A method for modeling and analyzing the security attributes of service-oriented software system

In Service Oriented Architecture (SOA), software is implemented through a series of services and the business processes composed of services which introduce potential security problems. These security problems appeared in SOA software applications usually lead information systems and their business processes to risks. Similar to traditional quality of service (QoS) attributes such as reliability and robustness, security is one of the most important attributes of software system. In this paper, the method for modeling and analyzing the security attributes of SOA software system is investigated. Firstly, the service oriented computing model for security analysis is constructed, which characterizes service computing paradigm and related security attributes, and can be used for establishing service oriented software security metric system. Secondly, the service attack path is analyzed based upon the service oriented computing model. Finally, the effectiveness of the model and the analysis method is validated through case studies.