A Software Engineering Perspective for Services Security

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3252)


Services are usually developed and deployed independently; and systems can be formed by composing relevant services to achieve set goals. In such an open and dynamic environment, security is of paramount importance. We have seen much work in the traditional area of information and network security, focusing on developing various security techniques. More recently, there have been efforts in integrating the security techniques into languages and infrastructural support that are used for developing services and systems. In fact, the development of services and the composition of service-based systems are software engineering activities. As such, they need to be viewed from a software engineering perspective. In this paper, we introduce an approach to services security engineering, to answer the questions like what the security properties of services and service-based systems are and how they meet the user’s security requirements. It deals with the issues of (1) security property characterisation for services, (2) compositional security analysis for service-based systems, and (3) certification of services.


Service Composition Security Requirement Service Security Security Property Banking Service 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Atkinson, B., et al.: Web services security (WS-Security). Working Group Report, IBM (April 2002),
  2. 2.
    Common Criteria Project/ISO. Common Criteria for Information Technology Security Evaluation, version 2.1 (ISO/IEC International Standard 15408). NIST, USA and ISO, Switzerland (December 1999),
  3. 3.
    Ghosh, A., Howell, C., Whittaker, J.A.: Building software securely from the ground up. IEEE Software 19(1), 14–16 (2002)CrossRefGoogle Scholar
  4. 4.
    Ghosh, A., McGraw, G.: An approach for certifying security in software components. In: Proc. 21st National Information Systems Security Conference (1998)Google Scholar
  5. 5.
    Gong, L., Ellison, G., Dageforde, M.: Inside Java 2 Platform Security. Addison-Wesley, Reading (2003)Google Scholar
  6. 6.
    Han, J.: A comprehensive interface definition framework for software components. In: Proc. 1998 Asia-Pacific Software Engineering Conference, pp. 110–117 (1998)Google Scholar
  7. 7.
    Hopkins, J.: Component primer. Communications of the ACM 43(10), 27–30 (2000)CrossRefGoogle Scholar
  8. 8.
    IEEE. Special issue on building software securely. IEEE Software 19(1) (2002) Google Scholar
  9. 9.
    Khan, K., Han, J.: Security aware software composition. IEEE Software 19(1), 34–41 (2002)CrossRefGoogle Scholar
  10. 10.
    Khan, K., Han, J.: A security characterisation framework for trustworthy component based software systems. In: Proc. 27th Annual International Computer Software and Applications Conference, pp. 164–169 (2003)Google Scholar
  11. 11.
    Sewell, P., Vitek, J.: Secure composition of insecure components. In: Proc. 12th IEEE Computer Security Foundations Workshop, pp. 136–150 (1999)Google Scholar
  12. 12.
    Voas, J.: The challenges of using COTS software in component-based development. IEEE Computer, 44–45 (1998)Google Scholar
  13. 13.
    Voas, J.: Certifying software for high-assurance environments. IEEE Software (4), 48–54 (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Jun Han
    • 1
  1. 1.School of Information TechnologySwinburne University of TechnologyHawthornAustralia

Personalised recommendations