Towards an approach to design and enforce security in web service composition
International Journal of Web Engineering and Technology
Cloud Architecture for Dynamic Service Composition
International Journal of Grid and High Performance Computing
Interoperability and Functionality of WS-* Implementations
International Journal of Web Services Research
Adaptable, model-driven security engineering for SaaS cloud-based applications
Automated Software Engineering
Hi-index | 0.00 |
Cloud computing enables the provisioning of dynamically scalable resources as a service. Next to cloud computing, the paradigm of Service-oriented Architectures emerged to facilitate the provisioning of functionality as services. While both concepts are complementary, their combination enables the flexible provisioning and consumption of independently scalable services. These approaches come along with new security risks that require the usage of identity and access management solutions and information protection. The requirements concerning security mechanisms, protocols and options are stated in security policies that configure the interaction between services and clients in a system. In this paper, we present our cloud-based Service Security Lab that supports the on-demand creation and orchestration of composed applications and services. Our cloud platform enables the testing, monitoring and analysis of Web Services regarding different security configurations, concepts and infrastructure components. Since security policies are hard to understand and even harder to codify, we foster a model-driven approach to simplify the creation of security configurations. Our model-driven approach enables the definition of security requirements at the modelling layer and facilitates a transformation based on security configuration patterns.