Security Policy Model
A simplistic view of a service-oriented architecture comprises three overlapping domains.
Specurity Aspects
Name
Description
Generates specific security policy configuration from security annotated process models.
Specification Elements
Name
Description
Defines abstract security aspects.
Defines requirements for associations between the entities with regard to the particular security goals.
Defines security goals.
Interprets and enforces policies.
Used to map high level security requirements to concrete technical mechanisms that implement the enforcement of security constraints.
The basic entity in a security policy model capable of participating in an interaction with other objects.
Describes meta information of an object.
Performed by an object, an interaction may involve information and lead to an effect.
Exchanged in an interaction.
Can be comprised from the provision of information or the change of state of an object or information in a system.
Provide a classification for all protocols and algorithms and describe dependencies between these mechanisms.
Security Aspects
Model Transformation
Generates specific security policy configuration from security annotated process models.- Specification Elements:
- Security Goal
- Constraint
- Policy
- Security Module
- Security Pattern
- Object
- Attribute
- Interaction
- Information
- Effect
- Security Mechanism
- Threats:
- Spoofing
- Tampering with Data
- Repudiation
- Information Disclosure
- Denial of Service
- Elevation of Privileges
Specification Elements
Security Goal
Defines abstract security aspects.- Applies to:
Constraint
Defines requirements for associations between the entities with regard to the particular security goals.- Applies to:
Policy
Defines security goals.- Applies to:
Security Module
Interprets and enforces policies.- Applies to:
Security Pattern
Used to map high level security requirements to concrete technical mechanisms that implement the enforcement of security constraints.Object
The basic entity in a security policy model capable of participating in an interaction with other objects.Attribute
Describes meta information of an object.- Applies to:
- Data
Interaction
Performed by an object, an interaction may involve information and lead to an effect.- Applies to:
- Activity
Information
Exchanged in an interaction.- Applies to:
- Data
Effect
Can be comprised from the provision of information or the change of state of an object or information in a system.Security Mechanism
Provide a classification for all protocols and algorithms and describe dependencies between these mechanisms.- Applies to:
- Activity