Security Evaluation of Service-Oriented Systems Using the SiSOA Method

International journal of secure software engineering Pub Date : 2011-10-01 DOI:10.4018/JSSE.2011100102

Christian Jung, M. Rudolph, R. Schwarz

{"title":"Security Evaluation of Service-Oriented Systems Using the SiSOA Method","authors":"Christian Jung, M. Rudolph, R. Schwarz","doi":"10.4018/JSSE.2011100102","DOIUrl":null,"url":null,"abstract":"The Service-Oriented Architecture paradigm SOA is commonly applied for the implementation of complex, distributed business processes. The service-oriented approach promises higher flexibility, interoperability and reusability of the IT infrastructure. However, evaluating the quality attribute security of such complex SOA configurations is not sufficiently mastered yet. To tackle this complex problem, the authors developed a method for evaluating the security of existing service-oriented systems on the architectural level. The method is based on recovering security-relevant facts about the system by using reverse engineering techniques and subsequently providing automated support for further interactive security analysis at the structural level. By using generic, system-independent indicators and a knowledge base, the method is not limited to a specific programming language or technology. Therefore, the method can be applied to various systems and adapt it to specific evaluation needs. The paper describes the general structure of the method, the knowledge base, and presents an instantiation aligned to the Service Component Architecture SCA specification.","PeriodicalId":89158,"journal":{"name":"International journal of secure software engineering","volume":"101 1","pages":"19-33"},"PeriodicalIF":0.0000,"publicationDate":"2011-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"International journal of secure software engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/JSSE.2011100102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

The Service-Oriented Architecture paradigm SOA is commonly applied for the implementation of complex, distributed business processes. The service-oriented approach promises higher flexibility, interoperability and reusability of the IT infrastructure. However, evaluating the quality attribute security of such complex SOA configurations is not sufficiently mastered yet. To tackle this complex problem, the authors developed a method for evaluating the security of existing service-oriented systems on the architectural level. The method is based on recovering security-relevant facts about the system by using reverse engineering techniques and subsequently providing automated support for further interactive security analysis at the structural level. By using generic, system-independent indicators and a knowledge base, the method is not limited to a specific programming language or technology. Therefore, the method can be applied to various systems and adapt it to specific evaluation needs. The paper describes the general structure of the method, the knowledge base, and presents an instantiation aligned to the Service Component Architecture SCA specification.

查看原文本刊更多论文

基于SiSOA方法的面向服务系统安全评估

面向服务的体系结构范例SOA通常用于实现复杂的分布式业务流程。面向服务的方法保证IT基础设施具有更高的灵活性、互操作性和可重用性。然而，评估这种复杂SOA配置的质量属性安全性还没有得到充分的掌握。为了解决这个复杂的问题，作者开发了一种在体系结构级别上评估现有面向服务系统安全性的方法。该方法基于通过使用逆向工程技术恢复系统的安全相关事实，并随后在结构级别为进一步的交互式安全分析提供自动化支持。通过使用通用的、独立于系统的指标和知识库，该方法不局限于特定的编程语言或技术。因此，该方法可以应用于各种系统，并使其适应具体的评价需要。本文描述了该方法的一般结构和知识库，并给出了一个与服务组件体系结构SCA规范一致的实例。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International journal of secure software engineering

自引率

0.00%

发文量