Font Size: a A A

A fine-grained intelligent security framework for service-oriented architecture

Posted on:2010-10-19Degree:Ph.DType:Dissertation
University:The University of Western Ontario (Canada)Candidate:EL Yamany, Hany FFull Text:PDF
GTID:1448390002971653Subject:Engineering
Abstract/Summary:
Service-Oriented Architecture (SOA) is an architectural paradigm for developing distributed applications whose design is structured on loosely coupled services, such as Web Services. One of the most significant difficulties with developing SOA concerns its security challenges, since the responsibilities of SOA security are based on the requirements of service providers and consumers.;The NSS manages the authentication process, validates the various service consumers through the use of different security tokens, such as the X.509 Certificate. It also utilizes an intelligent engine, which is based on the Association Rules mining algorithm for predicting possible web attacks.;The AS includes the 4-Attribute Vectors Authorization Model, which associates the attributes of the four variables in the authorization process: User, Object, Environment, and Condition, with the authorization roles. The AS contains an intelligent mining engine that utilizes the Online Analytical Processing (OLAP) and the Clustering Mining Algorithms in order to provide flexibility for dynamically inferring and assigning the roles for a wide range of users and objects.;The SQoSS is intended to resolve the conflicts between the necessary security requirements that both the service provider and consumer seek to apply. Therefore, the SQoSS encapsulates a metadata structure for the Quality of Security Service (QoSS). The proposed metadata provides different levels for describing the available variations of the Authentication, Authorization and Privacy features related to SOA security. These various levels assist the service consumer and provider in achieving a QoSS contract that fulfills their requirements.;In this research, we propose an Intelligent SOA Security (ISOAS) framework by introducing three services: Authentication and Security Service (NSS), Authorization Service (AS), and Service of the Quality of Security Service (SQoSS). These suggested autonomous and reusable services are embedding intelligent mining techniques to improve their performance and effectiveness.;Finally, a case study of SOA business application is examined, studying the behavior of the NSS, AS, and SQoSS in managing the security requirements needed when the service consumer and provider interacting together in this business application. Also, a discussion comparing similarities and differences between the proposed ISOAS framework and other related industrial and academia research for SOA security is presented.
Keywords/Search Tags:Security, Service, SOA, Framework, Intelligent
Related items