Title | ||
---|---|---|
Indicator-based architecture-level security evaluation in a service-oriented environment |
Abstract | ||
---|---|---|
The Service-Oriented Architecture paradigm (SOA) is commonly applied for the implementation of complex, distributed business processes. The service-oriented approach promises higher flexibility, interoperability and reusability of the IT infrastructure. However, evaluating the quality attribute security of large and complex SOA configurations is not sufficiently mastered yet. To tackle this complex problem, we developed a method for evaluating the security of existing service-oriented systems on the architectural level. The method is based on recovering security-relevant facts about the system by using reverse engineering techniques and subsequently providing automated support for further interactive security analysis at the structural level. By using generic, system-independent indicators and a knowledge base, the method is not limited to a specific programming language or technology. Therefore, we are able to apply the method to various systems and adapt it to specific evaluation needs. The paper describes the general structure of the method, and presents an instantiation aligned to the Service Component Architecture (SCA) specification. |
Year | DOI | Venue |
---|---|---|
2010 | 10.1145/1842752.1842795 | ECSA Companion Volume |
Keywords | Field | DocType |
service-oriented architecture paradigm,complex soa configuration,specific evaluation need,service-oriented environment,service-oriented approach,service component architecture,interactive security analysis,architectural level,quality attribute security,service-oriented system,indicator-based architecture-level security evaluation,complex problem,security analysis,reverse engineering,programming language,business process,service oriented architecture,security,knowledge base | Systems engineering,Software engineering,Computer science,Interoperability,Distributed System Security Architecture,Security engineering,Service Component Architecture,Sherwood Applied Business Security Architecture,Security service,Service-oriented architecture,Computer security model | Conference |
Citations | PageRank | References |
4 | 0.44 | 10 |
Authors | ||
4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Pablo Antonino | 1 | 4 | 0.44 |
Slawomir Duszynski | 2 | 79 | 5.59 |
Christian Jung | 3 | 4 | 0.44 |
Manuel Rudolph | 4 | 13 | 2.74 |