Augmented enterprise models as a foundation for generating security-related software: Requirements and objectives

Anat Goldstein, Ulrich Frank

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The research presented in this paper is aimed at developing a holistic modelling method that comprehensively considers and integrates technical, organizational, behavioral and business aspects - all crucial to create and manage secure IT systems. Our method relies on Multi-perspective Enterprise Modeling (MEMO) and extends it to support security concepts. The focus of this paper is twofold: 1. identifying opportunities for using enterprise models for generating security related code; 2. defining requirements, which should be satisfied by the modelling method in order to support such security-related code generation. In order to identify opportunities for code generation, we apply a technique for developing domain specific modelling languages (DSML) that is chiefly based on a structured analysis of use scenarios including prototypical diagrams. It is supplemented by work found in literature and validated with practitioners. Our analysis results in the identification of three areas in which MEMO IT security models can be used for automatic creation of code: access control, report generation and encryption and in 9 corresponding requirements that the modelling language should satisfy.

Original languageEnglish
Title of host publicationProceedings of the Workshop on Model-Driven Security, MDsec 2012
DOIs
StatePublished - 1 Dec 2012
Externally publishedYes
EventWorkshop on Model-Driven Security, MDsec 2012 - Innsbruck, Austria
Duration: 1 Oct 20125 Oct 2012

Publication series

NameProceedings of the Workshop on Model-Driven Security, MDsec 2012

Conference

ConferenceWorkshop on Model-Driven Security, MDsec 2012
Country/TerritoryAustria
CityInnsbruck
Period1/10/125/10/12

Keywords

  • DSML
  • enterprise modeling
  • IT security
  • MEMO
  • model driven security
  • security code generation

All Science Journal Classification (ASJC) codes

  • Modelling and Simulation
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Augmented enterprise models as a foundation for generating security-related software: Requirements and objectives'. Together they form a unique fingerprint.

Cite this