E2SM: a security tool for adaptive cloud‐based service‐oriented applications

Abstract

The issue of security in the distributed system landscape of a service-oriented architecture (SOA) is a challenging one. No longer is it limited to a local application or an application domain, security must now work across a range of applications and business processes interacting with each other. This is even more true when SOA-based applications are provisioned in the cloud. Firstly, cloud applications components, and the data they might handle, that were once silos, are now being exposed as services by distinct and distrusted tenants. Secondly, such applications are often adaptive when they are provisioned in cloud environments. This study proposes an end-to-end security model (E2SM) that aims to protect data confidentiality in adaptive cloud-based SOA applications. E2SM allows the setting of data-centric security policies that go beyond services boundaries. First, security configuration is automatically calculated starting from a few intuitive business-oriented security settings. Then, the configuration is updated with minimal overhead if security policies are dynamically modified and/or SOA architecture is reconfigured. A security tool is implemented according to the proposed model. As for validation, the tool was used to secure a healthcare business process.