Software engineering for security: a roadmap
Proceedings of the Conference on The Future of Software Engineering
Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Symbolic Model Checking
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Best-Practice Patterns and Tool Support for Configuring Secure Web Services Messaging
ICWS '04 Proceedings of the IEEE International Conference on Web Services
Verifying policy-based security for web services
Proceedings of the 11th ACM conference on Computer and communications security
Sound development of secure service-based systems
Proceedings of the 2nd international conference on Service oriented computing
Model-Driven Security Based on a Web Services Security Architecture
SCC '05 Proceedings of the 2005 IEEE International Conference on Services Computing - Volume 01
Validating security policy conformance with WS-security requirements
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Interoperability and Functionality of WS-* Implementations
International Journal of Web Services Research
Hi-index | 0.00 |
The Service-Oriented Architecture (SOA) makes application development flexible in such a way that services are composed in a highly distributed manner. However, because of the flexibility, it is often hard for users to define application configurations properly. Regarding the security concerns we address in this paper, though WS-SecurityPolicy provides a standard way to describe security policies, it is difficult for users to make sure that the defined policies are valid. In this paper, we discuss the validation of WS-SecurityPolicy in the context of Service Component Architecture, and propose a method called syntactic validation. Most enterprises have security guidelines, some of which can be described in the format of Web services security messages. There also exist standard profiles for Web services such as the WS-I Basic Security Profile that also prescribes message formats. Since those guidelines and profiles are based on accepted best practices, the syntactic validation is sufficiently effective for practical use to prevent security vulnerabilities.