By Topic

Security Evaluation of Service-oriented Systems with an Extensible Knowledge Base

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Jung, C. ; Fraunhofer Inst. for Exp. Software Eng. (IESE), Kaiserslautern, Germany ; Rudolph, M. ; Schwarz, R.

Service-oriented software architectures promise enhanced interoperability, reusability, and flexibility for the implementation of business processes. However, assuring the quality of SOA software is challenging due to the distributed, inhomogeneous, and often non-transparent nature of service building blocks. Especially security, which is an overarching quality concern of a system, poses a hard problem for quality assurance in a SOA context. We have developed SiSOA, a method for static security analysis of SOA systems based on reverse-engineering techniques to recover the software architecture and to extract security-related information from available system artifacts. In SiSOA, the extraction and aggregation of security facts is controlled by security rules stored in an extensible knowledge base. In this paper, we describe the structure of the SiSOA knowledge base, its underlying principles, and its role within the SiSOA methodology. We briefly survey our SiSOA prototype tool, and we illustrate the application of knowledge base rules with exemplary security scenarios.

Published in:

Availability, Reliability and Security (ARES), 2011 Sixth International Conference on

Date of Conference:

22-26 Aug. 2011