Professional Documents
Culture Documents
Abstract
In the Evolution of application architecture, it
changes from single standalone system to client server
architecture to distributed multi-tier architecture to
Service oriented architecture. But from the single
mainframe based systems, security is always playing
an important role. Integrating security in any of the
above architecture was always a challenge and in
SOA due to its complex structure, to incorporate the
security is really a big challenge. In SOA we treat
each and every service as an independent application
and need to maintain the security at each service with
different standards and policies. Due to its looselycoupled architecture and number of other advantages
such reuse ability, flexible and customizable nature,
its been widely used across the organizations and thus
it is important to secure the SOA infrastructure.
Though there are number of security standards and
policies such as SAML (Security Assertion Markup
Language),
WS-Security
given
by
OASIS
(Organization for the Advancement of Structured
Information Standards) are available, designing a
secure SOA infrastructure is still a challenge. Hence,
this paper mainly focus on the Challenges in security
design of service-oriented software, known
vulnerabilities and attacks in the SOA, and the
proposed some of the mitigations and designing
techniques to implement the security in SOA
application.
1. Introduction
What is service Oriented Architecture?
SOA is a combination of the different services which
are connected to each other by some standard protocol.
The application composed of different services which
are called to get the result. Each service acts as a
separate component and communicates with each
other using protocols such as SOAP or rest. The
services are created and hosted by the service
providers on the hosting server. So using well defined
interfaces we can performs or can call a particular web
service. All services which are used are platform
independent and can be reused number of times. An
4. Security Architecture
Oriented Software
in
Service
6. Conclusion
Though SOA is widely accepted by the various
originations, security in SOA is still a challenge. To
incorporate the security in SOA architecture is still a
difficult task. To build a secure application based on
SOA without having any vulnerability is challenging
and consumes a lot of resources and time. As attackers
are inventing new vulnerabilities day by day, its still
very difficult to minimize the knowledges gap
between developers and attackers. Also, due to
distributed nature of models in SOA, to implement
one standard security design pattern is not possible
rather is not sufficient as designers need to think about
the different services and the network through which
they communicate and need to secure the whole
channel. The most challenging work in security design
is to secure the weakest link as attackers are always in
search of such link and can get the access to the entire
application and can breach the security. Though a lot
of security design principles such as Secure the
weakest link, Defense in depth, Use least privilege,
Fail securely are available to identify the weakness in
the design of the SOA architecture, ensuring the
secured application is not that easy. A lot of research is
currently going on to implement new approach to
make the SOA more secure. Web services are designed
to impose the security. Efforts are taken in designing
new standards and security principles such as
WSSecurity,
WSTrust and SAML to mitigate all these
vulnerabilities and makes SOA more secure and safe
in software design.
7. References