论文信息 - Security Architecture Proposal for Threat Response of insider in SOA-based ESB Environment

Security Architecture Proposal for Threat Response of insider in SOA-based ESB Environment

SOA(service oriented architecture) based ESB(enterprise service bus) model is widely adopted in many companies for the safe processing of enormous data and the integration of business system. The existing web service technologies for the construction of SOA, however, show unsatisfactory in practical applications though the standardization of web service security technologies is in progress due to their limitations in safe exchange of data. Internal end users using a large business system based on such environment are composed of the variety of organizations and roles. Companies might receive more serious damage from insider threat than that from external one when internal end users get unauthorized information beyond the limits of their authority for private profit and bad purposes. In this paper, we propose a security architecture capable of identifying and coping with the security threats of web service technologies arouse from internal end users.

In-Seok Kim | Shi-hwa Oh

[1] Liming Zhu,et al. Performance Prediction of Service-Oriented Applications based on an Enterprise Service Bus , 2007, 31st Annual International Computer Software and Applications Conference (COMPSAC 2007).

[2] Donald E. Eastlake,et al. XML-Signature Syntax and Processing , 2001, RFC.

[3] Thomas Erl,et al. Service-Oriented Architecture: A Field Guide to Integrating XML and Web Services , 2004 .

[4] D. Eastlake,et al. XML Encryption Syntax and Processing , 2003 .

[5] Chol-Hong Im,et al. A Study of a Scheme to Assess and Improve ESB-based SOA Applications from the S/W Architecture Perspective , 2006 .

[6] Won-Kyu Park,et al. Design and Implementation of SOA based S/W Services for Dynamic Behavior of Embedded System , 2010 .

[7] Salvatore J. Stolfo,et al. Insider Attack and Cyber Security - Beyond the Hacker , 2008, Advances in Information Security.