Abstract
Services are usually developed and deployed independently; and systems can be formed by composing relevant services to achieve set goals. In such an open and dynamic environment, security is of paramount importance. We have seen much work in the traditional area of information and network security, focusing on developing various security techniques. More recently, there have been efforts in integrating the security techniques into languages and infrastructural support that are used for developing services and systems. In fact, the development of services and the composition of service-based systems are software engineering activities. As such, they need to be viewed from a software engineering perspective. In this paper, we introduce an approach to services security engineering, to answer the questions like what the security properties of services and service-based systems are and how they meet the user’s security requirements. It deals with the issues of (1) security property characterisation for services, (2) compositional security analysis for service-based systems, and (3) certification of services.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Atkinson, B., et al.: Web services security (WS-Security). Working Group Report, IBM (April 2002), http://www-106.ibm.com/developerworks/webservices/library/ws-secure/
Common Criteria Project/ISO. Common Criteria for Information Technology Security Evaluation, version 2.1 (ISO/IEC International Standard 15408). NIST, USA and ISO, Switzerland (December 1999), http://csrc.nist.gov/cc/
Ghosh, A., Howell, C., Whittaker, J.A.: Building software securely from the ground up. IEEE Software 19(1), 14–16 (2002)
Ghosh, A., McGraw, G.: An approach for certifying security in software components. In: Proc. 21st National Information Systems Security Conference (1998)
Gong, L., Ellison, G., Dageforde, M.: Inside Java 2 Platform Security. Addison-Wesley, Reading (2003)
Han, J.: A comprehensive interface definition framework for software components. In: Proc. 1998 Asia-Pacific Software Engineering Conference, pp. 110–117 (1998)
Hopkins, J.: Component primer. Communications of the ACM 43(10), 27–30 (2000)
IEEE. Special issue on building software securely. IEEE Software 19(1) (2002)
Khan, K., Han, J.: Security aware software composition. IEEE Software 19(1), 34–41 (2002)
Khan, K., Han, J.: A security characterisation framework for trustworthy component based software systems. In: Proc. 27th Annual International Computer Software and Applications Conference, pp. 164–169 (2003)
Sewell, P., Vitek, J.: Secure composition of insecure components. In: Proc. 12th IEEE Computer Security Foundations Workshop, pp. 136–150 (1999)
Voas, J.: The challenges of using COTS software in component-based development. IEEE Computer, 44–45 (1998)
Voas, J.: Certifying software for high-assurance environments. IEEE Software (4), 48–54 (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Han, J. (2004). A Software Engineering Perspective for Services Security. In: Jin, H., Pan, Y., Xiao, N., Sun, J. (eds) Grid and Cooperative Computing - GCC 2004 Workshops. GCC 2004. Lecture Notes in Computer Science, vol 3252. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30207-0_46
Download citation
DOI: https://doi.org/10.1007/978-3-540-30207-0_46
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23578-1
Online ISBN: 978-3-540-30207-0
eBook Packages: Springer Book Archive