Welcome to the InfoSci Platform
Security Evaluation of Service-Oriented Systems Using the SiSOA Method

Security Evaluation of Service-Oriented Systems Using the SiSOA Method

Christian Jung, Manuel Rudolph, Reinhard Schwarz
Copyright: © 2013 |Pages: 16
ISBN13: 9781466624825|ISBN10: 1466624825|EISBN13: 9781466624832
DOI: 10.4018/978-1-4666-2482-5.ch002
Cite Chapter Cite Chapter

MLA

Jung, Christian, et al. "Security Evaluation of Service-Oriented Systems Using the SiSOA Method." Developing and Evaluating Security-Aware Software Systems, edited by Khaled M. Khan, IGI Global, 2013, pp. 20-35. https://doi.org/10.4018/978-1-4666-2482-5.ch002

APA

Jung, C., Rudolph, M., & Schwarz, R. (2013). Security Evaluation of Service-Oriented Systems Using the SiSOA Method. In K. Khan (Ed.), Developing and Evaluating Security-Aware Software Systems (pp. 20-35). IGI Global. https://doi.org/10.4018/978-1-4666-2482-5.ch002

Chicago

Jung, Christian, Manuel Rudolph, and Reinhard Schwarz. "Security Evaluation of Service-Oriented Systems Using the SiSOA Method." In Developing and Evaluating Security-Aware Software Systems, edited by Khaled M. Khan, 20-35. Hershey, PA: IGI Global, 2013. https://doi.org/10.4018/978-1-4666-2482-5.ch002

Export Reference

Mendeley
Favorite

Abstract

The Service-Oriented Architecture paradigm (SOA) is commonly applied for the implementation of complex, distributed business processes. The service-oriented approach promises higher flexibility, interoperability and reusability of the IT infrastructure. However, evaluating the quality attribute security of such complex SOA configurations is not sufficiently mastered yet. To tackle this complex problem, the authors developed a method for evaluating the security of existing service-oriented systems on the architectural level. The method is based on recovering security-relevant facts about the system by using reverse engineering techniques and subsequently providing automated support for further interactive security analysis at the structural level. By using generic, system-independent indicators and a knowledge base, the method is not limited to a specific programming language or technology. Therefore, the method can be applied to various systems and adapt it to specific evaluation needs. The paper describes the general structure of the method, the knowledge base, and presents an instantiation aligned to the Service Component Architecture (SCA) specification.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.