Challenges of Security Risks in Service-Oriented Architectures (Youakim Badr, Soumya Banerjee)
Abstract
Service-oriented architectures (SOA) are increasingly deployed in open, distributed and dynamic environments, which require an end-to-end security awareness at each phase of the service’s lifecycle. Moreover, the information security should not only focus on services without considering risks and threats that might be caused by assets from business activities, and hardware and software infrastructures. In this presentation, we introduce a holistic approach to define a security conceptual model that covers assets and their security risks at business, service and infrastructure levels. This model guides each phase in the SOA lifecycle at design and runtiume. Since the information security is subject to uncertainity, unforeseen threats and security expert risk evaluations, we present our fuzzy-logic decision system that selects appropriate security risk treatments and measures based on business security objectives and the security conceptual model.
A short bio
Youakim BADR, Ph.D., joined the faculty of the National Institute of Applied Sciences, France (formally INSA-Lyon) as Associate Professor of Computer Science in 2004. Along the way of his research activities, he has worked extensively in the area of service computing and service engineering. His research interests lie in designing and implementing secured IT-enabled services in a socio-technical context. In particular, he focuses on information security in decentralized security domains, including research topics such as security-by-design, model-driven security strategies, on-the-fly IT security services configuration, and federated identity management in dynamic environments. Dr. Badr is vigorously involved in a series of international conferences and also serves as a reviewer for various conferences and journals.
