Estrategia Guiada por Modelos para incluir Aspectos de Seguridad en Sistemas Empotrados Basados en Servicios Web

Juan Pedro Silva Gallino; Miguel de Miguel; Javier F. Briones; Alejandro Alonso

doi:10.1016/j.riai.2013.11.006

Autores/as

Juan Pedro Silva Gallino Universidad Politécnica de Madrid
Miguel de Miguel Universidad Politécnica de Madrid
Javier F. Briones Universidad Politécnica de Madrid
Alejandro Alonso Universidad Politécnica de Madrid

DOI:

https://doi.org/10.1016/j.riai.2013.11.006

Palabras clave:

Desarrollo Guiado por Modelos, Perfil de Dispositivos para Servicios Web, Políticas de Servicios Web, Seguridad en Servicios Web

Resumen

En los sistemas distribuidos modernos, como la Internet o Web de las Cosas, la seguridad juega un papel preponderante. Debe prestarse especial atención a la consideración de estos aspectos en las primeras etapas de desarrollo. En este contexto, el desarrollo guiado por modelos de requisitos no funcionales (NF) presenta especial interés, ya que aborda dichas características NF en la etapa de diseño, cuando todavía se pueden realizar análisis, y aún hay margen para modificaciones antes de que éstas sean muy costosas. El uso de estas metodologías guiadas por modelos ofrece beneficios tales como el aumento de la productividad, una mayor reutilización de los elementos de diseño, o una mejor mantenibilidad del sistema. Este artículo presenta una estrategia de desarrollo que permite integrar aspectos NF de seguridad (confidencialidad, integridad, y control de acceso) en los sistemas de software empotrado.

Descargas

Los datos de descargas todavía no están disponibles.

Biografía del autor/a

Juan Pedro Silva Gallino, Universidad Politécnica de Madrid

ETSI de Telecomunicación

Miguel de Miguel, Universidad Politécnica de Madrid

ETSI de Telecomunicación

Javier F. Briones, Universidad Politécnica de Madrid

ETSI de Telecomunicación

Alejandro Alonso, Universidad Politécnica de Madrid

ETSI de Telecomunicación

Citas

Asnar, Y., Felici, M., Kokolakis, S., Li, K., Saidane, A., Yautsiukhin, A., 2009. Serenity Project Deliverable A1.D5.1 - Preliminary version of S&D Metrics.

Blet, N. S., Simón, J. L., 2011. SOA en automatización de pymes manufactureras. Iberoamericana de Engenharia Industrial [2175-8018] 3 (2), 190.

CDTI, 2006. ITECBAN, Infraestructura Tecnológica y Metodológica de Soporte para un Core Bancario. URL: http://www.daedalus.es/i-d-i/proyectos-nacionales/ itecban/

Chung, L., Nixon, B. A., Young, E., Mylopoulus, J., 2000. Non-functional requirements in software engineering. Kluwer Academic Publishing, Norwell, Massachusetts, USA.

de Miguel, M. A., F. Briones, J., Silva Gallino, J. P., Alonso, A., Jun. 2008. Integration of safety analysis in model-driven software development. IET Software 2 (3), 260–280.

Didonet del Fabro, M., Bézivin, J., Jouault, F., 2005. AMW: a generic model weaver. En: Proceedings of the Using metamodels to support MDD Workshop, 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS 2005).

Dodd, J., Allen, P., Butler, J., Olding, S., Veryard, R., Wilkes, L., 2007. Cbdisae meta model for soa version 2. Tech. rep., Everware-CBDI. URL: http://www.cbdiforum.com/public/meta_model_v2.php

Eby, M., Apr. 2007. Integrating Security Modeling into Embedded System Design. Masterthesis, Vanderbilt University. URL: http://etd.library.vanderbilt.edu/available/ etd-04022007-092035/

Elrad, T., Aldawud, O., Bader, A., 2002. Aspect-Oriented Modeling: Bridging the Gap between Implementation and Design. En: Batory, D., Consel, C., Taha, W. (Eds.), Generative Programming and Component Engineering. Vol. 2487 of Lecture Notes in Computer Science. Springer Berlin / Heidelberg, pp. 189–201.

Guinard, D., Ion, I., Mayer, S., 2011. In search of an internet of things service architecture: Rest or ws-*? a developers’ perspective. En: Puiatti, A., Gu, T. (Eds.), MobiQuitous. Vol. 104 of Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. Springer, pp. 326–337.

Hernandez, V., Lopez, L., Prieto, O., Martinez, J. F., Garcia, A. B., Silva, A. D., 2009. SOA en automatizacion de pymes manufactureras. 2009 Third Inter- ´ national Conference on Emerging Security Information Systems and Technologies, 87–92.

Illner, S., Krumm, H., Lück, I., Pohl, A., Bobek, A., Bohn, H., Golatowski, F., 2006. Model-based management of embedded service systems - an applied approach. En: AINA (2). IEEE Computer Society, pp. 519–523.

Illner, S., Pohl, A., Krumm, H., nov. 2005. Model-driven security management of embedded service systems. En: Industrial Electronics Society, 2005. IECON 2005. 31st Annual Conference of IEEE. p. 6 pp. DOI: 10.1109/IECON.2005.1569326

ISO/IEC, 2011. ISO/IEC 25010 Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – System and software quality models. ISO, Geneva, Switzerland.

Kim, A., Luo, J., Kang, M., 2007. Security Ontology to Facilitate Web Service Description and Discovery. En: Journal on Data Semantics IX. Vol. 4601 of Lecture Notes in Computer Science. Springer Berlin, pp. 167–195.

Langer, P., Wieland, K., Wimmer, M., Cabot, J., 2011. From uml profiles to emf profiles and beyond. En: Bishop, J., Vallecillo, A. (Eds.), Objects, Models, Components, Patterns. Vol. 6705 of Lecture Notes in Computer Science. Springer Berlin Heidelberg, pp. 52–67.

Meiko Jensen and Sven Feja, 2009. A Security Modeling Approach for WebService-Based Business Processes. En: 16th Annual IEEE International Conference and Workshop on the Engineering of Computer Based Systems, ECBS 2009, San Francisco, California, USA. IEEE Computer Society, pp. 340–347.

Menzel, M., Meinel, C., Sep. 2009. A Security Meta-model for ServiceOriented Architectures. En: 2009 IEEE International Conference on Services Computing. IEEE, Bangalore, India, pp. 251–259. DOI: 10.1109/SCC.2009.57

Microsoft, 2012a. Micro Framework Web Page. URL: http://www.microsoft.com/en-us/netmf/default.aspx

Microsoft, 2012b. WSDAPI. URL: http://msdn.microsoft.com/en-us/library/windows/ desktop/aa826001%28v=vs.85%29.aspx

Mouelhi, T., Fleurey, F., Baudry, B., Le Traon, Y., 2010. A model-based framework for security policy specification, deployment and testing. Model Driven Engineering Languages and Systems 5301/2010, 537–552.

Nabil, S., Mohamed, B., 2012. Security ontology for semantic scada. En: Malki, M., Benbernou, S., Benslimane, S. M., Lehireche, A. (Eds.), ICWIT. Vol. 867 of CEUR Workshop Proceedings. CEUR-WS.org, pp. 179–192.

OASIS, 2006. Web services security: Soap message security 1.1 (ws-security 2004). Security 2003 (February), 76. URL: http://docs.oasis-open.org/wss/v1.1/wss-v1. 1-spec-os-SOAPMessageSecurity.pdf

OASIS, 2009. Devices Profile for Web Services Version 1.1. OASIS (July). URL: http://docs.oasis-open.org/ws-dd/dpws/1.1/pr-01/ wsdd-dpws-1.1-spec-pr-01.html

OMG, 2007. Specification. A UML Profile for MARTE.

OMG, 2008. UML Profile for Modeling QoS and Fault Tolerance Characteristics and Mechanisms Version 1.1.

OMG, 2009. Service oriented architecture Modeling Language (SoaML)- Specification for the UML Profile and Metamodel for Services (UPMS).

OMG, 2011. Business Process Model and Notation (BPMN ). DOI: 10.1007/s11576-008-0096-z

Ortiz, G., Hernández, J., 2006. Service-oriented model-driven development: Filling the extra-functional property gap. Service-Oriented Computing– ICSOC 2006 4294/2006, 471–476.

Satoh, F., Nakamura, Y., Mukhi, N., Tatsubori, M., Ono, K., 2008. Methodology and Tools for End-to-End SOA Security Configurations. En: 2008 IEEE Congress on Services, SERVICES I. IEEE Computer Society, Honolulu, Hawaii, USA, pp. 307–314.

Shopov, M., Matev, H., Spasov, G., 2007. Evaluation of Web Services Implementation for ARM-based Embedded System. En: Proceedings of ELECTRONICS’07. Sozopol, Bulgaria, pp. 79–84.

Silva Gallino, J. P., de Miguel, M. A., Briones, J. F., Alonso, A., 2010. Model-Driven Development of a Web Service-Oriented Architecture and Security Policies. En: 2010 13th IEEE International Symposium on Object/Component/Service-Oriented Real-Time Distributed Computing. IEEE Computer Society, Los Alamitos, CA, USA, Carmona, Spain, pp. 92– 96.

Silva Gallino, J. P., de Miguel, M. A., Briones, J. F., Alonso, A., 2011b. Domain-Specific Multi-Modeling of Security Concerns in Service-Oriented Architectures. LNCS - 8th International Workshop on Web Services and Formal Methods, WS-FM’11.

Silva Gallino, J. P. and de Miguel, M. A. and Briones, J. F. and Alonso, A., 2011a. Multi Domain-Specific Modeling of the Security Concerns of Service-Oriented Architectures. Services Computing, IEEE International Conference on 0, 761–762. DOI: 10.1109/SCC.2011.102

SOA4D, 2007. Web Page. URL: https://forge.soa4d.org/

Tarr, P., Ossher, H., Harrison, W., Sutton Jr., S. M., 1999. N degrees of separation: multi-dimensional separation of concerns. International Conference on Software Engineering, 107 – 119.

Theorin, A., Ollinger, L., Johnsson, C., May 2012. Service-oriented process control with grafchart and the devices profile for web services. En: 14th IFAC Symposium on Information Control Problems in Manufacturing (INCOM). Bucharest, Romania.

Unger, S., Pfeiffer, S., Timmermann, D., may 2012. Dethroning transport layer security in the embedded world. En: New Technologies, Mobility and Security (NTMS), 2012 5th International Conference on. pp. 1 –5. DOI: 10.1109/NTMS.2012.6208685

Wada, H., Suzuki, J., Oba, K., 2008. Early Aspects for Non-Functional Properties in Service Oriented Business Processes. Services, IEEE Congress on 0, 231–238. DOI: 10.1109/SERVICES-1.2008.76

WS4D, 2007. Web Page. URL: http://www.ws4d.org/