{"title":"Security Evaluation of Service-oriented Systems with an Extensible Knowledge Base","authors":"Christian Jung, M. Rudolph, R. Schwarz","doi":"10.1109/ARES.2011.109","DOIUrl":null,"url":null,"abstract":"Service-oriented software architectures promise enhanced interoperability, reusability, and flexibility for the implementation of business processes. However, assuring the quality of SOA software is challenging due to the distributed, inhomogeneous, and often non-transparent nature of service building blocks. Especially security, which is an overarching quality concern of a system, poses a hard problem for quality assurance in a SOA context. We have developed SiSOA, a method for static security analysis of SOA systems based on reverse-engineering techniques to recover the software architecture and to extract security-related information from available system artifacts. In SiSOA, the extraction and aggregation of security facts is controlled by security rules stored in an extensible knowledge base. In this paper, we describe the structure of the SiSOA knowledge base, its underlying principles, and its role within the SiSOA methodology. We briefly survey our SiSOA prototype tool, and we illustrate the application of knowledge base rules with exemplary security scenarios.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"160 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Sixth International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2011.109","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
Service-oriented software architectures promise enhanced interoperability, reusability, and flexibility for the implementation of business processes. However, assuring the quality of SOA software is challenging due to the distributed, inhomogeneous, and often non-transparent nature of service building blocks. Especially security, which is an overarching quality concern of a system, poses a hard problem for quality assurance in a SOA context. We have developed SiSOA, a method for static security analysis of SOA systems based on reverse-engineering techniques to recover the software architecture and to extract security-related information from available system artifacts. In SiSOA, the extraction and aggregation of security facts is controlled by security rules stored in an extensible knowledge base. In this paper, we describe the structure of the SiSOA knowledge base, its underlying principles, and its role within the SiSOA methodology. We briefly survey our SiSOA prototype tool, and we illustrate the application of knowledge base rules with exemplary security scenarios.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
