Michael Hafner - Academia.edu (original) (raw)
Papers by Michael Hafner
The Web Service Choreography Description Language (WS-CDL) is a specification for describing mult... more The Web Service Choreography Description Language (WS-CDL) is a specification for describing multi party collaboration based on Web Services from a global point of view. WS-CDL is designed to be used in conjunction with the Web Services Business Process Execution Language (WS-BPEL or BPEL). Up to now, work on conceptual mappings between both languages is missing. This paper closes this gap by showing how BPEL process definitions of parties involved in a choreography can be derived from the global WS-CDL model. We have implemented a prototype of the mappings as a proof of concept. The automatic transformation leverages the quality of software components interacting in the choreography as advocated in the Model Driven Architecture concept.
The Sectet-framework realizes an extensible domain architecture for the collaborative development... more The Sectet-framework realizes an extensible domain architecture for the collaborative development and management of security-critical, inter-organizational workflows. Models integrate security requirements at the abstract level and are rendered in a visual language based on UML 2.0. The models form the input for a chain of integrated tools that transform them into artefacts configuring security components of a Web services-based architecture. Based on findings of various projects, this contribution has three objectives. First, we detail the MOF based metamodels defining a domain specific language for the design of inter-organizational workflows. The language supports various categories of security patterns. We then specify model-to-model transformations based on the MDA standard MOF-QVT. The mappings translate platform independent models into platform specific artefacts targeting the reference architecture. Third, we exemplarily show how model-to-code transformation could be implemented with an MDA-framework like openArchitectureWare.
Research Group Quality Engineering Universität Innsbruck, Institut für Informatik Technikerstra... more Research Group Quality Engineering Universität Innsbruck, Institut für Informatik Technikerstraße 13, A-6020 Innsbruck {Ruth.Breu, Klaus.Burger, m.hafner}@uibk.ac.at ... Jan Jürjens, Gerhard Popp, Guido Wimmel Software & Systems Engineering Technische Universität München , ...
Internet Research, 2006
... E. (Eds),Assertions and Protocols for the OASIS Security Assertion Mark ... Oasis (2005c), in... more ... E. (Eds),Assertions and Protocols for the OASIS Security Assertion Mark ... Oasis (2005c), in Moses, T., Godik, S. (Eds),eXtensible Access Control Mark-up Language (XACML) TC ... based intranets, Proceedings of 3rd ACM Workshop on Role-Based Access Control, ACM, Fairfax ...
Journal of Software, 2007
This contribution gives an overview of various access control strategies in use in healthcare sce... more This contribution gives an overview of various access control strategies in use in healthcare scenarios and shows how a variety of policies can be modeled based on a single security policy model for usage control, UCON. The core of this contribution consists of the specialization of the Sectet-Framework for Model Driven Security for complex healthcare scenarios based on UCON. The resulting Domain Architecture comprises a Domain Specific Language for the modeling of policies with advanced security requirements, a target architecture for the enforcement of these policies and model-to-code transformations.
Model Driven Architecture is an approach to increase the quality of complex software systems by c... more Model Driven Architecture is an approach to increase the quality of complex software systems by creating high-level system models and automatically generating system architectures and components out of these models. We show how this paradigm can be applied to what we call Model Driven Security for inter-organizational workflows in e-government. Our focus is on the realization of security-critical inter-organizational workflows in the context of web services and web service orchestration. Security requirements are specified at an abstract level using UML diagrams. Out of this specification security relevant artifacts are created for the target reference architecture based on upcoming web service security standards.
While their basic principles and ideas are well understood and cogent from a conceptual perspecti... more While their basic principles and ideas are well understood and cogent from a conceptual perspective, the realization of interorganizational workflows and applications based on service-oriented architectures (SOAs) remains a complex task, and, especially when it ...
We present a novel approach for the specification of ac cess rights in a distributed environment b... more We present a novel approach for the specification of ac cess rights in a distributed environment based on web ser vices. Our approach overcomes the limitations of tradi tional concepts when applied to scenarios requiring decen tralized user and rights management by merging ...
In this paper we present Sectet, a tool-based framework for the design, implementation and qualit... more In this paper we present Sectet, a tool-based framework for the design, implementation and quality assurance of web service based applications. Main focus in Sectet is put on the design of inter-organizational workflows, the model driven realization of security aspects and testing of workflows. We present an overview of the model views, the design activities and the underlying architecture.
The growing popularity of standards related to Web services, Web services security and workflows ... more The growing popularity of standards related to Web services, Web services security and workflows boosted the implementation of powerful infrastructures supporting interoperability for inter-organizational workflows. Nevertheless, the realization of such workflows is a very complex task, in many aspects still bound to low-level technical knowledge and error-prone. We provide a framework for the realization and the management of security-critical workflows based on the paradigm of Model Driven Security. The framework complies with a hierarchical stack of Web services specifications and related technologies. In this paper, we introduce a UML based approach for the modeling of security-critical inter-organizational workflows and map it to the Web Services Choreography Description Language. Our approach is based on a set of security patterns, which are integrated into UML class and activity diagrams. A tool translates the models into executable artifacts configuring a reference architecture based on Web services.
In this paper we present a novel approach for the specification of access rights in a service ori... more In this paper we present a novel approach for the specification of access rights in a service oriented architecture. Being part of the SECTET framework for model driven security for B2B-workflows, our specification language SECTET-PL for permissions is influenced by the OCL specification language and is interpreted in the context of UML models. Concerning the technological side, SECTET-PL specifications are translated into platform independent XACML permissions interpreted by a security gateway.
We present a novel approach for modeling restricted delegation of rights in a distributed environ... more We present a novel approach for modeling restricted delegation of rights in a distributed environment based on web services. Our approach is based on SECTET-PL [5], a predicative language for modeling access rights based on the concept of Role Based Access Control (RBAC). SECTET-PL is part of the SECTET framework for model-driven security for B2B workflows. Our Rights Delegation Model combines the concept of roles from RBAC with the predicative specification of SECTET-PL. The Rights Delegation Models are translated into XACML Delegation Policies, which are interpreted by a security gateway.
Information Systems Security, 2004
Abstract. In this paper we outline a new process model for security engineering. This process mod... more Abstract. In this paper we outline a new process model for security engineering. This process model extends object oriented, use case driven software development by the systematic treatment of security related issues. We introduce the notion of security aspects describing security ...
The Web Service Choreography Description Language (WS-CDL) is a specification for describing mult... more The Web Service Choreography Description Language (WS-CDL) is a specification for describing multi party collaboration based on Web Services from a global point of view. WS-CDL is designed to be used in conjunction with the Web Services Business Process Execution Language (WS-BPEL or BPEL). Up to now, work on conceptual mappings between both languages is missing. This paper closes this gap by showing how BPEL process definitions of parties involved in a choreography can be derived from the global WS-CDL model. We have implemented a prototype of the mappings as a proof of concept. The automatic transformation leverages the quality of software components interacting in the choreography as advocated in the Model Driven Architecture concept.
The Sectet-framework realizes an extensible domain architecture for the collaborative development... more The Sectet-framework realizes an extensible domain architecture for the collaborative development and management of security-critical, inter-organizational workflows. Models integrate security requirements at the abstract level and are rendered in a visual language based on UML 2.0. The models form the input for a chain of integrated tools that transform them into artefacts configuring security components of a Web services-based architecture. Based on findings of various projects, this contribution has three objectives. First, we detail the MOF based metamodels defining a domain specific language for the design of inter-organizational workflows. The language supports various categories of security patterns. We then specify model-to-model transformations based on the MDA standard MOF-QVT. The mappings translate platform independent models into platform specific artefacts targeting the reference architecture. Third, we exemplarily show how model-to-code transformation could be implemented with an MDA-framework like openArchitectureWare.
Research Group Quality Engineering Universität Innsbruck, Institut für Informatik Technikerstra... more Research Group Quality Engineering Universität Innsbruck, Institut für Informatik Technikerstraße 13, A-6020 Innsbruck {Ruth.Breu, Klaus.Burger, m.hafner}@uibk.ac.at ... Jan Jürjens, Gerhard Popp, Guido Wimmel Software & Systems Engineering Technische Universität München , ...
Internet Research, 2006
... E. (Eds),Assertions and Protocols for the OASIS Security Assertion Mark ... Oasis (2005c), in... more ... E. (Eds),Assertions and Protocols for the OASIS Security Assertion Mark ... Oasis (2005c), in Moses, T., Godik, S. (Eds),eXtensible Access Control Mark-up Language (XACML) TC ... based intranets, Proceedings of 3rd ACM Workshop on Role-Based Access Control, ACM, Fairfax ...
Journal of Software, 2007
This contribution gives an overview of various access control strategies in use in healthcare sce... more This contribution gives an overview of various access control strategies in use in healthcare scenarios and shows how a variety of policies can be modeled based on a single security policy model for usage control, UCON. The core of this contribution consists of the specialization of the Sectet-Framework for Model Driven Security for complex healthcare scenarios based on UCON. The resulting Domain Architecture comprises a Domain Specific Language for the modeling of policies with advanced security requirements, a target architecture for the enforcement of these policies and model-to-code transformations.
Model Driven Architecture is an approach to increase the quality of complex software systems by c... more Model Driven Architecture is an approach to increase the quality of complex software systems by creating high-level system models and automatically generating system architectures and components out of these models. We show how this paradigm can be applied to what we call Model Driven Security for inter-organizational workflows in e-government. Our focus is on the realization of security-critical inter-organizational workflows in the context of web services and web service orchestration. Security requirements are specified at an abstract level using UML diagrams. Out of this specification security relevant artifacts are created for the target reference architecture based on upcoming web service security standards.
While their basic principles and ideas are well understood and cogent from a conceptual perspecti... more While their basic principles and ideas are well understood and cogent from a conceptual perspective, the realization of interorganizational workflows and applications based on service-oriented architectures (SOAs) remains a complex task, and, especially when it ...
We present a novel approach for the specification of ac cess rights in a distributed environment b... more We present a novel approach for the specification of ac cess rights in a distributed environment based on web ser vices. Our approach overcomes the limitations of tradi tional concepts when applied to scenarios requiring decen tralized user and rights management by merging ...
In this paper we present Sectet, a tool-based framework for the design, implementation and qualit... more In this paper we present Sectet, a tool-based framework for the design, implementation and quality assurance of web service based applications. Main focus in Sectet is put on the design of inter-organizational workflows, the model driven realization of security aspects and testing of workflows. We present an overview of the model views, the design activities and the underlying architecture.
The growing popularity of standards related to Web services, Web services security and workflows ... more The growing popularity of standards related to Web services, Web services security and workflows boosted the implementation of powerful infrastructures supporting interoperability for inter-organizational workflows. Nevertheless, the realization of such workflows is a very complex task, in many aspects still bound to low-level technical knowledge and error-prone. We provide a framework for the realization and the management of security-critical workflows based on the paradigm of Model Driven Security. The framework complies with a hierarchical stack of Web services specifications and related technologies. In this paper, we introduce a UML based approach for the modeling of security-critical inter-organizational workflows and map it to the Web Services Choreography Description Language. Our approach is based on a set of security patterns, which are integrated into UML class and activity diagrams. A tool translates the models into executable artifacts configuring a reference architecture based on Web services.
In this paper we present a novel approach for the specification of access rights in a service ori... more In this paper we present a novel approach for the specification of access rights in a service oriented architecture. Being part of the SECTET framework for model driven security for B2B-workflows, our specification language SECTET-PL for permissions is influenced by the OCL specification language and is interpreted in the context of UML models. Concerning the technological side, SECTET-PL specifications are translated into platform independent XACML permissions interpreted by a security gateway.
We present a novel approach for modeling restricted delegation of rights in a distributed environ... more We present a novel approach for modeling restricted delegation of rights in a distributed environment based on web services. Our approach is based on SECTET-PL [5], a predicative language for modeling access rights based on the concept of Role Based Access Control (RBAC). SECTET-PL is part of the SECTET framework for model-driven security for B2B workflows. Our Rights Delegation Model combines the concept of roles from RBAC with the predicative specification of SECTET-PL. The Rights Delegation Models are translated into XACML Delegation Policies, which are interpreted by a security gateway.
Information Systems Security, 2004
Abstract. In this paper we outline a new process model for security engineering. This process mod... more Abstract. In this paper we outline a new process model for security engineering. This process model extends object oriented, use case driven software development by the systematic treatment of security related issues. We introduce the notion of security aspects describing security ...