research-article

Incorporating Security Features in Service-Oriented Architecture using Security Patterns

Authors:

Ashish Kumar Dwivedi,

Santanu Kumar RathAuthors Info & Claims

ACM SIGSOFT Software Engineering Notes, Volume 40, Issue 1

Pages 1 - 6

https://doi.org/10.1145/2693208.2693229

Published: 06 February 2015 Publication History

Get Access

Abstract

Service-Oriented Architecture is an architectural style where different heterogeneous components share information with each other by using special types of messages based on the protocol known as Simple Object Access Protocol. Various technologies, such as Common Object Request Broker Architecture, Java 2 Platform, Enterprise Edition, Java Message Service etc. are applied to realize Service-Oriented Architecture for different applications. Besides these approaches, two other techniques, REpresentational State Transfer, and web services are applied for the realization of Service-Oriented Architecture. Web services provide a platform independent communication scheme between applications. The security preservation among the composition of services is an important task for Service-Oriented Architecture. In this study, an attempt is made to incorporate security features in Service- Oriented Architecture with the help of software security patterns. This scheme is described by developing an architectural model integrated with security goals and security patterns. The structural and behavioral aspects of composition of web services incorporated with security features are presented using a Unified Modeling Language class diagram and a sequence diagram respectively. At the end of this study, an evaluation is performed between identified security patterns and critical security properties along with Service-Oriented Architecture design principles. A case study of an online banking system is considered to explain the use of security patterns.

References

[1]

Schahram Dustdar and Wolfgang Schreiner. A survey on web services composition. International journal of web and grid services, 1(1):1--30, 2005.

Digital Library

Google Scholar

[2]

Erich Gamma, Richard Helm, Ralph Johnson, and John Vlissides. Design patterns: Elements of Reusable Object-Oriented Software. Addison-Wesley, 1995.

Digital Library

Google Scholar

[3]

Deepak Alur, Dan Malks, John Crupi, Grady Booch, and Martin Fowler. Core J2EE Patterns (Core Design Series): Best Practices and Design Strategies. Prentice Hall, 2nd edition, 2003.

Digital Library

Google Scholar

[4]

Martin Fowler. Patterns of enterprise application architecture. Addison-Wesley, Boston, USA, 2002.

Digital Library

Google Scholar

[5]

Frank Buschmann, Kelvin Henney, and Douglas Schimdt. Pattern-Oriented Software Architecture: On Patterns and Pattern Language, volume 4. John Wiley & Sons Ltd., West Sussex, England, 2007.

Digital Library

Google Scholar

[6]

Markus Schumacher, Eduardo Fernandez-Buglioni, Duane Hybertson, Frank Buschmann, and Peter Sommerlad. Security Patterns: Integrating security and systems engineering. John Wiley & Sons, West Sussex, England, 2005.

Digital Library

Google Scholar

[7]

Christopher Steel, Ramesh Nagappan, and Ray Lai. Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management. Prentice Hall PTR, 2005.

Google Scholar

[8]

Jörg Niere, Wilhelm Schäfer, Jörg P Wadsack, Lothar Wendehals, and Jim Welsh. Towards pattern-based design recovery. In Proceedings of the 24th international conference on Software engineering, pages 338--348. ACM, 2002.

Digital Library

Google Scholar

[9]

Joseph Yoder and Jeffrey Barcalow. Architectural patterns for enabling application security. In In proceeding of the 4th Conference on Patterns Language of Programming (PLoP'97), 1997.

Google Scholar

[10]

Robert Hanmer. Patterns for fault tolerant software. John Wiley & Sons, 2007.

Digital Library

Google Scholar

[11]

Jay DiMare and Richard S. Ma. Service-oriented architecture revolutionizing today's banking systems. Technical report, IBM Global Business Services, 2008.

Google Scholar

[12]

Ajay Tipnis and Ivan Lomelli. Security Ů a major imperative for an service-oriented architecture : HP SOA.

Google Scholar

Cited By

View all

Beshiri A(2023)Authentication and Authorization Management in SOA with the Focus on RESTful ServicesInternational Journal of Software Engineering and Knowledge Engineering10.1142/S021819402350032833:08(1293-1326)Online publication date: 21-Jul-2023
https://doi.org/10.1142/S0218194023500328
Valdivia JLora-González ALimón XCortes-Verdin KOcharán-Hernández J(2020)Patterns Related to Microservice Architecture: a Multivocal Literature ReviewProgramming and Computing Software10.1134/S036176882008025346:8(594-608)Online publication date: 1-Dec-2020
https://dl.acm.org/doi/10.1134/S0361768820080253
Valdivia JLimon XCortes-Verdin K(2019)Quality attributes in patterns related to microservice architecture: a Systematic Literature Review2019 7th International Conference in Software Engineering Research and Innovation (CONISOFT)10.1109/CONISOFT.2019.00034(181-190)Online publication date: Oct-2019
https://doi.org/10.1109/CONISOFT.2019.00034
Show More Cited By

Incorporating Security Features in Service-Oriented Architecture using Security Patterns
1. Social and professional topics
  1. Computing / technology policy
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures

Recommendations

Automatic service composition with heterogeneous service-oriented architectures
ICOST'10: Proceedings of the Aging friendly technology for health and independence, and 8th international conference on Smart homes and health telematics

Service-Oriented Architecture is widely used to program pervasive spaces such as Smart Homes because of its capabilities to handle dynamic and heterogeneous environments. It is often the case that the services required are designed and implemented using ...
An efficient service composition using frequent service sequence patterns over extended web service architecture

In the current business scenario business processes are realised using a stack of simple services selected from service repository to satisfy the business requirement of an enterprise or organisation. The service composition methodologies in common ...
Quality of Security Service for Web Services within SOA
SERVICES '09: Proceedings of the 2009 Congress on Services - I

Service-Oriented Architecture (SOA) is a paradigm for creating and encapsulating business processes in the form of loose-coupling, autonomous and abstracted services. Managing the non-functional requirements of SOA such as security, is an overarching ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGSOFT Software Engineering Notes

ACM SIGSOFT Software Engineering Notes Volume 40, Issue 1

January 2015

237 pages

ISSN:0163-5948

DOI:10.1145/2693208

Editor:
Michael Wing

Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 February 2015

Published in SIGSOFT Volume 40, Issue 1

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
300
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)0

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Beshiri A(2023)Authentication and Authorization Management in SOA with the Focus on RESTful ServicesInternational Journal of Software Engineering and Knowledge Engineering10.1142/S021819402350032833:08(1293-1326)Online publication date: 21-Jul-2023
https://doi.org/10.1142/S0218194023500328
Valdivia JLora-González ALimón XCortes-Verdin KOcharán-Hernández J(2020)Patterns Related to Microservice Architecture: a Multivocal Literature ReviewProgramming and Computing Software10.1134/S036176882008025346:8(594-608)Online publication date: 1-Dec-2020
https://dl.acm.org/doi/10.1134/S0361768820080253
Valdivia JLimon XCortes-Verdin K(2019)Quality attributes in patterns related to microservice architecture: a Systematic Literature Review2019 7th International Conference in Software Engineering Research and Innovation (CONISOFT)10.1109/CONISOFT.2019.00034(181-190)Online publication date: Oct-2019
https://doi.org/10.1109/CONISOFT.2019.00034
Dwivedi ARath SSatapathy SChakravarthy LRao P(2018)Applying Reverse Engineering Techniques to Analyze Design Patterns in Source Code2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI)10.1109/ICACCI.2018.8554519(1398-1404)Online publication date: Sep-2018
https://doi.org/10.1109/ICACCI.2018.8554519
Kołaczek GMizera-Pietraszko J(2018)Security framework for dynamic service-oriented IT systemsJournal of Information and Telecommunication10.1080/24751839.2018.14799262:4(428-448)Online publication date: 4-Jun-2018
https://doi.org/10.1080/24751839.2018.1479926
Dwivedi ATirkey ARath S(2018)Software design pattern mining using classification-based techniquesFrontiers of Computer Science: Selected Publications from Chinese Universities10.1007/s11704-017-6424-y12:5(908-922)Online publication date: 1-Oct-2018
https://dl.acm.org/doi/10.1007/s11704-017-6424-y
Mehta SRaj GSingh D(2017)Penetration Testing as a Test Phase in Web Service Testing a Black Box Pen Testing ApproachSmart Computing and Informatics10.1007/978-981-10-5547-8_64(623-635)Online publication date: 29-Oct-2017
https://doi.org/10.1007/978-981-10-5547-8_64
Dwivedi ATirkey ARath S(2016)Applying software metrics for the mining of design pattern2016 IEEE Uttar Pradesh Section International Conference on Electrical, Computer and Electronics Engineering (UPCON)10.1109/UPCON.2016.7894692(426-431)Online publication date: 2016
https://doi.org/10.1109/UPCON.2016.7894692
Dwivedi ATirkey ARay RRath S(2016)Software design pattern recognition using machine learning techniques2016 IEEE Region 10 Conference (TENCON)10.1109/TENCON.2016.7847994(222-227)Online publication date: Nov-2016
https://doi.org/10.1109/TENCON.2016.7847994
Dwivedi ATirkey ARath S(2016)An ontology based approach for formal modeling of structural design patterns2016 Ninth International Conference on Contemporary Computing (IC3)10.1109/IC3.2016.7880260(1-6)Online publication date: Aug-2016
https://doi.org/10.1109/IC3.2016.7880260
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Recommendations

Automatic service composition with heterogeneous service-oriented architectures

An efficient service composition using frequent service sequence patterns over extended web service architecture

Quality of Security Service for Web Services within SOA

Comments

Information

Published In

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations