Security in Service Oriented Architectures

Security Standard ◽

Service Oriented ◽

Soa Security ◽

Service Oriented Architectures (SOAs) have become the defacto standard for defining interoperable architectures on the web with the most common implementation of this concept being in the form of web services. Information exchange is an integral part of SOAs, so designing effective security architectures that ensure data confidentiality and integrity is important. However, selecting a security standard for the architecture is challenging because existing solutions are geared toward access control in relatively static scenarios rather than dynamic scenarios where some form of adaptability is needed. Moreover, when services interact across different domains interoperability becomes a problem because of the lack a consistent security model to handle service interactions. This chapter presents a comparative analysis of SOA security standards. The authors discuss the challenges SOA security architecture designers face, in relation to an example travel agent web services scenario, and outline potential mitigation strategies.

Performance and Dependability in Service Computing - Advances in Web Technologies and Engineering ◽

Engineering Secure Web Services

10.4018/978-1-60960-794-4.ch016 ◽

2012 ◽

pp. 360-380

Author(s):

Douglas Rodrigues ◽

Julio Cezar Estrella ◽

Francisco José Monaco ◽

Kalinka Regina Lucas Jaquie Castelo Branco ◽

Nuno Antunes ◽

...

Keyword(s):

Web Services ◽

Business Processes ◽

State Of The Art ◽

Security Requirements ◽

Security Assessment ◽

Practical Engineering ◽

Service Oriented ◽

Security Standards ◽

Art Techniques

Web services are key components in the implementation of Service Oriented Architectures (SOA), which must satisfy proper security requirements in order to be able to support critical business processes. Research works show that a large number of web services are deployed with significant security flaws, ranging from code vulnerabilities to the incorrect use of security standards and protocols. This chapter discusses state of the art techniques and tools for the deployment of secure web services, including standards and protocols for the deployment of secure services, and security assessment approaches. The chapter also discusses how relevant security aspects can be correlated into practical engineering approaches.

An Integrated Security Framework for SOA

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.427-429.2151 ◽

2013 ◽

Vol 427-429 ◽

pp. 2151-2154

Author(s):

Ling Xia Liu ◽

Dong Xia Wang ◽

Min Huan Huang ◽

Rui Zhang

Keyword(s):

Three Dimensional ◽

Distributed Applications ◽

Point Of View ◽

Security Model ◽

Loosely Coupled ◽

Service Oriented ◽

Soa Security ◽

Security Standards ◽

Environment Service

In today's Web environment, Service Oriented Architecture (SOA) becomes an efficient paradigm to integrate distributed applications. Due to loosely coupled nature of SOA, security is one of the most important issues that must be considered in SOA-based environments. Most of the existing security solutions are proposed only from one certain point of view, and they are difficult to integrate together. In this paper, an integrated framework for SOA are proposed to provides an overall security solution, which contains a three-dimensional security model, a security architecture and related security standards.

Security in Service-Oriented Architecture

Service-Oriented Software System Engineering ◽

10.4018/978-1-59140-426-2.ch014 ◽

2005 ◽

pp. 292-316 ◽

Cited By ~ 1

Author(s):

Srinivas Padmanabhuni ◽

Hemant Adarkar

Keyword(s):

Web Services ◽

Security Requirements ◽

Online Systems ◽

Pragmatic Analysis ◽

Service Oriented ◽

Web Services Security ◽

Soa Security ◽

This chapter covers the different facets of security as applicable to Service-Oriented Architecture (SOA) implementations. First, it examines the security requirements in SOA implementations, highlighting the differences as compared to the requirements of generic online systems. Later, it discusses the different solution mechanisms to address these requirements in SOA implementations. In the context of Web services, the predominant SOA implementation standards have a crucial role to play. This chapter critically examines the crucial Web services security standards in different stages of adoption and standardization. Later, this chapter examines the present-day common nonstandard security mechanisms of SOA implementations. Towards the end, it discusses the future trends in security for SOA implementations with special bearing on the role of standards. The authors believe that the pragmatic analysis of the multiple facets of security in SOA implementations provided here will serve as a guide for SOA security practitioners.

Security in Service-Oriented Architecture

Securing Web Services ◽

10.4018/978-1-59904-639-6.ch001 ◽

2008 ◽

pp. 1-21

Author(s):

Srinivas Padmanabhuni ◽

Hemant Adarkar

Keyword(s):

Web Services ◽

Future Trends ◽

Online Systems ◽

Pragmatic Analysis ◽

Service Oriented ◽

Web Services Security ◽

Soa Security ◽

This chapter covers the different facets of security as applicable to Service-Oriented Architecture (SOA) implementations. First, it examines the security equirements in SOA implementations, highlighting the differences as compared to the requirements of generic online systems. Later, it discusses the different solution mechanisms to address these requirements in SOA implementations. In the context of Web services, the predominant SOA implementation standards have a crucial role to play. This chapter critically examines the crucial Web services security standards in different stages of adoption and standardization. Later, this chapter examines the present-day common nonstandard security mechanisms of SOA implementations. Towards the end, it discusses the future trends in security for SOA implementations with special bearing on the role of standards. The authors believe that the pragmatic analysis of the multiple facets of security in SOA implementations provided here will serve as a guide for SOA security practitioners.

Engineering Secure Web Services

Crisis Management ◽

10.4018/978-1-4666-4707-7.ch008 ◽

2013 ◽

pp. 203-223

Author(s):

Douglas Rodrigues ◽

Julio Cezar Estrella ◽

Francisco José Monaco ◽

Kalinka Regina Lucas Jaquie Castelo Branco ◽

Nuno Antunes ◽

...

Keyword(s):

Web Services ◽

Business Processes ◽

State Of The Art ◽

Security Requirements ◽

Security Assessment ◽

Practical Engineering ◽

Service Oriented ◽

Security Standards ◽

Art Techniques

Web services are key components in the implementation of Service Oriented Architectures (SOA), which must satisfy proper security requirements in order to be able to support critical business processes. Research works show that a large number of web services are deployed with significant security flaws, ranging from code vulnerabilities to the incorrect use of security standards and protocols. This chapter discusses state of the art techniques and tools for the deployment of secure web services, including standards and protocols for the deployment of secure services, and security assessment approaches. The chapter also discusses how relevant security aspects can be correlated into practical engineering approaches.

Security in Service-Oriented Architecture

Information Security and Ethics ◽

10.4018/978-1-59904-937-3.ch039 ◽

2008 ◽

pp. 496-512

Author(s):

Srinivas Padmanabhuni ◽

Hemant Adarkar

Keyword(s):

Web Services ◽

Future Trends ◽

Online Systems ◽

Pragmatic Analysis ◽

Service Oriented ◽

Web Services Security ◽

Soa Security ◽

This chapter covers the different facets of security as applicable to Service-Oriented Architecture (SOA) implementations. First, it examines the security equirements in SOA implementations, highlighting the differences as compared to the requirements of generic online systems. Later, it discusses the different solution mechanisms to address these requirements in SOA implementations. In the context of Web services, the predominant SOA implementation standards have a crucial role to play. This chapter critically examines the crucial Web services security standards in different stages of adoption and standardization. Later, this chapter examines the present-day common nonstandard security mechanisms of SOA implementations. Towards the end, it discusses the future trends in security for SOA implementations with special bearing on the role of standards. The authors believe that the pragmatic analysis of the multiple facets of security in SOA implementations provided here will serve as a guide for SOA security practitioners.

A Two Phases Self-healing Framework for Service-oriented Systems

ACM Transactions on the Web ◽

10.1145/3450443 ◽

2021 ◽

Vol 15 (2) ◽

pp. 1-25

Author(s):

Amal Alhosban ◽

Zaki Malik ◽

Khayyam Hashmi ◽

Brahim Medjahed ◽

Hassan Al-Ababneh

Keyword(s):

Web Services ◽

A Priori ◽

Fault Management ◽

Service Selection ◽

Exception Handling ◽

Self Healing ◽

Service Oriented ◽

Improved Performance ◽

High Level

Service-Oriented Architectures (SOA) enable the automatic creation of business applications from independently developed and deployed Web services. As Web services are inherently a priori unknown, how to deliver reliable Web services compositions is a significant and challenging problem. Services involved in an SOA often do not operate under a single processing environment and need to communicate using different protocols over a network. Under such conditions, designing a fault management system that is both efficient and extensible is a challenging task. In this article, we propose SFSS, a self-healing framework for SOA fault management. SFSS is predicting, identifying, and solving faults in SOAs. In SFSS, we identified a set of high-level exception handling strategies based on the QoS performances of different component services and the preferences articled by the service consumers. Multiple recovery plans are generated and evaluated according to the performance of the selected component services, and then we execute the best recovery plan. We assess the overall user dependence (i.e., the service is independent of other services) using the generated plan and the available invocation information of the component services. Due to the experiment results, the given technique enhances the service selection quality by choosing the services that have the highest score and betters the overall system performance. The experiment results indicate the applicability of SFSS and show improved performance in comparison to similar approaches.