Formalization of secure service oriented product line

In this work, we focus on the SOPL approach (Service Oriented Product Line) which can be used in various domains where SOA based applications are needed such as e/m government, e-business, e-learning and so on. This approach is a combination of Service-Oriented Architecture (SOA) and Software Product Line (SPL). Ensure secure services are vital in order to establish trust between users and service providers. In this context, we aim to propose guidelines for using Secure SOPL which process leads to produce secure service-oriented applications. In fact, with the diversity of the means that allow us to perform security activities, the use of Secure SOPL is difficult especially for developers whose lack experience in the security software, SPL and SOA fields which are the basis the Secure SOPL. Thus, we choose the Map formalism which is a decision-oriented model to formalize the two phases of our Secure SOPL.

[1]  John P. McDermott,et al.  Using abuse case models for security requirements analysis , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[2]  Marlon Dumas,et al.  Intergiciels et Construction d'Applications Réparties , 2007 .

[3]  Anders Toms Threats, Challenges and Emerging Standards in Web Services Security , 2004 .

[4]  Tim Schmitz,et al.  Improving Web Application Security Threats And Countermeasures , 2016 .

[5]  Lamia Labed Jilani,et al.  S2D-ProM: A Strategy Oriented Process Model for Secure Software Development , 2007, International Conference on Software Engineering Advances (ICSEA 2007).

[6]  Nancy R. Mead,et al.  Security quality requirements engineering (SQUARE) methodology , 2005, SESS@ICSE.

[7]  Wouter Joosen,et al.  On the secure software development process: CLASP, SDL and Touchpoints compared , 2009, Inf. Softw. Technol..

[8]  PiattiniMario,et al.  A common criteria based security requirements engineering process for the development of secure information systems , 2007 .

[9]  Ines Achour,et al.  Proposition of secure service oriented product line , 2015, 2015 6th International Conference on Information Systems and Economic Intelligence (SIIE).

[10]  Steven B. Lipner,et al.  The trustworthy computing security development lifecycle , 2004, 20th Annual Computer Security Applications Conference.

[11]  Gary McGraw,et al.  Software Security: Building Security In , 2006, 2006 17th International Symposium on Software Reliability Engineering.

[12]  Silvio Romero de Lemos Meira,et al.  Towards an Approach for Service-Oriented Product Line Architectures , 2009 .

[13]  Colette Rolland,et al.  A Multi-Model View of Process Modelling , 1999, Requirements Engineering.

[14]  Mario Piattini,et al.  Towards security requirements management for software product lines: a security domain requirements engineering process , 2008, JISBD.

[15]  Kyo Chul Kang,et al.  Feature-Oriented Domain Analysis (FODA) Feasibility Study , 1990 .

[16]  Sebastian Günther,et al.  Service-Oriented Product Lines: Towrads a Development Process and Feature Management Model for Web Services , 2008, SPLC.

[17]  Lamia Labed Jilani,et al.  Towards an extended tool for analysis of extended feature models , 2014, The 2014 International Symposium on Networks, Computers and Communications.

[18]  Mario Piattini,et al.  A common criteria based security requirements engineering process for the development of secure information systems , 2007, Comput. Stand. Interfaces.