Investigating Security in Developed Information Systems through Service oriented Architecture (SOA)

Document Type : Research Paper


1 Assistant Prof., Allameh Tabatabaee University, Tehran, Iran

2 M.Sc. in Information Technology Management, University of Allameh Tabatabaee, Tehran, Iran


The advantages and special characteristics of service oriented architecture and expansion of employing such architecture have brought security topics which are different in some cases from the security principles of traditional information systems. In this article our aim is the examination of various indices of security and the presentation of strategies for security in information systems by service oriented architecture. We hope the results of the research help IT managers make a secure information system and more secure architecture service-oriented. It’s an applied research and its method of operating is descriptive. The most important indices were extracted. Then, the statistical population was questioned about them. It was analyzed after gathering data through T-test. Then the most important indices and their related sub indices prioritized through hierarchical analysis of the data.


ایزدی، م. (1389). امنیت در سیستمهای اطلاعاتی توسعهیافته با روش معماری سرویس­گرا. پایان‎نامه کارشناسی ارشد رشته مدیریت فناوری اطلاعات، دانشکده مدیریت، دانشگاه علامه طباطبایی.
دارا، ع. (1388). معماری سرویس­گرا با بررسی دیدگاههای امنیتی آن، سمینار کارشناسی ارشد. دانشگاه آزاد اسلامی واحد علوم و تحقیقات.
Afshar, M., Kavantzas, N., Turlapati, R. (2006). Best Practices for Securing Your SOA: A Holistic Approach. Java Developers Journal,
Brose, G. (2003). Service Web Services with SOAP Security Proxies. Proceeding of the 13th International Conference, 7-9 September, Dresden, Germany.
Buecker, A., Ashley, P. & Borrett, M., Readshaw, N. (2007). Understanding SOA Security Design and Implementation.International Technical Support Organization, Brussels,IBM redbook Publication
Candolin, C. (2007). A Security Framework for Service Oriented Architectures. Proceeding of the 5th Military Communications Conference,15-17 October, Florida.
Casola,V. (2007). A Policy-Based Evaluation for Quality and Security in Service Oriented Architectures. 6th IEEE International Conference Web Services, 3-5 May, Leipzig, Germany.
Chodavarapu,  P. and Kanneganti, R. (2007). SOA Security. 8th International Conference Web Services, 10-12 December, Grenoble, France.
Fareghzadeh, N. (2009). Web Service Security Method To SOA Development. World Academy of Science Engineering and Technology, 49(5): 36-48.
Hafner, M. (2009). Security Engineering for Service-oriented Architecture. 6th IEEE International Conference Web Services, 6-8 February, Heidlelberg, Germany.
Hammar, K. (2006). Towards a Stochastic Model for Integrated Security and Depend Ability Evaluation. Proceeding of the 9th International Conference on Availability, Reliability and Security, 3-5July, Washington.
Hangjung, Z., Nazareth, D. (2010). Security and Performance in Service-oriented Application: Trading off Competing Objectives. Decision support system, 50(8) 336-346.
Heather, H., Hondo, M. (2005). Security Patterns within a Service-Oriented Architecture. International Journal of Information Security,
7(3): 23-34.
Jonnaganti, V. (2009). An integrated Security Model for the Management of SOA. Master Thesis Work in Software Engineering and Management.
Menzel, M. (2007). SOA Security- secures Cross- Organizational Service Composition. Stuttgarter Software Technik Forum, 21(4): 41-53.
Rosado, D. Eduardo, F. (2011). Security Services Architecture for Secure Mobile Grid Systems. Journal of Systems Architecture: the EUROMICRO Journal, 57(5): 240-258.
Siming, K. & Babar, M. (2010). Modeling Security for Service Oriented Applications. Proceeding of The 8th European Conference on Software Architecture, 13-15 May, Nottingham.
Weilye, K. & Wing, J. (2005). Game Strategies in Network Security. International Journal of Information Security, 4(2): 17-28.
 xiaoming, B. (2006). the Study on Secure Distributed Workflow Architecture Based SOA. Proceeding of the 4th International Conference on Power System Technology, 8-10july, florida.
 Yamany, H., Miriam, C. (2010). Intelligent Security and Access Control Framework for Secure-Oriented architecture. Information and Software Technology, 25 (2): 220-236.
Yue, H. & Tao, X. (2012). Web Services Security Problem Insecure-oriented Architecture. International Conference on Applied Physics and Industrial Engineering, 24(6): 1635-1641.