Friday, 27 July 2007
Related blogs
There is a related blog at www.trustedsoa.org and one with more of a middleware security focus at www.securemiddleware.org.
Thursday, 21 June 2007
Looking for OpenPMF, SecureMDA, TrustedSOA?
Did you get to this page because you are looking for ObjectSecurity's model driven security tools to automatically generate security policies from models? If so, please go to:
http://www.openpmf.com
http://www.trustedsoa.com
http://www.securemda.com/
http://www.openpmf.com
http://www.trustedsoa.com
http://www.securemda.com/
Saturday, 17 March 2007
Model driven architecture and SOA assurance
Model driven engineering and SOA seem to complement each other very well. SOA enables horizontal decoupling of services (the issues of that are discussed on our other blog www.trustedsoa.org), and MDA enables horizontal decoupling (of models from implementations). Now this is obviously an oversimplification, but a nice upcoming architectural idea.
Security plays an important role here, and it is currently still a bit unclear to many how security can be defined and enforced in a manageable way. Of course there are webservices security specifications, but those (at least the ones that work in real-world products today) only deal with the protocol layer, which is the easy bit.
The harder bit is how to define and enforce policies for agile SOA-style enviroments. We at ObjectSecurity believe that model driven security (MDS) can help here because it allows to generate security policies for agile systems from a stable model.
But securing SOA is only one application of this useful concept...
Security plays an important role here, and it is currently still a bit unclear to many how security can be defined and enforced in a manageable way. Of course there are webservices security specifications, but those (at least the ones that work in real-world products today) only deal with the protocol layer, which is the easy bit.
The harder bit is how to define and enforce policies for agile SOA-style enviroments. We at ObjectSecurity believe that model driven security (MDS) can help here because it allows to generate security policies for agile systems from a stable model.
But securing SOA is only one application of this useful concept...
Thursday, 15 February 2007
Welcome & Introduction
On this blog we will discuss model driven security. Please feel free to comment.
Defining security policies for complex, large IT environments is a difficult, cumbersome, and error-prone task. This is in particular the case for agile IT environments such as highly distributed component based systems and Service Oriented Architecture (SOA). We have shown that model-driven security, which allows the generation of security policies from the application models, helps build and maintain secure, agile IT environments.
Today software modelling is the accepted best-practice approach for developing flexible and reusable software applications where abstract application models are turned into software using a modelling toolchain. The OMG Model Driven Architecture (MDA) is the leading standard framework for software modelling. The ObjectSecurity/Fraunhofer FOKUS SecureMiddleware includes a full MDA development toolchain.
Why not apply the same logic to security and automatically generate security policies and high assurance from the application models? This way, you can be confident that the deployed system matches the models, and that you have not forgotten any security policy aspects.
And most importantly, you can reconfigure and redeploy your (possibly distributed) applications by simple changes in the model - the underlying software and security policies will be automatically matched to your models through the automatic MDA and SecureMDA tool chains.
This approachhas been showcased by ObjectSecurity (with their SecureMiddleware partner Fraunhofer FOKUS) in their SecureMDA technology.
Any comments on model driven security are greatly appreciated.
Defining security policies for complex, large IT environments is a difficult, cumbersome, and error-prone task. This is in particular the case for agile IT environments such as highly distributed component based systems and Service Oriented Architecture (SOA). We have shown that model-driven security, which allows the generation of security policies from the application models, helps build and maintain secure, agile IT environments.
Today software modelling is the accepted best-practice approach for developing flexible and reusable software applications where abstract application models are turned into software using a modelling toolchain. The OMG Model Driven Architecture (MDA) is the leading standard framework for software modelling. The ObjectSecurity/Fraunhofer FOKUS SecureMiddleware includes a full MDA development toolchain.
Why not apply the same logic to security and automatically generate security policies and high assurance from the application models? This way, you can be confident that the deployed system matches the models, and that you have not forgotten any security policy aspects.
And most importantly, you can reconfigure and redeploy your (possibly distributed) applications by simple changes in the model - the underlying software and security policies will be automatically matched to your models through the automatic MDA and SecureMDA tool chains.
This approachhas been showcased by ObjectSecurity (with their SecureMiddleware partner Fraunhofer FOKUS) in their SecureMDA technology.
Any comments on model driven security are greatly appreciated.
Subscribe to:
Posts (Atom)