On understanding types, data abstraction, and polymorphism
ACM Computing Surveys (CSUR) - The MIT Press scientific computation series
Role-Based Access Control Models
Computer
Software metrics (2nd ed.): a rigorous and practical approach
Software metrics (2nd ed.): a rigorous and practical approach
Programming language pragmatics
Programming language pragmatics
Foundations of object-oriented languages: types and semantics
Foundations of object-oriented languages: types and semantics
Managing Policy Updates in Security-Typed Languages
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Secrets of SOA: An Enterprise View on Service-Oriented Architecture Deployment Revealed
Secrets of SOA: An Enterprise View on Service-Oriented Architecture Deployment Revealed
ROWLBAC: representing role based access control in OWL
Proceedings of the 13th ACM symposium on Access control models and technologies
A Trust Management Approach for Flexible Policy Management in Security-Typed Languages
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
The web 2.0 movement: mashups driven and web services
ICCOMP'09 Proceedings of the WSEAES 13th international conference on Computers
The web 2.0 movement: mashups driven and web services
WSEAS Transactions on Computers
| Hi-index | 0.00 |
In a service oriented environment, using SOA technologies, different business entities and services are combined together. Such an environment introduces various security vulnerabilities. This paper proposes an innovative approach to address SOA application security through security typing. We first define security typing concepts, its declaration and definition, with a simple security type, SST, as an example. We then explore various operations under this concept including type equivalence, type compatibility, and type inference. We show, through unary and binary operational examples, that measuring security characteristics requires a clear understanding of the metric scale level and that often times extending an ordinal scale metric to ratio level can be misleading. Our idea and approach to SST may be generalized in the future to more sophisticated security typing.