Model-driven security based on a Web services security architecture

Nakamura, Yūichi; Tatsubori, Michiaki; Imamura, Takeshi; Ono, Kenji

doi:10.1109/scc.2005.66

Cited by 55 publications

(53 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Sometimes security is added at the time of integration of distributed applications. SOA applications are coupled over various protocols and network technologies, just adding security to software applications is not a realistic approach [6,22] because all the required security information is not available at the downstream phases [6,23]. This approach degrades implementing and maintaining the security of the system [24].…”

Section: Security Is Not Unified With Software Engineering Processmentioning

confidence: 99%

“…The paradigm of SOA promises inter-operability and integration ensuring the availability of resources in the form of services over the network. The SOA paradigm utilizes services as a fundamental element for developing applications [5] and makes the application development easy by coupling services over the Internet or intranet [6]. A business application can be developed as a runtime orchestration of a set of services.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Security Problems of SOA Applications

Saleem¹

2017

IJSIA

View full text Add to dashboard Cite

show abstract

Section: Security Is Not Unified With Software Engineering Processmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Security Problems of SOA Applications

Saleem¹

2017

IJSIA

View full text Add to dashboard Cite

show abstract

“…Security must be unified with the software engineering process [41] and security engineering [42] should be implemented for SOA applications at design phase itself, instead of applying as an ad-hoc requirement. Successfully implemented SOA security has to be well-defined, well-planned, and well-implemented [43].…”

Section: Need Of Security For Soamentioning

confidence: 99%

Severe SOA Security Threats on SOAP Web Services– A Critical Analysis

B¹,

R²

2014

IOSRJCE

View full text Add to dashboard Cite

“…In most of the current practice in separating functional and non-functional properties, non-functional properties are specified on a per-service basis (?, ? ; Amir & Zeid, 2004;Lodderstedt, Basin, & Doser, 2002;Jrjens, 2002;Nakamura, Tatsubori, Imamura, & Ono, 2005;Soler, Villarroel, Trujillo, Medina, & Piattini, 2006;Vokäc, 2005;Baligand & Monfort, 2004;G. Wang, Chen, Wang, Fung, & Uczekaj, 2004).…”

Section: Introductionmentioning

confidence: 99%

“…They are informally specified in natural languages in most of the current practice of separating functional and non-functional properties; it is tedious and error-prone for application developers to manually ensure that their applications satisfy required non-functional constraints (?, ? ; Amir & Zeid, 2004;Nakamura et al, 2005). Few methods exist to explicitly specify non-functional constraints and consistently validate and enforce them in applications.…”

Section: Introductionmentioning

confidence: 99%

Leveraging Early Aspects in End-to-End Model Driven Development for Non-Functional Properties in Service Oriented Architecture

Oba

Wada

Suzuki³

2011

Journal of Database Management

View full text Add to dashboard Cite

In Service Oriented Architecture (SOA), each application is often designed with a set of reusable services and a business process. In order to retain the reusability of services, it is important to separate non-functional properties of applications (e.g., security and reliability) from their functional properties. This paper investigates an end-to-end model-driven development framework that separates non-functional properties from functional properties and consistently manages them from high-level business processes to low-level implementation configurations. This framework proposes two key components: (1) a programming language, called BALLAD, for a new per-process strategy to specify non-functional properties for business processes and (2) a graphical modeling method, called FM-SNFPs, to define a series of constraints among non-functional properties. BALLAD leverages the notion of aspects in aspect oriented programming/modeling. Each aspect is used to specify a set of non-functional properties that crosscut multiple services in a business process. FM-SNFPs leverages the notion of feature modeling in order to explicitly define constraints among non-functional properties such as dependency and mutual exclusion constraints. BALLAD and FM-SNFPs can free application developers from manually specifying, maintaining and validating non-functional properties and constraints for services one by one, thereby reducing the burdens/costs in development and maintenance of service-oriented applications. This paper describes the design details of BALLAD and FM-SNFPs, and demonstrates how they are used in developing service-oriented applications. Empirical evaluation results show that BALLAD significantly reduces the costs to implement and maintain non-functional properties in service-oriented applications. BALLAD and FM-SNFPs are designed and implemented efficient and scalable.

show abstract

Model-driven security based on a Web services security architecture

Cited by 55 publications

References 6 publications

Security Problems of SOA Applications

Security Problems of SOA Applications

Severe SOA Security Threats on SOAP Web Services– A Critical Analysis

Leveraging Early Aspects in End-to-End Model Driven Development for Non-Functional Properties in Service Oriented Architecture

Contact Info

Product

Resources

About