Integration and Exchangeability of External Security-Critical Web Services in a Model-Driven Approach

0
55

Authors: Kurt Stenzel, Kuzman Katkalov, Marian Borek, Wolfgang Reif

Tags: 2015, conceptual modeling

Model-driven approaches facilitate the development of applications by introducing domain-specific abstractions. Our model-driven approach called SecureMDD supports the domain of security-critical applications that use web services. Because many applications use external web services (i.e. services developed and provided by someone else), the integration of such web services is an important task of a model-driven approach. In this paper we present an approach to integrate and exchange external developed web services that use standard or non-standard cryptographic protocols, in security-critical applications. All necessary information is defined in an abstract way in the application model, which means that no manual changes of the generated code are necessary. We also show how security properties for the whole system including external web services can be defined and proved. For demonstration we use a web shop case study that integrates an external payment service.

Read the full paper here: https://link.springer.com/chapter/10.1007/978-3-319-25747-1_7