Advanced search
Publication Cover
Journal of Information and Telecommunication Volume 2, 2018 - Issue 4
Submit an article Journal homepage
1,222
Views
1
CrossRef citations to date
0
Altmetric
Articles

Security framework for dynamic service-oriented IT systems

Grzegorz KołaczekFaculty of Computer Science and Management, Wroclaw University of Science and Technology, Wroclaw, PolandCorrespondence[email protected]
&
Jolanta Mizera-PietraszkoFaculty of Mathematics, Physics and Computer Science, Opole University, Opole, Poland
Pages 428-448 | Received 29 Nov 2017, Accepted 20 May 2018, Published online: 04 Jun 2018

References

  • Aljazzaf, Z. M., Perry, M., & Capretz, M. A. M. (2010). Trust in web services. In 2010 6th World Congress on Services (pp. 189–190). IEEE.
  • Almorsy, M., Grundy, J., & Müller, I. (2016). An analysis of the cloud computing security problem. arXiv preprint arXiv:1609.01107.
  • Artz, D., & Gil, Y. (2007). A survey of trust in computer science and the semantic web. Web Semantics: Science, Services and Agents on the World Wide Web, 5(2), 58–71. doi: 10.1016/j.websem.2007.03.002
  • Aydin, M. A., Zaim, a. H., & Ceylan, K. G. (2009). A hybrid intrusion detection system design for computer network security. Computers and Electrical Engineering, 35(3), 517–526. doi: 10.1016/j.compeleceng.2008.12.005
  • Benson, G. S., Akyildiz, I. F., & Appelbe, W. F. (1990). A formal protection model of security in centralized, parallel, and distributed systems. ACM Transactions on Computer Systems, 8(3), 183–213. doi: 10.1145/99926.99928
  • Bertino, E., Martino, L. D., Paci, F., & Squicciarini, A. C. (2010). Security for web services and service-oriented architectures. Security for Web Services and Service-Oriented Architectures, 54(2), 45–77.
  • Blaze, M., Kannan, S., Lee, I., Sokolsky, O., Smith, J. M., Keromytis, A. D., & Lee, W. (2009). Dynamic trust management. Computer, 42(2), 44–52. doi: 10.1109/MC.2009.51
  • Brotby, K. (2009). Information Security Governance.
  • Carminati, B., Ferrari, E., & Perego, A. (2009). Enforcing access control in web-based social networks. ACM Transactions on Information and System Security, 13(1), 1–38. doi: 10.1145/1609956.1609962
  • Chen, Y., Paxson, V., & Katz, R. H. (2010). What’s new about cloud computing security? University of California, Berkeley Report No. UCB/EECS-2010–5 January, 20(2010), 1–8.
  • Chneider, D. (2012). The state of network security. Network Security, 2012(2), 14–20. doi: 10.1016/S1353-4858(12)70016-8
  • Choo, K.-K. R. (2011). The cyber threat landscape: Challenges and future research directions. Computers & Security, 30(8), 719–731. doi: 10.1016/j.cose.2011.08.004
  • Conti, M., Chong, S., Fdida, S., Jia, W., Karl, H., Lin, Y. D., & Zukerman, M. (2011). Research challenges towards the future internet. Computer Communications, 34(18), 2115–2134. doi: 10.1016/j.comcom.2011.09.001
  • Dlamini, M. T., Eloff, J. H. P., & Eloff, M. M. (2009). Information security: The moving target. Computers & Security, 28(3–4), 189–198. doi: 10.1016/j.cose.2008.11.007
  • Dwivedi, A. K., & Rath, S. K. (2015). Incorporating security features in service-oriented architecture using security patterns. ACM SIGSOFT Software Engineering Notes, 40(1), 1–6. doi: 10.1145/2693208.2693229
  • El-Ramly, M., & Stroulia, E. (2004). Mining system-user interaction logs for interaction patterns. Msr, 1–5.
  • Erbacher, R. F., Walker, K. L., & Frincke, D. a. (2002). Intrusion and misuse detection in large-scale systems. IEEE Computer Graphics and Applications, 22(1), 38–47. doi: 10.1109/38.974517
  • Fernandez, E. B., Washizaki, H., Yoshioka, N., & VanHilst, M. (2010). Measuring the level of security introduced by security patterns. ARES 2010 – 5th International Conference on Availability, Reliability, and Security, 565–568.
  • Foster, I., Kesselman, C., Tsudik, G., & Tuecke, S. (1998). A security architecture for computational grids. In Proceedings of the 5th ACM conference on Computer and communications security – CCS ‘98 (pp. 83–92). New York, New York, USA: ACM Press.
  • Gambetta, D. (2000). Can we trust trust? In D. Gambetta (Ed.), Trust: Making and breaking cooperative relations (pp. 213–237). Oxford: University of Oxford.
  • Gruschka, N., & Iacono, L. L. (2009). Vulnerable cloud: SOAP message security validation revisited. 2009 IEEE International Conference on Web Services, ICWS 2009, 625–631.
  • Gu, G., Zhang, J., & Lee, W. (2008). BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. Proceedings of the 15th Annual Network and Distributed System Security Symposium., 53(1), 1–13.
  • Halfond, W. G. J., Viegas, J., & Orso, A. (2008). A classification of SQL injection attacks and countermeasures. Preventing Sql Code Injection By Combining Static and Runtime Analysis, 1, 13–15.
  • Hansman, S., & Hunt, R. (2005). A taxonomy of network and computer attacks. Computers and Security, 24(1), 31–43. doi: 10.1016/j.cose.2004.06.011
  • Harris, B., & Hunt, R. (1999). TCP/IP security threats and attack methods. Computer Communications, 22(10), 885–897. doi: 10.1016/S0140-3664(99)00064-X
  • Josang, A. (1999). Trust-based decision making for electronic transactions. Proceedings of the Fourth Nordic Workshop on Secure … . Retrieved from http://folk.uio.no/josang/papers/Jos1999-NordSec.pdfTrust-based decision making for electronic transactions. Proceedings of the Fourth Nordic Workshop on Secure
  • Josang, A. (2001). A logic for uncertain probabilities. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems. doi: 10.1142/S0218488501000831
  • Jøsang, A., & Grandison, T. (2003). Conditional inference in subjective logic. In Proceedings of the 6th International Conference on Information Fusion, FUSION 2003. doi: 10.1109/ICIF.2003.177484
  • Khamphakdee, N., Benjamas, N., & Saiyod, S. (2014). Improving intrusion detection system based on snort rules for network probe attack detection. 2014 2nd International Conference on Information and Communication Technology (ICoICT), 69–74.
  • Kim, A., Luo, J., & Kang, M. (2007). Security ontology to facilitate web service description and discovery. Security, 167–195.
  • Kohler, J., Labitzke, S., Simon, M., Nussbaumer, M., & Hartenstein, H. (2012). FACIUS: An Easy-to-Deploy SAML-based Approach to Federate Non Web-Based Services. In 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (pp. 557–564).
  • Kolaczek, G. (2012). Spatial analysis based method for detection of data traffic problems in computer networks. In Uncertainty Modeling in Knowledge Engineering and Decision Making (pp. 919–924).
  • Kołaczek, G. (2013). Multi-agent platform for security level evaluation of information and communication services. In Advanced Methods for Computational Collective Intelligence (pp. 107–116). Springer Berlin Heidelberg.
  • Kołaczek, G., & Juszczyszyn, K. (2010). Smart security assessment of composed Web services. Cybernetics and Systems: An International Journal, 41(1), 46–61. doi: 10.1080/01969720903408797
  • Kołaczek, G., Juszczyszyn, K., Świątek, P., Grzech, A., Schauer, P., Stelmach, P., & Falas, Ł. (2015). Trust-based security-level evaluation method for dynamic service-oriented environments. Concurrency and Computation: Practice and Experience, 27(18), 5700–5718. doi: 10.1002/cpe.3583
  • Kołaczek, G., & Mizera-Pietraszko, J. (2017). Analysis of dynamic service oriented systems for security related problems detection. In INnovations in Intelligent SysTems and Applications (INISTA), 2017 IEEE International Conference on (pp. 472–477). IEEE. Gdanski.
  • Lee, W., & Xiang, D. (2001). Information-theoretic measures for anomaly detection. Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001, 130–143.
  • Lewis, K. D., & Lewis, J. E. (2009). Web single sign-on authentication using SAML. Journal of Computer Science, 2, 41–48.
  • Liu, M., Xie, D., Li, P., Zhang, X., & Chunming, T. (2009). Semantic access control for web services. In Networks Security, Wireless Communications and Trusted Computing, 2009. NSWCTC ‘09. International Conference on (Vol. 2, pp. 55–58).
  • Manikrao, U. S., & Prabhakar, T. V. (2005). Dynamic selection of web services with recommendation system. Proceedings – International Conference on Next Generation Web Services Practices, NWeSP 2005, 2005, 117–121.
  • Ning, P., Cui, Y., & Reeves, D. S. (2002). Constructing attack scenarios through correlation of intrusion alerts. Proceedings of the 9th ACM Conference on Computer and Communications Security, pp, 10.
  • Nordbotten, N. (2009). XML and web services security standards. IEEE Communications Surveys & Tutorials, 11(3), 4–21. doi: 10.1109/SURV.2009.090302
  • Oppliger, R., & Rytz, R. (2005). Does trusted computing remedy computer security problems? IEEE Security and Privacy, 3, 16–19. doi: 10.1109/MSP.2005.40
  • Papazoglou, M. P., Traverso, P., Dustdar, S., & Leymann, F. (2007). Service-oriented computing: State of the art and research challenges. Computer, 40(11), 38–45. doi: 10.1109/MC.2007.400
  • Payne, C. (2002). On the security of open source software. Information Systems Journal, 12(1), 61–78. doi: 10.1046/j.1365-2575.2002.00118.x
  • Pei, S., & Chen, D. (2011). Research of SOAP message security model on Web services. In S. Lin & X. Huang (Eds.), Advanced research on computer education, simulation and modeling, Pt I (Vol. 175, pp. 98–104). Berlin: Springer-Verlag.
  • Pipkin, D. L. (2000). Information security: protecting the global enterprise.
  • Portier, B. (2007). SOA terminology overview.
  • Rahman, N. H. A., & Choo, K.-K. R. (2014). A survey of information security incident handling in the cloud. Computers & Security, 49, 45–69. doi: 10.1016/j.cose.2014.11.006
  • Satoh, F., & Yamaguchi, Y. (2007). Generic security policy transformation framework for WS-Security. IEEE International Conference on Web Services (ICWS 2007).
  • Security, S. O. A. (2008). SOA Security. Information Sciences.
  • Shah, D., & Patel, D. (2008). Dynamic ubiquitous security architecture for global SOA. Proceedings of The Second International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies, Valencia, Spain, 483–487.
  • Sidharth, N., & Liu, J. (2007). A Framework for enhancing web services security. In Computer Software and Applications Conference, 2007. COMPSAC 2007. 31st Annual International (Vol. 1, pp. 23–30).
  • Skogsrud, H., Motahari-Nezhad, H., Benatallah, B., & Casati, F. (2009). Modeling trust negotiation for web services. Computer, 42(2), 54–61. doi: 10.1109/MC.2009.56
  • Skopik, F., Schall, D., & Dustdar, S. (2010). Modeling and mining of dynamic trust in complex service-oriented systems. Information Systems, 35(7), 735–757. doi: 10.1016/j.is.2010.03.001
  • Vorobiev, A., & Han, J. (2006). Security attack ontology for Web services. In 2006 2nd International Conference on Semantics Knowledge and Grid, SKG (pp. 42–47). IEEE Computer Society.
  • Weerawardhana, S. S., & Jayatilleke, G. B. (2011). Web service based model for inter-agent communication in multi-agent systems: A case study. In Hybrid Intelligent Systems (HIS), 2011 11th International Conference on (pp. 698–703).
  • Zhengping, L., xiaoli, L., Guoqing, W., Min, Y., & Fan, Z. (2007). A formal framework for trust management of service-oriented Systems. In IEEE International Conference on Service-Oriented Computing and Applications, 2007. SOCA ‘07 (pp. 241–248).

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.