论文信息 - SOABSE: An approach to realizing business-oriented security requirements with Web Service security policies

SOABSE: An approach to realizing business-oriented security requirements with Web Service security policies

A critical issue in developing Web Service-based business applications is the realization of business-level security requirements with system-level security mechanisms using the WS-∗ standards. Current practice has primarily relied on the engineer's experience and lacks consistency and methodological support. This paper introduces an approach to Web Services security engineering called SOABSE, which systematically models, designs and implements security for a WS-based application from a given set of business-oriented security requirements. It includes 1) a stepwise process that systematically transforms business-level security requirements into system-level WS-∗ security policies, and relies on 2) a security realization model that maps business-level security objectives to WS-∗ security realization mechanisms and 3) a security deployment model that sets out the security-oriented Web Service deployment information. A prototype tool supporting the approach is also introduced.

Jun Han | Malinda Kapuruge | Ingo Müller | Steven Versteeg | Tan Phan

[1] Jun Han,et al. Quality-Driven Business Policy Specification and Refinement for Service-Oriented Systems , 2008, ICSOC.

[2] Ruth Breu,et al. Security engineering for service-oriented architectures , 2008 .

[3] Jan Trobitius,et al. Anwendung der "Common Criteria for Information Technology Security Evaluation" (CC) / ISO 15408 auf ein SOA Registry-Repository , 2007, Informatiktage.

[4] Mike P. Papazoglou,et al. Web Services - Principles and Technology , 2007 .

[5] Michiaki Tatsubori,et al. Model-driven security based on a Web services security architecture , 2005, 2005 IEEE International Conference on Services Computing (SCC'05) Vol-1.

[6] Andreas Schaad,et al. Model-driven business process security requirement specification , 2009, J. Syst. Archit..

[7] Mario Piattini,et al. Web Services-Based Security Requirement Elicitation , 2007, IEICE Trans. Inf. Syst..

[8] Tim Ebringer,et al. Policy-Based Service Registration and Discovery , 2007, OTM Conferences.

[9] David A. Basin,et al. SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[10] Andrew D. Gordon,et al. TulaFale: A Security Tool for Web Services , 2003, FMCO.

[11] Jan Jürjens,et al. UMLsec: Extending UML for Secure Systems Development , 2002, UML.

[12] Amit P. Sheth,et al. Web Service Semantics - WSDL-S , 2005 .