Evolving Security Requirements in Multi-Layered Service-Oriented-Architectures

This post is about a paper we presented at SETOP 2011.
It basicaly presents the vision of the CESSA project.

Authors: Muhammad Sabir Idrees, Gabriel Serme, Yves Roudier, Anderson Santana De Oliveira, Herve GrallMario Sudholt

Here is the abstract:
Due to today’s rapidly changing corporate environments, business processes are increasingly subject to dynamic configuration and
evolution. The evolution of new deployment architectures, as illustrated by the move towards mobile platforms and the Internet Of Services, and the introduction of new security regulations(imposed by national and international regulatory bodies, such as
SOX(Sarbanes-Oxley Act of 2002 (Pub.L. 107-204, 116 Stat. 745, enacted July 30, 2002) or BASEL are an important constraint in the design and development of business processes.
In such a context, it is not sufficient to apply the corresponding adaptations only at the service orchestration or at the
choreography level; there is also the need for controlling the impact of new security requirements to several architectural
layers, specially in cloud computing, where the notion of Platforms as Services and Infrastructure as Services are fundamental. In this paper we survey several research questions related to security cross-domain and cross-layer security
functionality in Service Oriented Architectures, from an original point of view.

We provide the first insights on how a general service model empowered with aspect oriented programming capabilities can provide clean modularization to such cross-cutting security concerns.

%d bloggers like this: