Towards security awareness in designing service-oriented architectures

Pascal Bou Nassar; Youakim Badr; Frédérique Biennier; Kablan Barbar

Towards security awareness in designing service-oriented architectures

Pascal Bou Nassar, Youakim Badr, Frédérique Biennier, Kablan Barbar

Engineering Division (Great Valley)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Many information security approaches deal with service-oriented architectures by focusing on security policies, requirements and technical implementation during service design, specification and implementation phases. Nevertheless, service-oriented architectures are increasingly deployed in open, distributed and dynamic environments, which particularly require an end-to-end security at each phase of the service's lifecycle. Moreover, the security should not only focus on services without considering the risks and threats that might be caused by elements from business activities or underlying hardware and software infrastructure. In this paper, we develop a model highlighting the dependency between elements at business, service and infrastructure levels, defining the design context. In addition, we develop a holistic approach to define a security conceptual model, including services, security risks and security policies and guides all phases in a typical design method for service-oriented architectures.

Original language	English (US)
Title of host publication	ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems
Pages	347-355
Number of pages	9
State	Published - 2013
Event	15th International Conference on Enterprise Information Systems, ICEIS 2013 - Angers, France Duration: Jul 4 2013 → Jul 7 2013

Publication series

Name	ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems
Volume	3

Other

Other	15th International Conference on Enterprise Information Systems, ICEIS 2013
Country/Territory	France
City	Angers
Period	7/4/13 → 7/7/13

All Science Journal Classification (ASJC) codes

Information Systems
Information Systems and Management

Cite this

@inproceedings{ec608b68001340bea36ce7e54349e7b9,

title = "Towards security awareness in designing service-oriented architectures",

abstract = "Many information security approaches deal with service-oriented architectures by focusing on security policies, requirements and technical implementation during service design, specification and implementation phases. Nevertheless, service-oriented architectures are increasingly deployed in open, distributed and dynamic environments, which particularly require an end-to-end security at each phase of the service's lifecycle. Moreover, the security should not only focus on services without considering the risks and threats that might be caused by elements from business activities or underlying hardware and software infrastructure. In this paper, we develop a model highlighting the dependency between elements at business, service and infrastructure levels, defining the design context. In addition, we develop a holistic approach to define a security conceptual model, including services, security risks and security policies and guides all phases in a typical design method for service-oriented architectures.",

author = "Nassar, {Pascal Bou} and Youakim Badr and Fr{\'e}d{\'e}rique Biennier and Kablan Barbar",

year = "2013",

language = "English (US)",

isbn = "9789898565617",

series = "ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems",

pages = "347--355",

booktitle = "ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems",

note = "15th International Conference on Enterprise Information Systems, ICEIS 2013 ; Conference date: 04-07-2013 Through 07-07-2013",

}

Nassar, PB, Badr, Y, Biennier, F & Barbar, K 2013, Towards security awareness in designing service-oriented architectures. in ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems. ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems, vol. 3, pp. 347-355, 15th International Conference on Enterprise Information Systems, ICEIS 2013, Angers, France, 7/4/13.

Towards security awareness in designing service-oriented architectures. / Nassar, Pascal Bou; Badr, Youakim; Biennier, Frédérique et al.
ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems. 2013. p. 347-355 (ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems; Vol. 3).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Towards security awareness in designing service-oriented architectures

AU - Nassar, Pascal Bou

AU - Badr, Youakim

AU - Biennier, Frédérique

AU - Barbar, Kablan

PY - 2013

Y1 - 2013

N2 - Many information security approaches deal with service-oriented architectures by focusing on security policies, requirements and technical implementation during service design, specification and implementation phases. Nevertheless, service-oriented architectures are increasingly deployed in open, distributed and dynamic environments, which particularly require an end-to-end security at each phase of the service's lifecycle. Moreover, the security should not only focus on services without considering the risks and threats that might be caused by elements from business activities or underlying hardware and software infrastructure. In this paper, we develop a model highlighting the dependency between elements at business, service and infrastructure levels, defining the design context. In addition, we develop a holistic approach to define a security conceptual model, including services, security risks and security policies and guides all phases in a typical design method for service-oriented architectures.

AB - Many information security approaches deal with service-oriented architectures by focusing on security policies, requirements and technical implementation during service design, specification and implementation phases. Nevertheless, service-oriented architectures are increasingly deployed in open, distributed and dynamic environments, which particularly require an end-to-end security at each phase of the service's lifecycle. Moreover, the security should not only focus on services without considering the risks and threats that might be caused by elements from business activities or underlying hardware and software infrastructure. In this paper, we develop a model highlighting the dependency between elements at business, service and infrastructure levels, defining the design context. In addition, we develop a holistic approach to define a security conceptual model, including services, security risks and security policies and guides all phases in a typical design method for service-oriented architectures.

UR - http://www.scopus.com/inward/record.url?scp=84887717994&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84887717994&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84887717994

SN - 9789898565617

T3 - ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems

SP - 347

EP - 355

BT - ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems

T2 - 15th International Conference on Enterprise Information Systems, ICEIS 2013

Y2 - 4 July 2013 through 7 July 2013

ER -

Towards security awareness in designing service-oriented architectures

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Other files and links

Fingerprint

Cite this