Farid Mehr, Ulf Schreier



Service oriented computing is increasingly accepted as a cross-disciplinary paradigm to integrate distributed application functionality through service interfaces. Integration through services as entry points for inter-organisational collaboration can be achieved by exchanging data in messages. In this architectural style, the security of sensitive exchanged data is essential. Security needs to be carefully considered during the entire life-cycle (Devanbu, 2000). Unfortunately, current UML-based modelling approaches do not support the adequate integration of message security concerns. In this paper, we investigate various integration options with UML systematically. The evaluation encompasses most of the options that are proposed today in science and industry as UML profiles. We conclude that neither of those approaches is sufficient for the systematic and comprehensive treatment of message security during modelling. To this end, we propose a new approach that is based on UML and very minor extensions of OCL.


  1. Baligand, F., Monfort, V., 2004. A concrete solution for web services adaptability using policies and aspects. In Proceedings of the 2nd International Conference on Service Oriented Computing. ACM Press, NY, USA, pp. 134-142.
  2. Baina, K., Benatallah, B., Casati, F., Toumani, F., 2004. Model-Driven Web Service Development. In Proceedings of the 16th International Conference on Advanced Information Systems Engineering. Springer, Berlin/Heidelberg, Germany, pp. 290-306.
  3. Bézivin, J., Devedžic, V., Djuric, D., Favreau, J., Gaševic, D., Jouault, F., 2005. An M3-Neutral infrastructure for bridging model engineering and ontology engineering. In Proceedings of the First International Conference on Interoperability of Enterprise Software and Applications. Springer, Germany, pp. 159-171.
  4. Clarke, S., Walker, R.J., 2001. Composition patterns: an approach to designing reusable aspects. In Proceedings of the 23rd International Conference on Software Engineering. IEEE Computer Society, Washington, DC, USA, pp. 5-14.
  5. Devanbu, W.T., Stubblebine, S., 2000. Software Engineering for Security: a Roadmap. In Proceedings of Conference on the Future of Software Engineering. ACM Press, New York, USA, pp. 227-239.
  6. Gray, J., Bapty, T., Neema, S., Schmidt, D.C., Gokhale, A., Natarajan, B., 2003. An approach for supporting aspect-oriented domain modelling. In Proceedings of the second international conference on Generative programming and component engineering. Springer, NY, USA, 2003, pp. 151-168.
  7. Grønmo, J., Skogan, D., Solheim, I., Oldevik, J., 2004. Model-driven Web Services Development. In IEEE International Conference on e-Technology, eCommerce and e-Services, eee, 2004, pp. 42-45.
  8. Jacobson, I., Ng, P., 2004. Aspect-Oriented Software Development with Use Cases. Addison Wesley, NY, USA.
  9. Jürjens, J., 2002. UMLSec: Extending UML for Secure Software Development. In Proceedings of the 5th International Conference on The Unified Modeling Language. Springer, London, UK, pp. 412-425.
  10. Katara, K., Katz, S., 2003. Architectural Views of Aspects. In Proceedings of the 2nd International Conference on Aspect-Oriented Software Development. ACM Press, NY, USA, 2003, pp. 1-10.
  11. Lodderstedt, T, Basin, D.A., Doser, J., 2002. SecureUML: A UML-Based Modeling Language for Model-Driven Security. In Proceedings of the 5th International Conference on The Unified Modeling Langauge. Springer, London, UK, pp. 426-441
  12. Manolescu, I., Brambilla, M., Ceri, S., Comai, S., Fraternali, P., 2005. Model-driven design and deployment of service-enabled web applications. In ACM Transactions on Internet Technology. ACM Press, NY, USA, volume 5, issue 3, pp. 439-479.
  13. Nakamura, Y., Tatsubori, M., Imamura, T., Ono, K., 2005. Model-Driven Security Based on a Web Services Security Architecture. In Proceedings of the IEEE International Conference on Services Computing IEEE Computer Society, NY, USA, volume 1, pp. 7- 15.
  14. Papazoglou, M.P., Yang, J., 2002. Design Methodology for Web Services and Business Processes. In Proceedings of the Third International Workshop on Technologies for E-Services. Springer, London, UK, pp. 54-64.
  15. Papazoglou, M.P., Georgakopoulos, D., 2003. ServiceOriented Computing. In Communications of the ACM. ACM Press, New York, USA, volume 46, issue 10, pp. 24-28.
  16. Ren, J., Taylor, R., Dourish, P., Redmiles, D., 2005. Towards an Architectural Treatment of Software Security: a Connector-Centric Approach. In Proceedings of the 2005 workshop on Software engineering for secure systems-building trustworthy systems. ACM Press, New York, USA, pp. 1-7.
  17. Ross, A., 2001. Security Engineering. A Guide to Building Dependable Distributed Systems, John Wiley & Sons, New York, Chichester, Weinheim.
  18. Seidewitz, E., 2003. What Models Mean. In IEEE Software. IEEE Computer Society Press, Los Alamitos, CA, USA, volume 20, issue 5, pp. 26-32.
  19. Skogan, D., Gronmo, R., Solheim, I., 2004. Web Service Composition in UML. In Proceedings of the Enterprise Distributed Object Computing Conference. Eight IEEE International, IEEE Computer Society, Washington, DC, CA, USA, pp. 47-57.
  20. Tatsubori, M., Imamura, T., Nakamura, Y., 2004. BestPractice Patterns and Tool Support for Configuring Secure Web Services Messaging. In Proceedings of the International Conference on Web Services. IEEE Computer Society, Washington, DC, CA, USA, pp. 244-251.
  21. UML Working Group, 2006b, UML Profile For Modeling Quality of Service and Fault Tolerance Characteristics and Mechanisms. Version 1.0, OMG document number: formal/06-05-02.
  22. Wada, H., Suzuki, J, Oba, K., 2006: A Service-Oriented Design Framework for Secure Network Applications. In Proceedings of the 30th IEEE International Conference on Computer Software and Applications Conference. Chicago, IL, USA, volume 00, pp. 359- 368.

Paper Citation

in Harvard Style

Mehr F. and Schreier U. (2007). MODELLING OF MESSAGE SECURITY CONCERNS WITH UML . In Proceedings of the Ninth International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 978-972-8865-90-0, pages 365-374. DOI: 10.5220/0002355703650374

in Bibtex Style

author={Farid Mehr and Ulf Schreier},
booktitle={Proceedings of the Ninth International Conference on Enterprise Information Systems - Volume 3: ICEIS,},

in EndNote Style

JO - Proceedings of the Ninth International Conference on Enterprise Information Systems - Volume 3: ICEIS,
SN - 978-972-8865-90-0
AU - Mehr F.
AU - Schreier U.
PY - 2007
SP - 365
EP - 374
DO - 10.5220/0002355703650374