Secure scripting based composite application development: Framework, architecture, and implementation

Proceedings of the 3rd International Conference on Collaborative Computing: Networking, Applications and Worksharing, CollaborateCom 2007

Volumn , Issue , 2007, Pages 85-94

  Dinkelaker, Tom ^a   Johnstone, Alisdair ^a   Karabulut, Yuecel ^a   Nassi, Ike ^a  

^a SAP RESEARCH   (Germany)

Author keywords

Composite application.; Scripting; Security

Indexed keywords

ARSENIC COMPOUNDS; CORUNDUM; LINGUISTICS;

APPLICATION DEVELOPMENT; COMPOSITE APPLICATION.; INTERNATIONAL CONFERENCES; SCRIPTING; SECURITY;

APPLICATIONS;

EID: 51349096417     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/COLCOM.2007.4553815     Document Type: Conference Paper

References (36)

1. P. T. Devanbu and S. Stubblebine, "Software Engineering for Security: a Roadmap", International Conference on Software Engineering, Proceedings of the Conference on the Future of Software Engineering, Pages:227-239, Limerick, Ireland, June 2000.
2. D. Basin, J. Doser and T. Lodderstedt, "Model Driven Security: from UML Models to Acccess Cotnrol Infrastructures", ACM Transactions on Software Engineering and Methodology (TOSEM), volume 15, issue 1, pages:39-91, January 2006.
3. N. Nagaratnam, A. Nadalin, M. Honda, M. McIntosh and P. Austel, "Business-driven security: From modeling to managing secure applications", IBM Systems Journal, volume 44, no 4, 2005.
4. M. Alam, M. Hafner, R. Breu., Model-Driven Security Engineering for Trust Management in SECTET", Journal of Software, Academy Publisher, volume 2, no. 1, February 2007.
5. OASIS extensible Access Control Markup Language (XACML),
6. Y. Nakamura, M. Tatsubori, T. Imamura, and Koichi Ono, "Model-Driven Security Based on a Web Services Security Architecture", In Proceedings of the 2005 IEEE International Conference on Service Computing (SCC'05), Pages:7-15, July 2005.
7. S. Johnston, "Modeling Security Concerns in Service-Oriented Architectures", http://www.ibm.com/developerworks/rational/library/4994. html
8. M. Fowler, "Language Workbenches: The Killer-App for Domain Specific Languages?",
9. R. Bishop, B. Carminati, E. Ferrari, P.C.K. Hung, "Security Conscious Web Service Composition with Semantic Web Support", In Proceedings of the 1st ICDE Workshop on Security Technologies for Next Generation Collaborative Business Applications (SECOBAP'07), Istanbul, Turkey, April 2007.
10. E. Bertino, J. Crampton and F. Paci, "Access Control and Authorization Constraints for WS-BPEL", In Proceedings of the IEEE International Conference on Web Services (ICWS'06), pages:275-284, 2006
11. M. Wimmer, A. Kemper, M. Rits and V. Lotz, Consolidating the Access Control of Composite Applications and Workflows", In the Proceedings of 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security, pages 44-59, Sophia Antipolis, France, July-August 2006.
12. A. Anderson, "An Introduction to the Web Services Policy Language (WSPL)", http://research.sun.com/projects/xacml/Policy2004.pdf
13. The EU Project TrustCoM, http.//www.eu-trustcom.com
14. N. R. Mead, E. D. Hough and T. R Stehney II, "Security Quality Requirements Engineering (SQUARE) Methodology", Technical Report, CMU/SEI-2005-TR-009, ESC-TR-2005-009, http://www.sei.cmu.edu/publications/ documents/05.reports/05tr009.html
15. M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Buschmann, P. Sommerlad, "Security Patterns: Integrating Security and Systems Engineering", Wiley Software Patterns Series, ISBN-10:0470858842
16. C. Giblin, A. Y Liu, S. Miiller, B. Pfitzmann and X. Zhou, "Regulations Expressed As Logical Models (REALM)", In Proceedings of the 18th Annual Conference on Legal Knowledge and Information Systems, IOS Press, Amsterdam, pages:37-48, 2005.
17. A. Charfi and M. Mezini, "Using Aspects for Security Engineering of Web Service Compositions", IEEE International Conference on Web Services (ICWS), July 2005.
18. G. Kiczales, J. Lamping, A. Menhdhekar, C. Maeda, C. Lopes, J. Loingtier, and J. Irwin. "Aspect-Oriented Programming". In Proceedings European Conference on Object-Oriented Programming, volume 1241, pages 220-242, Springer-Verlag, Berlin, Heidelberg, and New York, 1997.
19. J. Hannemann, G. Kiczales, "Design pattern implementation in Java and aspectJ". In ACM Object-Oriented Programming, Systems, Languages, and Applications 2002, Seattle, Washington, USA, November, 2002.
20. J. Fraby, "Modularizing Advanced Transaction Management - Tackling Tangled Aspect Code", PhD thesis, Vrije Universiteit Brussel, 2005.
21. WS-Policy, http://www.w3org/Submission/WS-Policy/
22. WS-SecurityPolicy, docs.oasis-open.org/ws-sx/wssecuritypolicy/200702/ws- securitypolicy-1.2-spec-cs.pdf
23. J. Lee, K. E. Seamons, M. Winslett and T. Yu,. "Automated Trust Negotiation in Open Systems", In Secure Data Management in Decentralized Systems, edited by T. Yu and S. Jajodia, Springer, December 2006.
24. WS-Federation, http://www.ibm.com/developers/libary/specificatin/ws-fed/
25. R. Bharadwaj and S. Mukhopadhyay, "SOLj: A Domain-Specific Language (DSL) for Secure Service-Based Systems". In Proceedings of the 1 lth IEEE International Workshop on Future Trends of Distributed Computing Systems (FTDCS'07), pages:173-180, March 2007.
26. K. Yskout, T. Heyman, R. Scandariato, and W. Joosen, "An inventory of security patterns", Technical Report CW-469, Katholieke Universiteit Leuven, Department of Computer Science, 2006.
27. D. Koenig, "Groovy in Action", Manning Publications, New York, Januar, 2007.
28. M. Schmidt, Enterprise Integration with Ruby, Pragmatic Bookshelf, ISBN-10:0976694069, April 2006.
29. Ruby Application Archieve, http://raa.ruby-lang.org/
30. C. Altenschmidt, J. Biskup, U. Flegel and Y. Karabulut, "Secure Mediation: Requirements, Design, and Architecture", Journal of Computer Security, volume 11, number 3, pages:365-398, 2003.
31. Sun's XACML Implementation, http://sunxacml.sourceforge.net/
32. Apache WS-Commons Policy, http://ws.apache.org/commons/policy/index.html
33. WS-BPEL, http://www.oasisopen.org/committees/tehome.php?wg abbrev=wsbel
34. A. Barros, M. Dumas and A. ter Hofstede, "Service Interaction pattern: Towards a Reference Framework for Service-based Business Process Interconnection". Technical Report FIT-TR-2005-02, Faculty of Information Technology, Queensland University of Technology, Brisbane, Australia, March 2005.
35. SAML, http://www.oasisopen.org/committees/tehome.php?wg abbrev=security
36. SCA Policy Framework, http://www.oasis-opencsa.org/SCA-policyframework