Service network security management (SNSM) framework, a solution to SOSE security challenge

SOSE is a novel software development paradigm that results in flexible, loose-coupled and end-to-end applications. However, the adoption of this innovation is slowed by security challenge. Apparently, the use of only TLS (transport layer security) security technique for SOSE systems is inappropriate because it provides only point-to-point security support to the communicating parties. While, an end-to-end security mechanism is necessary to effectively secure SOSE applications. Consequently, this paper provides SNSM framework, a solution to SOSE security challenge by integrating many technologies including OASIS's web service security standard, W3C's XML digital signature and XML encryption standards into SOAP envelope to ensure end-to-end security at the message level. In the implementation of the framework, proxy service, a virtual service hosted in the Enterprise Service Bus (ESB) was used to enforce security services as a Quality of service (QOS) requirement. The results show that SNSM framework recorded 10 millisecond average response time above unsecured service, whereas, the TLS secured service has the largest average response time.

[1]  Kanika Lakhani,et al.  Implementing digital signature with RSA encryption algorithm to enhance the Data Security of cloud in Cloud Computing , 2010, 2010 First International Conference On Parallel, Distributed and Grid Computing (PDGC 2010).

[2]  Luigi Lo Iacono,et al.  Web of Services Security , 2015, Datenschutz und Datensicherheit - DuD.

[3]  Muneera Bano,et al.  Requirements Engineering Challenges in Service Oriented Software Engineering: an exploratory online survey , 2013 .

[4]  K. Patel,et al.  Implementing Digital Signature with RSA Encryption Algorithm to Enhance the Data Security of Cloud in Cloud Computing , 2016 .

[5]  Wolfgang Kirsten,et al.  XML and Web Services , 2003 .

[6]  William Stallings,et al.  Cryptography and Network Security: Principles and Practice , 1998 .

[7]  Sukumar Letchmunan,et al.  A Systematic Literature Review on Challenges in Service Oriented Software Engineering , 2015 .

[8]  Christoph Meinel,et al.  SOA Security - Secure Cross-Organizational Service Composition , 2011 .

[9]  Liang-Jie Zhang,et al.  S3: A Service-Oriented Reference Architecture , 2007, IT Professional.

[10]  Gurpreet Singh,et al.  A Study of Encryption Algorithms (RSA, DES, 3DES and AES) for Information Security , 2013, International Journal of Computer Applications.

[11]  Srivaths Ravi,et al.  Security as a new dimension in embedded system design , 2004, Proceedings. 41st Design Automation Conference, 2004..

[12]  William Stallings,et al.  Cryptography and network security , 1998 .

[13]  Bo Li,et al.  SOA Reference Architecture: Standards and Analysis , 2016, SmartCom.

[14]  Waseem Roshen SOA-Based Enterprise Integration: A Step-by-Step Guide to Services-based Application , 2009 .

[15]  Chris Christensen Review of Cryptography and Network Security: Principles and Practice, Fifth Edition , 2011, Cryptologia.