards and protocols is technology; they do not provide high level of abstraction. Furthermore, a business process expert, who is the actual stakeholder of the business process model is unable to specify security objectives due to lake of security modelling elements in general purpose modelling languages like UML. As a result, he/she either ignores the security intents in his/her model or indicates them in textual way. We are fostering the specification of security intents at high level of abstraction by presenting a security intents DSL containing the essential SOA security objective. It is a UML profile where security intents can be modeled as stereotypes on UML modelling elements during the business process modelling. Aim is to facilitate the business process expert in modelling the security requirements along with the business process modelling. This security annotated business process model will facilitate the security expert in specifying the concrete security implementation. As a proof of work we apply our approach to a typical business process of "on-line flight booking system".