Abstract
Due to today’s rapidly changing corporate environments, business processes are increasingly subject to dynamic configuration and evolution. The evolution of new deployment architectures, as illustrated by the move towards mobile platforms and the Internet Of Services, and the introduction of new security regulations (imposed by national and international regulatory bodies, such as SOX or BASEL) are an important constraint in the design and development of business processes. In such a context, it is not sufficient to apply the corresponding adaptations only at the service orchestration or at the choreography level; there is also the need for controlling the impact of new security requirements to several architectural layers, specially in cloud computing, where the notion of Platforms as Services and Infrastructure as Services are fundamental. In this paper we survey several research questions related to security cross-domain and cross-layer security functionality in Service Oriented Architectures, from an original point of view. We provide the first insights on how a general service model empowered with aspect oriented programming capabilities can provide clean modularization to such cross-cutting security concerns.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Akşit, M., Clarke, S., Elrad, T., Filman, R.E. (eds.): Aspect-Oriented Software Development. Addison-Wesley Professional (September 2004)
Bagheri, E., Ghorbani, A.: A service oriented approach to critical infrastructure modeling. In: Workshop on Service Oriented Techniques. National Research Council, Canada (2006)
Navarro, L.D.B., Südholt, M., Vanderperren, W., Verheecke, B.: Modularization of Distributed Web Services Using Aspects with Explicit Distribution (AWED). In: Meersman, R., Tari, Z. (eds.) OTM 2006. LNCS, vol. 4276, pp. 1449–1466. Springer, Heidelberg (2006)
Charfi, A., Mezini, M.: Ao4bpel: An aspect-oriented extension to bpel. World Wide Web 10(3), 309–344 (2007)
Chen, Q., Shen, J., Dong, Y., Dai, J., Xu, W.: Building a collaborative manufacturing system on an extensible soa-based platform. In: 10th International Conference on Computer Supported Cooperative Work in Design, CSCWD 2006, pp. 1–6 (May 2006)
Courbis, C., Finkelstein, A.: Weaving aspects into web service orchestrations. In: ICWS 2005: Proceedings of the IEEE International Conference on Web Services, pp. 219–226. IEEE Computer Society, Washington, DC (2005)
Idrees, M.S., Serme, G., Roudier, Y., et al.: State of the art and requirement analysis of security functionalities for soas. Deliverable D2.1, The CESSA project (July 2010), http://cessa.gforge.inria.fr/lib/exe/fetch.php?media=publication:d2-1.pdf
Kiczales, G.: Aspect-oriented programming. ACM Comput. Surv. 28(4es), 154 (1996)
Lagaisse, B., Joosen, W.: True and Transparent Distributed Composition of Aspect-Components. In: van Steen, M., Henning, M. (eds.) Middleware 2006. LNCS, vol. 4290, pp. 42–61. Springer, Heidelberg (2006)
Lewis, G., Smith, D.: Service-oriented architecture and its implications for software maintenance and evolution. In: Frontiers of Software Maintenance, FoSM 2008, pp. 1–10 (September 2008)
Lowis, L., Accorsi, R.: On a classification approach for soa vulnerabilities. In: International Computer Software and Applications Conference, pp. 439–444 (2009)
Lowis, L., Accorsi, R.: Vulnerability analysis in soa-based business processes. IEEE Transactions on Services Computing 99(PrePrints) (2010)
Mingyan, Z., Yanzhang, W., Xiaodong, C., Kai, X.: Service-oriented dynamic evolution model. In: International Symposium on Computational Intelligence and Design, ISCID 2008, vol. 1, pp. 322–326 (October 2008)
OWASP. Open web application security project, https://www.owasp.org/index.php/category:attack
Serme, G., Idrees, M.S., Roudier, Y., et al.: Compositional evolution of secure services using aspects. Deliverable D3.1, The CESSA project (July 2011), http://cessa.gforge.inria.fr/lib/exe/fetch.php?media=publications:d3-1.pdf
Svirskas, A., Isacenkova, J., Molva, R.: Towards secure and trusted collaboration environment for European public sector. In: 2nd International Workshop on Trusted Collaboration, TrustCol 2007, New York, USA, November 12-15 (November 2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sabir Idrees, M., Serme, G., Roudier, Y., De Oliveira, A.S., Grall, H., Südholt, M. (2012). Evolving Security Requirements in Multi-layered Service-Oriented-Architectures. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds) Data Privacy Management and Autonomous Spontaneus Security. DPM SETOP 2011 2011. Lecture Notes in Computer Science, vol 7122. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28879-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-28879-1_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28878-4
Online ISBN: 978-3-642-28879-1
eBook Packages: Computer ScienceComputer Science (R0)