Authors: Nafise Fareghzadeh

Abstract:

Web services provide significant new benefits for SOAbased applications, but they also expose significant new security risks. There are huge number of WS security standards and processes. At present, there is still a lack of a comprehensive approach which offers a methodical development in the construction of secure WS-based SOA. Thus, the main objective of this paper is to address this needs, presenting a comprehensive method for Web Services Security guaranty in SOA. The proposed method defines three stages, Initial Security Analysis, Architectural Security Guaranty and WS Security Standards Identification. These facilitate, respectively, the definition and analysis of WS-specific security requirements, the development of a WS-based security architecture and the identification of the related WS security standards that the security architecture must articulate in order to implement the security services.

Keywords: Kernel, Repository, Security Standards, WS Security Policy, WS specification.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1070193

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1383

References:

[1] Rasmussen R E, Eggen A and Haakseth, "An architecture for experimenting with secure and dynamic Web Services", Proceedings of the 2006 Command and Control Research and Technology Symposium, San Diego, USA, 2006.
[2] ENDREI, M., ANG, J., ARSANJANI, A., CHUA, S., COMTE, P., KROGDAHL, P., LUO, M. and NEWLING, " Patterns: Services oriented architectures and web services", 2004.
[3] BASS, L., CLEMENTS, P. and KAZMAN, "Software architecture in practice", A 2003.
[4] Emig, C., Weisser, J., Abeck, S. "Development of SOA-Based Software Systems - an Evolutionary Programming Approach", In: IEEE Conference on Internet and Web Applications and Services ICIW-06, Guadeloupe / French Caribbean, February 2006.
[5] Newcomer, E., Lomow, G, "Understanding SOA with Web Services", Addison Wesley Professional, Reading , December 2004.
[6] Nadalin, A., Kaler, C., Monzillo, R., Hallam-Baker, P. (eds.), "Web Services Security (WSSecurity)", Version 1.1, February 2006.
[7] M. Tatsubori, T. Imamura, and Y. Nakamura, "Best Practice Patterns and Tool Support for Configuring Secure Web Services Messaging", IEEE International Conference on Web Services (ICWS), 2004.
[8] D. K. Barry, "Web Services and Service-Oriented Architectures", The Savvy Managers Guide, Morgan Kaufman Publishers, San Francisco, USA, 2003.
[9] M. Tatsubori, T. Imamura, and Y. Nakamura, "Best Practice Patterns and Tool Support for Configuring Secure Web Services Messaging", IEEE International Conference on Web Services (ICWS), 2004.
[10] PAPAZOGLOU, M. P. and GEORGAKOPOULO, "Service-oriented computing", Communications of the ACM, December 2004, 46 (10): 25-28.
[11] ALBERTS, C. J., BEHRENS, S. G., PETHIA, R. D. and WILSON, "Operationally critical threat, asset, and vulnerability evaluation (OCTAVE) framework", Version 1.0., Carnegie Mellon, Software Engineering Institute, 2005.
[12] SMITH, D. "Common concepts underlying safety, security, and survivability engineering", Carnegie Mellon, Software Engineering Institute, 2003.
[13] OMG, "UML profile for QoS and fault tolerance", see http://www.omg.org/docs/ptc/04-09-01.pdf, 2004.
[14] BASS, L., BACHMANN, F., ELLISON, R. J., MOORE, A. P. and KLEIN, "Security and survivability reasoning frameworks and architectural design tactics", Carnegie Mellon, Software Engineering Institute, 2004.
[15] KLEIN, M. and KAZMAN, "Attribute-based architectural styles", Carnegie Mellon, Software Engineering Institute, 2004.