The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
This paper examines service migration in a new computing paradigm, the cloud computing environment (CCE), by examining security and integration issues associated with service implementation. We postulate that a cloud architecture will evolve to be both more flexible and heterogeneous in resources because of the services complexity demanded by organizations. This introduces additional, but tractable,...
With the service-oriented paradigm, some established ways of thinking about software quality and its assurance seem to change. But things do not necessarily become more difficult. Some considerable advancements to traditional ways of quality management can be introduced through the use of service-based systems, leading to largely reduced efforts and increased quality. In this article we identify the...
Software security has become a crucial component of software systems in today's market. However, software security development is still a maturing process. In this paper, we present an approach for assessing software architecture to determine how well it can satisfy intended security requirements. It is important to be able to assess the security of software under development at an early stage (e...
Controlling and testing a large scale web application is a time consuming and expensive job because of the huge number of pages and their actions. The hierarchical architecture proposed in this paper is a framework which can decreases nested relations between web pages. We can also use different programming methods like object oriented or structured over this model. One of the most important advantages...
SOA has the characteristic of abstraction, loose coupling and interoperability, but there are some defect related to security and trust. How to specify and verify functional and non-functional requirements for service-oriented architectures had received much attention recently. This paper is to employ a hardware-based trust mechanism called Trusted Platform Module to bootstrap trust in a service-oriented...
This paper proposes using functional programming style in a way to respond to detection of and interaction with the software attacks and vulnerabilities. Additionally, our approach considers involving Description Logics, as a basis for the use of the Semantic Web and meta-programming to produce executable ontologies and to enable semantic reasoning over behavior and interaction with software attacks...
Understanding and discussing the security aspects of IT systems during their development is challenging for both domain specialists and IT experts - neglecting this aspect leads to communication problems and, eventually, to less secure systems. An important factor for these challenges is the distribution and variety of basic IT security concepts, attacks, and countermeasures, e.g., in the standard...
Although many aids such as architectural styles and patterns are now available for software architects, making optimal design decisions on appropriate architectural structures still requires significant creativity. In an effort to introduce a more direct link between an architectural decision and its consequences, a finer grained architectural concept called a tactic has emerged. Since its introduction,...
Most distributed systems that we use in our daily lives have layered architecture since such architectures allow separation of processing between multiple processes in different layers thereby reducing the complexity of the system. Unauthorized control over such systems can have potentially serious consequences ranging from huge monetary loss to even loss of human life. Hence considerable research...
We advocate goal-oriented software security engineering to produce highly secure software in a constructive,provable and cost-effective manner. Our approach is to couple goal-oriented semi-formal requirements specifications with formal design and implementation. To this effect, we proposed FADES (formal analysis and design for engineering security)in as the first goal-oriented software security engineering...
Software running on an open architecture, such as the PC, is vulnerable to inspection and modification. Since software may process valuable or sensitive information, many defenses against data analysis and modification have been proposed. This paper complements existing work and focuses on hiding data location throughout program execution. To achieve this, we combine three techniques: (i) periodic...
Threat analysis gives how potential adversaries exploit system weakness to achieve their goals. It identifies threats and defines a risk mitigation policy for a specific architecture, functionality and configuration. In a threat analysis security metrics are a challenging requirement in order to determine the status of network security performance and to further enhance it by minimizing exposure to...
Enterprise software is being transformed from an installed product to a hosted service whereby customers pay a subscription fee to access functionality using a Web browser or other clients. The service-oriented architecture (SOA) and Web services will play a key role in driving the vision of software as a service (SaaS). As the number of services and users grow, there is a need for a trusted service...
Security requirements strongly influence the architectural design of complex IT systems in a similar way as other non-functional requirements. Both security engineering as well as software engineering provide methods to deal with such requirements. However, there is still a critical gap concerning the integration of the methods of these separate fields. In this paper we close this gap with respect...
The rising need for security in SOA applications requires better support for management of non-functional properties in Web-based business processes. Here, the model-driven approach may provide valuable benefits in terms of maintainability and deployment. Apart from modeling the pure functionality of a process, the consideration of security properties at the level of a process model is a promising...
The potential benefits of business agility, flexibility, and reuse associated with SOA are well known today. However, these benefits do not come without a cost of their own, particularly regarding security. The primary goal to make Web services widely accessible can also make them vulnerable. This paper examines the key challenges for securing service-oriented environments and identifies the important...
Security principles, like least privilege, are among the resources in the security body of knowledge that survived the test of time. The implementation of these principles in a software architecture is difficult, as there are no systematic rules on how to apply them in practice. As a result, they are often neglected, which lowers the overall security level of the software system and increases the...
Within the field of software security we have yet to find efficient ways on how to learn from past mistakes and integrate security as a natural part of software development. This situation can be improved by using an online repository, the SHIELDS SVRS, that facilitates fast and easy interchange of security artefacts between security experts, software developers and their assisting tools. Such security...
A PKI in support of secure Internet routing was first proposed in [1] and refined in later papers, e.g., [2]. In this ldquoResourcerdquo PKI (RPKI) the resources managed are IP address allocations and Autonomous System number (AS #) assignments. The RPKI presents a very different implementation challenge from a typical PKI,in that in the RPKI every relying party needs to validate every certificate...
Software architects design by combining and tailoring styles, patterns, and tactics with known properties. A security-relevant research agenda will give architects a principled body of knowledge from which to reason.
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.