Model-driven security

Last updated

Model-driven security (MDS) means applying model-driven approaches (and especially the concepts behind model-driven software development) [1] to security.

Contents

Development of the concept

The general concept of Model-driven security in its earliest forms has been around since the late 1990s (mostly in university research [2] [3] [4] [5] [6] [7] [8] [9] [10] ), and was first commercialized around 2002. [11] There is also a body of later scientific research in this area, [12] [13] [14] [15] [16] [17] which continues to this day.

A more specific definition of Model-driven security specifically applies model-driven approaches to automatically generate technical security implementations from security requirements models. In particular, "Model driven security (MDS) is the tool supported process of modelling security requirements at a high level of abstraction, and using other information sources available about the system (produced by other stakeholders). These inputs, which are expressed in Domain Specific Languages (DSL), are then transformed into enforceable security rules with as little human intervention as possible. MDS explicitly also includes the run-time security management (e.g. entitlements/authorisations), i.e. run-time enforcement of the policy on the protected IT systems, dynamic policy updates and the monitoring of policy violations." [18]

Model-driven security is also well-suited for automated auditing, reporting, documenting, and analysis (e.g. for compliance and accreditation), because the relationships between models and technical security implementations are traceably defined through the model-transformations. [19]

Opinions of industry analysts

Several industry analyst sources [20] [21] [22] state that MDS "will have a significant impact as information security infrastructure is required to become increasingly real-time, automated and adaptive to changes in the organisation and its environment". Many information technology architectures today are built to support adaptive changes (e.g. Service Oriented Architectures (SOA) and so-called Platform-as-a-Service "mashups" in cloud computing [23] ), and information security infrastructure will need to support that adaptivity ("agility"). The term DevOpsSec (see DevOps) is used by some analysts [24] equivalent to model-driven security.

Effects of MDS

Because MDS automates the generation and re-generation of technical security enforcement from generic models, it: [25] [18]

Implementations of MDS

Apart from academic proof-of-concept developments, the only commercially available full implementations of model-driven security (for authorization management policy automation) include ObjectSecurity OpenPMF, [11] which earned a listing in Gartner's "Cool Vendor" report in 2008 [26] and has been advocated by a number of organizations (e.g. U.S. Navy [27] ) as a means to make authorization policy management easier and more automated.

See also

Related Research Articles

<span class="mw-page-title-main">Enterprise resource planning</span> Corporate task of optimizing the existing resources in a company

Enterprise resource planning (ERP) is the integrated management of main business processes, often in real time and mediated by software and technology. ERP is usually referred to as a category of business management software—typically a suite of integrated applications—that an organization can use to collect, store, manage and interpret data from many business activities. ERP systems can be local-based or cloud-based. Cloud-based applications have grown in recent years due to the increased efficiencies arising from information being readily available from any location with Internet access.

<span class="mw-page-title-main">Unified Modeling Language</span> Software system design modeling tool

The unified modeling language (UML) is a general-purpose visual modeling language that is intended to provide a standard way to visualize the design of a system.

In computer systems security, role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users, and to implementing mandatory access control (MAC) or discretionary access control (DAC).

An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically either reported to an administrator or collected centrally using a security information and event management (SIEM) system. A SIEM system combines outputs from multiple sources and uses alarm filtering techniques to distinguish malicious activity from false alarms.

Model-driven architecture (MDA) is a software design approach for the development of software systems. It provides a set of guidelines for the structuring of specifications, which are expressed as models. Model Driven Architecture is a kind of domain engineering, and supports model-driven engineering of software systems. It was launched by the Object Management Group (OMG) in 2001.

Identity management (IdM), also known as identity and access management, is a framework of policies and technologies to ensure that the right users have the appropriate access to technology resources. IdM systems fall under the overarching umbrellas of IT security and data management. Identity and access management systems not only identify, authenticate, and control access for individuals who will be utilizing IT resources but also the hardware and applications employees need to access.

Enterprise architecture (EA) is a business function concerned with the structures and behaviours of a business, especially business roles and processes that create and use business data. The international definition according to the Federation of Enterprise Architecture Professional Organizations is "a well-defined practice for conducting enterprise analysis, design, planning, and implementation, using a comprehensive approach at all times, for the successful development and execution of strategy. Enterprise architecture applies architecture principles and practices to guide organizations through the business, information, process, and technology changes necessary to execute their strategies. These practices utilize the various aspects of an enterprise to identify, motivate, and achieve these changes."

<span class="mw-page-title-main">Metamodeling</span> Concept of software engineering

A metamodel is a model of a model, and metamodeling is the process of generating such metamodels. Thus metamodeling or meta-modeling is the analysis, construction, and development of the frames, rules, constraints, models, and theories applicable and useful for modeling a predefined class of problems. As its name implies, this concept applies the notions of meta- and modeling in software engineering and systems engineering. Metamodels are of many types and have diverse applications.

<span class="mw-page-title-main">System Architect</span> Enterprise architecture tool

Unicom System Architect is an enterprise architecture tool that is used by the business and technology departments of corporations and government agencies to model their business operations and the systems, applications, and databases that support them. System Architect is used to build architectures using various frameworks including TOGAF, ArchiMate, DoDAF, MODAF, NAF and standard method notations such as sysML, UML, BPMN, and relational data modeling. System Architect is developed by UNICOM Systems, a division of UNICOM Global, a United States–based company.

Oracle Fusion Middleware consists of several software products from Oracle Corporation. FMW spans multiple services, including Java EE and developer tools, integration services, business intelligence, collaboration, and content management. FMW depends on open standards such as BPEL, SOAP, XML and JMS.

Executable UML is both a software development method and a highly abstract software language. It was described for the first time in 2002 in the book "Executable UML: A Foundation for Model-Driven Architecture". The language "combines a subset of the UML graphical notation with executable semantics and timing rules." The Executable UML method is the successor to the Shlaer–Mellor method.

Process mining is a family of techniques used to analyze event data in order to understand and improve operational processes. Part of the fields of data science and process management, process mining is generally built on logs that contain case id, a unique identifier for a particular process instance; an activity, a description of the event that is occurring; a timestamp; and sometimes other information such as resources, costs, and so on.

Attribute-based access control (ABAC), also known as policy-based access control for IAM, defines an access control paradigm whereby a subject's authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases, environment attributes.

The first version of the Enterprise Collaboration Architecture (ECA) has been published by the Object Management Group (OMG) in 2001. The vision of the (ECA) is to simplify the development of component based and services oriented systems by providing a modeling framework aligned with the model-driven architecture (MDA) of the Object Management Group (OMG).

Enterprise engineering is the body of knowledge, principles, and practices used to design all or part of an enterprise. An enterprise is a complex socio-technical system that comprises people, information, and technology that interact with each other and their environment in support of a common mission. One definition is: "an enterprise life-cycle oriented discipline for the identification, design, and implementation of enterprises and their continuous evolution", supported by enterprise modelling. The discipline examines each aspect of the enterprise, including business processes, information flows, material flows, and organizational structure. Enterprise engineering may focus on the design of the enterprise as a whole, or on the design and integration of certain business components.

Business process management (BPM) is the discipline in which people use various methods to discover, model, analyze, measure, improve, optimize, and automate business processes. Any combination of methods used to manage a company's business processes is BPM. Processes can be structured and repeatable or unstructured and variable. Though not required, enabling technologies are often used with BPM.

ObjectSecurity is an information technology company focusing on information security, supply chain risk analysis, data analytics, and artificial intelligence. The company pioneered the development of model-driven security, which was mostly an academic concept prior to the company's developments. The company is best known for their OpenPMF model-driven security product, security policy automation product for which the company received a "Cool Vendor" award from Gartner in 2008. In recent years, ObjectSecurity diversified into supply-chain risk-analysis automation for which the company was selected "Finalist" by AFWERX in 2019, and vulnerability assessment & pentesting automation.

<span class="mw-page-title-main">Enterprise Architect (software)</span> Visual modeling and design tool

Sparx Systems Enterprise Architect is a visual modeling and design tool based on the OMG UML. The platform supports: the design and construction of software systems; modeling business processes; and modeling industry based domains. It is used by businesses and organizations to not only model the architecture of their systems, but to process the implementation of these models across the full application development life-cycle.

A secure access service edge (SASE) is technology used to deliver wide area network (WAN) and security controls as a cloud computing service directly to the source of connection rather than a data center. It uses cloud and edge computing technologies to reduce the latency that results from backhauling all WAN traffic over long distances to one or a few corporate data centers, due to the increased movement off-premises of dispersed users and their applications. This also helps organizations support dispersed users.

Zero trust architecture (ZTA) or perimeterless security is a design and implementation strategy of IT systems. The principle is that users and devices should not be trusted by default, even if they are connected to a privileged network such as a corporate LAN and even if they were previously verified.

References

  1. "Home". omg.org.
  2. Lodderstedt T., SecureUML: A UML-Based Modelling Language for Model-Driven Security. In UML 2002 – The Unified Modelling Language. Model Engineering, languages, Concepts, and Tools. 5th International Conference, Dresden, Germany, September/October 2002, Proceedings, volume 2460 of LNCS p. 426-441, Springer, 2002
  3. Lodderstedt T. et al., Model Driven Security for Process-Oriented Systems, SACMAT 2003, 8th ACM Symposium on Access Control Models and Technologies, 2003, June 2003, Como, Italy, 2003
  4. Jürjens J., UMLsec: Extending UML for Secure Systems Development, In UML 2002 – The Unified Modelling Language. Model Engineering, languages, Concepts, and Tools. 5th International Conference, Dresden, Germany, September/October 2002, Proceedings, volume 2460 of LNCS, pp. 412-425, Springer, 2002
  5. Epstein P, Sandhu R.S. Towards a UML Based Approach to Role Engineering. In Proceedings of the 4th ACM Workshop on Role-Based Access Control, October 1999, Arlington, VA, USA, pp. 145-152, 1999
  6. Lang, U.: Access Policies for Middleware. Ph.D. Thesis, Cambridge University, 2003
  7. Lang, U. Model Driven Security (Policy Management Framework - PMF): Protection of Resources in Complex Distributed System. DOCSec 2003 Workshop, April 2003 (paper: Lang, U., Schreiner, R.: A Flexible, Model-Driven Security Framework for Distributed Systems: Policy Management Framework (PMF) at The IASTED International Conference on Communication, Network, and Information Security (CNIS 2003) in New York, USA, December 10–12, 2003)
  8. Burt, Carol C., Barrett R. Bryant, Rajeev R. Raje, Andrew Olson, Mikhail Auguston, ‘Model Driven Security: Unification of Authorization Models for Fine-Grain Access Control,’ edoc, p. 159, Seventh International Enterprise Distributed Object Computing Conference (EDOC'03), 2003
  9. Lang, U., Gollmann, D., and Schreiner, R. Verifiable Identifiers in Middleware Security. 17th Annual Computer Security Applications Conference (ACSAC) Proceedings, pp. 450-459, IEEE Press, December 2001
  10. Lang, Ulrich and Rudolf Schreiner, Developing Secure Distributed Systems with CORBA, 288 pages, published February 2002, Artech House Publishers, ISBN   1-58053-295-0
  11. 1 2 "Home". objectsecurity.com.
  12. Völter, Patterns for Handling Cross-Cutting Concerns in Model-Driven Software Development, Version 2.3, Dec 26, 2005
  13. Nadalin. Model Driven Security Architecture, Colorado Software Summit, 10/2005 and IBM SYSTEMS JOURNAL, VOL 44, NO 4, 2005: Business-driven application security: From modeling to managing secure applications
  14. Alam, M.M.; Breu, R.; Breu, M., Model driven security for Webservices (MDS4WS), Multitopic Conference, 2004. Proceedings of INMIC 2004. 8th International Volume, Issue, 24-26 Dec. 2004 Page(s): 498 – 505
  15. Alam M., Breu R., Hafner M., February 2007. Model-Driven Security Engineering for Trust Management in SECTET, Journal of Software, 02/2007
  16. Wolter, Christian, Andreas Schaad, and Christoph Meinel, SAP Research, Deriving XACML Policies from Business Process Models, WISE 2007
  17. IBM Tokyo Research Lab Website, Core Research Competency, Software Engineering, 09/2007
  18. 1 2 "Home". modeldrivensecurity.org.
  19. Lang, U. and Schreiner, R. Model Driven Security Accreditation (MDSA) For Agile, Interconnected IT Landscapes at The 1st ACM Workshop on Information Security Governance, November 13, 2009, Hyatt Regency Chicago, Chicago, USA
  20. Gartner: "Hype Cycle for Identity and Access Management Technologies, 2013" (G00247866), "Hype Cycle for Application Security, 2013" (G00252739), "Cool Vendors in Application Security and Authentication, 2008" (G00156005) 4 April 2008, "Tear Down Application Authorization Silos With Authorization Management Solutions" (G00147801) 31 May 200, "Model-Driven Security: Enabling a Real-Time, Adaptive Security Infrastructure" (G00151498) 21 September 2007, "Hype Cycle for Information Security, 2007" (G00150728) 4 September 2007, "Hype Cycle for Identity and Access Management Technologies, 2008" (G00158499) 30 June 2008, "Hype Cycle for Context-Aware Computing, 2008" (G00158162) 1 July 2008, "Cisco Buys Securent for Policy Management, and Relevance" (G00153181), 5 Nov 2007.
  21. 451 Group: "Market Insight Service Impact Report" (54313) and in the report "Policy Management for Identity - Closing the Loop Between Identity Management, Security and IT Management?".
  22. Burton Group's 2008 "Entitlement Management" report.
  23. Lang, U. Authorization as a Service for Cloud & SOA Applications at the International Workshop on Cloud Privacy, Security, Risk & Trust (CPSRT 2010), Collocated with 2nd IEEE International Conference on Cloud Computing Technology and Science (Cloudcom) CPSRT 2010, Indianapolis, Indiana, USA, December 2010
  24. Gartner: Hype Cycle for Application Security, 2012 (G00229119)
  25. Lang, U. Model Driven Security Management: Making Security Management Manageable in Complex Distributed Systems at MODSEC 2008 (Modeling Security Workshop) CEUR Workshop Proceedings, Toulouse, France, 28 Sept 2008
  26. Gartner: "Cool Vendors in Application Security and Authentication, 2008" (G00156005) 4 April 2008
  27. Press Release – ObjectSecurity and Promia implement XML security features for next-generation US military security technology, April 2010