Multiagent Security Evaluation Framework for Service Oriented Architecture Systems

2009 ◽  
pp. 30-37 ◽  
Author(s):  
Grzegorz Kołaczek
Keyword(s):  
Service Oriented Architecture ◽  
Evaluation Framework ◽  
Security Evaluation ◽  
Service Oriented

Security Evaluation of Service-Oriented Systems Using the SiSOA Method

2011 ◽  
Vol 2 (4) ◽  
pp. 19-33 ◽  
Author(s):  
Christian Jung ◽  
Manuel Rudolph ◽  
Reinhard Schwarz
Keyword(s):  
Knowledge Base ◽  
Business Processes ◽  
Service Oriented Architecture ◽  
General Structure ◽  
Security Analysis ◽  
Complex Problem ◽  
Security Evaluation ◽  
Structural Level ◽  
Service Oriented ◽  
Automated Support

The Service-Oriented Architecture paradigm (SOA) is commonly applied for the implementation of complex, distributed business processes. The service-oriented approach promises higher flexibility, interoperability and reusability of the IT infrastructure. However, evaluating the quality attribute security of such complex SOA configurations is not sufficiently mastered yet. To tackle this complex problem, the authors developed a method for evaluating the security of existing service-oriented systems on the architectural level. The method is based on recovering security-relevant facts about the system by using reverse engineering techniques and subsequently providing automated support for further interactive security analysis at the structural level. By using generic, system-independent indicators and a knowledge base, the method is not limited to a specific programming language or technology. Therefore, the method can be applied to various systems and adapt it to specific evaluation needs. The paper describes the general structure of the method, the knowledge base, and presents an instantiation aligned to the Service Component Architecture (SCA) specification.

An Evaluation Framework for Component-Based and Service-Oriented System Development Methodologies

2011 ◽  
pp. 45-69 ◽  
Author(s):  
Zoran Stojanovic ◽  
Ajantha Dahanayake ◽  
Henk Sol
Keyword(s):  
Service Oriented Architecture ◽  
System Development ◽  
Evaluation Framework ◽  
Distributed Information ◽  
It Alignment ◽  
Loosely Coupled ◽  
Service Oriented ◽  
Business Objects ◽  
System Development Methodologies ◽  
Cbd Method

Components-Based Development (CBD) and Web Services (WS) nowadays are prominent paradigms for implementing and deploying advanced distributed information systems. They have been proposed as the ways to support effective business/IT alignment and produce high quality and flexible software solutions that fulfill business goals within short time-to-market. However, current achievements in these areas at the level of methodology are much behind the technology ones. CBD methods proposed so far lack a comprehensive support for component and service concepts throughout the development process. By treating components as packages of implementation artifacts during software deployment or as larger-grained business objects during analysis and design, these methods are not well equipped for modeling loosely coupled coarse-grained components that offer business meaningful services organized in a Service-Oriented Architecture (SOA). This chapter presents an evaluation framework that highlights the extent to which a particular method is component-based and service-oriented. The CBD method sample is selected and evaluated using the framework’s concepts and requirements. Based on the evaluation, the method improvements are proposed in order to provide consistent, systematic, and integrated CBD and WS methodology support throughout the lifecycle.

Security Evaluation of Service-Oriented Systems Using the SiSOA Method

2012 ◽  
pp. 20-35
Author(s):  
Christian Jung ◽  
Manuel Rudolph ◽  
Reinhard Schwarz
Keyword(s):  
Knowledge Base ◽  
Business Processes ◽  
Service Oriented Architecture ◽  
General Structure ◽  
Security Analysis ◽  
Complex Problem ◽  
Security Evaluation ◽  
Structural Level ◽  
Service Oriented ◽  
Automated Support

The Service-Oriented Architecture paradigm (SOA) is commonly applied for the implementation of complex, distributed business processes. The service-oriented approach promises higher flexibility, interoperability and reusability of the IT infrastructure. However, evaluating the quality attribute security of such complex SOA configurations is not sufficiently mastered yet. To tackle this complex problem, the authors developed a method for evaluating the security of existing service-oriented systems on the architectural level. The method is based on recovering security-relevant facts about the system by using reverse engineering techniques and subsequently providing automated support for further interactive security analysis at the structural level. By using generic, system-independent indicators and a knowledge base, the method is not limited to a specific programming language or technology. Therefore, the method can be applied to various systems and adapt it to specific evaluation needs. The paper describes the general structure of the method, the knowledge base, and presents an instantiation aligned to the Service Component Architecture (SCA) specification.

Sign in / Sign up

Export Citation Format

Share Document