Evolving security requirements in multi-layered service-oriented-architectures

Authors:
Muhammad Sabir Idrees;Gabriel Serme;Yves Roudier;Anderson Santana De Oliveira;Herve Grall;Mario Sü/dholt
Affiliations:
EURECOM, Sophia Antipolis, France;SAP Research, Mougins;EURECOM, Sophia Antipolis, France;SAP Research, Mougins;ASCOLA Group/ EMN-INRIA, LINA, Dpt. Informatique, É/cole des Mines de Nantes, Nantes Cedex 3, France;ASCOLA Group/ EMN-INRIA, LINA, Dpt. Informatique, É/cole des Mines de Nantes, Nantes Cedex 3, France
Venue:
DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Year:
2011

Citing 9
Cited 1

Aspect-oriented programming

ACM Computing Surveys (CSUR) - Special issue: position statements on strategic directions in computing research
Weaving Aspects into Web Service Orchestrations

ICWS '05 Proceedings of the IEEE International Conference on Web Services
AO4BPEL: An Aspect-oriented Extension to BPEL

World Wide Web
Service-Oriented Dynamic Evolution Model

ISCID '08 Proceedings of the 2008 International Symposium on Computational Intelligence and Design - Volume 01
True and transparent distributed composition of aspect-components

Proceedings of the ACM/IFIP/USENIX 2006 International Conference on Middleware
Towards secure and trusted collaboration environment for European public sector

COLCOM '07 Proceedings of the 2007 International Conference on Collaborative Computing: Networking, Applications and Worksharing
On a Classification Approach for SOA Vulnerabilities

COMPSAC '09 Proceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference - Volume 02
Vulnerability Analysis in SOA-Based Business Processes

IEEE Transactions on Services Computing
Modularization of distributed web services using aspects with explicit distribution (AWED)

ODBASE'06/OTM'06 Proceedings of the 2006 Confederated international conference on On the Move to Meaningful Internet Systems: CoopIS, DOA, GADA, and ODBASE - Volume Part II

HiPoLDS: a security policy language for distributed systems

WISTP'12 Proceedings of the 6th IFIP WG 11.2 international conference on Information Security Theory and Practice: security, privacy and trust in computing systems and ambient intelligent ecosystems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Due to today's rapidly changing corporate environments, business processes are increasingly subject to dynamic configuration and evolution. The evolution of new deployment architectures, as illustrated by the move towards mobile platforms and the Internet Of Services, and the introduction of new security regulations (imposed by national and international regulatory bodies, such as SOX or BASEL) are an important constraint in the design and development of business processes. In such a context, it is not sufficient to apply the corresponding adaptations only at the service orchestration or at the choreography level; there is also the need for controlling the impact of new security requirements to several architectural layers, specially in cloud computing, where the notion of Platforms as Services and Infrastructure as Services are fundamental. In this paper we survey several research questions related to security cross-domain and cross-layer security functionality in Service Oriented Architectures, from an original point of view. We provide the first insights on how a general service model empowered with aspect oriented programming capabilities can provide clean modularization to such cross-cutting security concerns.