An end-to-end security auditing approach for service oriented architectures

Proceedings of the IEEE Symposium on Reliable Distributed Systems

Volumn , Issue , 2012, Pages 279-284

  Azarmi, Mehdi ^a   Bhargava, Bharat ^a   Angin, Pelin ^a   Ranchal, Rohit ^a   Ahmed, Norman ^b   Sinclair, Asher ^b   Linderman, Mark ^b   Othmane, Lotfi Ben ^c  

^a Purdue University   (United States)

^b AIR FORCE RESEARCH LABORATORY   (United States)

^c EINDHOVEN UNIVERSITY OF TECHNOLOGY   (Netherlands)

Author keywords

security auditing; Service Oriented Architecture; taint analysis; trust

Indexed keywords

AMAZON EC2; AUDITING MECHANISM; CLIENT-SERVER ARCHITECTURES; CLOUD COMPUTING INFRASTRUCTURES; DISTRIBUTED APPLICATIONS; DYNAMIC TRUSTS; END-TO-END SECURITY; INTERNET SERVICES; LEGACY SERVICES; MULTIPLE SERVICES; NEW COMPONENTS; SECURE INTERACTIONS; SECURITY ARCHITECTURE; SECURITY AUDITING; SECURITY CHALLENGES; SERVICE DOMAIN; SERVICE INVOCATION; SERVICE ORCHESTRATION; SERVICE POLICY; SERVICE REQUESTS; SINGLE-HOP; TAINT ANALYSIS; TRUST; WS-SECURITY; WS-TRUST;

CLIENT SERVER COMPUTER SYSTEMS; CLOUD COMPUTING; INFORMATION SERVICES; SERVICE ORIENTED ARCHITECTURE (SOA);

MANAGEMENT;

EID: 84874289876     PISSN: 10609857     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SRDS.2012.5     Document Type: Conference Paper

References (8)

1. G. Kiczales, J. Lamping, A. Mendhekar, C. Maeda, C. Lopes, J. Loingtier, and J. Irwin, "Aspect-oriented programming," European Conference on Object-Oriented Programming (ECOOP'97), pp. 220-242, 1997.
2. A. Ouda, D. Allison, and M. Capretz, "Security protocols in serviceoriented architecture," in 6th World Congress on Services (SERVICES-1), 2010, pp. 185-186.
3. M. Rahaman and A. Schaad, "Soap-based secure conversation and collaboration," in IEEE International Conference on Web Services (ICWS'07), 2007, pp. 471-480.
4. A. Benameur, F. Kadir, and S. Fenet, "Xml rewriting attacks: Existing solutions and their limitations," Arxiv preprint arXiv:0812.4181, 2008.
5. R. Baird and R. Gamble, "Developing a security meta-language framework," in Hawaii International Conference on System Sciences (HICSS 2011), 2011, pp. 1-10.
6. R. Baird and R. F. Gamble, "Security controls applied to web service architectures," in 19th International Conference on Software Engineering and Data Engineering, 2010.
7. Z. Malik, "Rateweb: Reputation assessment for trust establishment among web services," VLDB, vol. 18, no. 4, pp. 885-911, 2009.
8. G. Spanoudakis and S. LoPresti, "Web service trust: Towards a dynamic assessment framework," in IEEE International Conference on Availability, Reliability and Security (ARES 2009), 2009, pp. 33-40.