You are here
pattern-driven process for secure service-oriented applications
- Date Issued:
- 2008
- Summary:
- During the last few years, Service-Oriented Architecture (SOA) has been considered to be the new phase in the evolution of distributed enterprise applications. Even though there is a common acceptance of this concept, a real problem hinders the widespread use of SOA : A methodology to design and build secure service-oriented applications is needed. In this dissertation, we design a novel process to secure service-oriented applications. Our contribution is original not only because it applies the MDA approach to the design of service-oriented applications but also because it allows their securing by dynamically applying security patterns throughout the whole process. Security patterns capture security knowledge and describe security mechanisms. In our process, we present a structured map of security patterns for SOA and web services and its corresponding catalog. At the different steps of a software lifecycle, the architect or designer needs to make some security decisions.
Title: | A pattern-driven process for secure service-oriented applications. |
138 views
37 downloads |
---|---|---|
Name(s): |
Delessy, Nelly A. Florida Atlantic University College of Engineering and Computer Science Department of Computer and Electrical Engineering and Computer Science |
|
Type of Resource: | text | |
Genre: | Electronic Thesis Or Dissertation | |
Issuance: | monographic | |
Date Issued: | 2008 | |
Publisher: | Florida Atlantic University | |
Physical Form: | electronic | |
Extent: | xiv, 234 p. : ill. (some col.). | |
Language(s): | English | |
Summary: | During the last few years, Service-Oriented Architecture (SOA) has been considered to be the new phase in the evolution of distributed enterprise applications. Even though there is a common acceptance of this concept, a real problem hinders the widespread use of SOA : A methodology to design and build secure service-oriented applications is needed. In this dissertation, we design a novel process to secure service-oriented applications. Our contribution is original not only because it applies the MDA approach to the design of service-oriented applications but also because it allows their securing by dynamically applying security patterns throughout the whole process. Security patterns capture security knowledge and describe security mechanisms. In our process, we present a structured map of security patterns for SOA and web services and its corresponding catalog. At the different steps of a software lifecycle, the architect or designer needs to make some security decisions. | |
Summary: | An approach using a decision tree made of security pattern nodes is proposed to help making these choices. We show how to extract a decision tree from our map of security patterns. Model-Driven Architecture (MDA) is an approach which promotes the systematic use of models during a system's development lifecycle. In the dissertation we describe a chain of transformations necessary to obtain secure models of the service-oriented application. A main benefit of this process is that it decouples the application domain expertise from the security expertise that are both needed to build a secure application. Security knowledge is captured by pre-defined security patterns, their selection is rendered easier by using the decision trees and their application can be automated. A consequence is that the inclusion of security during the software development process becomes more convenient for the architects/designers. | |
Summary: | A second benefit is that the insertion of security is semi-automated and traceable. Thus, the process is flexible and can easily adapt to changing requirements. Given that SOA was developed in order to provide enterprises with modular, reusable and adaptable architectures, but that security was the principal factor that hindered its use, we believe that our process can act as an enabler for service-oriented applications. | |
Identifier: | 231744935 (oclc), 58003 (digitool), FADT58003 (IID), fau:4289 (fedora) | |
Note(s): |
by Nelly A. Delessy. Thesis (Ph.D.)--Florida Atlantic University, 2008. Includes bibliography. Electronic reproduction. Boca Raton, FL : 2008 Mode of access: World Wide Web. |
|
Subject(s): |
Computer network architectures Web servers -- Management Software engineering Expert systems (Computer science) |
|
Held by: | FBoU FAUER | |
Persistent Link to This Record: | http://purl.flvc.org/FAU/58003 | |
Use and Reproduction: | http://rightsstatements.org/vocab/InC/1.0/ | |
Host Institution: | FAU |