Data Security in Service-Oriented Architectures

Due to standardized interfaces and loose coupling of services, serviceoriented architectures provide the possibility for close interaction between different organizations and communities. But this also introduces new risks: To have under control where which data is processed becomes increasingly difficult. This paper highlights that current approaches for ensuring data privacy and required security mechanisms are no longer adequate under these changing conditions and presents possible solutions discussed by researchers and developers. Additionally, economic implications of data privacy and security are considered.

[1]  Ronald Cramer,et al.  Introduction to Secure Computation , 1998, Lectures on Data Security.

[2]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[3]  Peter Loscocco,et al.  Meeting Critical Security Objectives with Security-Enhanced Linux , 2001 .

[4]  Joan Feigenbaum,et al.  Secure multiparty computation of approximations , 2001, TALG.

[5]  Wenliang Du,et al.  A study of several specific secure two-party computation problems , 2001 .

[6]  Gregory D. Abowd,et al.  A Framework for Comparing Perspectives on Privacy and Pervasive Technologies , 2003, IEEE Pervasive Comput..

[7]  Wenliang Du,et al.  Secure Multi-party Computational Geometry , 2001, WADS.

[8]  D. Bainbridge Data protection , 2000 .

[9]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[10]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[11]  Paul Müller,et al.  Sicherheit und Privatsphäre in RFID-Systemen , 2004, DFN-Arbeitstagung über Kommunikationsnetze.

[12]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[13]  Anders Toms Threats, Challenges and Emerging Standards in Web Services Security , 2004 .

[14]  Stephen Smalley,et al.  The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments , 2000 .

[15]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[16]  Hongjun Wu The Misuse of RC4 in Microsoft Word and Excel , 2005, IACR Cryptol. ePrint Arch..