close
1.

電子ブック

EB
Michael Hafner, Ruth Breu
出版情報: Springer eBooks Computer Science , Springer Berlin Heidelberg, 2009
所蔵情報: loading…
目次情報: 続きを見る
The Basics of SOA Security Engineering / Part I:
Introduction / 1:
Service Oriented Architecture / 1.1:
Interoperability and Securitiy Issues in SOA / 1.1.1:
Model Driven Security Engineering / 1.1.2:
Problem Description / 1.2:
Contribution / 1.3:
ProSecO / 1.3.1:
Sectet / 1.3.2:
Related Work / 1.4:
Model Driven Security / 1.4.1:
Formal Systems Engineering / 1.4.2:
Pattern-based Approaches / 1.4.3:
Tools and Frameworks / 1.4.4:
Workflow Management / 1.4.5:
SOA - Standards & Technology / 2:
Service Oriented Architectures / 2.1:
Principles of SOA / 2.1.1:
Motivating Example / 2.1.2:
Web Services / 2.2:
Basic Definition / 2.2.1:
Service Invocation / 2.2.2:
Service Description and Discovery / 2.2.3:
The Web Services Specification Stack / 2.3:
Transport Layer / 2.3.1:
Messaging Layer / 2.3.2:
Description Layer / 2.3.3:
Discovery Layer / 2.3.4:
Quality of Service Layer / 2.3.5:
Web Services Security Standards / 2.3.6:
Services Composition Layer / 2.3.7:
Basic Concepts of SOA Security / 3:
What Is (SOA) Security? / 3.1:
Security Objectives / 3.2:
Security Policies / 3.3:
Basic Security Policies / 3.3.1:
Policy Models / 3.3.2:
Advanced Security Policies / 3.3.3:
Security Analysis / 3.4:
Security Requirements / 3.4.1:
Attacks / 3.4.2:
Confidentiality, Integrity, and Authenticity / 3.5:
Authentication / 3.5.2:
Advanced Web Services Security Standards / 3.5.3:
Domain Architectures / 4:
Model Driven Software Development / 4.1:
The Unified Modeling Language / 4.1.1:
The Meta-Object Facility / 4.1.2:
Model Driven Architecture / 4.1.3:
A Definition of Model Driven Software Development / 4.1.5:
Domain Specific Languages / 4.3:
The Target Architecture / 4.4:
Model-(to-model-)to-code Transformation / 4.5:
Domain Architecture / 4.6:
Framework / 4.7:
Definition / 4.8:
Extensions to the Problem Space / 4.8.2:
Realizing SOA Security / Part II:
Sectino - A Motivating Case Study from E-Government / 5:
Problem Context / 5.1:
Project Mission / 5.2:
Expected Benefits / 5.3:
Scenario Description / 5.4:
Requirements / 5.4.1:
Results / 5.4.2:
Overview / 6:
Modularity / 6.1.1:
Traceability / 6.1.2:
Model-driven Configuration of Security Services / 6.1.3:
Tight Integration of Functional and Security Aspects / 6.1.4:
Security as a Process / 6.1.5:
Functional System View / 6.2:
Level of Interaction / 6.2.1:
Level of Abstraction / 6.2.2:
Functional Meta-models / 6.2.3:
Global Functional Meta-model / 6.2.4:
Local Functional Meta-model / 6.2.5:
Security Analysis Process / 6.3:
Security Concepts / 6.3.1:
The Security Micro-process / 6.3.2:
Elaborate Functional Model / 6.3.3:
Define Security Objectives / 6.3.4:
Identify Dependencies / 6.3.5:
Security Requirements Engineering / 6.3.6:
Threat and Risk Analysis / 6.3.7:
Security Control Engineering / 6.3.8:
Access Control / 6.4:
Standards and Baseline Protection / 6.5:
Security Management / 6.5.2:
Security Analysis in the Software Process / 6.5.3:
Formal Approaches to Security Requirements Specification / 6.5.4:
Modeling Security Critical SOA Applications / 7:
The Sectet Domain Specific Language / 7.1:
Domain Definition / 7.1.1:
Global Worklfow / 7.1.2:
Local Worklfow / 7.1.3:
Sectet Model Views / 7.1.4:
The DSL Meta-models / 7.1.5:
The Workflow View / 7.2.1:
The Interface View / 7.2.2:
Integrating Security into the DSL / 7.3:
Enforcing Security with the Sectet Reference Architecture / 8:
Architectural Blueprint / 8.1:
Components / 8.2:
Service Components / 8.2.1:
Security Components / 8.2.2:
Supporting Security Components / 8.2.3:
Communication Protocols / 8.3:
Enforcing Confidentiality and Integrity / 8.3.1:
Enforcing Non-repudiation / 8.3.2:
Component Configuration / 8.4:
Inbound Messaging - (Executable Security Policy File) / 8.4.1:
Outbound Messaging - (Executable Security Policy Files) / 8.4.2:
Request for Compliance Check / 8.4.3:
Response Request for Compliance Check / 8.4.4:
Technology and Standards / 8.4.5:
Model Transformation & Code Generation / 9:
Transformations in the Sectet-Framework / 9.1:
The Generation of Security Artefacts / 9.1.1:
The Generation of Services Artefacts / 9.1.2:
Security Transformations / 9.2:
Inbound Policy File / 9.2.1:
Outbound Policy Files / 9.2.2:
Services Transformations / 9.3:
Global Workflow to Local Workflow Translation / 9.3.1:
Global Workflow to WSDL Description / 9.3.2:
Global Workflow to XSD Schema Template / 9.3.3:
Implementing Transformation / 9.4:
Template Based Transformations / 9.4.1:
Meta-model Based Transformations / 9.4.2:
Software & Security Management / 10:
Tool Chain / 10.1:
Modeling / 10.1.1:
Code Generation / 10.1.2:
Build Tools and Integrated Development Environments / 10.1.3:
The Realization Process / 10.1.4:
The Engineering Process / 10.1.5:
The Deployment Process / 10.2:
Extending Sectet: Advanced Security Policy Modeling / 11:
Motivation / 11.1:
Extending the DSL / 11.2:
A New Security Objective / 11.2.1:
Introducing the RBAC Policy Model / 11.2.2:
Modeling Policies with Dynamic Constraints / 11.3:
Sectet-PL / 11.3.1:
Static RBAC / 11.3.2:
Dynamic RBAC / 11.3.3:
Rights Delegation / 11.3.4:
Integrating Sectet-PL into the Sectet- Framework / 11.4:
Metamodel Extensions / 11.4.1:
Sectet-PL - Abstract Syntax / 11.4.2:
Extending the Reference Architecture / 11.5:
Access Control, Delegation and Privacy Policies / 11.5.1:
Protocol Extensions / 11.5.2:
PDP Extensions / 11.5.3:
Sectet-PL Transformations / 11.6:
Modeling Advanced Use Cases with Sectet-PL / 11.7:
Break-Glass Policy (BGP) / 11.7.1:
4-Eyes-Principle / 11.7.2:
Usage Control (UC) / 11.7.3:
Qualified Signature / 11.7.4:
A Case Study from Healthcare / Part III:
health@net - A Case Study from Healthcare / 12:
Background / 12.1:
The Electronic Healthcare Record / 12.1.1:
National E-Health Initiatives / 12.1.2:
Technical Standards for Healthcare / 12.1.3:
The Austrian Data Privacy Law / 12.1.4:
health@net / 12.2:
Organizational Setting / 12.2.1:
Architectural Concept / 12.2.3:
health@net - Security Analysis / 12.3:
Identification of Security Objectives / 12.3.1:
Engineering of Security Requirements / 12.3.4:
Conclusion / 12.3.5:
health@net - Security Concept / 12.4:
Phase 1: Service-level Security / 12.4.1:
Phase 2a: Static, Process-level Security / 12.4.2:
Phase 2b: Dynamic, Process-level Security / 12.4.3:
Realizing Security with the Sectet-Framework / 12.5:
Conceptual Background / 12.5.1:
Model Views / 12.5.2:
health@net - Phases 2a & 2b / 12.6:
Use Cases / 12.6.1:
Security Architecture / 12.6.2:
Appendices / Part IV:
Mapping Tables / A:
Mapping Table for Inbound Policy File / A.1:
Mapping Table for Outbound Policy Files / A.2:
Mapping Table for BPEL Files / A.3:
Mapping Table for BPEL Files (continued) / A.4:
Mapping Table for WSDL Files / A.5:
References
Index
The Basics of SOA Security Engineering / Part I:
Introduction / 1:
Service Oriented Architecture / 1.1:
2.

電子ブック

EB
Michael Hafner, Ruth Breu
出版情報: SpringerLink Books - AutoHoldings , Springer Berlin Heidelberg, 2009
所蔵情報: loading…
目次情報: 続きを見る
The Basics of SOA Security Engineering / Part I:
Introduction / 1:
Service Oriented Architecture / 1.1:
Interoperability and Securitiy Issues in SOA / 1.1.1:
Model Driven Security Engineering / 1.1.2:
Problem Description / 1.2:
Contribution / 1.3:
ProSecO / 1.3.1:
Sectet / 1.3.2:
Related Work / 1.4:
Model Driven Security / 1.4.1:
Formal Systems Engineering / 1.4.2:
Pattern-based Approaches / 1.4.3:
Tools and Frameworks / 1.4.4:
Workflow Management / 1.4.5:
SOA - Standards & Technology / 2:
Service Oriented Architectures / 2.1:
Principles of SOA / 2.1.1:
Motivating Example / 2.1.2:
Web Services / 2.2:
Basic Definition / 2.2.1:
Service Invocation / 2.2.2:
Service Description and Discovery / 2.2.3:
The Web Services Specification Stack / 2.3:
Transport Layer / 2.3.1:
Messaging Layer / 2.3.2:
Description Layer / 2.3.3:
Discovery Layer / 2.3.4:
Quality of Service Layer / 2.3.5:
Web Services Security Standards / 2.3.6:
Services Composition Layer / 2.3.7:
Basic Concepts of SOA Security / 3:
What Is (SOA) Security? / 3.1:
Security Objectives / 3.2:
Security Policies / 3.3:
Basic Security Policies / 3.3.1:
Policy Models / 3.3.2:
Advanced Security Policies / 3.3.3:
Security Analysis / 3.4:
Security Requirements / 3.4.1:
Attacks / 3.4.2:
Confidentiality, Integrity, and Authenticity / 3.5:
Authentication / 3.5.2:
Advanced Web Services Security Standards / 3.5.3:
Domain Architectures / 4:
Model Driven Software Development / 4.1:
The Unified Modeling Language / 4.1.1:
The Meta-Object Facility / 4.1.2:
Model Driven Architecture / 4.1.3:
A Definition of Model Driven Software Development / 4.1.5:
Domain Specific Languages / 4.3:
The Target Architecture / 4.4:
Model-(to-model-)to-code Transformation / 4.5:
Domain Architecture / 4.6:
Framework / 4.7:
Definition / 4.8:
Extensions to the Problem Space / 4.8.2:
Realizing SOA Security / Part II:
Sectino - A Motivating Case Study from E-Government / 5:
Problem Context / 5.1:
Project Mission / 5.2:
Expected Benefits / 5.3:
Scenario Description / 5.4:
Requirements / 5.4.1:
Results / 5.4.2:
Overview / 6:
Modularity / 6.1.1:
Traceability / 6.1.2:
Model-driven Configuration of Security Services / 6.1.3:
Tight Integration of Functional and Security Aspects / 6.1.4:
Security as a Process / 6.1.5:
Functional System View / 6.2:
Level of Interaction / 6.2.1:
Level of Abstraction / 6.2.2:
Functional Meta-models / 6.2.3:
Global Functional Meta-model / 6.2.4:
Local Functional Meta-model / 6.2.5:
Security Analysis Process / 6.3:
Security Concepts / 6.3.1:
The Security Micro-process / 6.3.2:
Elaborate Functional Model / 6.3.3:
Define Security Objectives / 6.3.4:
Identify Dependencies / 6.3.5:
Security Requirements Engineering / 6.3.6:
Threat and Risk Analysis / 6.3.7:
Security Control Engineering / 6.3.8:
Access Control / 6.4:
Standards and Baseline Protection / 6.5:
Security Management / 6.5.2:
Security Analysis in the Software Process / 6.5.3:
Formal Approaches to Security Requirements Specification / 6.5.4:
Modeling Security Critical SOA Applications / 7:
The Sectet Domain Specific Language / 7.1:
Domain Definition / 7.1.1:
Global Worklfow / 7.1.2:
Local Worklfow / 7.1.3:
Sectet Model Views / 7.1.4:
The DSL Meta-models / 7.1.5:
The Workflow View / 7.2.1:
The Interface View / 7.2.2:
Integrating Security into the DSL / 7.3:
Enforcing Security with the Sectet Reference Architecture / 8:
Architectural Blueprint / 8.1:
Components / 8.2:
Service Components / 8.2.1:
Security Components / 8.2.2:
Supporting Security Components / 8.2.3:
Communication Protocols / 8.3:
Enforcing Confidentiality and Integrity / 8.3.1:
Enforcing Non-repudiation / 8.3.2:
Component Configuration / 8.4:
Inbound Messaging - (Executable Security Policy File) / 8.4.1:
Outbound Messaging - (Executable Security Policy Files) / 8.4.2:
Request for Compliance Check / 8.4.3:
Response Request for Compliance Check / 8.4.4:
Technology and Standards / 8.4.5:
Model Transformation & Code Generation / 9:
Transformations in the Sectet-Framework / 9.1:
The Generation of Security Artefacts / 9.1.1:
The Generation of Services Artefacts / 9.1.2:
Security Transformations / 9.2:
Inbound Policy File / 9.2.1:
Outbound Policy Files / 9.2.2:
Services Transformations / 9.3:
Global Workflow to Local Workflow Translation / 9.3.1:
Global Workflow to WSDL Description / 9.3.2:
Global Workflow to XSD Schema Template / 9.3.3:
Implementing Transformation / 9.4:
Template Based Transformations / 9.4.1:
Meta-model Based Transformations / 9.4.2:
Software & Security Management / 10:
Tool Chain / 10.1:
Modeling / 10.1.1:
Code Generation / 10.1.2:
Build Tools and Integrated Development Environments / 10.1.3:
The Realization Process / 10.1.4:
The Engineering Process / 10.1.5:
The Deployment Process / 10.2:
Extending Sectet: Advanced Security Policy Modeling / 11:
Motivation / 11.1:
Extending the DSL / 11.2:
A New Security Objective / 11.2.1:
Introducing the RBAC Policy Model / 11.2.2:
Modeling Policies with Dynamic Constraints / 11.3:
Sectet-PL / 11.3.1:
Static RBAC / 11.3.2:
Dynamic RBAC / 11.3.3:
Rights Delegation / 11.3.4:
Integrating Sectet-PL into the Sectet- Framework / 11.4:
Metamodel Extensions / 11.4.1:
Sectet-PL - Abstract Syntax / 11.4.2:
Extending the Reference Architecture / 11.5:
Access Control, Delegation and Privacy Policies / 11.5.1:
Protocol Extensions / 11.5.2:
PDP Extensions / 11.5.3:
Sectet-PL Transformations / 11.6:
Modeling Advanced Use Cases with Sectet-PL / 11.7:
Break-Glass Policy (BGP) / 11.7.1:
4-Eyes-Principle / 11.7.2:
Usage Control (UC) / 11.7.3:
Qualified Signature / 11.7.4:
A Case Study from Healthcare / Part III:
health@net - A Case Study from Healthcare / 12:
Background / 12.1:
The Electronic Healthcare Record / 12.1.1:
National E-Health Initiatives / 12.1.2:
Technical Standards for Healthcare / 12.1.3:
The Austrian Data Privacy Law / 12.1.4:
health@net / 12.2:
Organizational Setting / 12.2.1:
Architectural Concept / 12.2.3:
health@net - Security Analysis / 12.3:
Identification of Security Objectives / 12.3.1:
Engineering of Security Requirements / 12.3.4:
Conclusion / 12.3.5:
health@net - Security Concept / 12.4:
Phase 1: Service-level Security / 12.4.1:
Phase 2a: Static, Process-level Security / 12.4.2:
Phase 2b: Dynamic, Process-level Security / 12.4.3:
Realizing Security with the Sectet-Framework / 12.5:
Conceptual Background / 12.5.1:
Model Views / 12.5.2:
health@net - Phases 2a & 2b / 12.6:
Use Cases / 12.6.1:
Security Architecture / 12.6.2:
Appendices / Part IV:
Mapping Tables / A:
Mapping Table for Inbound Policy File / A.1:
Mapping Table for Outbound Policy Files / A.2:
Mapping Table for BPEL Files / A.3:
Mapping Table for BPEL Files (continued) / A.4:
Mapping Table for WSDL Files / A.5:
References
Index
The Basics of SOA Security Engineering / Part I:
Introduction / 1:
Service Oriented Architecture / 1.1:
文献の複写および貸借の依頼を行う
 文献複写・貸借依頼