Secure Integration of Third Party Components in a Model-Driven Approach

Marian Borek, Kurt Stenzel, Kuzman Katkalov and Wolfgang Reif

Model-driven approaches facilitate the development of applications by introducing domain-specific abstractions. Our model-driven approach called SecureMDD supports the domain of security-critical applications that use web services. Because many applications use external web services (i.e. services developed and provided by someone else), the integration of such web services is an important task of a model-driven approach. In this paper we present an approach to integrate and exchange external developed web services that use standard or non-standard cryptographic protocols, in security-critical applications. All necessary information is defined in an abstract way in the application model, which means that no manual changes of the generated code are necessary. We also show how security properties for the whole system including external web services can be defined and proved. For demonstration we use an electronic ticketing case study that integrates an external payment service.
published 2016 Special Issue of Cloud Computing in Transactions on Large-Scale Data and Knowledge Centered Systems (TLDKS), LNCS 10130

Publisher: Springer