Abstract
The problem of assessing security mechanisms in dynamic service-oriented architectures remains open. Assessment is particularly important in outsourcing scenarios to provide evidence on how policies across different providers are complied with. This evidence is essential to provide assurance to enterprise management that contractual agreements are satisfied, and if they are not, to what extend and in what conditions. The problem of assessing compliance with rules and regulations is difficult to solve, for several reasons. First, SOA are highly dynamic and distributed, which makes it difficult to monitor and aggregate evidence from different locations of interest. Second, the complexity of the requirements in the policies makes it difficult to associate these requirements with meaningful evidence. The reason is that high-level requirements may require evidence the collection of which needs to be broken down into low level evidence (i.e. operating system logs) that business constraints are satisfied as the application is running.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Crispo, B., Gheorghe, G., Di Giacomo, V., Presenza, D. (2010). MASTER as a Security Management Tool for Policy Compliance. In: Di Nitto, E., Yahyapour, R. (eds) Towards a Service-Based Internet. ServiceWave 2010. Lecture Notes in Computer Science, vol 6481. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17694-4_29
Download citation
DOI: https://doi.org/10.1007/978-3-642-17694-4_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17693-7
Online ISBN: 978-3-642-17694-4
eBook Packages: Computer ScienceComputer Science (R0)