A Software Engineering Perspective for Services Security
Services are usually developed and deployed independently; and systems can be formed by composing relevant services to achieve set goals. In such an open and dynamic environment, security is of paramount importance. We have seen much work in the traditional area of information and network security, focusing on developing various security techniques. More recently, there have been efforts in integrating the security techniques into languages and infrastructural support that are used for developing services and systems. In fact, the development of services and the composition of service-based systems are software engineering activities. As such, they need to be viewed from a software engineering perspective. In this paper, we introduce an approach to services security engineering, to answer the questions like what the security properties of services and service-based systems are and how they meet the user’s security requirements. It deals with the issues of (1) security property characterisation for services, (2) compositional security analysis for service-based systems, and (3) certification of services.
KeywordsService Composition Security Requirement Service Security Security Property Banking Service
Unable to display preview. Download preview PDF.
- 1.Atkinson, B., et al.: Web services security (WS-Security). Working Group Report, IBM (April 2002), http://www-106.ibm.com/developerworks/webservices/library/ws-secure/
- 2.Common Criteria Project/ISO. Common Criteria for Information Technology Security Evaluation, version 2.1 (ISO/IEC International Standard 15408). NIST, USA and ISO, Switzerland (December 1999), http://csrc.nist.gov/cc/
- 4.Ghosh, A., McGraw, G.: An approach for certifying security in software components. In: Proc. 21st National Information Systems Security Conference (1998)Google Scholar
- 5.Gong, L., Ellison, G., Dageforde, M.: Inside Java 2 Platform Security. Addison-Wesley, Reading (2003)Google Scholar
- 6.Han, J.: A comprehensive interface definition framework for software components. In: Proc. 1998 Asia-Pacific Software Engineering Conference, pp. 110–117 (1998)Google Scholar
- 8.IEEE. Special issue on building software securely. IEEE Software 19(1) (2002) Google Scholar
- 10.Khan, K., Han, J.: A security characterisation framework for trustworthy component based software systems. In: Proc. 27th Annual International Computer Software and Applications Conference, pp. 164–169 (2003)Google Scholar
- 11.Sewell, P., Vitek, J.: Secure composition of insecure components. In: Proc. 12th IEEE Computer Security Foundations Workshop, pp. 136–150 (1999)Google Scholar
- 12.Voas, J.: The challenges of using COTS software in component-based development. IEEE Computer, 44–45 (1998)Google Scholar