Towards Security Awareness in Designing Service-oriented Architectures

Pascal Bou Nassar, Youakim Badr, Frédérique Biennier, Kablan Barbar


Many information security approaches deal with service-oriented architectures by focusing on security policies, requirements and technical implementation during service design, specification and implementation phases. Nevertheless, service-oriented architectures are increasingly deployed in open, distributed and dynamic environments, which particularly require an end-to-end security at each phase of the service’s lifecycle. Moreover, the security should not only focus on services without considering the risks and threats that might be caused by elements from business activities or underlying hardware and software infrastructure. In this paper, we develop a model highlighting the dependency between elements at business, service and infrastructure levels, defining the design context. In addition, we develop a holistic approach to define a security conceptual model, including services, security risks and security policies and guides all phases in a typical design method for service-oriented architectures.


  1. Alberts, C., 2003. Managing Information Security Risks?: the OCTAVE Approach, Boston: Addison-Wesley.
  2. ANSSI, 2010. EBIOS: Expression des Besoins et Identification des Objectifs de Sécurité. Available at:
  3. Badr, Y., Biennier, F., and Tata, S., 2010. The Integration of Corporate Security Strategies in Collaborative Business Processes. IEEE Transactions on Services Computing, 4(3), pp. 243-254.
  4. Bou Nassar, P., Badr, Y., Biennier, F., Barbar, K., 2012. Securing Collaborative Business Processes: A Methodology for Security Management in ServiceBased Infrastructure. Advances in Production Management Systems (APMS), pp. 480-487
  5. OASIS, 2006. OASIS Reference Model for Service Oriented Architecture 1.0. Available at:
  6. Colombo, M., Di Nitto, E., Di Penta, M., Distante, D., Zuccalà, M, 2005. Speaking a Common Language: A Conceptual Model for Describing Service-Oriented Systems. Service-Oriented Computing, 2005, p.48-60.
  7. Emig, C., Krutz, K., Link, S., Momm, C., and Abeck, S. 2008. Model-Driven Development of SOA Services. Cooperation and Management, Universität Karlsruhe (TH), Internal Research Report.
  8. Erl, T., 2005. Service-Oriented Architecture?: Concepts, Technology, and Design, Upper Saddle River NJ: Prentice Hall Professional Technical Reference.
  9. OASIS, 2008. OASIS Reference Architecture for Service Oriented Architecture Version 1.0. Available at:
  10. Hafner, M., 2009. Security engineering for serviceoriented architectures, Berlin: Springer.
  11. ISO/IEC 27001, 2005. Information Technology, Security Techniques, Information Security Management Systems and Requirements.
  12. Kreger, H., Jeff, E., 2009. Navigating the SOA Open Standards Landscape Around Architecture.
  13. OMG, 2009. SOA Modeling Language (SoaML). Available at:
  14. Lund, M., 2010. Model-Driven Risk Analysis?: the CORAS Approach, Berlin: Springer.
  15. Papazoglou, M. P., Van Den Heuvel, W. J., 2006. ServiceOriented Design And Development Methodology. International Journal of Web Engineering and Technology, 2(4), p.412-442.
  16. The Open Group, 2010. Ontologies for SOA. Available at:
  17. The Open Group, 2009. SOA Integration Maturity. Available at: osimm.
  18. Wall, Q., 2006. SOA Service Lifecycle Design. Available at: ch/soa-service-lifecycle-design-096035.html

Paper Citation

in Harvard Style

Bou Nassar P., Badr Y., Biennier F. and Barbar K. (2013). Towards Security Awareness in Designing Service-oriented Architectures . In Proceedings of the 15th International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 978-989-8565-61-7, pages 347-355. DOI: 10.5220/0004454103470355

in Bibtex Style

author={Pascal Bou Nassar and Youakim Badr and Frédérique Biennier and Kablan Barbar},
title={Towards Security Awareness in Designing Service-oriented Architectures},
booktitle={Proceedings of the 15th International Conference on Enterprise Information Systems - Volume 3: ICEIS,},

in EndNote Style

JO - Proceedings of the 15th International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - Towards Security Awareness in Designing Service-oriented Architectures
SN - 978-989-8565-61-7
AU - Bou Nassar P.
AU - Badr Y.
AU - Biennier F.
AU - Barbar K.
PY - 2013
SP - 347
EP - 355
DO - 10.5220/0004454103470355