Biblio

The systematic processes exactly define the development cycle and help the development team follow the same development strategies and techniques, thus allowing a continuous improvement in the quality of the developed products. Likewise, it is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. Grid systems allow us to build very complex information systems with different and remarkable features (interoperability between multiple security domains, cross-domain authentication and authorization, dynamic, heterogeneous and limited mobile devices, etc). With the development of wireless technology and mobile devices, the Grid becomes the perfect candidate for letting mobile users make complex works that add new computational capacity to the Grid. A methodology of development for secure mobile Grid systems is being defined. One of the activities of this methodology is the requirements analysis which is based in reusable use cases. In this paper, we will present a UML-extension for security use cases and Grid use case which capture the behaviour of this kind of systems. A detailed description of all these new use cases defined in the UML extension is necessary, describing the stereotypes, tagged values, constraints and graphical notation. We show an example of how to apply and use this extension for building the diagram of use cases and incorporating common security aspects for this kind of systems. Also, we will see how the diagrams built can be reused in the construction of others diagrams saving time and effort in this task.
 

Systems based on Grid computing have not traditionally beendeveloped through suitable methodologies and have not taken into accountsecurity requirements throughout their development, offering technical securitysolutions only during the implementation stages. We are creating a developmentmethodology for the construction of information systems based on GridComputing, which is highly dependent on mobile devices, in which securityplays a highly important role. One of the activities in this methodology is therequirements analysis which is use-case driven. In this paper, we build use casediagrams for a real mobile Grid application by using a UML-extension, calledGridUCSec-Profile, through which it is possible to represent specific mobileGrid features and security aspects for use case diagrams, thus obtainingdiagrams for secure mobile Grid environments.

The idea of developing software through systematic development processes toimprove software quality is not new. Nevertheless, there are still many information systemssuch as those of Grid Computing which are not developed through methodologies that areadapted to their most differentiating features. A systematic development process for Gridsystems that supports the participation of mobile nodes and incorporates security aspects intothe entire software lifecycle will thus play a significant role in the development of systemsbased on Grid computing. We are creating a development process for the construction ofinformation systems based on Grid Computing, which is highly dependent on mobile devices,in which security plays a highly important role. One of the activities in this process is that ofanalysis which is focused on ensuring that the system’s security and functional requirements areelicited, specified and modelled. In our approach, this activity is driven by use cases andsupported by the reusable repository. This obtains, builds, defines and refines the use cases ofthe secure Mobile Grid systems which represent the functional and non-functional requirementsof this kind of systems. In this paper, we present the proposed development process throughwhich we introduce the main aspects of the UML profile defined for building use case diagramsin the mobile Grid context through which it is possible to represent specific mobile Gridfeatures and security aspects, showing in detail how to build use case diagrams for a real mobile Grid application by using our UML profile, denominated as GridUCSec-Profile.

The interest to incorporate mobile devices into Grid systems has arisen with two main purposes. The firstone is to enrich users of these devices while the other is that of enriching the own Grid infrastructure.Security of these systems, due to their distributed and open nature, is considered a topic of great interest. Aformal approach to security in the software life cycle is essential to protect corporate resources. However,little attention has been paid to this aspect of software development. Due to its criticality, security should beintegrated as a formal approach into the software life cycle. We are developing a methodology ofdevelopment for secure mobile Grid computing based systems that helps to design and build secure Gridsystems with support for mobile devices directed by use cases and security use cases and focused onservice-oriented security architecture. In this paper, we will present one of the first steps of ourmethodology consisting of analyzing security requirements of mobile grid systems. This analysis will allowus to obtain a set of security requirements that our methodology must cover and implement.

Mobile Grid includes the characteristics of the Grid systems together with the peculiarities of Mobile Computing, withthe additional feature of supporting mobile users and resources ina seamless, transparent, secure and efficient way. Security ofthese systems, due to their distributed and open nature, isconsidered a topic of great interest. We are elaborating amethodology of development to build secure mobile grid systemsconsidering security on all life cycle. In this paper we present thepractical results applying our methodology to a real case,specifically we apply the part of security requirements analysis toobtain and identify security requirements of a specific applicationfollowing a set of tasks defined for helping us in the definition,identification and specification of the security requirements onour case study. The methodology will help us to build a securegrid application in a systematic and iterative way.

 Grid computing has arisen as an evolution of distributed systems mainly focused on the sharing of and remote access to resources in a uniform, transparent, secure, efficient and reliable manner. It is possible to join Grid technology and mobile technology in order to create one of the most promising technologies and developments to appear in recent years, in that they enrich one another and provide new solutions that solve many of the limitations and problems found in different technologies. Security is a very important factor in Mobile Grid Computing and is also difficult to achieve owing to the open nature of wireless networks and heterogeneous and distributed environments. Success in obtaining a secure system originates in incorporating security from the first stages of the development process. It has therefore been necessary to define a development process for this kind of systems in which security is incorporated in all stages of the development and the features and particularities of the Mobile Grid systems are taken into consideration. This paper presents one of the activities of this development process, the design activity, which consists of defining and designing a security software architecture. This architecture will be built from a security architecture, defined as reference architecture, in which security services, interfaces and operations are defined with the purpose of defining a reference security architecture which covers the majority of security requirements identified in the analysis activity. The design activity will build the system architecture that will be the input artefact for the subsequent activity in the process, which is the construction activity.

El desarrollo software debe estar basado en un proceso sistemático y estructurado donde se definan los métodos y técnicas a utilizar en todo su ciclo de vida, ayudando así a obtener un producto de calidad. Es igualmente importante que el proceso sistemático considere aspectos de seguridad desde las primeras etapas, integrándola como un elemento más en el ciclo de desarrollo. En este artículo mostramos la metodología de desarrollo sistemático que sirve de guía para el desarrollo de cualquier sistema Grid con dispositivos móviles, considerando la seguridad durante todas las fases de desarrollo, lo que nos permitirá obtener como resultado sistemas Grid seguros, robustos y escalables. Este artículo presenta la fase de análisis, dirigida por casos de uso reutilizables, mediante los cuales se definen los requisitos y necesidades de estos sistemas, y es aplicada a un caso de estudio real de un Grid para el acceso de contenidos multimedia en un contexto periodístico.

Los sistemas Grid nos permiten construir sistemas complejos concaracterísticas diferenciadoras (interoperabilidad entre múltiples dominios deseguridad, autenticación y autorización a través de dominios, sistema dinámicoy heterogéneo, etc.). Con el desarrollo de la tecnología wireless y losdispositivos móviles, el Grid llega a ser el candidato perfecto para que losusuarios móviles puedan realizar trabajos complejos, a la vez que añaden nuevacapacidad computacional al Grid. Estamos construyendo un proceso completode desarrollo para sistemas Grid móviles seguros, y una de las actividades es elanálisis de requisitos, que está basado en casos de uso reutilizables. En esteartículo, presentaremos una extensión UML para casos de uso de seguridad yGrid, los cuales capturan el comportamiento de este tipo de sistemas. Estaextensión UML está siendo aplicado a un caso real para construir diagramas decasos de uso de la aplicación, incorporando los aspectos de seguridadnecesarios.

 Mobile Grid, is a full inheritor of the Grid with the additional feature that it supports mobile users andresources. Security is an important aspect in Grid based systems, and it is more complex to ensure thisin a mobile platform owing to the limitations of resources in these devices. A Grid infrastructure that supportsthe participation of mobile nodes and incorporates security aspects will thus play a significant rolein the development of Grid computing. The idea of developing software through systematic developmentprocesses to improve software quality is not new. However, many information systems such as those ofGrid Computing are still not developed through methodologies which have been adapted to their mostdifferentiating features. The lack of adequate development methods for this kind of systems in whichsecurity is taken into account has encouraged us to build a methodology to develop them, offering adetailed guide for their analysis, design and implementation. It is important to use software V&V techniques,according to IEEE Std. 1012 for Software Verification and Validation, to ensure that a software systemmeets the operational needs of the user. This ensures that the requirements for the system arecorrect, complete, and consistent, and that the life-cycle products correctly design and implement systemrequirements. This paper shows part of a development process that we are elaborating for the constructionof information systems based on Grid Computing, which are highly dependent on mobile devices inwhich security plays a highly important role. In the design activity of the process, we design a securityarchitecture which serves as a reference for any mobile Grid application that we wish to build since thissecurity architecture defines a complete set of security services which will be instantiated depending onthe requirements and features found in previous activities of the process. A V&V task is also defined in thedesign activity to validate and verify both the architecture built and the traceability of the artifacts generatedin this activity. In this paper, we will present the service-oriented security architecture for MobileGrid Systems which considers all possible security services that may be required for any mobile Grid application.

Due to the growing complexity of softwaredevelopment, developing software through systematicprocesses is becoming more and more important.Likewise, it is important that the development processused integrates security aspects from the first stages atthe same level as other functional and non-functionalrequirements. In the last years, GRID technology hasshown to be the most important one and it allows us tobuild very complex information systems with differentand remarkable features (interoperability betweenmultiple security domains, cross-domainauthentication and authorization, dynamic,heterogeneous and limited mobile devices, etc).Traditionally, systems based on GRID Computing havenot been developed through adequate methodologiesand have not taken into account security requirementsthroughout their development, only offering securitytechnical solutions at the implementation stages. Thispaper shows part of a development methodology thatwe are elaborating for the construction of informationsystems based on Grid Computing highly dependent onmobile devices where security plays a very importantrole. Specifically, in this paper, we will present theanalysis phase, managed by reusable use casesthrough which we can define the requirements andneeds of these systems obtaining an analysis modelthat can be used as input to the following phase of themethodology, the design phase of mobile Grid systems.

Mobile Grid systems allow us to build highly complex information systems with various and remarkable features (interoperability between multiple security domains, cross-domain authentication and authorization, dynamic, heterogeneous and limited mobile devices, etc), which demand secure development methodologies to build quality software, offering methods, techniques and tools that facilitate the work of the entire team involved in software development. These methodologies should be supported by Grid security architectures that define the main security aspects to be considered, and by solutions to the problem of how to integrate mobile devices within Grid systems. Some approaches regarding secure development methodologies of Grid security architectures and of the integration of mobile devices in the Grid have been found in literature, and these are analyzed and studied in this paper, offering a comparison framework of all the approaches related to security in Mobile Grid environments.

Developing software through systematic processes is becoming more and more important due to the growing complexity of software development. It is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. The identification of security aspects in the first stages ensures a more robust development and permits the security requirements to be perfectly coupled with the design and the rest of the system’s requirements. Systems which are based on Grid Computing are a kind of systems that have clear differentiating features in which security is a highly important aspect. Generic development processes are sometimes used to develop Grid specific systems without taking into consideration either the subjacent technological environment or the special features and particularities of these specific systems. In fact, the majority of existing Grid applications have been built without a systematic development process and are based on ad hoc developments.

Grid móvil incluye las características de los sistemas Grid junto conlas peculiaridades de la computación móvil, añadiendo la propiedad de soportarusuarios y recursos móviles de forma homogénea, transparente, segura yeficiente. La seguridad de estos sistemas, debido a su naturaleza abierta ydistribuida, es un tema de gran interés. Una arquitectura de seguridad basada enSOA proporciona una arquitectura distribuida diseñada para interoperabilidadde servicios, fácil integración, y acceso seguro, simple y extensible. Por tanto,una arquitectura orientada a servicios de seguridad es construida para entornosGrid móviles, ofreciendo servicios de seguridad a usuarios móviles quienesusan servicios Grid y recursos para ejecutar sus trabajos y tareas. Estaarquitectura es integrada con otras arquitecturas existentes proporcionandomayor seguridad y permitiendo que los usuarios móviles puedan acceder aservicios Grid existentes ofreciendo nuevos y necesarios servicios de seguridadpara Grid móviles. Hemos definido un conjunto de servicios de seguridad, quejunto a protocolos, políticas y estándares de seguridad forman una arquitecturade seguridad orientada a servicios para entornos Grid móviles. Esta arquitecturaes abierta, escalable, dinámica, interoperable y flexible.

Developing software through systematic processes is becoming more and more important due to the growing complexity of software development. It is important that the development process used integrates security aspects from the first stages at the same level as other functional and non-functional requirements. Systems which are based on Grid Computing are a kind of systems that have clear differentiating features in which security is a highly important aspect. The Mobile Grid, which is relevant to both Grid and Mobile Computing, is a full inheritor of the Grid with the additional feature that it supports mobile users and resources. A development methodology for Secure Mobile Grid Systems is proposed in which the security aspects are considered from the first stages of the life-cycle and in which the mobile Grid technological environment is always present in each activity. This paper presents the analysis activity, in which the requirements (focusing on the grid, mobile and security requirements) of the system are specified and which is driven by reusable use cases through which the requirements and needs of these systems can be defined. These use cases have been defined through a UML-extension for security use cases and Grid use cases which capture the behaviour of this kind of systems. The analysis activity has been applied to a real case.

A Grid computing system is defined as a platformthat supports distributed system applications which require fastaccess to a large quantity of distributed resources in acoordinated manner. With the development of wirelesstechnology and mobile devices, the Grid becomes the perfectcandidate so that mobile users can make complex works that addnew computational capacity to the Grid. Security of thesesystems, due to their distributed and open nature, receives greatinterest. The growing size and profile of the grid requirecomprehensive security solutions as they are critical to thesuccess of the endeavour. A formal approach to security in thesoftware life cycle is essential to protect corporate resources.However, little thought has been given to this aspect of softwaredevelopment. Due to its criticality, security should be integratedas a formal approach in the software life cycle. A methodology ofdevelopment for secure mobile Grid computing based systems isdefined, that is to say, an engineering process that defines thesteps to follow so that starting from the necessities to solve, wecan design and construct a secure Grid system with support formobile devices that is able to solve and cover these necessities.

Trust negotiations are mechanisms that enable interaction between previously unknown users. After exchanging various pieces of potentially sensitive information, the participants of a negotiation can decide whether or not to trust one another. Therefore, trust negotiations bring about threats to personal privacy if not carefully considered. This paper presents a framework for representing trust negotiations in the early phases of the Software Development Life Cycle (SDLC). The framework can help software engineers to determine the most suitable policies for the system by detecting conflicts between privacy and trust requirements. More precisely, we extend the SI* modelling language and provide a set of predicates for defining trust and privacy policies and a set of rules for describing the dynamics of the system based on the established policies. The formal representation of the model facilitates its automatic verification. The framework has been validated in a distributed social network scenario for connecting drivers with potential passengers willing to share a journey.

Software engineering and information security have traditionally followed divergent paths but lately some efforts have been made to consider security from the early phases of the Software Development Life Cycle (SDLC). This paper follows this line and concentrates on the incorporation of trust negotiations during the requirements engineering phase. More precisely, we provide an extension to the SI* modelling language, which is further formalised using answer set programming specifications to support the automatic verification of the model and the detection of privacy conflicts caused by trust negotiations.