Web Services Security

Hilst, Michael Van; Fernández, Eduardo B.; Hashizume, Keiko; Buckley, Ingrid A.; Larrondo-Petrie, María M.

doi:10.4018/978-1-60566-950-2.ch008

Cited by 5 publications

(1 citation statement)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Delessy and Fernandez defined several security patterns for SOA and Web Service security [4,6] that describe best practices and concepts such as identity provider and identity federation. These patterns provide an informal description, although parts of the pattern's solution are formalised using UML diagrams.…”

Section: Security Patterns For Soa Securitymentioning

confidence: 99%

A Pattern-Driven Generation of Security Policies for Service-Oriented Architectures

Menzel

Warschofsky

Meinel

2010

2010 IEEE International Conference on Web Services

View full text Add to dashboard Cite

Service-oriented Architectures support the provision, discovery, and usage of services in different application contexts. The Web Service specifications provide a technical foundation to implement this paradigm. Moreover, mechanisms are provided to face the new security challenges raised by SOA. To enable the seamless usage of services, security requirements can be expressed as security policies (e.g. WS-Policy and WSSecurityPolicy) that enable the negotiation of these requirements between clients and services.However, the codification of security policies is a difficult and error-prone task due to the complexity of the Web Service specifications. In this paper, we introduce our model-driven approach that facilitates the transformation of architecture models annotated with simple security intention to security policies. This transformation is driven by security configuration patterns that provide expert knowledge on Web Service security. Therefore, we will introduce a formalised pattern structure and a domain-specific language to specify these patterns.

show abstract

Section: Security Patterns For Soa Securitymentioning

confidence: 99%

A Pattern-Driven Generation of Security Policies for Service-Oriented Architectures

Menzel

Warschofsky

Meinel

2010

2010 IEEE International Conference on Web Services

View full text Add to dashboard Cite

show abstract

Security Requirements for Social Networks in Web 2.0

Fernández

Marin²,

Larrondo-Petrie³

2010

Handbook of Social Network Technologies and Applications

View full text Add to dashboard Cite

Building a security reference architecture for cloud systems

2015

Self Cite

View full text Add to dashboard Cite

Reference architectures (RAs) are useful tools to understand and build complex systems, and many cloud providers and software product vendors have developed versions of them. RAs describe at an abstract level (no implementation details) the main features of their cloud systems. Security is a fundamental concern in clouds and several cloud vendors provide security reference architectures (SRAs) to describe the security features of their services. A SRA is an abstract architecture describing a conceptual model of security for a cloud system and provides a way to specify security requirements for a wide range of concrete architectures. We propose here a method to build a SRA for clouds defined using UML models and patterns, which goes beyond existing models in providing a global view and a more precise description. We present a metamodel as well as security and misuse patterns for this purpose. We validate our approach by showing that it can describe more precisely existing models and that it has a variety of uses. We describe in detail one of these uses, a way of evaluating the security level of a SRA.

show abstract

Web Services Security

Cited by 5 publications

References 12 publications

A Pattern-Driven Generation of Security Policies for Service-Oriented Architectures

A Pattern-Driven Generation of Security Policies for Service-Oriented Architectures

Security Requirements for Social Networks in Web 2.0

Building a security reference architecture for cloud systems

Contact Info

Product

Resources

About