Show simple item record

dc.contributor.advisorSkramstad, Torbjørnnb_NO
dc.contributor.advisorMellati, Armaznb_NO
dc.contributor.authorRodem, Magnenb_NO
dc.date.accessioned2014-12-19T13:33:47Z
dc.date.available2014-12-19T13:33:47Z
dc.date.created2010-09-04nb_NO
dc.date.issued2008nb_NO
dc.identifier348639nb_NO
dc.identifierntnudaim:4095nb_NO
dc.identifier.urihttp://hdl.handle.net/11250/251271
dc.description.abstractIn a service-oriented architecture (SOA), parts of software applications are made available as services. These services can be combined across multiple applications, technologies, and organizations. As a result, functionality can be more easily reused, and new business processes can be assembled at a low cost. However, as more functionality is exposed outside of the traditional boundaries of applications, new approaches to security are needed. While SOA shares many of the security threats of traditional systems, the countermeasures to some of these threats may differ. Most notably, eavesdropping, data tampering, and replay attacks must be countered on the message level in a complex SOA environment. In addition, the open and distributed nature of SOA leads to new ways of handling authentication, authorization, logging, and monitoring. Web Services are the most popular way of realizing SOA in practice, and make use of a set of standards such as WS-Security, XML Encryption, XML Signature, and SAML for handling these new security approaches. Guidelines exist for development of secure software systems, and provide recommendations for things to do or to avoid. In this thesis, I use my findings with regard to security challenges, threats, and countermeasures to create a set of security guidelines that should be applied during requirements engineering and design of a SOA. Practical use of these guidelines is demonstrated by applying them during development of a SOA-based system. This system imports personal data into multiple administrative systems managed by UNINETT FAS, and is designed using Web Services and XML-based security standards. Through this practical demonstration, I show that my guidelines can be used as a reference for making appropriate security decisions during development of a SOA.nb_NO
dc.languageengnb_NO
dc.publisherInstitutt for datateknikk og informasjonsvitenskapnb_NO
dc.subjectntnudaimno_NO
dc.subjectSIF2 datateknikkno_NO
dc.subjectProgram- og informasjonssystemerno_NO
dc.titleSecurity in a Service-Oriented Architecturenb_NO
dc.typeMaster thesisnb_NO
dc.source.pagenumber116nb_NO
dc.contributor.departmentNorges teknisk-naturvitenskapelige universitet, Fakultet for informasjonsteknologi, matematikk og elektroteknikk, Institutt for datateknikk og informasjonsvitenskapnb_NO


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record