An End-to-End Security Auditing Approach for Service Oriented Architectures

2012-10-11
AZARMİ, Mehdi
BHARGAVA, Bharat
Angın, Pelin
RANCHAL, Rohit
AHMED, Norman
SİNCLAİR, Asher
LİNDERMAN, Mark
BEN OTHMANE, Lotfi
Service-Oriented Architecture (SOA) is becoming a major paradigm for distributed application development in the recent explosion of Internet services and cloud computing. However, SOA introduces new security challenges not present in the single-hop client-server architectures due to the involvement of multiple service providers in a service request. The interactions of independent service domains in SOA could violate service policies or SLAs. In addition, users in SOA systems have no control on what happens in the chain of service invocations. Although the establishment of trust across all involved partners is required as a prerequisite to ensure secure interactions, still a new end-to-end security auditing mechanism is needed to verify the actual service invocations and its conformance to the expected service orchestration. In this paper, we provide an efficient solution for end-to-end security auditing in SOA. The proposed security architecture introduces two new components called taint analysis and trust broker in addition to taking advantages of WS-Security and WS-Trust standards. The interaction of these components maintains session auditing and dynamic trust among services. This solution is transparent to the services, which allows auditing of legacy services without modification. Moreover, we have implemented a prototype of the proposed approach and verified its effectiveness in a LAN setting and the Amazon EC2 cloud computing infrastructure.

Suggestions

A Distributed Monitoring and Reconfiguration Approach for Adaptive Network Computing
Bhargava, Bharat; Angın, Pelin; Ranchal, Rohit; Lingayat, Sunil (2015-01-01)
The past decade has witnessed immense developments in the field of network computing thanks to the rise of the cloud computing paradigm, which enables shared access to a wealth of computing and storage resources without needing to own them. While cloud computing facilitates on-demand deployment, mobility and collaboration of services, mechanisms for enforcing security and performance constraints when accessing cloud services are still at an immature state. The highly dynamic nature of networks and clouds ma...
An MTD-Based Self-Adaptive Resilience Approach for Cloud Systems
VİLLARREAL VASQUEZ, Miguel; BHARGAVA, Bharat; Angın, Pelin; AHMED, Norman; GOODWİN, Daniel; BRİN, Kory; KOBES, Jason (2017-06-30)
Advances in cloud computing have made it a feasible and cost-effective solution to improve the resiliency of enterprise systems. However, the replication approach taken by cloud computing to provide resiliency leads to an increase in the number of ways an attacker can exploit or penetrate the systems. This calls for designing cloud systems that can accurately detect anomalies and dynamically adapt themselves to keep performing mission-critical functions even under attacks and failures. In this paper, we pro...
A Software Development Process Model for Cloud by Combining Traditional Approaches
Hacaloglu, Tuna; Eren, Pekin Erhan; Mishra, Deepti; Mishra, Alok (2015-10-30)
Even though cloud computing is a technological paradigm that has been adopted more and more in various domains, there are few studies investigating the software development lifecycle in cloud computing applications and there is still not a comprehensive software development process model developed for cloud computing yet. Due to the nature of cloud computing that is completely different from the traditional software development, there is a need of suggesting process models to perform the software developmen...
A Scheduling method for sporadic traffics in industrial IoT
Özceylan, Baver; Baykal, Buyurman; Department of Electrical and Electronics Engineering (2017)
Internet of Things technology continues to develop as a commercial value and it has become one of the core elements of Industry 4.0 paradigm. Together with that, IEEE 802.15.4e standard provides Time-Slotted Channel Hopping (TSCH) operation mode especially for industrial applications that have strict QoS requirements. In spite of the fact that the standard defines frame structure in MAC layer, there has been no standardization in scheduling for TSCH frame yet. It brings serious challenge for engineering des...
An Interoperability Service Utility for Collaborative Supply Chain Planning across Multiple Domains Supported by RFID Devices (iSURF)
Doğaç, Asuman(2010-6-31)
Today's competitive and demanding world of business requires new networked applications and services capable of interoperation across variety of business domains and organizations of all sizes. iSURF will provide an intelligent collaborative supply chain planning network that will: 1.Realize a knowledge-oriented inter-enterprise collaboration environment in which distributed intelligence of multiple trading partners will be exploited in the planning and fulfillment of customer demand in the supply chain. 2...
Citation Formats
M. AZARMİ et al., “An End-to-End Security Auditing Approach for Service Oriented Architectures,” 2012, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/36508.