Information Assurance Challenges and Strategies for Securing SOA Environments and Web Services

被引：1

作者：

Simanta, Soumya ^{[1
]}

Morris, Ed ^{[1
]}

Balasubramaniam, Sriram ^{[1
]}

Davenport, Jeff ^{[1
]}

Smith, Dennis B. ^{[1
]}

机构：

[1] Carnegie Mellon Univ, Inst Software Engn, Pittsburgh, PA 15213 USA

来源：

2009 IEEE INTERNATIONAL SYSTEMS CONFERENCE, PROCEEDINGS | 2009年

关键词：

SOA; Testing; Web Services; Security; Service-oriented Architecture; Service-oriented Computing; SOA Threat Model; SOA Security Challenges; SOA Security Engineering;

D O I：

10.1109/SYSTEMS.2009.4815791

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

The potential benefits of business agility, flexibility, and reuse associated with SOA are well known today. However, these benefits do not come without a cost of their own, particularly regarding security. The primary goal to make web services widely accessible can also make them vulnerable. This paper examines the key challenges for securing service-oriented environments and identifies the important information assurance strategies that are necessary to mitigate and manage the security risks in an SOA environment.

引用

页码：173 / 178

页数：6

共 21 条

[1] [Anonymous], CMUCS07146
[2] [Anonymous], 2005, WEB SERV CHOR DESCR
[3] [Anonymous], 2007, WEB SERVICES BUSINES
[4] Software penetration testing
Arkin, B
Stender, S
McGraw, G
[J]. IEEE SECURITY & PRIVACY, 2005, 3 (01) : 84 - 87
[5] Barbir A., 2007, TEST ANAL WEB SERVIC, P395, DOI DOI 10.1007/978-3-540-72912-9_14
[6] Caralli Richard, 2007, Technical Report CMU/SEI-2007-TR-012
[7] Carlson B., 2005, Information Systems Security, V14, P27, DOI 10.1201/1086.1065898X/45528.14.4.20050901/90086.4
[8] *CERT, 2009, CERT SEC COD STAND
[9] COMELLADORDA S, 2007, CMUSEI2003TR017
[10] DOMINGUEZ ALJ, 2007, P 25 INT SYST SAF C

← 1 2 3 →