Security Engineering for Service-Oriented Architectures

While their basic principles and ideas are well understood and cogent from a conceptual perspective, the realization of interorganizational workflows and applications based on service-oriented architectures (SOAs) remains a complex task, and, especially when it comes to security, the implementation is still bound to low-level technical knowledge and hence inherently error-prone.

Hafner and Breu set a different focus. Based on the paradigm of model-driven security, they show how to systematically design and realize security-critical applications for SOAs. In their presentation, they first detail how systems and security engineering go hand in hand and are integrated from the very start in the requirements elicitation and the design phase. In a second step, they apply the principles of model-driven security to SOAs. Model-driven security is an engineering paradigm that aims at the automatic generation of security-critical executable software for target architectures. Based on the general principles of model-driven software development, the automation of security engineering through proven and reliable mechanisms guarantees correctness and facilitates an agile and flexible approach to the implementation and high-level management of security-critical systems.

Their book addresses IT professionals interested in the design and realization of modern security-critical applications. It presents a synthesis of various best practices, standards and technologies from model-driven software development, security engineering, and SOAs. As a reader, you will learn how to design and realize SOA security using the framework of an extensible domain architecture for model-driven security.

1100406465

Security Engineering for Service-Oriented Architectures

59.99 In Stock

Security Engineering for Service-Oriented Architectures

Add to Wishlist

Security Engineering for Service-Oriented Architectures

Paperback(Softcover reprint of hardcover 1st ed. 2009)

$59.99

View All Available Formats & Editions

Paperback(Softcover reprint of hardcover 1st ed. 2009)
$59.99

View All Available Formats & Editions

SHIP THIS ITEM

In stock. Ships in 1-2 days.
PICK UP IN STORE

Your local store may have stock of this item.

Available within 2 business hours

Want it Today?
Check Store Availability

Related collections and offers

Overview

Product Details

ISBN-13:	9783642098475
Publisher:	Springer Berlin Heidelberg
Publication date:	11/19/2010
Edition description:	Softcover reprint of hardcover 1st ed. 2009
Pages:	248
Product dimensions:	6.00(w) x 9.10(h) x 0.40(d)

About the Author

Ruth Breu has been head of the research group Quality Engineering at the University of Innsbruck since 2002. Prior to that, she was a researcher at the Technische Universität München and Universität Passau, and spent several years in industry working as a software engineering consultant. Quality Engineering focuses on foundations of model-based software development, in particular in the areas of security engineering, IT governance, model quality assessment and workflow management systems. The research group cooperates with industry partners such as Siemens, Swiss Re and Telekom Austria.

Michael Hafner gained his industry experience in the automotive and the telecommunications sectors as a technical consultant on systems integration with Deloitte Consulting before joining the Quality Engineering group as a researcher. In this group he has been responsible for the design and the realization of the SECTET framework, a model-driven security infrastructure for SOA applications.

The Basics of SOA Security Engineering.- SOA — Standards & Technology.- Basic Concepts of SOA Security.- Domain Architectures.- Realizing SOA Security.- Sectino — A Motivating Case Study from E-Government.- Security Analysis.- Modeling Security Critical SOA Applications.- Enforcing Security with the Sectet Reference Architecture.- Model Transformation & Code Generation.- Software & Security Management.- Extending Sectet: Advanced Security Policy Modeling.- A Case Study from Healthcare.- health@net — A Case Study from Healthcare.

From the B&N Reads Blog

Page 1 of

Editorial Reviews

From the reviews:

"The book is an important reference for professionals engaged in designing security-critical SOA systems. The authors provide an in-depth treatment of security engineering methods using advanced model-based design technology. The detailed examples and case studies make the work extremely valuable for practicing engineers as well as students." - Prof. Janos Sztipanovits, Vanderbilt University, Nashville, TN, USA

"Providing the bridge between business and IT the paradigm of service-oriented architecture has an important impact on the future structuring of IT landscapes. Though security is a crucial requirement for many service oriented systems it is too often handled at a mere technical level. With their book, Hafner and Breu provide a valuable contribution to handle security requirements at the business level and to develop sustainable service oriented solutions." - Prof. Dr. Gregor Engels, University of Paderborn and Scientific Director of sd&m Research, Munich ,Germany

"Going beyond applied SOA-concepts this book provides a method how to model and integrate security aspects. Including a proof of concept and practical experiences of two real projects it provides a useful reference to everyone dealing with SOA-requirements." - Alexander Lechner, Senior Technical Consultant, world-direct eBusiness/Telekom Austria

"Even as a security professional, skilled in low-level computer security mechanisms and details, I cannot ignore the ever growing requests and demands of implementing and enforcing security at higher-levels of the system stack and consider the tremendous advantages of large scale service-oriented architectures for modern software engineering efforts. The model-driven security engineering approach as described here by Hafner and Breu provides an excellent introduction into the very practical and useful topic of modeling and understanding the overall system security ata very high level and then transforming it into lower policy languages. This book does an excellent job in describing the underlying principles and methodologies of this approach. It offers a solution to the dream of practical security architects to understand and describe very abstract and subtle security requirements through high-level models and how to transform those models into enforceable code by transforming the models into executables. The presented methodology has the real potential to make a strong impact on how to build Trusted Platforms in the near future – simply generate them from high-level models." - Dr. Jean-Pierre Seifert, Director Trusted Platform Laboratory, Samsung Electronics Research, San Jose, CA, USA

"This extremely valuable book for IT professionals covers these emerging topics of SOA and security. … provide a sound methodological and technical basis for the engineering of security-critical scenarios. The intended audience includes industry professionals and software architects, but it might also be useful to graduate-level students with an orientation in practical/implementation matters. … Most of the chapters contain a lot of figures that are very helpful in understanding the presented material. … To conclude, this is a nice, extremely useful book for practitioners." (M. Ivanovic, ACM Computing Reviews, April, 2009)

From the Publisher

Security Engineering for Service-Oriented Architectures

Security Engineering for Service-Oriented Architectures

Paperback(Softcover reprint of hardcover 1st ed. 2009)

Paperback(Softcover reprint of hardcover 1st ed. 2009)

Related collections and offers

Overview

Product Details

About the Author

Table of Contents

Customer Reviews