Model-driven security explained
Model-driven security (MDS) means applying model-driven approaches (and especially the concepts behind model-driven software development) [1] to security.
Development of the concept
The general concept of Model-driven security in its earliest forms has been around since the late 1990s (mostly in university research[2] [3] [4] [5] [6] [7] [8] [9] [10]), and was first commercialized around 2002.[11] There is also a body of later scientific research in this area,[12] [13] [14] [15] [16] [17] which continues to this day.
A more specific definition of Model-driven security specifically applies model-driven approaches to automatically generate technical security implementations from security requirements models. In particular, "Model driven security (MDS) is the tool supported process of modelling security requirements at a high level of abstraction, and using other information sources available about the system (produced by other stakeholders). These inputs, which are expressed in Domain Specific Languages (DSL), are then transformed into enforceable security rules with as little human intervention as possible. MDS explicitly also includes the run-time security management (e.g. entitlements/authorisations), i.e. run-time enforcement of the policy on the protected IT systems, dynamic policy updates and the monitoring of policy violations."[18]
Model-driven security is also well-suited for automated auditing, reporting, documenting, and analysis (e.g. for compliance and accreditation), because the relationships between models and technical security implementations are traceably defined through the model-transformations.[19]
Opinions of industry analysts
Several industry analyst sources [20] [21] [22] state that MDS "will have a significant impact as information security infrastructure is required to become increasingly real-time, automated and adaptive to changes in the organisation and its environment". Many information technology architectures today are built to support adaptive changes (e.g. Service Oriented Architectures (SOA) and so-called Platform-as-a-Service "mashups" in cloud computing[23]), and information security infrastructure will need to support that adaptivity ("agility"). The term DevOpsSec (see DevOps) is used by some analysts[24] equivalent to model-driven security.
Effects of MDS
Because MDS automates the generation and re-generation of technical security enforcement from generic models, it:[25] [18]
- enables SOA agility
- reduces complexity (and SOA security complexity)
- increases policy flexibility
- supports rich application security policies
- supports workflow context sensitive security policies
- can auto-generate SOA infrastructure security policies
- supports reuse between SOA stakeholders
- minimises human errors
- can auto-generate domain boundary security policies
- helps enable SOA assurance accreditation (covered in ObjectSecurity’s MDSA eBook)
Implementations of MDS
Apart from academic proof-of-concept developments, the only commercially available full implementations of model-driven security (for authorization management policy automation) include ObjectSecurity OpenPMF,[11] which earned a listing in Gartner's "Cool Vendor" report in 2008 [26] and has been advocated by a number of organizations (e.g. U.S. Navy [27]) as a means to make authorization policy management easier and more automated.
See also
Notes and References
- Web site: Home . omg.org.
- Lodderstedt T., SecureUML: A UML-Based Modelling Language for Model-Driven Security. In UML 2002 – The Unified Modelling Language. Model Engineering, languages, Concepts, and Tools. 5th International Conference, Dresden, Germany, September/October 2002, Proceedings, volume 2460 of LNCS p. 426-441, Springer, 2002
- Lodderstedt T. et al., Model Driven Security for Process-Oriented Systems, SACMAT 2003, 8th ACM Symposium on Access Control Models and Technologies, 2003, June 2003, Como, Italy, 2003
- Jürjens J., UMLsec: Extending UML for Secure Systems Development, In UML 2002 – The Unified Modelling Language. Model Engineering, languages, Concepts, and Tools. 5th International Conference, Dresden, Germany, September/October 2002, Proceedings, volume 2460 of LNCS, pp. 412-425, Springer, 2002
- Epstein P, Sandhu R.S. Towards a UML Based Approach to Role Engineering. In Proceedings of the 4th ACM Workshop on Role-Based Access Control, October 1999, Arlington, VA, USA, pp. 145-152, 1999
- Lang, U.: Access Policies for Middleware. Ph.D. Thesis, Cambridge University, 2003
- Lang, U. Model Driven Security (Policy Management Framework - PMF): Protection of Resources in Complex Distributed System. DOCSec 2003 Workshop, April 2003 (paper: Lang, U., Schreiner, R.: A Flexible, Model-Driven Security Framework for Distributed Systems: Policy Management Framework (PMF) at The IASTED International Conference on Communication, Network, and Information Security (CNIS 2003) in New York, USA, December 10–12, 2003)
- Burt, Carol C., Barrett R. Bryant, Rajeev R. Raje, Andrew Olson, Mikhail Auguston, ‘Model Driven Security: Unification of Authorization Models for Fine-Grain Access Control,’ edoc, p. 159, Seventh International Enterprise Distributed Object Computing Conference (EDOC'03), 2003
- Lang, U., Gollmann, D., and Schreiner, R. Verifiable Identifiers in Middleware Security. 17th Annual Computer Security Applications Conference (ACSAC) Proceedings, pp. 450-459, IEEE Press, December 2001
- Lang, Ulrich and Rudolf Schreiner, Developing Secure Distributed Systems with CORBA, 288 pages, published February 2002, Artech House Publishers,
- Web site: Home . objectsecurity.com.
- Völter, Patterns for Handling Cross-Cutting Concerns in Model-Driven Software Development, Version 2.3, Dec 26, 2005
- Nadalin. Model Driven Security Architecture, Colorado Software Summit, 10/2005 and IBM SYSTEMS JOURNAL, VOL 44, NO 4, 2005: Business-driven application security: From modeling to managing secure applications
- Alam, M.M.; Breu, R.; Breu, M., Model driven security for Webservices (MDS4WS), Multitopic Conference, 2004. Proceedings of INMIC 2004. 8th International Volume, Issue, 24-26 Dec. 2004 Page(s): 498 – 505
- Alam M., Breu R., Hafner M., February 2007. Model-Driven Security Engineering for Trust Management in SECTET, Journal of Software, 02/2007
- Wolter, Christian, Andreas Schaad, and Christoph Meinel, SAP Research, Deriving XACML Policies from Business Process Models, WISE 2007
- IBM Tokyo Research Lab Website, Core Research Competency, Software Engineering, 09/2007
- Web site: Home . modeldrivensecurity.org.
- Lang, U. and Schreiner, R. Model Driven Security Accreditation (MDSA) For Agile, Interconnected IT Landscapes at The 1st ACM Workshop on Information Security Governance, November 13, 2009, Hyatt Regency Chicago, Chicago, USA
- Gartner: "Hype Cycle for Identity and Access Management Technologies, 2013" (G00247866), "Hype Cycle for Application Security, 2013" (G00252739), "Cool Vendors in Application Security and Authentication, 2008" (G00156005) 4 April 2008, "Tear Down Application Authorization Silos With Authorization Management Solutions" (G00147801) 31 May 200, "Model-Driven Security: Enabling a Real-Time, Adaptive Security Infrastructure" (G00151498) 21 September 2007, "Hype Cycle for Information Security, 2007" (G00150728) 4 September 2007, "Hype Cycle for Identity and Access Management Technologies, 2008" (G00158499) 30 June 2008, "Hype Cycle for Context-Aware Computing, 2008" (G00158162) 1 July 2008, "Cisco Buys Securent for Policy Management, and Relevance" (G00153181), 5 Nov 2007.
- 451 Group: "Market Insight Service Impact Report" (54313) and in the report "Policy Management for Identity - Closing the Loop Between Identity Management, Security and IT Management?".
- Burton Group's 2008 "Entitlement Management" report.
- Lang, U. Authorization as a Service for Cloud & SOA Applications at the International Workshop on Cloud Privacy, Security, Risk & Trust (CPSRT 2010), Collocated with 2nd IEEE International Conference on Cloud Computing Technology and Science (Cloudcom) CPSRT 2010, Indianapolis, Indiana, USA, December 2010
- Gartner: Hype Cycle for Application Security, 2012 (G00229119)
- Lang, U. Model Driven Security Management: Making Security Management Manageable in Complex Distributed Systems at MODSEC 2008 (Modeling Security Workshop) CEUR Workshop Proceedings, Toulouse, France, 28 Sept 2008
- Gartner: "Cool Vendors in Application Security and Authentication, 2008" (G00156005) 4 April 2008
- Press Release – ObjectSecurity and Promia implement XML security features for next-generation US military security technology, April 2010