The Basics of SOA Security Engineering / Part I: |
Introduction / 1: |
Service Oriented Architecture / 1.1: |
Interoperability and Securitiy Issues in SOA / 1.1.1: |
Model Driven Security Engineering / 1.1.2: |
Problem Description / 1.2: |
Contribution / 1.3: |
ProSecO / 1.3.1: |
Sectet / 1.3.2: |
Related Work / 1.4: |
Model Driven Security / 1.4.1: |
Formal Systems Engineering / 1.4.2: |
Pattern-based Approaches / 1.4.3: |
Tools and Frameworks / 1.4.4: |
Workflow Management / 1.4.5: |
SOA - Standards & Technology / 2: |
Service Oriented Architectures / 2.1: |
Principles of SOA / 2.1.1: |
Motivating Example / 2.1.2: |
Web Services / 2.2: |
Basic Definition / 2.2.1: |
Service Invocation / 2.2.2: |
Service Description and Discovery / 2.2.3: |
The Web Services Specification Stack / 2.3: |
Transport Layer / 2.3.1: |
Messaging Layer / 2.3.2: |
Description Layer / 2.3.3: |
Discovery Layer / 2.3.4: |
Quality of Service Layer / 2.3.5: |
Web Services Security Standards / 2.3.6: |
Services Composition Layer / 2.3.7: |
Basic Concepts of SOA Security / 3: |
What Is (SOA) Security? / 3.1: |
Security Objectives / 3.2: |
Security Policies / 3.3: |
Basic Security Policies / 3.3.1: |
Policy Models / 3.3.2: |
Advanced Security Policies / 3.3.3: |
Security Analysis / 3.4: |
Security Requirements / 3.4.1: |
Attacks / 3.4.2: |
Confidentiality, Integrity, and Authenticity / 3.5: |
Authentication / 3.5.2: |
Advanced Web Services Security Standards / 3.5.3: |
Domain Architectures / 4: |
Model Driven Software Development / 4.1: |
The Unified Modeling Language / 4.1.1: |
The Meta-Object Facility / 4.1.2: |
Model Driven Architecture / 4.1.3: |
A Definition of Model Driven Software Development / 4.1.5: |
Domain Specific Languages / 4.3: |
The Target Architecture / 4.4: |
Model-(to-model-)to-code Transformation / 4.5: |
Domain Architecture / 4.6: |
Framework / 4.7: |
Definition / 4.8: |
Extensions to the Problem Space / 4.8.2: |
Realizing SOA Security / Part II: |
Sectino - A Motivating Case Study from E-Government / 5: |
Problem Context / 5.1: |
Project Mission / 5.2: |
Expected Benefits / 5.3: |
Scenario Description / 5.4: |
Requirements / 5.4.1: |
Results / 5.4.2: |
Overview / 6: |
Modularity / 6.1.1: |
Traceability / 6.1.2: |
Model-driven Configuration of Security Services / 6.1.3: |
Tight Integration of Functional and Security Aspects / 6.1.4: |
Security as a Process / 6.1.5: |
Functional System View / 6.2: |
Level of Interaction / 6.2.1: |
Level of Abstraction / 6.2.2: |
Functional Meta-models / 6.2.3: |
Global Functional Meta-model / 6.2.4: |
Local Functional Meta-model / 6.2.5: |
Security Analysis Process / 6.3: |
Security Concepts / 6.3.1: |
The Security Micro-process / 6.3.2: |
Elaborate Functional Model / 6.3.3: |
Define Security Objectives / 6.3.4: |
Identify Dependencies / 6.3.5: |
Security Requirements Engineering / 6.3.6: |
Threat and Risk Analysis / 6.3.7: |
Security Control Engineering / 6.3.8: |
Access Control / 6.4: |
Standards and Baseline Protection / 6.5: |
Security Management / 6.5.2: |
Security Analysis in the Software Process / 6.5.3: |
Formal Approaches to Security Requirements Specification / 6.5.4: |
Modeling Security Critical SOA Applications / 7: |
The Sectet Domain Specific Language / 7.1: |
Domain Definition / 7.1.1: |
Global Worklfow / 7.1.2: |
Local Worklfow / 7.1.3: |
Sectet Model Views / 7.1.4: |
The DSL Meta-models / 7.1.5: |
The Workflow View / 7.2.1: |
The Interface View / 7.2.2: |
Integrating Security into the DSL / 7.3: |
Enforcing Security with the Sectet Reference Architecture / 8: |
Architectural Blueprint / 8.1: |
Components / 8.2: |
Service Components / 8.2.1: |
Security Components / 8.2.2: |
Supporting Security Components / 8.2.3: |
Communication Protocols / 8.3: |
Enforcing Confidentiality and Integrity / 8.3.1: |
Enforcing Non-repudiation / 8.3.2: |
Component Configuration / 8.4: |
Inbound Messaging - (Executable Security Policy File) / 8.4.1: |
Outbound Messaging - (Executable Security Policy Files) / 8.4.2: |
Request for Compliance Check / 8.4.3: |
Response Request for Compliance Check / 8.4.4: |
Technology and Standards / 8.4.5: |
Model Transformation & Code Generation / 9: |
Transformations in the Sectet-Framework / 9.1: |
The Generation of Security Artefacts / 9.1.1: |
The Generation of Services Artefacts / 9.1.2: |
Security Transformations / 9.2: |
Inbound Policy File / 9.2.1: |
Outbound Policy Files / 9.2.2: |
Services Transformations / 9.3: |
Global Workflow to Local Workflow Translation / 9.3.1: |
Global Workflow to WSDL Description / 9.3.2: |
Global Workflow to XSD Schema Template / 9.3.3: |
Implementing Transformation / 9.4: |
Template Based Transformations / 9.4.1: |
Meta-model Based Transformations / 9.4.2: |
Software & Security Management / 10: |
Tool Chain / 10.1: |
Modeling / 10.1.1: |
Code Generation / 10.1.2: |
Build Tools and Integrated Development Environments / 10.1.3: |
The Realization Process / 10.1.4: |
The Engineering Process / 10.1.5: |
The Deployment Process / 10.2: |
Extending Sectet: Advanced Security Policy Modeling / 11: |
Motivation / 11.1: |
Extending the DSL / 11.2: |
A New Security Objective / 11.2.1: |
Introducing the RBAC Policy Model / 11.2.2: |
Modeling Policies with Dynamic Constraints / 11.3: |
Sectet-PL / 11.3.1: |
Static RBAC / 11.3.2: |
Dynamic RBAC / 11.3.3: |
Rights Delegation / 11.3.4: |
Integrating Sectet-PL into the Sectet- Framework / 11.4: |
Metamodel Extensions / 11.4.1: |
Sectet-PL - Abstract Syntax / 11.4.2: |
Extending the Reference Architecture / 11.5: |
Access Control, Delegation and Privacy Policies / 11.5.1: |
Protocol Extensions / 11.5.2: |
PDP Extensions / 11.5.3: |
Sectet-PL Transformations / 11.6: |
Modeling Advanced Use Cases with Sectet-PL / 11.7: |
Break-Glass Policy (BGP) / 11.7.1: |
4-Eyes-Principle / 11.7.2: |
Usage Control (UC) / 11.7.3: |
Qualified Signature / 11.7.4: |
A Case Study from Healthcare / Part III: |
health@net - A Case Study from Healthcare / 12: |
Background / 12.1: |
The Electronic Healthcare Record / 12.1.1: |
National E-Health Initiatives / 12.1.2: |
Technical Standards for Healthcare / 12.1.3: |
The Austrian Data Privacy Law / 12.1.4: |
health@net / 12.2: |
Organizational Setting / 12.2.1: |
Architectural Concept / 12.2.3: |
health@net - Security Analysis / 12.3: |
Identification of Security Objectives / 12.3.1: |
Engineering of Security Requirements / 12.3.4: |
Conclusion / 12.3.5: |
health@net - Security Concept / 12.4: |
Phase 1: Service-level Security / 12.4.1: |
Phase 2a: Static, Process-level Security / 12.4.2: |
Phase 2b: Dynamic, Process-level Security / 12.4.3: |
Realizing Security with the Sectet-Framework / 12.5: |
Conceptual Background / 12.5.1: |
Model Views / 12.5.2: |
health@net - Phases 2a & 2b / 12.6: |
Use Cases / 12.6.1: |
Security Architecture / 12.6.2: |
Appendices / Part IV: |
Mapping Tables / A: |
Mapping Table for Inbound Policy File / A.1: |
Mapping Table for Outbound Policy Files / A.2: |
Mapping Table for BPEL Files / A.3: |
Mapping Table for BPEL Files (continued) / A.4: |
Mapping Table for WSDL Files / A.5: |
References |
Index |
The Basics of SOA Security Engineering / Part I: |
Introduction / 1: |
Service Oriented Architecture / 1.1: |