An adaptive security model using agent-oriented MDA
Introduction
Model based development for secure systems can benefit from high level abstraction and model transformation in a model-centric development paradigm, at the same time providing improved productivity and platform independence. Security, as part of the system requirements, must be integrated into the system model from the very beginning, if full advantage of model-driven software development is to be taken. However, existing approaches using model-centric development typically ignore security at the modelling stage, rather adding security aspects later in an ad-hoc manner. This can lead to deficiencies in security and more importantly, a less cost-effective development process. The fact that security requirements are usually not considered as an essential part of the overall system requirements is reflected in the fact that design models often describe only what components in a system should do, as in traditional functional requirements. What is equally important is what the systems should not do. Malicious misuse/abuse should be prohibited in the non-functional requirements of security but, unfortunately, the latter is sometimes ignored or considered very late in the system development process. The separation of production and protection of systems results in vulnerability and a lack of integration.
Addressing security separately late in development also leads to poor maintainability. This is due to the complex and cross-cutting nature of the security requirements. Late discovery of security requirements will lead to costly correction or adaptation, sometimes after software development has been completed. Without at least abstracting and preferably decoupling the security requirements, the development and maintenance of secure software systems will remain a significant challenge. A means of modelling security requirements as part of the system model and adapting them accordingly afterwards must be provided. One possible approach is to use a model transformation approach, where the model includes security needs and where these are traceable and easily adapted later.
The object management group’s (OMG) model-driven architecture (MDA) paradigm [8], [9] is now well established. The paradigm has been advocated for productive software development, based on successive model transformation. Models are built for reuse and once re-configured, systems can be re-generated. Hence, code change is minimised when requirements change. Systems with mutable security needs can take advantages of the paradigm if security is explicitly modelled as part of the system model at a suitable level of abstraction. Adaptivity and maintainability of systems can then be enhanced since changes to the model, including functional requirements as well as non-functional security requirements, will lead to automatic behavioural change in running systems.
The adaptive agent model (AAM) [27], [28], [32] allows an agent-oriented model-driven architecture (AMDA) [29] paradigm, compatible with MDA and appropriate for multi-agent systems (MAS). AAM combines the dynamic features of agent with the advanced development paradigm of MDA. Briefly, AAM is a methodology that guides the building of an organised hierarchical business knowledge model [31] to drive adaptive agent system behaviour. The model originates from business requirements [35], is interpreted and executed dynamically by agents at runtime, and is under continuous maintenance by business people. Tools [30] have been developed to support the documentation and maintenance of the model. Existing components and services can be reused to support agents to execute business requirements captured in the model [33], [34]. A model-driven security model as integrated in AAM is put forward in this paper. We consider the very important access control issue as our security focus, formalising a security model centred on policy rules. Agents make use of the integrated model to perform functional capabilities, constrained by the security policies. Business experts and decision makers can continuously maintain the integrated model in order to reflect changing business needs.
An agent-oriented MDA solution is appropriate since agents residing within the MAS under development can conceptually have security constraints while also realising their functional behaviour. In this way, security requirements are integrated with functional requirements. agent-oriented software engineering (AOSE) considers system model building to be centred on a role concept, role representing functional requirements. Role-based access control (RBAC) considers the security model to be centred on role, role representing non-functional security requirements. Unifying these role concepts offers the fundamental core model element on which an integrated model can be built. A new combined role notion can be used to pull duties and rights together in a single model. In this way, security requirements become first class citizens along with functional requirements and can also start at the requirements modelling phase.
The rest of the paper is structured as follows. The next section will investigate the existing modelling approaches towards security, the current status of security development in MAS, and in particular, the role concept as in AOSE and in RBAC. In Section 3, we describe our approach in detail, including an overview of the proposed approach, an illustration of the original AAM interaction model, the security model add-on, and their integration using a unified role notion. Section 4 discusses a British railway management system as our case study. Our approach will be applied and a CIM, PIM, as well as a PSM and code be developed, using an agent-oriented MDA paradigm. Section 5 demonstrates the adaptivity that has been achieved and evaluates the advantages of the new approach over traditional methods. Finally, Section 6 discusses the contribution this work makes to the state of the art, in the areas of agent-oriented software engineering, model-driven architecture, distributed computing, and role-based access control, as well as provides some conclusions to the paper.
Section snippets
Security modelling
UML does not explicitly provide security modelling. However, one may extend the standard language to accommodate extra concepts. Defining a profile is one extension mechanism that can be used for this purpose. In [6] an extension to the business process modelling notation (BPMN) has been described, security requirements being incorporated as part of a UML profile that supports security modelling in business process diagrams. In a related approach [7], [42] a UML profile for secure data
Approach overview
Our framework consists of: (1) an agent runtime platform; (2) agent instances running on the platform that are empowered by an engine with model interpretation capabilities; (3) a reaction rule model that the agent runtime engine can use to interpret reactive behaviour; (4) a policy rule model that the agent runtime engine can interpret global strategic constraints; (5) the overall model produced using (3) and (4) which agents use as their interaction and computation pattern running in business
The requirements specification of a British railway management system
To demonstrate the efficacy of our approach, we have investigated how it might be applied to an actual system, the British railway management system called Railtrack. The system is mainly responsible for the running of a railway on a daily basis, monitoring train running with regard to incidents, and ensuring the safety of the train services by conveying issues to relevant parties for resolution. Being a very complex and safety critical system, the documented specification has more than 250
Model-driven adaptation (after deployment)
The security-enabled AAM approach achieves both adaptivity of functional duties via functional interaction model (add new collaborators, new service facilities, new roles, etc.) and adaptivity of social rights via an integrated security policy rule model (add new security PRs, etc.).
Contributions, conclusions, and future work
Role has been accredited importance in agent behaviour modelling for MAS. Also role has been central to permission assignment and management in access control. This paper offers an integrated role notion and, based on that, an integrated security–aware modelling approach in the paradigm of model-driven architecture. To the knowledge of author, no previous work has been carried out in associating the role of functional duty and the role of social right, though such a relationship is natural and
Acknowledgement
Thanks to Des Greer for helpful comments and suggestions for improving the paper.
References (42)
- et al.
Access control and audit model for the multidimensional modeling of data warehouses
Decision Support Systems
(2006) - J. Jurjens, M. Lehrhuber, G. Wimmel, Model-based design and analysis of permission-based security, in: Proceedings of...
- H. Mouratidis, J. Jurjens, J. Fox, Towards a comprehensive framework for secure systems development, in: Proceedings of...
- D. Kim, I. Ray, R. France, N. Li, Modeling role-based access control using parameterized UML models, in: Proceedings of...
- T. Lodderstedt, D. Basin, J. Doser, SecureUML: a UML-based modeling language for model-driven security, in: Proceedings...
- J. Jurjens, UMLsec: extending UML for secure systems development, in: Proceedings of the Fifth International Conference...
- et al.
A BPMN extension for the modeling of security requirement in business processes
IEICE Transactions on Information and Systems
(2007) - et al.
A UML 2.0/OCL extension for designing secure data warehouses
Journal of Research and Practice in Information Technology
(2006) - Object Management Group, 250 First Avenue, Suite 100, Needham, MA 02494,...
- et al.
MDA Explained: The Model Driven Architecture: Practice and Promise
(2003)
Making agents secure on the semantic web
IEEE Internet Computing
Service agents and virtual enterprises: a survey
IEEE Internet Computing
Role-based access control models
IEEE Computer
Cited by (16)
An extensive systematic review on the Model-Driven Development of secure systems
2015, Information and Software TechnologyCitation Excerpt :The introduced DSL called Security@Runtime covers many of the security requirements of modern applications such as authorisation, obligation, and reaction policies. Xiao’s [130] work is on adaptive and secure multi-agent systems. The authors adopting the adaptive agent model to put forward a security-aware model-driven mechanism by using an extension of RBAC model.
Security issues in data warehouse: A systematic review
2015, Procedia Computer ScienceA collection of method fragments automated with model transformations in agent-orientedmodeling
2013, Engineering Applications of Artificial IntelligenceCitation Excerpt :Then, MTs are used for transforming the models defined with this language to another modeling language specific of the platform, and finally code is generated from these models. In addition, Xiao (2009) presents another method for building AMASs with MDE principles. In particular, this method uses MDA standards and guarantees certain security features in these MASs.
UMLsecRT: Reactive Security Monitoring of Java Applications with Round-Trip Engineering
2024, IEEE Transactions on Software EngineeringSelf-adaptive and secure mechanism for IoT based multimedia services: a survey
2022, Multimedia Tools and Applications