Incorporating Security Features in Service-Oriented Architecture using Security Patterns

Service-Oriented Architecture is an architectural style where different heterogeneous components share information with each other by using special types of messages based on the protocol known as Simple Object Access Protocol. Various technologies, such as Common Object Request Broker Architecture, Java 2 Platform, Enterprise Edition, Java Message Service etc. are applied to realize Service-Oriented Architecture for different applications. Besides these approaches, two other techniques, REpresentational State Transfer, and web services are applied for the realization of Service-Oriented Architecture. Web services provide a platform independent communication scheme between applications. The security preservation among the composition of services is an important task for Service-Oriented Architecture. In this study, an attempt is made to incorporate security features in Service- Oriented Architecture with the help of software security patterns. This scheme is described by developing an architectural model integrated with security goals and security patterns. The structural and behavioral aspects of composition of web services incorporated with security features are presented using a Unified Modeling Language class diagram and a sequence diagram respectively. At the end of this study, an evaluation is performed between identified security patterns and critical security properties along with Service-Oriented Architecture design principles. A case study of an online banking system is considered to explain the use of security patterns.

[1]  Martin Fowler,et al.  Patterns of Enterprise Application Architecture , 2002 .

[2]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[3]  Joseph W. Yoder,et al.  Architectural Patterns for Enabling Application Security , 1998 .

[4]  Jim Welsh,et al.  Towards pattern-based design recovery , 2002, ICSE '02.

[5]  Grady Booch,et al.  Core J2EE Patterns (Core Design Series): Best Practices and Design Strategies , 2003 .

[6]  Schahram Dustdar,et al.  A survey on web services composition , 2005, Int. J. Web Grid Serv..

[7]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[8]  Thomas Erl,et al.  SOA Design Patterns , 2008 .

[9]  Andrew D. Gordon,et al.  An advisor for web services security policies , 2005, SWS '05.

[10]  Robert Hanmer,et al.  Patterns for Fault Tolerant Software , 2007 .

[11]  Marius Iulian Mihailescu,et al.  Security Design Patterns , 2010 .

[12]  Ralph E. Johnson,et al.  Growing a pattern language (for security) , 2012, Onward! 2012.

[13]  Christoph Meinel,et al.  A pattern-driven security advisor for service-oriented architectures , 2009, SWS '09.

[14]  Ramesh Nagappan,et al.  Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management , 2005 .

[15]  Douglas C. Schmidt,et al.  Pattern Oriented Software Architecture: On Patterns and Pattern Languages (Wiley Software Patterns Series) , 2007 .

[16]  DustdarSchahram,et al.  A survey on web services composition , 2005 .