Model Driven Security Policy Automation

On this blog, ObjectSecurity co-founder and CEO Ulrich Lang discusses security policy automation and model-driven security. The aim of this blog is to advocate advance the state of the art in this area through exchange of ideas. www.modeldrivensecurity.org - www.policyautomation.org - www.objectsecurity.com

Wednesday, 30 January 2013

Model-Driven Security possible without Model-Driven Software Engineering? Of course!


Today I want to clarify that model-driven security (MDS) does not necessarily rely on model-driven development to work - even though it relies on application, system, and interaction models (so-called “functional models”) to achieve significant security policy automation. The traditional MDS approach is that these functional models ideally come from manually defined application models authored during model-driven development (e.g. UML, BPMN). But this is not necessary. We have designed an additional solution for our OpenPMF where the functional models are in fact obtained from an IT asset management tool that is part of our partner’s (Promia, Inc.) intrusion detection/prevention product Raven. This works well, and enables the use of model-driven security in environments which do not support model-driven development or where model-driven development is not desired.
While this may not sound like a big deal, it is in fact a big deal, because it increases the widespread applicability of model-driven security dramatically, and makes adoption a lot easier.

3 comments:

Nitya Mahale said...

Best designing of product models, product design model and model products.

Locksmith Bellevue said...

THANKS FOR SHARING.
THIS IS REALLY AMAZE

Testing training in chennai said...

Your information about software is really interesting. Also I want to know the latest new techniques which are implemented in software. Please update it in your website.