By Topic

Business-driven application security: From modeling to managing secure applications

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $31
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

5 Author(s)
Nagaratnam, N. ; IBM Software Group, 3901 S. Miami Blvd, Durham NC 27703, USA ; Nadalin, A. ; Hondo, M. ; McIntosh, M.
more authors

Business-driven development and management of secure applications and solutions is emerging as a key requirement in the realization of an on demand enterprise. In a given enterprise, individuals acting in various roles contribute to the modeling, development, deployment, and management of the security aspects of a business application. We look at the business-application life cycle and propose a policy-driven approach overlaid on a model-driven paradigm for addressing security requirements. Our approach suggests that security policies are to be modeled using policies and rule templates associated with business processes and models, designed and implemented through infrastructure-managed or application-managed environments based on modeled artifacts, deployed into an infrastructure and potentially customized to meet the security requirements of the consumer, and monitored and managed to reflect a consistent set of policies across the enterprise and all layers of its application infrastructure. We use a pragmatic approach to identify intersection points between the platform-independent modeling of security policies and their concrete articulation and enforcement. This approach offers a way to manage and monitor systems behavior for adherence and compliance to policies. Monitoring may be enabled through both information technology (IT) and business dashboards. Systematic approaches to connect business artifacts to implementation artifacts help implement business policies in system implementations. Best practices and security usage patterns influence the design of reusable and customizable templates. Because interoperability and portability are important in service-oriented architecture (SOA) environments, we list enhancements to standards (e.g., Business Process Execution Language [BPEL], Unified Modeling Language™ [UML®]) that must be addressed to achieve an effective life cycle.

Note: The Institute of Electrical and Electronics Engineers, Incorporated is distributing this Article with permission of the International Business Machines Corporation (IBM) who is the exclusive owner. The recipient of this Article may not assign, sublicense, lease, rent or otherwise transfer, reproduce, prepare derivative works, publicly display or perform, or distribute the Article.  

Published in:

IBM Systems Journal  (Volume:44 ,  Issue: 4 )