An Analysis of Application Level Security in Service Oriented Architecture

Full Text (PDF, 206KB), PP.27-32

Views: 0 Downloads: 0

Author(s)

Said Nabi 1,* M. N. A. Khan 1

1. Shaheed Zulifikar Ali Bhutto Institute of Science and Technology (SZABIST), Islamabad, Pakistan

* Corresponding author.

DOI: https://doi.org/10.5815/ijmecs.2014.02.04

Received: 12 Nov. 2013 / Revised: 5 Dec. 2013 / Accepted: 10 Jan. 2014 / Published: 8 Feb. 2014

Index Terms

Application Security, Cloud Computing, Service Oriented Architecture, SDLC, Agile Software Development

Abstract

In computing, the software elements like objects and components emphasize on reusability using design tools of abstraction and separation of concerns. Software architecture has appeared as an initial idea to develop huge, complicated and heterogeneous distributed systems successfully. Service Oriented Architecture (SOA) combines services together to make systems having a greater impact on the way software systems are developed. SOA addresses the need of standards-based, loosely connected, and distributed computing which is protocol independent. It is not easy to ensure the secure transaction of data, where the movement of data occurs through loosely connected services. A number of techniques have been proposed in the contemporary literature to guide the SOA implementation in distributed system. These techniques offer certain benefits, but pose some challenges alongside such as the use of meta-data as framework and standard, contract documents, security patterns and security adviser, etc. The objective of this research is to provide a comprehensive analysis of various approaches used to provide application level security to the web services in SOA. These approaches have been compared based on a number of parameters. In addition, we critically evaluate different security methods used in SOA. The study also discusses some future directions in this domain.

Cite This Paper

Said Nabi, M. N. A. Khan, "An Analysis of Application Level Security in Service Oriented Architecture", International Journal of Modern Education and Computer Science (IJMECS), vol.6, no.2, pp. 27-32, 2014. DOI:10.5815/ijmecs.2014.02.04

Reference

[1]A. Chakraborty, M. K. Baowaly, A. Arefin, A. N. Bahar. The Role of Requirement Engineering in Software Development Life Cycle, Journal of Emerging Trends in Computing and Information Sciences, ISSN: 2079-8407, Vol. 3, No. 5, pp: 723-729, 2012.
[2]P. Kruchten The 4+ 1 view model of architecture. Software, IEEE, 12(6), 42-50, 1995.
[3]D. Garlan, & M. Shaw, “An introduction to software architecture,” 1994.
[4]N. A. Delessy, A Pattern-Driven Process for Secure Service-Oriented. In Workshop on Security in Object-oriented Systems, Florida Atlantic University. Vol. 70, p. 79, 2008.
[5]D. T. Sanders, J. A. Hamilton Jr,., & R. A. MacDonald, “Supporting a service-oriented architecture, “Proceedings of the 2008 Spring simulation multiconference. Society for Computer Simulation International, 2008.
[6]A. Arsanjani,” Service-oriented modeling and architecture,” http://www.ibm.com/developerworks/ webservices/ library/ws-soa-design1, 2004.
[7]T. Imamura M. Tatsubori Y. Nakamura, C. Giblin, “Web Services Security Configuration in a Service-Oriented Architecture,n” WWW, pp. 1120-1121.ACM, 2005.
[8]Y. Baghdadi, “A metadata for Web services architecture: A framework for service- oriented software development,” GCC Conference & Exhibition, 2009 5th IEEE Issue, On page(s): 1 – 6. March 2009.
[9]J. Chetty, M. Coetzee, “Towards An Information Security Framework For Service-oriented Architecture,” IEEE 2010.
[10]N. Delessy and E. B. Fernandez. “A pattern-driven security process for SOA applications,” Proceedings of the 3rd Int. Conf. on Availability, Reliability, and Security (ARES 2008).Barcelona, Spain, 2008.
[11]M. Schnjakin, M. Menzel, and C. Meinel. “A pattern-driven security advisor for service- oriented architectures,” Pro 6th Workshop SWS (in conjunction with 16th ACM CCS), ACM Press, Chicago, USA, pages 13–20, 2009.
[12]T. Pandey, D.S. Kushwaha, B. Singh, Authentication and billing framework for service oriented architecture, in Proc. Int. Conference on Systems, (ICONS 09), pp.91–95, 2009.
[13]N. A. Delessy, E. B.Fernandez, & M. M. Larrondo-Petrie, “A pattern language for identity management,” In Computing in the Global Information Technology (ICCGI), International Multi-Conference on (pp. 31-31), IEEE, 2007.
[14]J. Chetty & M. Coetzee, “Evaluating Information Security Controls Applied By Service-oriented Architecture Governance Frameworks,” ISSA2009.
[15]N. Sidharth and J. Liu, “IAPF: A framework for enhancing web services security,” in 31st Annual International Computer Software and Applications Conference (COMPSAC), Beijing, China, pp. 23–30, 2007.
[16]A. Dikanski and S. Abeck, “A View-based Approach for Service-Oriented Security Architecture Specification,” in The Sixth International Conference on Internet and Web Applications and Services, St. Maarten, The Netherland Antilles, 2011.
[17]J. R. Nurse and J. E. Sinclair, “BOF4WSS: A Business-Oriented Framework for Enhancing Web Services Security for e-Business,” in 4th International Conference on Internet and Web Applications and Services (ICIW). IEEE Computer Society, pp. 286–291, 2009.
[18]M. Menzel and C. Meinel. “A security meta-model for service-oriented architectures,” In Proc. SCC, 2009.
[19]Amir, M., Khan, K., Khan, A., & Khan, M. N. A. (2013). An Appraisal of Agile Software Development Process. International Journal of Advanced Science & Technology, 58.
[20]Mahmood, A., Ibrahim, M., & Khan, M. N. A. (2013). Service Composition in the Context of Service Oriented Architecture. Middle East Journal of Scientific Research, 15(11).
[21]Khalid, M., ul Haq, S., & Khan, M. N. A. (2013). An Assessment of Extreme Programming Based Requirement Engineering Process. International Journal of Modern Education and Computer Science (IJMECS), 5(2), 41.
[22]ul Haq, S., Raza, M., Zia, A., & Khan, M. N. A. (2011). Issues in Global Software Development: A Critical Review. JSEA, 4(10), 590-595.
[23]Ur Rehman, T., Khan, M. N. A., & Riaz, N. (2013). Analysis of Requirement Engineering Processes, Tools/Techniques and Methodologies. International Journal of Information Technology and Computer Science (IJITCS), 5(3), 40.
[24]T. Schummer and S. Lukosch, ―Supporting the Social Practices of Distributed Pair Programming, CRIWG, LNCS 5411, pp. 83–98, Springer-Verlag Berlin Heidelberg. (2008).
[25]Khan, M. N. A., Khalid, M., & ul Haq, S. (2013). Review of Requirements Management Issues in Software Development. International Journal of Modern Education and Computer Science (IJMECS), 5(1), 21.