Ecole d'ingénieur et centre de recherche en Sciences du numérique

Evolving security requirements in multi-layered Service-Oriented-Architectures

Idrees, Muhammad Sabir; Serme, Gabriel; Roudier, Yves; De Oliveira, Santana Anderson; Grall, Herve; Sudholt, Mario

SETOP 2011, 4th International Workshop on Autonomous and Spontaneous Security, in conjunction with the 16th annual European research event in Computer Security (ESORICS 2011) symposium, September 15-16, 2011, Leuven, Belgium / Also published in "Lecture Notes in Computer Science", 2012, Volume 7122/2012

Due to today's rapidly changing corporate environments,business processes are increasingly subject to dynamic configuration and evolution. The evolution of new deployment architectures, as illustrated by the move towards mobile platforms and the Internet Of Services, and the introduction of new security regulations (imposed by national and international regulatory bodies, such as SOX4 or BASEL5) are an important constraint in the design and development of business processes. In such a context, it is not sufficient to apply the corresponding adaptations only at the service orchestration or at the choreography level; there is also the need for controlling the impact of new security requirements to several architectural layers, specially in cloud computing, where the notion of Platforms as Services and Infrastructure as Services are fundamental. In this paper we survey several research questions related to security cross-domain and cross-layer security functionality in Service Oriented Architectures, from an original point of view. We provide the first insights on how a general service model empowered with aspect oriented programming capabilities can provide clean modularization to such cross-cutting security concerns.

Document Doi Hal Bibtex

Titre:Evolving security requirements in multi-layered Service-Oriented-Architectures
Mots Clés:SOA, Evolution, AOP, REST, Security
Type:Conférence
Langue:English
Ville:Leuven
Pays:BELGIQUE
Date:
Département:Sécurité numérique
Eurecom ref:3477
Copyright: © Springer. Personal use of this material is permitted. The definitive version of this paper was published in SETOP 2011, 4th International Workshop on Autonomous and Spontaneous Security, in conjunction with the 16th annual European research event in Computer Security (ESORICS 2011) symposium, September 15-16, 2011, Leuven, Belgium / Also published in "Lecture Notes in Computer Science", 2012, Volume 7122/2012 and is available at : http://dx.doi.org/10.1007/978-3-642-28879-1_13
Bibtex: @inproceedings{EURECOM+3477, doi = {http://dx.doi.org/10.1007/978-3-642-28879-1_13}, year = {2011}, title = {{E}volving security requirements in multi-layered {S}ervice-{O}riented-{A}rchitectures}, author = {{I}drees, {M}uhammad {S}abir and {S}erme, {G}abriel and {R}oudier, {Y}ves and {D}e {O}liveira, {S}antana {A}nderson and {G}rall, {H}erve and {S}udholt, {M}ario}, booktitle = {{SETOP} 2011, 4th {I}nternational {W}orkshop on {A}utonomous and {S}pontaneous {S}ecurity, in conjunction with the 16th annual {E}uropean research event in {C}omputer {S}ecurity ({ESORICS} 2011) symposium, {S}eptember 15-16, 2011, {L}euven, {B}elgium / {A}lso published in "{L}ecture {N}otes in {C}omputer {S}cience", 2012, {V}olume 7122/2012 }, address = {{L}euven, {BELGIQUE}}, month = {09}, url = {http://www.eurecom.fr/publication/3477} }
Voir aussi: