Service Oriented Architecture (SOA) Security Models

Thumbnail Image
Al-kofahi, Majd
Major Professor
Thomas E. Daniels
Committee Member
Journal Title
Journal ISSN
Volume Title
Research Projects
Organizational Units
Organizational Unit
Electrical and Computer Engineering

The Department of Electrical and Computer Engineering (ECpE) contains two focuses. The focus on Electrical Engineering teaches students in the fields of control systems, electromagnetics and non-destructive evaluation, microelectronics, electric power & energy systems, and the like. The Computer Engineering focus teaches in the fields of software systems, embedded systems, networking, information security, computer architecture, etc.

The Department of Electrical Engineering was formed in 1909 from the division of the Department of Physics and Electrical Engineering. In 1985 its name changed to Department of Electrical Engineering and Computer Engineering. In 1995 it became the Department of Electrical and Computer Engineering.

Dates of Existence

Historical Names

  • Department of Electrical Engineering (1909-1985)
  • Department of Electrical Engineering and Computer Engineering (1985-1995)

Related Units

Journal Issue
Is Version Of

Interest in Service Oriented Architecture (SOA) is rapidly increasing in the business world due to the many benefits it offers such as reliability, manageability, re-usability, flexibility, efficiency, and interoperability.

Many security technologies, models and systems have been developed for SOA, covering one or a combination of security aspects such as authentication, authorization, encryption, trust, confidentiality or access control. Even though many security areas have been thoroughly investigated, many are still unexplored such as integrity protection and SOA intrusion detection systems.

In this thesis we are proposing Service Clark-Wilson Integrity Model (SCWIM), a top down integrity model for SOA capable of describing sufficient conditions to protect data integrity in any SOA implementation based on the original Clark-Wilson Integrity Model. Our model can form the basis for system security audits and assist SOA architects in developing systems that protect data integrity as well as providing guidance for evaluating existing SOA systems.

We are also proposing SOA Specification Based Intrusion Detection System capable of detecting intrusions affecting service behaviors in SOA networks. A SOA testbed was implemented, configured, and modified to accommodate the needs of our research and to work as the base for the development of our specification based IDS. We believe that our IDS will provide a low false negative/positive rate and will be able to detect known and novel attacks that affect the behavior of the monitored services.

Sat Jan 01 00:00:00 UTC 2011