Information Technology Reference
In-Depth Information
of these approaches are defined and designed
for Grid computing and none of them support
mobile nodes.
A further approach (Jurjens, 2001, 2002)
concentrates on providing a formal semantics for
UML to integrate security considerations into the
software design process. The approach presents
UMLsec (Jan Jürjens, 2005) which is an extremely
interesting approach which incorporates security
properties into the UML model. UMLsec has
been applied in security-critical systems and in
the industrial context of a mobile communica-
tion system (J. Jürjens, Schreck, & Bartmann,
2008; Popp, Jürjens, Wimmel, & Breu, 2003),
and the security aspects of this kind of systems
has been analyzed, but it has not been applied in
Grid environments with specific security aspects.
UMLsec is a perfect candidate to model the mobile
security aspects within the diagrams of deploy-
ment, activity, classes, collaboration, etc., which
complement to the use cases and describe the
complete behavior of detailed way. Our approach
models mobile Grid security aspects in use cases
diagrams, so that our approach and UMLsec can
work together to capture, between other things, the
mobile security requirements in the different UML
diagrams used in the analysis. A model driven
architecture approach towards security engineer-
ing, called Model Driven Security, is introduced
in reference (Basin, Doser, & Lodderstedt, 2003).
This approach, called SecureUML (Basin &
Doser, 2002), integrates role-based access control
policies into a UML-based model-driven soft-
ware development process, but is not focused on
Grid systems. The Comprehensive, Lightweight
Application Security Process (CLASP) is a life-
cycle process that suggests a number of different
activities throughout the development life cycle in
an attempt to improve security (Graham, 2006).
Finally, AEGIS (Flechais, Sasse, & Hailes, 2003)
is the only approach found in which the authors
attempt to apply the methodology to Grid systems,
although they do not explain how to do this, and do
not define guidelines and practices with which to
capture specific security aspects in Grid systems.
This approach should be adapted to the necessities
and features of Grid systems.
We conclude that the existing proposals are
not specific enough to provide a complete solu-
tion of security under a systematic development
process for Mobile Grid environments. This is due
to the fact that none of the approaches defines a
systematic development process for this specific
kind of systems that incorporates security from
the earliest stages of the development. The ap-
proaches which provide security to the software
development processes for Mobile Grid systems
are scant or nonexistent, because the secure de-
velopment approaches are not focused on Grid
systems and they do not take into account mobile
devices. Thus, reflected the need to advance in the
study of new contributions to the secure system-
atic development of Grid systems incorporating
mobile devices.
SECURITY REQUIREMENTS
AND ATTACKS ON A
MOBILE GRID SYSTEM
Defining Security Requirements
The special security requirements of Grid applica-
tions derive mainly from the dynamic nature of
Grid applications and the notion of virtual orga-
nization (VO), which requires the establishment
of trust across organizational boundaries. In this
kind of environment, security relationships can be
dynamically established among hundreds of pro-
cesses spanning several administrative domains,
each one with its own security policies. As a result,
the Grid security requirements are complex and
pose significant new challenges.
The most common general security require-
ments and challenges associated with Grids and
Mobile systems (Bellavista & Corradi, 2006;
Foster & Kesselman, 2004; Nagaratnam et al.,
Search WWH ::
Custom Search