Skip to main content
SpringerLink
Log in

Policy Chain for Securing Service Oriented Architectures

  • Conference paper
Data Privacy Management and Autonomous Spontaneous Security (DPM 2012, SETOP 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7731))

Abstract

Service Providers using Service Oriented Architecture in order to deliver in-house services as well as on-demand and cloud services have to deal with two interdependent challenges: (1) to achieve, maintain and prove compliance with security requirements stemming from internal needs, 3rd party demands and international regulations and (2) to manage requirements, policies and security configuration in a cost-efficient manner. The deficiencies of current processes and tools force these service providers to trade off profitability against security and compliance. This paper summarizes a novel approach of a policy chain, which links high-level, abstract and declarative security policies on one side and low-level, imperative, and technical security configuration settings on the other side. The paper describes an architecture linking several applications and models via state-machines in order to provide a toolset supporting service providers to build such a holistic policy chain at design time, and to maintain and leverage it during system operation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Forrester Research: How To Manage Your Information Security Policy Framework (2006)

    Google Scholar 

  2. Forrester Research: The Change And Configuration Management Software Market (2007)

    Google Scholar 

  3. Gartner Research: Security Software and Services Spending Will Outpace Other IT Spending Areas in 2010 (2009)

    Google Scholar 

  4. Chen, H., Al-Nashif, Y.B., Qu, G., Hariri, S.: Self-Configuration of Network Security. In: 11th IEEE International Enterprise Distributed Object Computing Conference, p. 97 (2007)

    Google Scholar 

  5. Center for Strategic and International Studies: Securing Cyberspace for the 44th Presidency (2008)

    Google Scholar 

  6. Oppenheimer, D.: The importance of understanding distributed system configuration. In: Conference on Human Factors in Computer Systems Workshop (2003)

    Google Scholar 

  7. Patterson, D.A.: A simple way to estimate the cost of downtime. In: 16th Systems Administration Conference, LISA 2002, pp. 185–188 (2002)

    Google Scholar 

  8. Boutaba, R., Aib, I.: Policy-based Management: A Historical Perspective. Journal of Network and System Management 15(4), 447–480 (2007)

    Article  Google Scholar 

  9. de Albuquerque, J.P., Krumm, H., de Geus, P.L., Jeruschkat, R.: Scalable model-based configuration management of security services in complex enterprise networks. Journal Software: Practice and Experience 41(3), 307–338 (2011)

    Article  Google Scholar 

  10. Mont, M., Baldwin, A., Goh, C.: POWER prototype: Towards integrated policy-based management. In: IEEE/IFIP Network Operations and Management Symposium, pp. 789–802 (2000)

    Google Scholar 

  11. Basile, C., Lioy, A., Perez, G.M., Clemente, F.J.G., Skarmeta, A.F.G.: POSITIF: A Policy-Based Security Management System. In: 8th IEEE Workshop on Policies for Distributed Systems and Networks (2007)

    Google Scholar 

  12. Perez, M.G., Bernabe, J.B., Marin Perez, J.M., Martinez Manzano, D.J., Gomez Skarmeta, A.F.: A Policy-based Dependability Management Framework for Critical Services. International Journal on Advances in Internet Technology 2(4) (2009)

    Google Scholar 

  13. Alsubhi, K., Aib, I., François, J., Boutaba, R.: Policy-Based Security Configuration Management, Application to Intrusion Detection and Prevention. In: ICC, pp. 1–6 (2009)

    Google Scholar 

  14. Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Preda, S.: MIRAGE: A Management Tool for the Analysis and Deployment of Network Security Policies. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cavalli, A., Leneutre, J. (eds.) DPM 2010 and SETOP 2010. LNCS, vol. 6514, pp. 203–215. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  15. Teo, L., Ahn, G.-J.: Managing heterogeneous network environments using an extensible policy framework. In: 2nd ACM symposium on Information, Computer and Communications Security, ASIACCS 2007, pp. 362–364 (2007)

    Google Scholar 

  16. Goldsack, P., Guijarro, J., Loughran, S., Coles, A., Farrell, A., Lain, A., Murray, P., Toft, P.: The SmartFrog configuration management framework. SIGOPS Oper. Syst. Rev. 43(1), 16–25 (2009)

    Article  Google Scholar 

  17. Burns, J., Cheng, A., Gurung, P., Rajagopalan, S., et al.: Automatic management of network security policy. In: DARPA Information Survivability Conference and Exposition (DISCEX II 2001), vol. 2 (2001)

    Google Scholar 

  18. Twidle, K., Lupu, E., Dulay, N., Sloman, M.: Ponder2—A policy environment for autonomous pervasive systems. In: IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 245–246 (2008)

    Google Scholar 

  19. Charalambides, M., Flegkas, P., Pavlou, G., et al.: Policy conflict analysis for diffserv quality of service management. IEEE Transactions on Network and Service Management 6(1), 15–30 (2009)

    Article  Google Scholar 

  20. Hassan, A.A., Bahgat, W.M.: A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms. Journal of Electrical Engineering 61(1), 20–28 (2010)

    Article  Google Scholar 

  21. PoSecCo. Deliverable 4.2 – Structural Service Landscape Meta-Model (2011)

    Google Scholar 

  22. PoSecCo. Deliverable 4.4 – Concept and architecture for automated model creation, population, maintenance and audit (2012)

    Google Scholar 

  23. PoSecCo. Deliverable 2.1 – Framework for Business Level Policies (2011)

    Google Scholar 

  24. PoSecCo. Deliverable 2.2 – IT policy meta-model and language (2011)

    Google Scholar 

  25. PoSecCo. Deliverable 3.1 – Initial SDSS architecture and workflow (2011)

    Google Scholar 

  26. PoSecCo. Deliverable 3.3 – Configuration Meta-Model (2011)

    Google Scholar 

  27. Casalino, M.M., Mangili, M., Plate, H., Ponta, S.E.: Detection of configuration vulnerabilities in distributed (web) environments. In: Security and Privacy in Communication Networks - 8th Iternational ICST Conference, SecureComm (to appear, 2012)

    Google Scholar 

  28. PoSecCo. Deliverable 1.3 – Concept and Architecture of the overall Solution (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SAP Research, 805 Avenue Dr M. Donat, 06250, Mougins, France

    Wihem Arsac & Henrik Plate

  2. Bern University of Applied Sciences, 2501, Biel/Bienne, Switzerland

    Annett Laube

Authors
  1. Wihem Arsac
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Annett Laube
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Henrik Plate
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Università degli Studi Roma Tre, Largo San Leonardo Murialdo, 1, 00146, Rome, Italy

    Roberto Di Pietro

  2. Universitat Politècnica de Catalunya, c. Jordi Girona 1-3, 08034, Barcelona, Spain

    Javier Herranz

  3. Università degli Studi di Milano, Via Bramante, 65, 26013, Milan, Italy

    Ernesto Damiani

  4. University of Luxembourg, rue Alphonse Weicker, 4, 2721, Luxembourg, Luxembourg

    Radu State

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Arsac, W., Laube, A., Plate, H. (2013). Policy Chain for Securing Service Oriented Architectures. In: Di Pietro, R., Herranz, J., Damiani, E., State, R. (eds) Data Privacy Management and Autonomous Spontaneous Security. DPM SETOP 2012 2012. Lecture Notes in Computer Science, vol 7731. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35890-6_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35890-6_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35889-0

  • Online ISBN: 978-3-642-35890-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation