Paper 4
Secure Integration of Third Party Components in a Model-Driven ApproachAuthors: Marian Borek, Kurt Stenzel, Kuzman Katkalov, and Wolfgang Reif |
AbstractModel-driven approaches facilitate the development of applications by introducing domain-speci c abstractions. Our model-driven approach called SecureMDD supports the domain of security-critical applications that use web services. Because many applications use external web services (i.e. services developed and provided by someone else), the integration of such web services is an important task of a model-driven approach. In this paper we present an approach to integrate and exchange external developed web services that use standard or non-standard cryptographic protocols, in security-critical applications. All necessary information is defined in an abstract way in the application model, which means that no manual changes of the generated code are necessary. We also show how security properties for the whole system including external web services can be defined and proved. For demonstration we use an electronic ticketing case study that integrates an external payment service. |