Model Driven Security Policy Automation

On this blog, ObjectSecurity co-founder and CEO Ulrich Lang discusses security policy automation and model-driven security. The aim of this blog is to advocate advance the state of the art in this area through exchange of ideas. - -

Tuesday 25 September 2007

Publications & Resources about Model-Driven Security

This blog also tries to provide a forum for publications about model driven security. Please put any abstracts into the comments of this message and we will merge them into the main message.

ObjectSecurity released a publication Model driven security for agile SOA-style environments, by Dr. Ulrich Lang & Rudolf Schreiner at ISSE 2007:

There is evidence that many IT security vulnerabilities are caused by incorrect security policies and configurations (i.e. human errors) rather than by inherent weaknesses in the attacked IT systems. Security administrators need to have an in-depth understanding of the security features and vulnerabilities of a multitude of ever-changing and different IT "silos". Moreover, in complex, large, networked IT environments such policies quickly become confusing and error-prone because administrators cannot specify and maintain the correct policy anymore. Agile service oriented architecture (SOA) style environments further complicate this scenario for a number of reasons, including: security policies may need to be reconfigured whenever the IT infrastructure gets re-orchestrated; security at the business process management layer is at a different semantic level than in the infrastructure; semantic mappings between the layers and well-adopted standardised notations are not available. This paper explores how the concepts of security policy management at a high, more intuitive (graphical) level of abstraction and model-driven security (tied in with model driven software engineering) can be used for more effective and simplified security management/enforcement for the agile IT environments that organisations are faced with today. In this paper, we illustrate in SecureMDA™ how model driven security can be applied to automatically generate security policies from abstract models. Using this approach, human errors are minimised and policy updates can be automatically generated whenever the underlying infrastructure gets re-orchestrated, updated etc. The generated security policies are consistent across the entire distributed environment using the OpenPMF policy management framework. This approach is better than having administrators go from IT system to IT system and change policies for many reasons (including security, cost, effort, error-proneness, and consistency). The paper also outlines why meta-modelling and a flexible enforcement plug-in model are useful concepts for security model flexibility.


Gartner released a study Model-Driven Security: Enabling a Real-Time, Adaptive Security Infrastructure that defines:

"Model-driven security is the use of visual models or domain specific modelling languages during application design, development and composition to represent and assign security primitives — such as confidentiality, integrity, authentication, authorisation and auditing — to application, process and information flows independent of the specific security enforcement mechanisms used at runtime."


ObjectSecurity released a study Model Driven Security - A new security management approach applied to SOA - please contact to puchase.



ObjectSecurity is just finishing a larger study about model-driven security (MDS), as part of which they did an exhaustive search of different approaches, architectures, and definitions. In the end they settled for the following definition:

Model driven security (MDS) is the tool supported process of modelling security requirements at a high level of abstraction, and using other information sources available about the system (produced by other stakeholders). These inputs, which are expressed in Domain Specific Languages (DSL), are then transformed into enforceable security rules with as little human intervention as possible. MDS explicitly also includes the run-time security management (e.g. entitlements/authorisations), i.e. run-time enforcement of the policy on the protected IT systems, dynamic policy updates and the monitoring of policy violations.

Please put any suggestions into the comments field and we will modify this definition as needed.

As part of their study, they also analysed the product/vendor landscape in technical depth, and identified industry trends - this information can be made available upon request. Contact us
here if you are interested in details or would like to purchase a report.

Thursday 6 September 2007

Gartner Hype Cycle for Information Security 2007

Gartner has just released their new Hype Cycle for Information Security 2007, and model driven security is on it. ObjectSecurity's OpenPMF 2.0 ( has been identified as aleading product in this emerging area.

This shows that Gartner believes that model driven security is a critical technology approach to simplify enterprise security.

This blog is a public forum and we are welcoming any views on this.

Thursday 21 June 2007

Looking for OpenPMF, SecureMDA, TrustedSOA?

Did you get to this page because you are looking for ObjectSecurity's model driven security tools to automatically generate security policies from models? If so, please go to:

Saturday 17 March 2007

Model driven architecture and SOA assurance

Model driven engineering and SOA seem to complement each other very well. SOA enables horizontal decoupling of services (the issues of that are discussed on our other blog, and MDA enables horizontal decoupling (of models from implementations). Now this is obviously an oversimplification, but a nice upcoming architectural idea.
Security plays an important role here, and it is currently still a bit unclear to many how security can be defined and enforced in a manageable way. Of course there are webservices security specifications, but those (at least the ones that work in real-world products today) only deal with the protocol layer, which is the easy bit.
The harder bit is how to define and enforce policies for agile SOA-style enviroments. We at ObjectSecurity believe that model driven security (MDS) can help here because it allows to generate security policies for agile systems from a stable model.
But securing SOA is only one application of this useful concept...

Thursday 15 February 2007

Welcome & Introduction

On this blog we will discuss model driven security. Please feel free to comment.

Defining security policies for complex, large IT environments is a difficult, cumbersome, and error-prone task. This is in particular the case for agile IT environments such as highly distributed component based systems and Service Oriented Architecture (SOA). We have shown that model-driven security, which allows the generation of security policies from the application models, helps build and maintain secure, agile IT environments.

Today software modelling is the accepted best-practice approach for developing flexible and reusable software applications where abstract application models are turned into software using a modelling toolchain. The OMG Model Driven Architecture (MDA) is the leading standard framework for software modelling. The ObjectSecurity/Fraunhofer FOKUS SecureMiddleware includes a full MDA development toolchain.
Why not apply the same logic to security and automatically generate security policies and high assurance from the application models? This way, you can be confident that the deployed system matches the models, and that you have not forgotten any security policy aspects.
And most importantly, you can reconfigure and redeploy your (possibly distributed) applications by simple changes in the model - the underlying software and security policies will be automatically matched to your models through the automatic MDA and SecureMDA tool chains.

This approachhas been showcased by ObjectSecurity (with their SecureMiddleware partner Fraunhofer FOKUS) in their SecureMDA technology.

Any comments on model driven security are greatly appreciated.