| 翻訳と辞書 |
| Model-driven security : ウィキペディア英語版 |
Model-driven security
Model-driven security (MDS) means applying model-driven approaches (and especially the concepts behind model-driven software development) 〔http://www.omg.org〕 to security.
==Development of the concept==
The general concept of Model-driven security in its earliest forms has been around since the late 1990s (mostly in university research〔Lodderstedt T., SecureUML: A UML-Based Modelling Language for Model-Driven Security. In UML 2002 – The Unified Modelling Language. Model Engineering, languages, Concepts, and Tools. 5th International Conference, Dresden, Germany, September/October 2002, Proceedings, volume 2460 of LNCS p. 426-441, Springer, 2002〕〔Lodderstedt T. et al., Model Driven Security for Process-Oriented Systems, SACMAT 2003, 8th ACM Symposium on Access Control Models and Technologies, 2003, June 2003, Como, Italy, 2003〕〔Jürjens J., UMLsec: Extending UML for Secure Systems Development, In UML 2002 – The Unified Modelling Language. Model Engineering, languages, Concepts, and Tools. 5th International Conference, Dresden, Germany, September/October 2002, Proceedings, volume 2460 of LNCS, pp. 412-425, Springer, 2002〕〔Epstein P, Sandhu R.S. Towards a UML Based Approach to Role Engineering. In Proceedings of the 4th ACM Workshop on Role-Based Access Control, October 1999, Arlington, VA, USA, pp. 145-152, 1999〕〔Lang, U.: Access Policies for Middleware. Ph.D. Thesis, Cambridge University, 2003〕〔Lang, U. Model Driven Security (Policy Management Framework - PMF): Protection of Resources in Complex Distributed System. DOCSec 2003 Workshop, April 2003 (paper: Lang, U., Schreiner, R.: A Flexible, Model-Driven Security Framework for Distributed Systems: Policy Management Framework (PMF) at The IASTED International Conference on Communication, Network, and Information Security (CNIS 2003) in New York, USA, December 10–12, 2003)〕〔Burt, Carol C. , Barrett R. Bryant, Rajeev R. Raje, Andrew Olson, Mikhail Auguston, ‘Model Driven Security: Unification of Authorization Models for Fine-Grain Access Control,’ edoc, p. 159, Seventh International Enterprise Distributed Object Computing Conference (EDOC'03), 2003〕〔Lang, U., Gollmann, D., and Schreiner, R. Verifiable Identifiers in Middleware Security. 17th Annual Computer Security Applications Conference (ACSAC) Proceedings, pp. 450-459, IEEE Press, December 2001〕〔Lang, Ulrich and Rudolf Schreiner, Developing Secure Distributed Systems with CORBA, 288 pages, published February 2002, Artech House Publishers, ISBN 1-58053-295-0〕), and was first commercialized around 2002.〔http://www.objectsecurity.com〕 There is also a body of later scientific research in this area,〔Völter, Patterns for Handling Cross-Cutting Concerns in Model-Driven Software Development, Version 2.3, Dec 26, 2005〕〔Nadalin. Model Driven Security Architecture, Colorado Software Summit, 10/2005 and IBM SYSTEMS JOURNAL, VOL 44, NO 4, 2005: Business-driven application security: From modeling to managing secure applications〕〔Alam, M.M.; Breu, R.; Breu, M., Model driven security for Webservices (MDS4WS), Multitopic Conference, 2004. Proceedings of INMIC 2004. 8th International Volume , Issue , 24-26 Dec. 2004 Page(s): 498 – 505〕〔Alam M., Breu R., Hafner M., February 2007. Model-Driven Security Engineering for Trust Management in SECTET, Journal of Software, 02/2007〕〔Wolter, Christian , Andreas Schaad, and Christoph Meinel, SAP Research, Deriving XACML Policies from Business Process Models, WISE 2007〕〔IBM Tokyo Research Lab Website, Core Research Competency, Software Engineering, 09/2007〕 which continues to this day (2011).
A more specific definition of Model-driven security specifically applies model-driven approaches to automatically generate technical security implementations from security requirements models. In particular, "Model driven security (MDS) is the tool supported process of modelling security requirements at a high level of abstraction, and using other information sources available about the system (produced by other stakeholders). These inputs, which are expressed in Domain Specific Languages (DSL), are then transformed into enforceable security rules with as little human intervention as possible. MDS explicitly also includes the run-time security management (e.g. entitlements/authorisations), i.e. run-time enforcement of the policy on the protected IT systems, dynamic policy updates and the monitoring of policy violations." 〔http://www.modeldrivensecurity.org〕
Model-driven security is also well-suited for automated auditing, reporting, documenting, and analysis (e.g. for compliance and accreditation), because the relationships between models and technical security implementations are traceably defined through the model-transformations.〔Lang, U. and Schreiner, R. Model Driven Security Accreditation (MDSA) For Agile, Interconnected IT Landscapes at The 1st ACM Workshop on Information Security Governance, November 13, 2009, Hyatt Regency Chicago, Chicago, USA〕
抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』
■ウィキペディアで「Model-driven security」の詳細全文を読む
スポンサード リンク
| 翻訳と辞書 : 翻訳のためのインターネットリソース |
Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.
|
|