Towards security awareness in designing service-oriented architectures

Pascal Bou Nassar, Youakim Badr, Frédérique Biennier, Kablan Barbar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Many information security approaches deal with service-oriented architectures by focusing on security policies, requirements and technical implementation during service design, specification and implementation phases. Nevertheless, service-oriented architectures are increasingly deployed in open, distributed and dynamic environments, which particularly require an end-to-end security at each phase of the service's lifecycle. Moreover, the security should not only focus on services without considering the risks and threats that might be caused by elements from business activities or underlying hardware and software infrastructure. In this paper, we develop a model highlighting the dependency between elements at business, service and infrastructure levels, defining the design context. In addition, we develop a holistic approach to define a security conceptual model, including services, security risks and security policies and guides all phases in a typical design method for service-oriented architectures.

Original languageEnglish (US)
Title of host publicationICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems
Pages347-355
Number of pages9
StatePublished - Nov 21 2013
Event15th International Conference on Enterprise Information Systems, ICEIS 2013 - Angers, France
Duration: Jul 4 2013Jul 7 2013

Publication series

NameICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems
Volume3

Other

Other15th International Conference on Enterprise Information Systems, ICEIS 2013
CountryFrance
CityAngers
Period7/4/137/7/13

Fingerprint

Service oriented architecture (SOA)
Security of data
Industry
Specifications
Hardware
Service-oriented architecture
Security policy

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Information Systems and Management

Cite this

Nassar, P. B., Badr, Y., Biennier, F., & Barbar, K. (2013). Towards security awareness in designing service-oriented architectures. In ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems (pp. 347-355). (ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems; Vol. 3).
Nassar, Pascal Bou ; Badr, Youakim ; Biennier, Frédérique ; Barbar, Kablan. / Towards security awareness in designing service-oriented architectures. ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems. 2013. pp. 347-355 (ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems).
@inproceedings{ec608b68001340bea36ce7e54349e7b9,
title = "Towards security awareness in designing service-oriented architectures",
abstract = "Many information security approaches deal with service-oriented architectures by focusing on security policies, requirements and technical implementation during service design, specification and implementation phases. Nevertheless, service-oriented architectures are increasingly deployed in open, distributed and dynamic environments, which particularly require an end-to-end security at each phase of the service's lifecycle. Moreover, the security should not only focus on services without considering the risks and threats that might be caused by elements from business activities or underlying hardware and software infrastructure. In this paper, we develop a model highlighting the dependency between elements at business, service and infrastructure levels, defining the design context. In addition, we develop a holistic approach to define a security conceptual model, including services, security risks and security policies and guides all phases in a typical design method for service-oriented architectures.",
author = "Nassar, {Pascal Bou} and Youakim Badr and Fr{\'e}d{\'e}rique Biennier and Kablan Barbar",
year = "2013",
month = "11",
day = "21",
language = "English (US)",
isbn = "9789898565617",
series = "ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems",
pages = "347--355",
booktitle = "ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems",

}

Nassar, PB, Badr, Y, Biennier, F & Barbar, K 2013, Towards security awareness in designing service-oriented architectures. in ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems. ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems, vol. 3, pp. 347-355, 15th International Conference on Enterprise Information Systems, ICEIS 2013, Angers, France, 7/4/13.

Towards security awareness in designing service-oriented architectures. / Nassar, Pascal Bou; Badr, Youakim; Biennier, Frédérique; Barbar, Kablan.

ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems. 2013. p. 347-355 (ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems; Vol. 3).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Towards security awareness in designing service-oriented architectures

AU - Nassar, Pascal Bou

AU - Badr, Youakim

AU - Biennier, Frédérique

AU - Barbar, Kablan

PY - 2013/11/21

Y1 - 2013/11/21

N2 - Many information security approaches deal with service-oriented architectures by focusing on security policies, requirements and technical implementation during service design, specification and implementation phases. Nevertheless, service-oriented architectures are increasingly deployed in open, distributed and dynamic environments, which particularly require an end-to-end security at each phase of the service's lifecycle. Moreover, the security should not only focus on services without considering the risks and threats that might be caused by elements from business activities or underlying hardware and software infrastructure. In this paper, we develop a model highlighting the dependency between elements at business, service and infrastructure levels, defining the design context. In addition, we develop a holistic approach to define a security conceptual model, including services, security risks and security policies and guides all phases in a typical design method for service-oriented architectures.

AB - Many information security approaches deal with service-oriented architectures by focusing on security policies, requirements and technical implementation during service design, specification and implementation phases. Nevertheless, service-oriented architectures are increasingly deployed in open, distributed and dynamic environments, which particularly require an end-to-end security at each phase of the service's lifecycle. Moreover, the security should not only focus on services without considering the risks and threats that might be caused by elements from business activities or underlying hardware and software infrastructure. In this paper, we develop a model highlighting the dependency between elements at business, service and infrastructure levels, defining the design context. In addition, we develop a holistic approach to define a security conceptual model, including services, security risks and security policies and guides all phases in a typical design method for service-oriented architectures.

UR - http://www.scopus.com/inward/record.url?scp=84887717994&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84887717994&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84887717994

SN - 9789898565617

T3 - ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems

SP - 347

EP - 355

BT - ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems

ER -

Nassar PB, Badr Y, Biennier F, Barbar K. Towards security awareness in designing service-oriented architectures. In ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems. 2013. p. 347-355. (ICEIS 2013 - Proceedings of the 15th International Conference on Enterprise Information Systems).