Model-Driven Approach for End-to-End SOA Security Configurations-Reference-Cited by-同舟云学术

Model-Driven Approach for End-to-End SOA Security Configurations

Published:2011 Issue: Volume: Page:268-298
ISSN:
Container-title:Non-Functional Properties in Service Oriented Architecture
language:
Short-container-title:

Author:

Satoh Fumiko¹,Nakamura Yuichi¹,Mukhi Nirmal K.²,Tatsubori Michiaki¹,Ono Kouichi¹

Affiliation:

1. IBM Research – Tokyo, Japan

2. IBM Research – Thomas J. Watson Research Center, USA

Abstract

The configuration of non-functional requirements, such as security, has become important for SOA applications, but the configuration process has not been discussed comprehensively. In current development processes, the security requirements are not considered in upstream phases and a developer at a downstream phase is responsible for writing the security configuration. However, configuring security requirements properly is quite difficult for developers because the SOA security is cross-domain and all required information is not available in the downstream phase. To resolve this problem, this chapter clarifies how to configure security in the SOA application development process and defines the developer’s roles in each phase. Additionally, it proposes a supporting technology to generate security configurations: Model-Driven Security. The authors propose a methodology for end-to-end security configuration for SOA applications and tools for generating detailed security configurations from the requirements specified in upstream phases model transformations, making it possible to configure security properly without increasing developers’ workloads.

Publisher

IGI Global

Reference41 articles.

1. Alam, M., Breu, R., & Breu, M. (2004). Model driven security for Web services (MDS4WS). 8th International Multitopic Conference, (pp. 498-505).

2. Apache Software Foundation. (2004). WSS4J. Retrieved September 1, 2008, from http://ws.apache.org/wss4j/

3. Apache Software Foundation. (2008). Apache rampart. Retrieved September 1, 2008, from http://ws.apache.org/rampart/

4. Basin, D., Doser, J., & Lodderstedt, T. (2003). Model driven security for process-oriented systems. Proceedings of 8th ACM Symposium on Access Control Models and Technologies, (pp. 100-109).

5. Breu, R., Burger, K., Hafner, M., Jürjens, J., Popp, G., Wimmel, G., et al. (2003). Key issues of a formally based process model for security engineering. Sixteenth International Conference on Software & Systems Engineering & their Applications.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. An Aspect-Oriented Approach to Enforce Security Properties in Business Processes;Service-Oriented Computing;2013