SecureSOA — Modelling Security Requirements forService-oriented Architectures

摘要

Service-oriented Architectures (SOA) facilitate the provision and orchestration of business services to en-able a faster adoption to changing business demands. Web Services provide a technical foundation to real-ize this paradigm and support a variety of different se-curity mechanisms and approaches. Security require-ments are codified in Web Service policies that control the service's behavior in terms of secure interactions with other participants in an SOA. To facilitate and simplify the generation of enforceable security policies, we foster a model-driven approach based on the mod-elling of security requirements in system design models. This paper introduces our security design language Se-cureSOA that enables the definition of these security requirements. We present the abstract syntax and no-tion of SecureSOA and describe a schema to integrate SecureSOA in any system design language for service-based systems. Moreover, we will demonstrate the inte-gration of SecureSOA in Fundamental Modelling Con-cept (FMC) Block Diagrams.