Embed Size (px)
DESCRIPTION
Citation preview
Workflows adaptations for security management through
MDD and Aspects
Fáber D. Giraldo
Armenia, October 12 2012 1
Acknowledgments
• Dr. Raquel Anaya and Pr. Luís Fernando Londoño (EAFITUniversity)
• Mireille Blay-Fornarino (University of Nice-SophiaAntipolis, France)
• Sébastien Mosser (University of Lille I, France)
• Sergio Ochoa and Alexandre Bergel (University of Chile)
2
Content1. Context
2. The ADORE Method
3. Case study
4. Problem: Security & Business Processes
5. Our proposal
6. Conclusions, Further worksand Results
7. Questions3
Context
• Separation of Concerns
• Workflows of Business Processes.
• MDD
• AOSD
• Security based on Services
• Workflows adaptations based on security
4
Goals of this work
The main goal of this proposal is to establish theincorporation in design time, of adaptation mechanismson workflows in order to consider security restrictions ondata and control structures that are part of a workflow, byusing model driven and aspects approaches.
5
Research questions• Which is the way to apply and/or enrich the ADORE
method in order to consider security based onstandards?
• Which is the contribution of modeling languages basedon UML for representing, at high abstraction level, thesecurity as an aspect and the interventions of it over thecore functionality?
• Which is the importance of the visualization mechanismfor analyzing the complexity of the security adaptationproposed? 6
Content1. Context
2. The ADORE Method
3. Case study
4. Problem: Security & Business Processes
5. Our proposal
6. Conclusions, Further worksand Results
7. Questions 7
The ADORE Method
• «Activity moDel to suppOrt oRchestration Evolution»[TAOSD’10]
• Consider concerns as «process fragments» to becomposed with existing processes
• Support fragment composition through different(endogenous) algorithms
• Algorithms ensure compositional properties
• E.g., order preservation8
Examples
9CCCms security requirement CCCms functional requirement
Examples
10
• More info about ADORE
• http://www.adore-design.org/doku/
• http://www.adore-design.org/doku/examples/cccms/start
• http://modalis.i3s.unice.fr/
11MODels to usAge of large scaLe InfraStructures
Content
1. Context
2. The ADORE Method
3. Case study
4. Problem: Security & Business Processes
5. Our proposal
6. Conclusions, Further worksand Results
7. Questions 12
The Case Study
Source: S. Mosser (2011)
•Car Crash Crisis Management System: CCCms
•Requirement documents specified in [Kienzle et al,2010]
•Special issue of TAOSD, focusing on AspectOriented Modeling
•Contents:
•8 main success scenario
•27 business extensions
•3 non-functional properties
•How to handle a Car Crash accident? 13
Initial version
14Source [Mosser, Blay-Fornarino and France, 2010]
Final version
It’s only for Capture Witness Report use case of CCCms….
15
Source [Mosser, Blay-Fornarino and France, 2010]
Content1. Context
2. The ADORE Method
3. Case study
4. Problem: Security & Business Processes
5. Our proposal
6. Conclusions, Further worksand Results
7. Questions 16
• Model (business) behavior in a Service-OrientedArchitecture
• Think «activity diagram» in the UML
• Think BPMN and BPEL ...
• Think specific proposals based on several symbols…
• As complex as the modeled business: no magic here (atleast yet)
• Security (and Quality Attributes) are often handled at theinfrastructure level (e.g., WS-*)
• But it clearly impacts modeled behaviors (e.g., «role-based access control»), as well as persistence, errorhandling, ... 17
• The use of SoC and aspects are extended to thetreatment of quality attributes (as security and its derivedimplications, e.g., control access) so that businessprocesses managed within a workflow consideradditional features to functionality.
• In most contemporary SOA practices focused on theseparation of concerns, the properties related withquality attributes are specified and mapped in a set ofservices.
• This strategy involves that developers and SOAarchitects must configure properly the quality attributesin a range of services (usually every quality attributecovers multiple services simultaneously).
18
• Unfortunately, UML, BPMN and BPEL do not supportseparation of concerns per se. [Wada, Suzuki and Oba,2008]
19
Content1. Context
2. The ADORE Method
3. Case study
4. Problem: Security & Business Processes
5. Our proposal
6. Conclusions, Further worksand Results
7. Questions 20
• Existing approaches deal with Separation of Concerns:
• Concerns reification (e.g., «Aspects» in Aspect-orientedProgramming)
• Composition with legacy systems (e.g., «Aspectweaving»)
• Security (e.g., control access, encryption) can beconsidered as another concern
• Thus composed with other concerns (e.g., persistencestandard, behavioral)
• Compliant with concern reasoning approaches
• E.g, interaction detection mechanisms 21
• Security can be considered as a crosscutting concern?
• Security involves services?
• Security have a high-level support?
• Several works propose the derivation of security modelsfrom Business Processes Models (BPMN, BPEL and SOAmodels)
22
• Security Control Access through RBAC – XACML
• RBAC: Role Based Control Access (Model)
• XACML (eXtensible Access Control Markup Language):OASIS Standard
• XACML 2.0 - 3.0 define a profile for RBAC support inorder to bind RBAC practical solutions in web servicesenvironments.
• RBAC is supported in high level abstraction models bySecureUML metamodel and Model Driven Security.
• Encryption using RSA X.509
• Services implemented by existing frameworks23
SecureUML Metamodel
From [Basin, Doser and Lodderstedt, 2006]24
XACML Model (I)
Adapted from http://docs.oasis-open.org/xacml/2.0/XACML-2.0-OS-ALL.zip 25
XACML Model (II)
General XACML Architecture. Source [Breu, Popp and Alam, 2007]26
Our proposal
Principles derived from the AOSD and MDD provide a highdegree of flexibility: AOSD can be applied to identifycommon concerns, visualizing scenarios where they can beapplied throughout the business process that is automatedin a workflow. The business process models can beadapted to meet new requirements. Further changes toprocess models can be applied immediately to adjustbusiness processes.
27
Our proposal
• To derive ADORE fragments for XACML process and RSAX.509 desencryption process.
• Fragments application independent.
• To support the semantic context of ADORE fragmentsthrough its integration with Theme/UML approach
• Bind through ADORE
• To use concepts of software visualization for identifyingand managing the complexity of new ADORE fragmentsfor CCCms
28
Integration with Theme/UML• Such as was exposed with the XACML standard, a quality
attribute could contain a set of associated services and structuresor specific dimensions, as hardware/software technologies thatsupport security operations.
• Other types of concerns address specifications of dimension,e.g., if a business process model must consider the managing ofbusiness rules, the fragment o fragment set must considerspecific operations over a business rule engine.
• It is evident the use of information of the modeled contextexpressed as variables that are introduced directly in theformulation of an ADORE fragment. According with the ADOREmethod the knowledge of context mapped in the fragments isassociated exclusively to the description of the selected process.
29
30Example of information of context in an ADORE fragment
Integration with Theme/UML• With the purpose of supporting the definition of ADORE
fragments from quality attributes whose behaviors are genericrespect to the behaviors that belongs to a business processworkflow, we decided to use a subset of the diagrams of themodeling phase established in the Model-Driven Theme/UMLprocess development to show the mapping of the informationof the context of the quality attribute towards the ADOREfragment.
• The context is defined in terms of the features specified for thesystem, the set of standards that govern the application andthe invocation of underlying services, as the XACML standardfor this case.
31
32
General proposal of ThemeUML/ADORE Integration
33
Use of ThemeUML in the formulation of XACML ADORE fragment
Bind by Endogenous Composition of Concerns
34
Composition leads to Iterative Process Modeling
35
36
Weaving• XACML application
independentfragment (blue)
• retrieveVictimHistorydependent fragment(green)
• execRescueMissionorchestration (white)
Desencryption fragment
37
38
Weaving • XACML application
independent fragment (blue)
• Desencryptapplication independent fragment (pink)
• retrieveVictimHistorydependent fragment (green)
• execRescueMissionorchestration (white)
Visualization
39
• The goal of visualization is the extension of cognition or acquisitionand/or use of knowledge [Teyseyre and Campo, 2009].
• ADORE allows to extract information from the internal representationof business processes, so it is possible to generate informationrelated to the structure and metrics of business processes
• The principle of separation of concerns in the context of businessprocess workflows derive implicitly the presence of complexity as animportant factor to consider in the tasks of maintainability,understandability and accuracy of measurement of a businessprocess.
• From work of [Mosser, Bergel and Blay-Fornarino, 2010] we adapt itfor exposing the "new" independent application fragments (security)in order to manage the complexity of the global CCCMs fragmentsincluding new generated fragments.
40
Configuration file generated byADORE
41Complexity of fragments and orchestrations of CCCms including formulated security fragments
42
Activities of connection between the fragments and orchestrations of CCCms, including formulated security fragments
Content1. Context
2. The ADORE Method
3. Case study
4. Problem: Security & Business Processes
5. Our proposal
6. Conclusions, Further Works and Results
7. Questions43
• Integration of MDD and ASOD principles to establish at amodel level, mechanisms of adaptation of businessprocess workflows, in order to incorporate securityconstraints based on access control defined by theRBAC model and the XACML standard.
• Final process designed through the composition ofsmaller artifacts
• XACML security fragments are «process independent»
• Thus can be reused in other business processesworkflows
• Approach applied successfully to the complete CCCms
44
• Achievements
• XACML policies implemented as reusable processfragments
• Approach applied to a concrete and complex casestudy
• Work in progress
• Final process «optimization» (e.g., merge redundantactivities)
• Application to other case studies (informationbroadcasting)
45
• Further works
• Conclusions about the ADORE method
• Comparison of this work with BPEL4RBAC, AO4BPELand AO4BPMN proposals
• Use of ADORE by quality attributes experts
• Standardization of behaviors derived from qualityattributes in ADORE
46
• Fáber D. Giraldo, Mireille Blay-Fornarino, Sébastien Mosser."Introducing Security Access Control Policies into Legacy BusinessProcesses”. Proceedings of the Fifteenth International EnterpriseDistributed Object Computing Conference (EDOC'11), IEEE,Helsinki, Finland, 29 august - 02 September 2011. Available in
http://hal.archives-ouvertes.fr/docs/00/59/48/45/PDF/edoc_2011.pdf
andhttp://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=6037600&contentType=Conference+Publications
• Fáber D. Giraldo and Raquel Anaya. “Integrating non-functionalsecurity services in ADORE using multiple views modelingapproaches”. XXXVIII Latin American Conference on Informatics(CLEI 2012), Latin American Symposium in Software Engineering.IEEExplorer coming soon! 47
Contact
• fdgiraldo
• @fdgiraldo
• http://www.linkedin.com/profile/view?id=144790141&trk=tab_pro
• http://www.slideshare.net/fdgiraldo/
More Information in CVLac & GrupLac
