Abstract
The main objective of the paper is to present model-driven approach to development of Information Security System. We use data centric models, in which the main focus is on the data and we define a conceptual model of Information Security System architecture using the main information security concepts. Its construction is based on the domain analysis organized around the viewpoints “Information Security” and “Information Processing”. The meta-models based on these viewpoints concern different aspects of the data and data protection. They are based on the summary of our practical experience in information security activities. Then the conceptual model is transformed to system design model with the help of UML – class, activity and deployment diagrams that transform the conceptual model of system architecture into actual solution or physical system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Hintzbergen, J., Hintzbergen, K.: Foundations of Information Security Based on ISO27001 and ISO27002, p. 149. Zaltbommel, Van Haren (2010)
ISO 27001 Official Page. https://www.iso.org/isoiec-27001-information-security.html. Accessed 9 Nov 2018
IT Governance Institute: COBIT Security Baseline: An Information Survival Kit, 2nd edn, p. 14. IT Governance Institute (2007)
COBIT Resources: http://www.isaca.org/COBIT/Pages/default.aspx. Accessed 9 Nov 2018
NIST Special Publications (800 Series): http://www.csrc.nist.gov/publications/PubsSPs.html. Accessed 9 Nov 2018
Gramm-Leach-Bliley Act (GLBA) Resources. https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-act. Accessed 9 Nov 2018
Anand, S.: Sarbanes-Oxley Guide for Finance and Information Technology Professionals, p. 93. Wiley, Hoboken (2006)
Sarbanes-Oxley Act SOX Resources. https://www.sec.gov/about/laws/soa2002.pdf. Accessed 9 Nov 2018
Beaver, K., Herold, R.: The Practical Guide to HIPAA Privacy and Security Compliance, 2nd edn, p. 4. Auerbach, Boca Raton (2011)
PCI Security Standards. https://www.pcisecuritystandards.org/pci_security/. Accessed 9 Nov 2018
EU General Data Protection Regulation Official Page. http://ec.europa.eu/justice/data-protection/reform/index_en.htm. Accessed 9 Nov 2018
IEEE Std 1471, IEEE Recommended Practice for Architectural Description of Software-Intensive Systems (2000)
ISO/IEC/IEEE 42010:2011 – Systems and Software Engineering – Architecture Description. https://www.iso.org/standard/50508.html. Accessed 9 Nov 2018
OMG. Unified Modeling Language (UML), V. 1.5. https://www.omg.org/spec/UML/1.5/About-UML/. Accessed 9 Nov 2018
Hilliard, R.: Aspects, concerns, subjects, views. In: First Workshop on Multi- dimensional Separation of Concerns in Object-Oriented Systems (OOPSLA 1999), pp. 1–3 (1999)
Industrial Internet of Things Volume G4: Security Framework, pp. 46–61, May 2017. http://www.iiconsortium.org/pdf/IIC_PUB_G4_V1.00_PB.pdf. Accessed 2018/11/9
Killmeyer, J.: Information Security Architecture: An Integrated Approach to Security in the Organization, pp. 203–240. CRC Press, Taylor & Francis Group, LLC, Boca Raton (2006)
Rhodes-Ousley, M.: Information Security the Complete Reference, 2nd edn, pp. 303, 234–238. The McGraw-Hill, New York City (2013)
Alhir, S.: Understanding the model driven architecture (MDA). Methods Tools 11(3), 17–24 (2003)
Fernandez, E.: Security Patterns in Practice, pp. 25–50. Wiley, Hoboken (2013)
Dennis, A., Wixom, B., Tegarden, D.: System Analysis & Design – An Object-Oriented Approach with UML, 5th edn, pp. 19–52. Wiley, Hoboken (2015)
Perroud, T., Inversini, R.: Enterprise Architecture Patterns, pp. 18–22. Springer, Heidelberg (2013)
Hilliard, R.: Using the UML for architectural description. In: Proceedings of UML 1999. Lecture Notes in Computer Science, vol. 1723, pp. 1–15. Springer (1999)
Breu, R., Grosu, R., Huber, F., Rumpe, B., Schwerin, W.: Systems, views and models of UML. In: Schader, M., Korthaus, A. (eds.) The Unified Modeling Language, Technical Aspects and Applications, pp. 3–8. Physica Verlag, Heidelberg (1998)
Kong, J., Xu, D., Zeng, X.: UML-based modeling and analysis of security threats. Int. J. Softw. Eng. Knowl. Eng. 20(6), 875–897 (2010)
Acknowledgements
This study is partially supported by a research project grant “Modelling the Architecture of Information Security Systems in Organizations”, Ref. No: 72-00-40-230/10.05.2017, ICT Sciences & Technologies Panel, Program for Young Scientists and PhD Students Support – 2017, Bulgarian Academy of Sciences. Additional gratitude is also given to Information and Communication Technologies for a Single Digital Market in Science, Education and Security (ICTinSES) program of the Ministry of Education and Science, Republic of Bulgaria.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Gaidarski, I., Minchev, Z., Andreev, R. (2020). Model Driven Architectural Design of Information Security System. In: Madureira, A., Abraham, A., Gandhi, N., Silva, C., Antunes, M. (eds) Proceedings of the Tenth International Conference on Soft Computing and Pattern Recognition (SoCPaR 2018). SoCPaR 2018. Advances in Intelligent Systems and Computing, vol 942. Springer, Cham. https://doi.org/10.1007/978-3-030-17065-3_35
Download citation
DOI: https://doi.org/10.1007/978-3-030-17065-3_35
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-17064-6
Online ISBN: 978-3-030-17065-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)