Extending a secure system development methodology to SOA

Abstract

The design of secure service-oriented architectures presents a new set of challenges for the designer. While security standards do provide some solutions, a secure system is one in which security is built in right from the start, not after a design approach has been decided. We have presented a methodology to build secure systems using patterns. We extend it now to service-oriented analysis and design, adapting the use of a tree with architectural decisions to include also security decisions. This decision tree makes architectural knowledge explicit and reusable and has value on its own right, independent of SOA and our methodology. © 2007 IEEE.