Abstract
As more and more organizations use the Service Oriented Architecture (SOA) to design and implement their information systems also the systems’ architects need the more intelligent and reliable tools. The complexity, modularity and heterogeneity of the information systems make the security evaluation process difficult. The proposed method uses multiagent approach as the most promising direction of the research. As the security evaluation requires the precise definition of the set of evaluation criteria the basic criteria for each functional layer of SOA have been presented. Also, the paper presents two algorithms where the first can be used separately for each of the particular layer of SOA and the second serves for the calculation of the generalized SOA system security level.
The research presented in this paper has been partially supported by the European Union within the European Regional Development Fund program no. POIG.01.03.01-00-008/08.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
CERT (2009), http://www.cert.org (retrieved March 20, 2009)
Department of Homeland Security. National Vulnerability Database of the National Cybersecurity Division (2009), http://nvd.nist.gov (retrieved March 20, 2009)
Epstein, J., Matsumoto, S., McGraw, G.: Software security and SOA. IEEE Security and Privacy 4(1), 80–83 (2006)
Fernandez, E.B., Delessy, N.: Using patterns to understand and compare web services security products and standards (2006)
Kolaczek, G.: Opracowanie koncepcji specyfikacji metod i modeli szacowania poziomu bezpieczeństwa systemów SOA i SOKU, WUT (2009) (in polish)
Nakamura, Y., Tatsubori, M., Imamura, T., Ono, K.: Model-driven security based on web services security architecture. In: IEEE International Conference on Services Computing, vol. 1, pp. 7–15 (2005)
SANS Institute (2006), http://www.sans.org (retrieved March 20, 2009)
Skalka, C., Wang, X.: Trust by verify: Authorization for web services. Paper presented in ACM Workshop on Secure Web Services, pp. 47–55 (2004)
SOA Reference Model Technical Committee. A Reference Model for Service Oriented Architecture, OASIS (2006)
Steel, C., Nagappan, R., Lai, R.: Core security patterns: Best practices and strategies for J2EE, web services, and identity management. Pearson, Upper Saddle River (2006)
Tari, Z., Bertok, P., Simic, D.: A dynamic label checking approach for information flow control in web services. International Journal of Web Services Research 3(1), 1–28 (2006)
WS-security policy 1.2, OASIS (2009)
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: IEEE International Conference on Web Services, pp. 561–569 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kołaczek, G. (2009). Multiagent Security Evaluation Framework for Service Oriented Architecture Systems. In: Velásquez, J.D., Ríos, S.A., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based and Intelligent Information and Engineering Systems. KES 2009. Lecture Notes in Computer Science(), vol 5711. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04595-0_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-04595-0_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04594-3
Online ISBN: 978-3-642-04595-0
eBook Packages: Computer ScienceComputer Science (R0)