Abstract
SOA proposed security mechanisms are only centered in the data transmitted between service provider and consumer. However, it’s well known that the biggest threats to the integrity of the information are precisely focused not on the data directly but on the code that manages it. Our main statement is that it will only be possible to reach an acceptable level of security if the protection mechanisms cover not only the data but also the code that process these data. In this paper we present a new approach about mobile code security based on the Services Oriented Architecture Reference Model and Web Services technology. This new model allows the development of systems with end-to-end security, where all elements (code and data) are secure.
Chapter PDF
Similar content being viewed by others
References
Web Services Architecture (February 2004), http://www.w3.org/TR/ws-arch/
Reference Model for Service Oriented Architecture v1.0 (October 2006), http://docs.oasis-open.org/soa-rm/v1.0/soa-rm.pdf
Seshadri, A., Luk, M., Perrig, A., van Doorn, L., Khosla, P.: Externally verifiable code execution. Communications of the ACM (September 2006)
Franz, M., Chandra, D., Gal, A., Haldar, V., Reig, F., Wang, N.: A portable Virtual Machine target for Proof-Carrying Code. In: Proceedings of the 2003 workshop on Interpreters, virtual machines and emulators (June 2003)
Yau, S.S., Prasad, A., Zhou, X.: An Object-Oriented Approach to Containing Mobile and Active Codes in Large-Scale Networks, words. In: Fourth International Workshop on Object-Oriented Real-Time Dependable Systems (WORDS’99) (1999)
Claessens, J., Preneel, B., Vandewalle, J.: How can mobile agents do secure electronic transactions on untrusted hosts? A survey of the security issues and the current solutions, ACM Transactions on Internet Technology (TOIT) (February 2003)
Sekar, R., Ramakrishnan, C.R., Ramakrishnan, I.V., Smolka, S.A.: Model-Carrying Code (MCC): a new paradigm for mobile-code security. In: Proceedings of the 2001 workshop on New security paradigms (September 2001)
Whitman, M.E.: Enemy At The Gate: Threats To Information Security. Communications of the ACM (August 2003)
Sima, C.: Are your web applications vulnerable? (October 2004), http://www.securitydocs.com
Security of Software and Services for Mobile Systems (March 2006), http://www.s3ms.org
SENSORIA (October 2004), http://sensoria.fast.de/
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rodriguez Priego, E., García, F.J. (2007). Securing Code in Services Oriented Architecture. In: Baresi, L., Fraternali, P., Houben, GJ. (eds) Web Engineering. ICWE 2007. Lecture Notes in Computer Science, vol 4607. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73597-7_53
Download citation
DOI: https://doi.org/10.1007/978-3-540-73597-7_53
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73596-0
Online ISBN: 978-3-540-73597-7
eBook Packages: Computer ScienceComputer Science (R0)