Model-driven security

Model-driven security

Model-driven security (MDS) means applying model-driven approaches (and especially the concepts behind model-driven software development) [1] to security.


Development of the concept

The general concept of Model-driven security in its earliest forms has been around since the late 1990s (mostly in university research[2][3][4][5][6][7][8][9][10]), and was first commercialized around 2002.[11] There is also a body of later scientific research in this area,[12][13][14][15][16][17] which continues to this day (2011).

A more specific definition of Model-driven security specifically applies model-driven approaches to automatically generate technical security implementations from security requirements models. In particular, "Model driven security (MDS) is the tool supported process of modelling security requirements at a high level of abstraction, and using other information sources available about the system (produced by other stakeholders). These inputs, which are expressed in Domain Specific Languages (DSL), are then transformed into enforceable security rules with as little human intervention as possible. MDS explicitly also includes the run-time security management (e.g. entitlements/authorisations), i.e. run-time enforcement of the policy on the protected IT systems, dynamic policy updates and the monitoring of policy violations." [18]

Opinions of industry analysts

Several industry analyst sources [19][20][21] state that MDS "will have a significant impact as information security infrastructure is required to become increasingly real-time, automated and adaptive to changes in the organisation and its environment". Many information technology architectures today are built to support adaptive changes (e.g. Service Oriented Architectures (SOA) and so-called Platform-as-a-Service "mashups" in cloud computing[22]), and information security infrastructure will need to support that adaptivity ("agility").

Effects of MDS

Because MDS automates the generation and re-generation of technical security enforcement from generic models, it[23][24]:

  • enables SOA agility
  • reduces complexity (and SOA security complexity)
  • increases policy flexibility
  • supports rich application security policies
  • supports workflow context sensitive security policies
  • can auto-generate SOA infrastructure security policies
  • supports reuse between SOA stakeholders
  • minimises human errors
  • can auto-generate domain boundary security policies
  • helps enable SOA assurance accreditation (covered in ObjectSecurity’s MDSA eBook)

Implementations of MDS

Apart from academic proof-of-concept developments, the only commercially available full implementations of model-driven security (for authorization management policy automation) include ObjectSecurity OpenPMF,[25] which earned a listing in Gartner's "Cool Vendor" report in 2008 [26] and has been advocated by a number of organizations (e.g. U.S. Navy [27]) as a means to make authorization policy management easier and more automated.


  1. ^
  2. ^ Lodderstedt T., SecureUML: A UML-Based Modelling Language for Model-Driven Security. In UML 2002 – The Unified Modelling Language. Model Engineering, languages, Concepts, and Tools. 5th International Conference, Dresden, Germany, September/October 2002, Proceedings, volume 2460 of LNCS p. 426-441, Springer, 2002
  3. ^ Lodderstedt T. et al., Model Driven Security for Process-Oriented Systems, SACMAT 2003, 8th ACM Symposium on Access Control Models and Technologies, 2003, June 2003, Como, Italy, 2003
  4. ^ Jürjens J., UMLsec: Extending UML for Secure Systems Development, In UML 2002 – The Unified Modelling Language. Model Engineering, languages, Concepts, and Tools. 5th International Conference, Dresden, Germany, September/October 2002, Proceedings, volume 2460 of LNCS, pp. 412-425, Springer, 2002
  5. ^ Epstein P, Sandhu R.S. Towards a UML Based Approach to Role Engineering. In Proceedings of the 4th ACM Workshop on Role-Based Access Control, October 1999, Arlington, VA, USA, pp. 145-152, 1999
  6. ^ Lang, U.: Access Policies for Middleware. Ph.D. Thesis, Cambridge University, 2003
  7. ^ Lang, U. Model Driven Security (Policy Management Framework - PMF): Protection of Resources in Complex Distributed System. DOCSec 2003 Workshop, April 2003 (paper: Lang, U., Schreiner, R.: A Flexible, Model-Driven Security Framework for Distributed Systems: Policy Management Framework (PMF) at The IASTED International Conference on Communication, Network, and Information Security (CNIS 2003) in New York, USA, December 10–12, 2003)
  8. ^ Burt, Carol C. , Barrett R. Bryant, Rajeev R. Raje, Andrew Olson, Mikhail Auguston, ‘Model Driven Security: Unification of Authorization Models for Fine-Grain Access Control,’ edoc, p. 159, Seventh International Enterprise Distributed Object Computing Conference (EDOC'03), 2003
  9. ^ Lang, U., Gollmann, D., and Schreiner, R. Verifiable Identifiers in Middleware Security. 17th Annual Computer Security Applications Conference (ACSAC) Proceedings, pp. 450-459, IEEE Press, December 2001
  10. ^ Lang, Ulrich and Rudolf Schreiner, Developing Secure Distributed Systems with CORBA, 288 pages, published February 2002, Artech House Publishers, ISBN 1-58053-295-0
  11. ^
  12. ^ Völter, Patterns for Handling Cross-Cutting Concerns in Model-Driven Software Development, Version 2.3, Dec 26, 2005
  13. ^ Nadalin. Model Driven Security Architecture, Colorado Software Summit, 10/2005 and IBM SYSTEMS JOURNAL, VOL 44, NO 4, 2005: Business-driven application security: From modeling to managing secure applications
  14. ^ Alam, M.M.; Breu, R.; Breu, M., Model driven security for Webservices (MDS4WS), Multitopic Conference, 2004. Proceedings of INMIC 2004. 8th International Volume , Issue , 24-26 Dec. 2004 Page(s): 498 – 505
  15. ^ Alam M., Breu R., Hafner M., February 2007. Model-Driven Security Engineering for Trust Management in SECTET, Journal of Software, 02/2007
  16. ^ Wolter, Christian , Andreas Schaad, and Christoph Meinel, SAP Research, Deriving XACML Policies from Business Process Models, WISE 2007
  17. ^ IBM Tokyo Research Lab Website, Core Research Competency, Software Engineering, 09/2007
  18. ^
  19. ^ Gartner: "Cool Vendors in Application Security and Authentication, 2008" (G00156005) 4 April 2008, "Tear Down Application Authorization Silos With Authorization Management Solutions" (G00147801) 31 May 200, "Model-Driven Security: Enabling a Real-Time, Adaptive Security Infrastructure" (G00151498) 21 September 2007, "Hype Cycle for Information Security, 2007" (G00150728) 4 September 2007, "Hype Cycle for Identity and Access Management Technologies, 2008" (G00158499) 30 June 2008, "Hype Cycle for Context-Aware Computing, 2008" (G00158162) 1 July 2008, "Cisco Buys Securent for Policy Management, and Relevance" (G00153181), 5 Nov 2007.
  20. ^ 451 Group: "Market Insight Service Impact Report" (54313) and in the report "Policy Management for Identity - Closing the Loop Between Identity Management, Security and IT Management?".
  21. ^ Burton Group's 2008 "Entitlement Management" report.
  22. ^ Lang, U. Authorization as a Service for Cloud & SOA Applications at the International Workshop on Cloud Privacy, Security, Risk & Trust (CPSRT 2010), Collocated with 2nd IEEE International Conference on Cloud Computing Technology and Science (Cloudcom) CPSRT 2010, Indianapolis, Indiana, USA, December 2010
  23. ^ Lang, U. Model Driven Security Management: Making Security Management Manageable in Complex Distributed Systems at MODSEC 2008 (Modeling Security Workshop) CEUR Workshop Proceedings, Tolouse, France, 28 Sept 2008
  24. ^
  25. ^
  26. ^ Gartner: "Cool Vendors in Application Security and Authentication, 2008" (G00156005) 4 April 2008
  27. ^ Press Release – ObjectSecurity and Promia implement XML security features for next-generation US military security technology, April 2010

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Domain-driven design — (DDD) is an approach to developing software for complex needs by deeply connecting the implementation to an evolving model of the core business concepts.[1] The premise of domain driven design is the following: Placing the project s primary focus …   Wikipedia

  • T-Model — The T Model is a formula that states the returns earned by holders of a company s stock in terms of accounting variables obtainable from its financial statements [ Estep, Preston W., A New Method For Valuing Common Stocks , Financial Analysts… …   Wikipedia

  • Domain-Driven Design — (DDD) ist ein von Eric Evans in seinem Buch Domain Driven Design geprägter Begriff für eine Anwendungsdomänen getriebene Herangehensweise an das Design komplexer objektorientierter Software.[1] Domain Driven Design ist nicht nur eine Technik oder …   Deutsch Wikipedia

  • Human security — is an emerging paradigm for understanding global vulnerabilities whose proponents challenge the traditional notion of national security by arguing that the proper referent for security should be the individual rather than the state. Human… …   Wikipedia

  • America's Next Top Model, Cycle 11 — Promotional photograph of the cast of Cycle 11 of America s Next Top Model Format Reality television Created by Tyra Banks …   Wikipedia

  • Computer security — This article is about computer security through design and engineering. For computer security exploits and defenses, see computer insecurity. Computer security Secure operating systems Security architecture Security by design Secure coding …   Wikipedia

  • Actor model — In computer science, the Actor model is a mathematical model of concurrent computation that treats actors as the universal primitives of concurrent digital computation: in response to a message that it receives, an actor can make local decisions …   Wikipedia

  • Chen model — In finance, the Chen model is a mathematical model describing the evolution of interest rates. It is a type of three factor model (short rate model) as it describes interest rate movements as driven by three sources of market risk. It was the… …   Wikipedia

  • Cox–Ingersoll–Ross model — Three trajectories of CIR Processes In mathematical finance, the Cox–Ingersoll–Ross model (or CIR model) describes the evolution of interest rates. It is a type of one factor model (short rate model) as it describes interest rate movements as… …   Wikipedia

  • Internet security — is a branch of computer security[1] specifically related to the Internet. Its objective is to establish rules and measures to use against attacks over the Internet.[2] The Internet represents an insecure channel for exchanging information leading …   Wikipedia