|
|||||
|
|
Towards Systematic Achievement of Compliance in Service-Oriented Architectures: The MASTER Approach |
|
| Authors: | Dipl-Inform Volkmar Lotz Dipl-Ing Emmanuel Pigout Dr Peter M Fischer Prof Dr Donald Kossmann Prof Dr Fabio Massacci Dr Alexander Pretschner |
| Affiliation: | 1. SAP Research, SAP Labs France, BP1216, 06254, Mougins Cedex, France 2. Systems Group, ETH Zürich, Universit?tsstrasse 6, 8092, Zürich, Switzerland 3. Universita di Trento, Via Sommarive 14, 38050, Povo (Trento), Italy 4. Information Security, ETH Zürich, Haldeneggsteig 4, 8092, Zürich, Switzerland |
| Abstract: | Service-oriented architectures (SOA) have been successfully adapted by agile businesses to support dynamic outsourcing of business processes and the maintenance of business ecosystems. Still, businesses need to comply with applicable laws and regulations. Abstract service interfaces, distributed ownership and cross-domain operations introduce new challenges for the implementation of compliance controls and the assessment of their effectiveness. In this paper, we analyze the challenges for automated support of the enforcement and evaluation of IT security controls in a SOA. We introduce these challenges by means of an example control, and outline a methodology and a high-level architecture that supports the phases of the control lifecycle through dedicated components for observation, evaluation, decision support and reaction. The approach is model-based and features policy-driven controls. A monitoring infrastructure assesses observations in terms of key indicators and interprets them in business terms. Reaction is supported through components that implement both automated enforcement and the provision of feedback by a human user. The resulting architecture essentially is a decoupled security architecture for SOA with enhanced analysis capabilities and will be detailed and implemented in the MASTER project. |
| Keywords: | |
| 本文献已被 SpringerLink 等数据库收录! | |