Ontology-Driven Modeling Framework for SOA Security Patterns

Tracking #: 1539-2751

This paper is currently under review
Ashish Kumar Dwivedi
Santanu Kumar Rath

Responsible editor: 
Marta Sabou

Submission type: 
Full Paper
Securing an application based on Service Oriented Architecture provides defenses against a number of threats arising from exposing applications and data to the Internet. A good number of security guidelines are available to apply security in web applications. But these guidelines are sometimes difficult to understand and generate inconsistencies. Security guidelines are often represented as security patterns to build and test new security mechanism. These patterns are nothing but design guidelines, but they have certain limitations in terms of consistency and usability. Hence, application of security patterns may be even insecure. To resolve this problem, a suitable modeling and analysis technique need to be required. In study, an ontology-based modeling and refinement framework is proposed for the web service security. In order to maximize comprehensibility, UML (Unified Modeling Language) notations are used to represent structural and behavioral aspects of a SOA-based system. Subsequently, a Web Ontology Language (OWL) is considered to model SOA security patterns. For analyzing security requirements, description logic is used. The proposed approach is evaluated in the context of e-Health-Care system by applying the modeling framework to provide the semantic infrastructure for SOA-based security critical system.
Full PDF Version: 
Under Review