Blue bar graphic
Colorado Software Summit logo
Colorado Software Summit banner

Gold bar graphic

Anthony Nadalin
IBM Austin

Model Driven Security Architecture

Model driven development and management of secure applications and solutions is emerging as a key concept in meeting the requirements of an on demand enterprise vision. In a given enterprise, there are various people acting in specific roles who contribute to the modeling, development, deployment and management of a security and authorization aspects of a business application. This paper looks at the lifecycle, and discusses an approach for security and authorization policies:

  • to be modeled using policies and rule templates and attached to business process and models
  • to be designed and implemented through infrastructure managed or application managed environments based on the modeled artifacts
  • to be deployed into an infrastructure and customized to meet the needs of a consumer to meet the security and authorization needs of the consumer
  • to be monitored, and managed to reflect consistent set of policies across the enterprise and layers of application infrastructure

Current proposal uses a pragmatic approach to find intersection points between a platform independent modeling of security and authorization policies, and the concrete articulation of policies. This type of approach offers a way to leverage monitoring adherence and compliance to policies both in IT and business dashboards to manage and map the relationship between business artifacts to implementation artifacts so that business policies are reflected in implementation. Best practices and security usage patterns are taken into account in defining reusable templates that can be customized. Given interoperability and portability are important in SOA environments, this will include discussions about necessary enhancements in standards (UML, BPEL, etc) that need to be addressed to achieve an effective lifecycle.

SOA Security Programming Model

Security for implementations adhering to an SOA based infrastructure is a critical aspect, not only because securing the access to information is important (as always), but it becomes much more important as services and applications are designed to be loosely coupled and operate across organizational and company boundaries. Such a loosely coupled environment often exposes the brittleness or limitations of existing security technology implementations. Model driven development and management of services in an environment, based on the principles of SOA reflects and extends principles of SOA to improve efficiency in building, and managing the business applications that provide the necessary services to the clients.

Irrespective of changes that happen within an enterprise to business applications that provide business services, it is critical to continue to secure the information exchange enabled by the business applications. One of the common patterns for securing information adopted by many enterprises is to enforce security at the perimeter - (firewalls, routers, filtering gateways). The goal is to establish boundaries of trust and provide security enforcement at the entry point into the enterprise infrastructure (termed, Intranet).

The security community has become accustomed to having the security threat positioned as being outside the proverbial gates of the enterprise and the traditional security model is to stop the threat at the outer boundary of the enterprise. The pervasiveness of the web within and across enterprises however, no longer allows this perception to persist. The web presence introduces new challenges to securing the information of the enterprise. Many studies show that securing application access from the internal employees (through the Intranet) is as critical as securing application access from external users and partners (through the Internet). Therefore, securing the perimeter is not sufficient in meeting the needs of an on demand business where dynamic trust relationships need to be setup and torn down as relationships between the business’ partners, its customers and employees change over time.

These requirements for cross-enterprise, cross-platform application integration, identity management and flexible trust models are driving enterprises to rethink their previous assumptions about how they enforce their security objectives. Enabling an enterprise to be a secure on demand business needs to allow for the enterprise infrastructure to be flexible and customizable to reflect new requirements and regulations. To provide such flexibility, it should not hardwire its policies into the infrastructure, but allow the security model of the enterprise to be implemented through a policy driven infrastructure. This is no simple task.

Photo of Anthony Nadalin

Anthony Nadalin is IBM’s chief security architect. As Distinguished Engineer, he is responsible for security infra-structure design and development across IBM, Tivoli and Lotus. He serves as the primary security liaison to Sun Microsystems’ JavaSoft Division for Java security design and development collaboration, and to Microsoft for Web Services security design and development collaboration.

In his 21-year career with IBM, Anthony has covered the following positions: lead security architect for VM/SP, security architect for AS/400, and security architect for OS/2. He has authored and co-authored over thirty technical journal and conference articles, and has published two books on Java Security and the Internet. He has been on the technical committee of three major scientific journals and one conference, and has reviewed extensively work published by peers in the field. He has given several presentations and invited speeches at numerous technical security conferences.


Back to...

On to...

Hermod Opstvedt