Skip to main content
SpringerLink
Log in

Aligning Service-Oriented Architectures with Security Requirements

  • Conference paper
On the Move to Meaningful Internet Systems: OTM 2012 (OTM 2012)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7565))

Abstract

Aligning requirements and architectures is a long-standing concern in software engineering. Alignment is crucial in the area of systems evolution, wherein requirements and system architectures keep changing after system deployment. We address a specific alignment problem, namely, checking the compliance of a service-oriented architecture—representing a composite service—with security requirements. Service-oriented architectures are dynamic (services can be replaced on-the-fly), and assessing compliance with security requirements is key, since non-compliance may lead to sanctions as well as privacy violation. After motivating and describing the problem, we propose algorithms to check two specific security requirements: non-disclosure and non-repudiation. We illustrate the approach using an e-government scenario.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Barais, O., Le Meur, A.F., Duchien, L., Lawall, J.: Software Architecture Evolution. In: Mens, T., Demeyer, S. (eds.) Software Evolution. LNCS, pp. 233–262. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  2. Bastos, L.R.D., Castro, J.F.B.: Systematic Integration Between Requirements and Architecture. In: Choren, R., Garcia, A., Lucena, C., Romanovsky, A. (eds.) SELMAS 2004. LNCS, vol. 3390, pp. 85–103. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  3. Casati, F., Ilnicki, S., Jin, L., Krishnamoorthy, V., Shan, M.-C.: Adaptive and Dynamic Service Composition in eFlow. In: Wangler, B., Bergman, L.D. (eds.) CAiSE 2000. LNCS, vol. 1789, pp. 13–31. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  4. Crook, R., Ince, D., Lin, L., Nuseibeh, B.: Security Requirements Engineering: When Anti-Requirements Hit the Fan. In: Proc. of RE 2002, pp. 203–205. IEEE (2002)

    Google Scholar 

  5. Dalpiaz, F., Paja, E., Giorgini, P.: Security Requirements Engineering via Commitments. In: Proc. of STAST 2011 (2011)

    Google Scholar 

  6. Garg, A., Curtis, J., Halper, H.: Quantifying the Financial Impact of IT Security Breaches. Information Management & Computer Security 11(2), 74–83 (2003)

    Article  Google Scholar 

  7. Ghanavati, S., Amyot, D., Peyton, L.: Compliance Analysis Based on a Goal-oriented Requirement Language Evaluation Methodology. In: Proc. of RE 2009, pp. 133–142 (2009)

    Google Scholar 

  8. Ghose, A., Koliadis, G.: Auditing Business Process Compliance. In: Krämer, B.J., Lin, K.-J., Narasimhan, P. (eds.) ICSOC 2007. LNCS, vol. 4749, pp. 169–180. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  9. Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling Security Requirements through Ownership, Permission and Delegation. In: Proc. of RE 2005, pp. 167–176. IEEE (2005)

    Google Scholar 

  10. Hall, J.G., Jackson, M., Laney, R.C., Nuseibeh, B., Rapanotti, L.: Relating Software Requirements and Architectures using Problem Frames. In: Proc. of RE 2002, pp. 137–144. IEEE (2002)

    Google Scholar 

  11. Harker, S.D.P., Eason, K.D., Dobson, J.E.: The Change and Evolution of Requirements as a Challenge to the Practice of Software Engineering. In: Proc. of RE 1993, pp. 266–272. IEEE (1993)

    Google Scholar 

  12. Julisch, K.: Security Compliance: the Next Frontier in Security Research. In: Proc. of the 2008 Workshop on New Security Paradigms, pp. 71–74. ACM (2008)

    Google Scholar 

  13. Liu, Y., Müller, S., Xu, K.: A Static Compliance-Checking Framework for Business Process Models. IBM Systems Journal 46(2), 335–361 (2007)

    Article  Google Scholar 

  14. McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In: Proc. of ACSAC 1999, pp. 55–64. IEEE (1999)

    Google Scholar 

  15. Mouratidis, H., Giorgini, P.: Secure Tropos: A Security-Oriented Extension of the Tropos methodology. International Journal of Software Engineering and Knowledge Engineering 17(2), 285–309 (2007)

    Article  Google Scholar 

  16. Nuseibeh, B.: Weaving together requirements and architectures. Computer 34(3), 115–119 (2001)

    Article  Google Scholar 

  17. Nuseibeh, B., Easterbrook, S.: Requirements Engineering: a Roadmap. In: Proc. of FOSE 2000, pp. 35–46. ACM (2000)

    Google Scholar 

  18. Rodríguez, A., Fernández-Medina, E., Piattini, M.: A BPMN Extension for the Modeling of Security requirements in Business Processes. IEICE Transactions on Information and Systems 90(4), 745–752 (2007)

    Article  Google Scholar 

  19. Sindre, G., Opdahl, A.L.: Eliciting Security Requirements with Misuse Cases. Requirements Engineering 10(1), 34–44 (2005)

    Article  Google Scholar 

  20. Singh, M.P.: An Ontology for Commitments in Multiagent Systems: Toward a Unification of Normative Concepts. Artificial Intelligence and Law 7(1), 97–113 (1999)

    Article  Google Scholar 

  21. Siponen, M., Pahnila, S., Adam Mahmood, M.: Compliance with Information Security Policies: An Empirical Investigation. Computer 43, 64–71 (2010)

    Article  Google Scholar 

  22. van Lamsweerde, A.: Requirements Engineering in the Year 2000: A Research Perspective. In: Proc. of ICSE 2000, pp. 5–19 (2000)

    Google Scholar 

  23. van Lamsweerde, A.: From System Goals to Software Architecture. In: Bernardo, M., Inverardi, P. (eds.) SFM 2003. LNCS, vol. 2804, pp. 25–43. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  24. van Lamsweerde, A.: Elaborating Security Requirements by Construction of Intentional Anti-Models. In: Proc. of ICSE 2004, pp. 148–157. IEEE (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Trento, Italy

    Mattia Salnitri, Fabiano Dalpiaz & Paolo Giorgini

Authors
  1. Mattia Salnitri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabiano Dalpiaz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paolo Giorgini
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Semantic Technology and Application Research Laboratory (STARLab), Vrije Universiteit Brussel, Building G-10, Pleinlaan 2, 1050, Brussels, Belgium

    Robert Meersman

  2. Research Centre for Automatic Control, School of Engineering in Information Technology, University of Lorraine, CNRS, Campus scientifique, BP 70239, 54506, Vandoeuvre-les-Nancy, France

    Hervé Panetto

  3. La Trobe University, Melbourne, VIC, Australia

    Tharam Dillon

  4. Faculty of Computer Science, University of Vienna, 1010, Vienna, Austria

    Stefanie Rinderle-Ma

  5. Institute of Databases and Information Systems, Ulm University, Germany

    Peter Dadam

  6. School of Information Technology and Electrical Engineering, University of Queensland, 4072, Brisbane, QLD, Australia

    Xiaofang Zhou

  7. HP Labs, Bristol, UK

    Siani Pearson

  8. Johannes Kepler University, Linz, Austria

    Alois Ferscha

  9. Università di Modena e Reggio Emilia, Modena, Italy

    Sonia Bergamaschi

  10. ADVIS Lab, Department of Computer Science, University of Illinois at Chicago, Chicago, IL, USA

    Isabel F. Cruz

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Salnitri, M., Dalpiaz, F., Giorgini, P. (2012). Aligning Service-Oriented Architectures with Security Requirements. In: Meersman, R., et al. On the Move to Meaningful Internet Systems: OTM 2012. OTM 2012. Lecture Notes in Computer Science, vol 7565. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33606-5_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33606-5_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33605-8

  • Online ISBN: 978-3-642-33606-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation