Abstract
In this paper, we propose a methodological approach for the model driven development of secure XML databases (DB). This proposal is within the framework of MIDAS, a model driven methodology for the development of Web Information Systems based on the Model Driven Architecture (MDA) proposed by the Object Management Group (OMG) [20]. The XML DB development process in MIDAS proposes using the data conceptual model as a Platform Independent Model (PIM) and the XML Schema model as a Platform Specific Model (PSM), with both of these represented in UML. In this work, such models will be modified, so as to be able to add security aspects if the stored information is considered as critical. On the one hand, the use of a UML extension to incorporate security aspects at the conceptual level of secure DB development (PIM) is proposed; on the other, the previously-defined XML schema profile will be modified, the purpose being to incorporate security aspects at the logical level of the secure XML DB development (PSM). In addition to all this, the semi-automatic mappings from PIM to PSM for secure XML DB will be defined.
- Bertino, E. and Sandhu, R. Database Security -- Concepts, Approaches, and Challenges. IEEE Transactions on Dependable and Secure Computing. Vol. 2, No 1, January-March 2005, pp 2--19, 2005.]] Google ScholarDigital Library
- Bertino, E. and Ferrari, E. Secure and Selective Dissemination of XML Documents. ACM Transactions on Information and System Security. Vol. 5, No 3, pp. 290--331, 2002.]] Google ScholarDigital Library
- Bertino, E., Castano, S., Ferrari, E., and Mesiti, M. Specifying and Enforcing Access Control Policies for XML Document Sources. World Wide Web Journal. Vol. 3. No 3, Baltezer Science Publisher, pp. 139--151, 2000.]] Google ScholarDigital Library
- Damiani, E., De Capitani di Vimercati, S., Paraboschi, S. and Samarati, P. Securing XML Documents. Proceedings of the 2000 International Conference on Extending Database Technology (EDBT2000), Konstanz, Germany, pp. 121--135, 2000.]] Google ScholarDigital Library
- Devanbu, P. and Stubblebine, S. Software engineering for security: a roadmap. In: A. Finkelstein (Ed.), The Future of Software Engineering, ACM Press pp. 227--239, 2000.]] Google ScholarDigital Library
- Dhillon, G. and Backhouse, J. Information System Security Management in the new Millennium. Communications of the ACM. 43, 7. pp. 125--128, 2000.]] Google ScholarDigital Library
- Fernández-Medina, E. and Piattini M. Designing secure databases. Information & Software Technology 47(7), pp. 463--477. 2005]] Google ScholarDigital Library
- Fernández-Medina, E. and Piattini, M. Extending OCL for Secure Database Design. In Int. Conference on the Unified Modeling Language (UML 2004). Lisbon (Portugal), October, 2004. Springer-Verlag, LNCS 3273, pp. 380--394. 2004.]]Google Scholar
- Fernández-Medina, E., Trujillo, J., Villarroel, R. and Piattini, M. Extending UML for Designing Secure Data Warehouses. In Conceptual Modeling (ER 2004). Shanghai (China). November, 2004. Springer Verlag. LNCS 3273, pp. 217--230.]]Google Scholar
- Fernández-Medina, E., Trujillo, J., Villarroel, R. and Piattini, M. Access Control and audit Model for the Multidimensional Modeling of Data Warehouses. Decision Support Systems. 2006 (In Press).]] Google ScholarDigital Library
- Ferrari E. and Thuraisingham B., Secure Database Systems, in: M. Piattini, O. Díaz (Ed.), Advanced Databases: Technology Design. Artech House, 2000.]]Google Scholar
- Gabillon, A. and Bruno, E. Regulating Access to XML Documents. Proceedings of the 15th Annual IFIP WG 11.3 Working Conference on Database Security, pp. 299--314, 2001.]] Google ScholarDigital Library
- Ghosh, A., Howell C., Whittaker J., Building software securely from the ground up, IEEE Software 19 (1) (2002), pp. 14--17, 2002.]] Google ScholarDigital Library
- He, H. and Wong, R. K. A Role-Based Access Control for XML Repositories. Proceedings of the First International Conference on Web Information Systems Engineering (WISE'00), 2000.]] Google ScholarDigital Library
- ISACF, Information Security Governance. Guidance for Boards of Directors and Executive Management, Information Systems Audit and Control Foundation, USA, 2001.]]Google Scholar
- Marcos, E., Vela, B., Cáceres, P. and Cavero, J. M. MIDAS/DB: a Methodological Framework for Web Database Design. DASWIS 2001. Yokohama (Japan), November, 2001. Springer-Verlag, LNCS 2465, pp. 227--238, 2002.]] Google ScholarDigital Library
- Marcos, E., Vela, B. and Cavero J. M. Methodological Approach for Object-Relational Database Design using UML. Journal on Software and Systems Modeling (SoSyM). Springer-Verlag. Ed.: R. France and B. Rumpe. Vol. SoSyM 2, pp.59--72, 2003.]]Google Scholar
- Murata, M., Tozawa, A., Kudo, M. and Hada, S. XML Access Control Using Static Analysis. Proceedings of the 10th ACM Conference on Computer and Communication Security, pp.73--84, 2003.]] Google ScholarDigital Library
- OASIS. eXtensible Access Control Markup Language (XACML 2.0). Retrieved from: http://www.oasis-open.org.]]Google Scholar
- OMG. MDA Guide Version 1.0. Document number omg/2003-05-01. Ed.: Miller, J. and Mukerji, J. Retrieved from: http://www.omg.com/mda, 2003.]]Google Scholar
- OMG, Query/Views/Transformation RFP. 2002. Retrieved from: http://omg.org/ad/2002-4-10.]]Google Scholar
- Oracle Corporation. Oracle XML DB. Technical White Paper. Retrieved from: www.otn.com, 2003.]]Google Scholar
- Software AG. Tamino X-Query. System Documentation Version 3.1.1. Software AG, Darmstadt, Germany. Retrieved from: www.softwareag.com, 2001.]]Google Scholar
- Vela, B., Acuña, C. and Marcos, E. A Model Driven Approach for XML Database Development, 23rd. International Conference on Conceptual Modelling (ER2004). Shanghai (China), November, 2004. Springer Verlag, LNCS 3288, pp. 780--794. 2004.]]Google Scholar
- Westermann, U. and Klas W. An Analysis of XML Database Solutions for the Management of MPEG-7 Media Descriptions. ACM Computing Surveys, Vol. 35 (4), pp. 331--373, 2003.]] Google ScholarDigital Library
Index Terms
- Model driven development of secure XML databases
Recommendations
Example-driven meta-model development
The intensive use of models in model-driven engineering (MDE) raises the need to develop meta-models with different aims, such as the construction of textual and visual modelling languages and the specification of source and target ends of model-to-...
A rational approach to model-driven development
Model-driven software developmentModels, modeling, and model transformation form the basis for a set of software development approaches that are known as model-driven development (MDD). Models are used in reasoning about a problem domain and the corresponding solution domain for some ...
Model Driven Development with NORMA
HICSS '07: Proceedings of the 40th Annual Hawaii International Conference on System SciencesObject-role Modeling (ORM) is a fact-oriented approach for specifying, transforming, and querying information at a conceptual level. Unlike Entity- Relationship (ER) modeling and Unified Modeling Language (UML) class diagrams, ORM is attribute-free, ...
Comments