INTEGRAL SECURITY MODEL FOR THE EXCHANGE OF OBJECTS IN SERVICES ORIENTED ARCHITECTURE

Emilio Rodriguez-Priego, Francisco J. García-Izquierdo

Abstract

Nowadays, security approaches and solutions for SOA focus mainly on messages and data, but they forget the code security (both service code and exchanged code). Moreover, some security aspects (e.g. validity, correctness...) are usually forgotten. We state that any security approach will be incomplete if the security of both data (messages) and code (service code) is not addressed in a general sense. In this paper, we extend a previous approach about securing code in SOA. We analyze general problems related to the exchange of code and state in SOA and in the specific case of Web Services architectures. A new general model of security is presented. This model covers any aspect related to the authorship, distribution, transformation, execution and validation of both code and data.

References

  1. Bhargavan, K., Fournet, C., Gordon, A.D., 2004. Verifying policy-based security for web services. In Proceedings of the 11th ACM conference on Computer and communications security, October 2004
  2. Birman, K.P., 2004. Like it or not, web services are distributed objects. In Communications of the ACM, december 2004
  3. Chang, B-Y. E., Chlipala, A., Necula, G.C., Schneck, R.R:, 2005. The open verifier framework for foundational verifiers. In Proceedings of the 2005 ACM SIGPLAN international workshop on Types in languages design and implementation, January 2005
  4. Claessens, J., Preneel, B., Vandewalle, J., 2003. (How) can mobile agents do secure electronic transactions on untrusted hosts? A survey of the security issues and the current solutions, ACM Transactions on Internet Technology (TOIT), February 2003
  5. European Project, 2006. Security of Software and Services for Mobile Systems,http://www.s3ms.org, March 2006.
  6. Franz, M., Chandra, D., Gal, A., Haldar, V., Reig, F., Wang, N., 2003. A portable Virtual Machine target for Proof-Carrying Code. In Proceedings of the 2003 workshop on Interpreters, virtual machines and emulators, June 2003
  7. Foster, I., Parastatidis, S.,Watson, P., Mckeown, M., 2008. How do I model state?: Let me count the ways. In Communications of the ACM, september 2008.
  8. Gutiérrez, C., Fernández Medina, E. and Piattini, M., 2005. Web Services Enterprise Security Architecture: A Case Study. SWS'05, november 11, 2005
  9. Lange, D.B., Oshima, M., 1999. Seven good reasons for mobile agents”, Communications of the ACM, v.42 n.3, p.88-89, March 1999
  10. Miao, C.,Wei, R., 2003. Secret Sharing for Mobile Agent Cryptography. In Communication Networks and Services Research Conference, Session B
  11. Rodríguez Priego,E., García Izquierdo,F.J., 2007. Securing Code in Services Oriented Architecture, ICWE07. LNCS 4607, pp. 450-555. Springer-Verlag 2007.
  12. Rubin, A.D., Geer Jr., D.E., 1998. Mobile Code Security, IEEE Internet Computing, vol. 02, no. 6, pp. 30-34, Nov/Dec, 1998
  13. Sekar, R., Ramakrishnan, C. R., Ramakrishnan, I. V., Smolka, S. A., 2001. Model-Carrying Code (MCC): a new paradigm for mobile-code security. In Proceedings of the 2001 workshop on New security paradigms, September 2001
  14. Seshadri, A., Luk, M., Perrig, A., van Doorn, L., Khosla, P., 2006. Externally verifiable code execution. In Communications of the ACM, september 2006.
  15. Shamir, A., 1979. How to share a secret. Commun. ACM 22, 11 (Nov. 1979), 612-613
  16. Whitman, M.E., 2003. Enemy At The Gate: Threats To Information Security. In Communications of the ACM, August 2003
  17. OASIS, 2006. Reference Model for SOA v1.0
  18. OASIS, 2008. Reference Architecture for SOA v1.0
  19. Vogels, W., 2003. Web services are not distributed objects. In Internet Computing, Dec. 2003
  20. W3C, 2004. Web Services Architecture
Download


Paper Citation


in Harvard Style

Rodriguez-Priego E. and J. García-Izquierdo F. (2009). INTEGRAL SECURITY MODEL FOR THE EXCHANGE OF OBJECTS IN SERVICES ORIENTED ARCHITECTURE . In Proceedings of the Fifth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-8111-81-4, pages 60-65. DOI: 10.5220/0001838300600065


in Bibtex Style

@conference{webist09,
author={Emilio Rodriguez-Priego and Francisco J. García-Izquierdo},
title={INTEGRAL SECURITY MODEL FOR THE EXCHANGE OF OBJECTS IN SERVICES ORIENTED ARCHITECTURE},
booktitle={Proceedings of the Fifth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2009},
pages={60-65},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001838300600065},
isbn={978-989-8111-81-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Fifth International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - INTEGRAL SECURITY MODEL FOR THE EXCHANGE OF OBJECTS IN SERVICES ORIENTED ARCHITECTURE
SN - 978-989-8111-81-4
AU - Rodriguez-Priego E.
AU - J. García-Izquierdo F.
PY - 2009
SP - 60
EP - 65
DO - 10.5220/0001838300600065