A pattern-driven security advisor for service-oriented architectures

Abstract

Service-oriented Architectures (SOA) provide a flexible infrastructure to allow independently developed software components to communicate in a seamless manner. Increased connectivity entails significant higher security risks. To face these risks, a broad range of specifications e.g. WS-Security and WS-Trust has emerged to ensure security in SOA. These specifications are supported by all major Web Service Frameworks and enforced by security modules provided by these frameworks to apply security to ingoing and outgoing messages. In general, a security module is configured declaratively using a security policy e.g. WS-SecurityPolicy that expresses security goals and related configurations. To support a broad range of use cases, these security policy languages offer a variety of settings and options. However, the complexity of security policy languages leads to an error-prone and tedious creation of security policies. To simplify and support the generation of Web Services, we present an architecture for a security advisor in this paper. This security advisor facilitates the configuration of security modules for service-based systems based on a pattern-driven approach that enables the transformation from general security goals to concrete security configurations. Therefore, we will introduce a security pattern system which is used to resolve concrete protocols and security mechanisms at a technical level.