Interest in Service Oriented Architecture (SOA) is rapidly increasing in the business world due to the many benefits it offers such as reliability, manageability, re-usability, flexibility, efficiency, and interoperability.

Many security technologies, models and systems have been developed for SOA, covering one or a combination of security aspects such as authentication, authorization, encryption, trust, confidentiality or access control. Even though many security areas have been thoroughly investigated, many are still unexplored such as integrity protection and SOA intrusion detection systems.

In this thesis we are proposing Service Clark-Wilson Integrity Model (SCWIM), a top down integrity model for SOA capable of describing sufficient conditions to protect data integrity in any SOA implementation based on the original Clark-Wilson Integrity Model. Our model can form the basis for system security audits and assist SOA architects in developing systems that protect data integrity as well as providing guidance for evaluating existing SOA systems.

We are also proposing SOA Specification Based Intrusion Detection System capable of detecting intrusions affecting service behaviors in SOA networks. A SOA testbed was implemented, configured, and modified to accommodate the needs of our research and to work as the base for the development of our specification based IDS. We believe that our IDS will provide a low false negative/positive rate and will be able to detect known and novel attacks that affect the behavior of the monitored services.