A pattern-driven process for secure service-oriented applications.Report as inadecuate


 A pattern-driven process for secure service-oriented applications.


A pattern-driven process for secure service-oriented applications. - Download this document for free, or read online. Document in PDF available to download.



Type of Resource: text

Genre: Electronic Thesis or Dissertation

Issuance: monographic

Date Issued: 2008

Publisher: Florida Atlantic University

Physical Form: electronic

Extent: xiv, 234 p. : ill. (some col.).

Language(s): English

Summary: During the last few years, Service-Oriented Architecture (SOA) has been considered to be the new phase in the evolution of distributed enterprise applications. Even though there is a common acceptance of this concept, a real problem hinders the widespread use of SOA : A methodology to design and build secure service-oriented applications is needed. In this dissertation, we design a novel process to secure service-oriented applications. Our contribution is original not only because it applies the MDA approach to the design of service-oriented applications but also because it allows their securing by dynamically applying security patterns throughout the whole process. Security patterns capture security knowledge and describe security mechanisms. In our process, we present a structured map of security patterns for SOA and web services and its corresponding catalog. At the different steps of a software lifecycle, the architect or designer needs to make some security decisions.

Summary: An approach using a decision tree made of security pattern nodes is proposed to help making these choices. We show how to extract a decision tree from our map of security patterns. Model-Driven Architecture (MDA) is an approach which promotes the systematic use of models during a system's development lifecycle. In the dissertation we describe a chain of transformations necessary to obtain secure models of the service-oriented application. A main benefit of this process is that it decouples the application domain expertise from the security expertise that are both needed to build a secure application. Security knowledge is captured by pre-defined security patterns, their selection is rendered easier by using the decision trees and their application can be automated. A consequence is that the inclusion of security during the software development process becomes more convenient for the architects/designers.

Summary: A second benefit is that the insertion of security is semi-automated and traceable. Thus, the process is flexible and can easily adapt to changing requirements. Given that SOA was developed in order to provide enterprises with modular, reusable and adaptable architectures, but that security was the principal factor that hindered its use, we believe that our process can act as an enabler for service-oriented applications.

Identifier: 231744935 (oclc), 58003 (digitool), FADT58003 (IID), fau:4289 (fedora)

Note(s): by Nelly A. Delessy.Thesis (Ph.D.)--Florida Atlantic University, 2008.Includes bibliography.Electronic reproduction. Boca Raton, FL : 2008 Mode of access: World Wide Web.

Subject(s): Computer network architecturesWeb servers -- ManagementSoftware engineeringExpert systems (Computer science)

Held by: FBoU FAUER

Persistent Link to This Record: http://purl.flvc.org/FAU/58003

Owner Institution: FAU



Author: Delessy, Nelly A. Florida Atlantic University College of Engineering and Computer Science

Source: http://fau.digital.flvc.org/islandora/object/fau%3A4289



DOWNLOAD PDF




Related documents