Information Technology Reference
In-Depth Information
system and about the security requirements and
mechanisms that we must use to protect to our
mobile grid system.
The rest of paper is organized as follows: First,
we present the related work with this topic. Next,
we will describe some of the security require-
ments most important on grid environments and
will identify the common attacks that can appear
on a mobile grid system. Later, we give a brief
overview of our development process for mobile
grid systems, we will describe the analysis activity
and we will study one of the tasks of this activity,
the “Identifying secure Mobile Grid Use Cases”
task. After, we will present a case study and we
will apply the task of identifying security require-
ments for obtaining a set of security requirements
for our real application. Finally, we will finish by
putting forward our conclusions as well as some
research lines for our future work.
wish to develop. The specific aspects of Mobile
Grid systems necessitate the definition of new
activities, artefacts, roles, techniques and security
disciplines which are not considered in Secure UP.
Another recent approach proposes the integration
of security and systems engineering by using ele-
ments of UML within the Tropos methodology
(Castro, Kolp, & Mylopoulos, 2001; Mouratidis
& Giorgini, 2006). Secure Tropos (Mouratidis,
2004) is an extension of the Tropos methodology
(Bresciani, Giorgini, Giunchiglia, Mylopoulos, &
Perin, 2004) and has been proposed to deal with
the modelling and reasoning of security require-
ments and their transformation to design that
satisfies them. There are many security aspects
that cannot be captured as a result of the dynamic
behaviour and mobile considerations of Mobile
Grid systems.
Several approaches for the integration of the
security in the development process for specific
domains appear in the relevant literature. For
example, in (Fernández-Medina & Piattini,
2005), the authors propose a methodology with
which to build multilevel databases, taking into
consideration aspects of security (with regard to
confidentiality) from the earliest stages to the end
of the development process. SEDAWA (Trujillo,
Soler, Fernández-Medina, & Piattini, 2009) is
another approach that proposes a comprehensive
methodology with which to develop secure Data
Warehouses based on the MDA framework. Ap-
proaches which integrate security in the develop-
ment process for generic applications and systems
also exist, such as for example, (Georg et al.,
2009) which proposes a methodology based on
aspect-oriented modelling (AOM) with which to
incorporate security mechanisms into an applica-
tion, and (Fernández-Medina, Jurjens, Trujillo,
& Jajodia, 2009), whose authors explore current
research challenges, ideas and approaches for
employing Model-Driven Development to inte-
grate security into software systems development
through an engineering-based approach, avoiding
the traditional ad hoc security integration. None
BACKGROUND
There are numerous approaches related to secure
development processes but here we present some
of those that we believe to be most interesting
and that consider security as an important fac-
tor for success and application in Mobile Grid
environments. Rational Unified Process (RUP)
(Kruchten, 2000) describes how to effectively de-
ploy commercially proven approaches to software
development for software development teams,
although it does not specifically address security.
One extension of the Unified Process is defined
in (Steel, Nagappan, & Lai, 2005) in which the
authors present a methodology for the integra-
tion of security into software systems which it
is called the Secure Unified Process (SUP). SUP
establishes the pre-requirements to incorporate the
fundamental principles of security. It also defines
an optimized design process of security within the
life cycle of software development. The problem
is that it is a very general approach that has to
be adapted for each specific application that we
Search WWH ::
Custom Search