Security Engineering for Service-Oriented Architectures

From the reviews: The book is an important reference for professionals engaged in designing security-critical SOA systems. The authors provide an in-depth treatment of security engineering methods using advanced model-based design technology. The detailed examples and case studies make the work extremely valuable for practicing engineers as well as students. - Prof. Janos Sztipanovits, Vanderbilt University, Nashville, TN, USA Providing the bridge between business and IT the paradigm of service-oriented architecture has an important impact on the future structuring of IT landscapes. Though security is a crucial requirement for many service oriented systems it is too often handled at a mere technical level. With their book, Hafner and Breu provide a valuable contribution to handle security requirements at the business level and to develop sustainable service oriented solutions. - Prof. Dr. Gregor Engels, University of Paderborn and Scientific Director of sd&m Research, Munich ,Germany Going beyond applied SOA-concepts this book provides a method how to model and integrate security aspects. Including a proof of concept and practical experiences of two real projects it provides a useful reference to everyone dealing with SOA-requirements. - Alexander Lechner, Senior Technical Consultant, world-direct eBusiness/Telekom Austria Even as a security professional, skilled in low-level computer security mechanisms and details, I cannot ignore the ever growing requests and demands of implementing and enforcing security at higher-levels of the system stack and consider the tremendous advantages of large scale service-oriented architectures for modern software engineering efforts. The model-driven security engineering approach as described here by Hafner and Breu provides an excellent introduction into the very practical and useful topic of modeling and understanding the overall system security at a very high level and then transforming it into lower policy languages. This book does an excellent job in describing the underlying principles and methodologies of this approach. It offers a solution to the dream of practical security architects to understand and describe very abstract and subtle security requirements through high-level models and how to transform those models into enforceable code by transforming the models into executables. The presented methodology has the real potential to make a strong impact on how to build Trusted Platforms in the near future - simply generate them from high-level models. - Dr. Jean-Pierre Seifert, Director Trusted Platform Laboratory, Samsung Electronics Research, San Jose, CA, USA This extremely valuable book for IT professionals covers these emerging topics of SOA and security. ... provide a sound methodological and technical basis for the engineering of security-critical scenarios. The intended audience includes industry professionals and software architects, but it might also be useful to graduate-level students with an orientation in practical/implementation matters. ... Most of the chapters contain a lot of figures that are very helpful in understanding the presented material. ... To conclude, this is a nice, extremely useful book for practitioners. (M. Ivanovic, ACM Computing Reviews, April, 2009)