Advertisement

Cross-Organizational Security – The Service-Oriented Difference

  • André Miede
  • Nedislav Nedyalkov
  • Dieter Schuller
  • Nicolas Repp
  • Ralf Steinmetz
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6275)

Abstract

Service-oriented Architectures (SOA) are a powerful paradigm to address integration challenges for information technology systems in enterprises. The service-based integration of legacy systems and business partner systems makes it necessary to introduce and adapt suitable SOA security measures in order to secure the enterprise both within and for cross-organizational collaboration. While there is an active research community for SOA security, standard literature on the topic has not yet identified the influence of the SOA paradigm on security aspects in a structured manner, especially in an enterprise context. In our paper, we work towards this goal by identifying the main elements of cross-organizational SOA in the form of a conceptual model and by discussing these elements regarding their impact on security issues. Based on this, research challenges for SOA security are defined and structured.

Keywords

Business Process Service Consumer Attack Scenario Security Goal Security Concept 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Krafzig, D., Banke, K., Slama, D.: Enterprise SOA: Service-Oriented Architecture Best Practices. Prentice Hall PTR, Englewood Cliffs (2004)Google Scholar
  2. 2.
    Melzer, I., et al.: Service-orientierte Architekturen mit Web Services. Konzepte – Standards – Praxis, 2nd edn. Spektrum Akademischer Verlag (2007)Google Scholar
  3. 3.
    Papazoglou, M.P.: Service-oriented Computing: Concepts, Characteristics and Directions. In: Proceedings of WISE 2003, pp. 3–12 (2003)Google Scholar
  4. 4.
    Josuttis, N.M.: SOA in Practice: The Art of Distributed System Design. O’Reilly Media, Inc., Sebastopol (2007)Google Scholar
  5. 5.
    Newcomer, E., Lomow, G.: Understanding SOA with Web Services (Independent Technology Guides). Addison-Wesley, Reading (2004)Google Scholar
  6. 6.
    Eckert, C.: IT-Sicherheit: Konzepte – Verfahren – Protokolle. Oldenbourg (2007)Google Scholar
  7. 7.
    Schneier, B.: Secrets and Lies: Digital Security in a Networked World. Wiley, Chichester (2004)Google Scholar
  8. 8.
    Bishop, M.: Computer Security: Art and Science. Addison-Wesley, Reading (2002)Google Scholar
  9. 9.
    Kanneganti, R., Chodavarapu, P.: SOA Security. Manning Publications (2008)Google Scholar
  10. 10.
    Hafner, M., Breu, R.: Security Engineering for Service-Oriented Architectures. Springer, Heidelberg (2008)Google Scholar
  11. 11.
    Bundesamt für Sicherheit in der Informationstechnik: SOA-Security-Kompendium: Sicherheit in Service-orientierten Architekturen (2008)Google Scholar
  12. 12.
    Miede, A., Gottron, C., König, A., Nedyalkov, N., Repp, N., Steinmetz, R.: Cross-organizational Security in Distributed Systems. Technical Report KOM-TR-2009-01, Technische Universität Darmstadt (2009)Google Scholar
  13. 13.
    Erl, T.: Service-Oriented Architecture (SOA): Concepts, Technology, and Design. Prentice Hall PTR, Englewood Cliffs (2005)Google Scholar
  14. 14.
    Schneier, B.: Beyond Fear: Thinking Sensibly About Security in an Uncertain World. Springer, Heidelberg (May 2003)Google Scholar
  15. 15.
    Shirey, R.W.: Security Architecture for Internet Protocols: A Guide for Protocol Designs and Standards. Internet Draft (1994), https://datatracker.ietf.org/drafts/draft-irtf-psrg-secarch-sect1/
  16. 16.
    Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley, Chichester (2008)Google Scholar
  17. 17.
    Ross, R., Swanson, M., Stoneburner, G., Katzke, S., Johnson, A.: Guide for the Security Certification and Accreditation of Federal Information Systems. National Institute of Standards and Technology (NIST) Special Publication 800-37 (2004)Google Scholar
  18. 18.
    Gollmann, D., Massacci, F., Yautsiukhin, A. (eds.): Quality Of Protection: Security Measurements and Metrics. Springer, Heidelberg (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • André Miede
    • 1
  • Nedislav Nedyalkov
    • 1
  • Dieter Schuller
    • 1
  • Nicolas Repp
    • 1
  • Ralf Steinmetz
    • 1
  1. 1.Department of Electrical Engineering & Information TechnologyMultimedia Communications Lab (KOM) – Technische Universität DarmstadtDarmstadtGermany

Personalised recommendations