Global ETD Search

11	Atestamento em arquitetura aberta de serviços (SOA): um arcabouço para validação de legitimidade dos consumidores de serviços e seus dispositivos de acesso. / Validation of consumers in services oriented architecture (SOA): a framework to validate legitimacy of service consumers and their access means. Silva, Richard Flávio da 17 June 2010 (has links) Em Arquiteturas Abertas e Orientadas a Serviços (Service Oriented Architectures - SOA) a preocupação com a área de segurança tem recebido importante atenção no desenho das aplicações em função das vulnerabilidades intrínsecas associadas a este novo paradigma. Este trabalho tem por objetivo propor um arcabouço para o desenvolvimento seguro de aplicações em SOA, com foco nos aspectos de segurança através da validação dos consumidores de serviços e seus dispositivos de acesso. Para este objetivo, foi conduzido um estudo sobre as abordagens tradicionais para a segurança em soluções Web uma vez que esta é a plataforma predominante na implementação de soluções SOA. Neste estudo, foi identificado que uma área fértil para contribuição à segurança em soluções SOA é o atestamento dos componentes ou programas consumidores de serviços. Por atestamento, deve-se entender um processo de verificação da legitimidade dos participantes (indivíduos, hardware e software) de uma cadeia de acesso. Como resultado deste trabalho, foi proposto um arcabouço, denominado ASACS (Arcabouço para Segurança por Atestamento dos Consumidores de Serviços), para controle de acesso aos serviços baseado na validação de etapas de atestamento dos consumidores. Estas etapas vão desde o fornecimento de informações sobre a plataforma de execução dos consumidores até a análise comportamental para definir o grau de confiança de cada consumidor em uma rede distribuída de serviços. A utilização do arcabouço traz um importante reforço à segurança ao buscar a negação de acesso a consumidores mal intencionados, não legítimos ou que tenham sido alvo de ataque. Como principal contribuição, este arcabouço orienta uma abordagem estruturada para a validação de legitimidade dos consumidores e de seus dispositivos e programas de acesso, resultando na necessidade de um aumento dos esforços requeridos para um ataque na tentativa de violar a segurança dos serviços oferecidos. / In Service Oriented Architectures (SOA) the concern with security has received important focus on solution design as a consequence of intrinsic vulnerabilities at the basis of this new paradigm. This work proposes a framework to secure development of SOA applications, with a special attention to security matters regarding validation of service consumers and its access means. In order to accomplish this goal, it was conducted a research over traditional approaches for security in Web applications, considering that Web platform is definitely dominant for SOA implementation. In this research, validation of service consumers was figured out as a promising area to security enforcement. Validation of service consumers states for a process to verify legitimacy of participants (individuals, hardware and software) in an access chain. As result of this work, it was proposed the framework ASACS designed to control accesses to service providers based on consumers legitimacy validation stages. Such validation stages cover since a check of client stations boot stack layers until a behavioral monitoring to graduate trust levels for each consumer in a network of distributed services. The framework adoption promotes security enforcement while avoiding access from malicious consumers, non legitimate ones or genuine consumers compromised by an attacker. As principal contribution, this framework guides to a structured approach to validate legitimacy of consumers and its programs and access means, requiring higher levels of efforts to an attack attempting violate the security of published services. Atestamento Autenticação Authentication Legitimacy Security Segurança SOA SOA Web Web
12	Atestamento em arquitetura aberta de serviços (SOA): um arcabouço para validação de legitimidade dos consumidores de serviços e seus dispositivos de acesso. / Validation of consumers in services oriented architecture (SOA): a framework to validate legitimacy of service consumers and their access means. Richard Flávio da Silva 17 June 2010 (has links) Em Arquiteturas Abertas e Orientadas a Serviços (Service Oriented Architectures - SOA) a preocupação com a área de segurança tem recebido importante atenção no desenho das aplicações em função das vulnerabilidades intrínsecas associadas a este novo paradigma. Este trabalho tem por objetivo propor um arcabouço para o desenvolvimento seguro de aplicações em SOA, com foco nos aspectos de segurança através da validação dos consumidores de serviços e seus dispositivos de acesso. Para este objetivo, foi conduzido um estudo sobre as abordagens tradicionais para a segurança em soluções Web uma vez que esta é a plataforma predominante na implementação de soluções SOA. Neste estudo, foi identificado que uma área fértil para contribuição à segurança em soluções SOA é o atestamento dos componentes ou programas consumidores de serviços. Por atestamento, deve-se entender um processo de verificação da legitimidade dos participantes (indivíduos, hardware e software) de uma cadeia de acesso. Como resultado deste trabalho, foi proposto um arcabouço, denominado ASACS (Arcabouço para Segurança por Atestamento dos Consumidores de Serviços), para controle de acesso aos serviços baseado na validação de etapas de atestamento dos consumidores. Estas etapas vão desde o fornecimento de informações sobre a plataforma de execução dos consumidores até a análise comportamental para definir o grau de confiança de cada consumidor em uma rede distribuída de serviços. A utilização do arcabouço traz um importante reforço à segurança ao buscar a negação de acesso a consumidores mal intencionados, não legítimos ou que tenham sido alvo de ataque. Como principal contribuição, este arcabouço orienta uma abordagem estruturada para a validação de legitimidade dos consumidores e de seus dispositivos e programas de acesso, resultando na necessidade de um aumento dos esforços requeridos para um ataque na tentativa de violar a segurança dos serviços oferecidos. / In Service Oriented Architectures (SOA) the concern with security has received important focus on solution design as a consequence of intrinsic vulnerabilities at the basis of this new paradigm. This work proposes a framework to secure development of SOA applications, with a special attention to security matters regarding validation of service consumers and its access means. In order to accomplish this goal, it was conducted a research over traditional approaches for security in Web applications, considering that Web platform is definitely dominant for SOA implementation. In this research, validation of service consumers was figured out as a promising area to security enforcement. Validation of service consumers states for a process to verify legitimacy of participants (individuals, hardware and software) in an access chain. As result of this work, it was proposed the framework ASACS designed to control accesses to service providers based on consumers legitimacy validation stages. Such validation stages cover since a check of client stations boot stack layers until a behavioral monitoring to graduate trust levels for each consumer in a network of distributed services. The framework adoption promotes security enforcement while avoiding access from malicious consumers, non legitimate ones or genuine consumers compromised by an attacker. As principal contribution, this framework guides to a structured approach to validate legitimacy of consumers and its programs and access means, requiring higher levels of efforts to an attack attempting violate the security of published services. Atestamento Autenticação Segurança SOA Web Authentication Legitimacy Security SOA Web
13	Une démarche de conception et d'implémentation de la protection de la vie privée basée sur le contrôle d'accès appliquée aux compositions de services / Design and Implementation of privacy in service compositions Faravelon, Aurélien 02 December 2013 (has links) La vie privée et sa protection sont aujourd'hui largement discutées. Membres de la société civile, juristes ou encore techniciens, nous sommes tous appelés à nous emparer d'une notion que l'on nous présente à la fois comme menacée, désuète ou appartenant à nos libertés fondamentales. Aujourd'hui, les controverses autour de la protection de la vie privée ont pour origine des usages techniques. L'informatisation des fichiers étatiques et les possibilités accrues de surveillance issues des innovations en informatique et, plus récemment, les « usages sociaux » des outils numériques comme les « réseaux sociaux », provoquent de vives réactions. Pourtant, le recours à cette notion, notamment pour protéger les libertés individuelles, est-il complètement satisfaisant alors que, d'une part, les outils à l'origine de sa mise en question suscitent un large engouement, et que, d'autre part, ses contours sont mal définis? Nous adoptons, pour répondre à cette question, une position interdisciplinaire. D'une part, nous enquêtons d'un point de vue philosophique sur la « condition numérique » contemporaine afin d'en saisir les enjeux. Ce faisant, nous établissons que les outils numériques remettent en cause la notion de « frontiére ». Nous montrons simultanément que la possibilité d'une existence séparée est nécessaire pour constituer une subjectivité propre. Se pose alors la question de la mise en pratique d'une telle existence. Nous nous éloignons des approches déontologiques et utilitaristes qui guident actuellement la conception et l'évaluation des outils numériques pour leur préférer une approche fondée sur « l'éthique du souci de soi ». Cette approche nous conduit à établir que le code informatique constitue la structure de la condition numérique et qu'il s'agit de prendre en compte, dés la conception d'une application un ensemble de propriétés, comme la protection de la vie privée. Nous cherchons dans un second temps à aider les concepteurs d'applications à concevoir au mieux et à réaliser des applications qui permettent de protéger la vie privée des utilisateurs et des possesseurs des données. Notre domaine d'application est l'approche orientée services qui est aujourd'hui un largement utilisée. Nous nous concentrons sur son utilisation pour la réalisation d'applications à partir de compositions de services dynamiques et hétérogènes. Nous cherchons à protéger la vie privée à l'aide du contrôle d'accès. Pour ce faire, nous proposons de configurer les propriétés de contrôle d'accès des services au moyen d'une démarche dirigée par les modèles divisée en deux étapes. Au niveau conception, la composition et la politique de contrôle d'accès à un niveau abstrait sont spécifiées par des experts dédiés. Nous estimons que le contrôle d'accès doit être pris en compte dés la conception de l'application afin d'éviter le recours à la programmation manuelle. En rester à un niveau abstrait permet de s'adapter à l'état de la composition et à l'hétérogénéité et au dynamisme des services. Au niveau exécution, notre architecture permet de configurer les services concrets au moyen de proxies responsables de l'exécution du contrôle d'accès. Des transformations de modèles vers textes automatisées permettent de passer d'un niveau à l'autre afin de s'abstraire de la programmation manuelle et de garantir la protection des services concrets par les proxies. Notre approche a été validée par la réalisation d'un prototype et son utilisation sur un cas d'application. / Privacy is hot topic. Lawyers, technicians and plain people are all concerned by this notion. Nowadays, most discussions focus on the effects of digital tools, such as social media or surveillance software. However, privacy is still ill-defined. Moreover, digital tools which endanger privacy are widely used. Should not we leave privacy aside and accept that we are, maybe more than ever, visible ?In this doctoral thesis, I address this question from a twofold viewpoint. I first inquire into the nature of our digital condition from a philosophical standpoint. I claim that digital artifacts rework the implementation of our frontiers, be them geographical or social. However, I contend that such frontiers are necessary. As I show that code defines the structure and the effects of digital tools, I point out that properties such as privacy management should be addressed right from the conception of software applications.Helping out designers to address such properties is the second issue I tackle. I focus on Service-Oriented Computing as it is a widely used paradigm. Most speci- fically, I deal with the composition of heterogenous and dynamic services. I define access control as an efficient mechanism to protect privacy and I propose a twofold generative approach to secure services compositions. The composition and its access control policies are separately defined at an abstract level. An expert is responsible for each of them. As we promote an abstract description of the application, we free the designer from technical complexity. At runtime, we propose an architecture which selects and protects the actual services by hiding them behind proxies which run the access control policy. Automated model transformations permit to generate the application from its specification. We thus bypass manual programming. We have implemented a modeling and execution environment and applied our approach to a use case in order to validate our work. SOC SOA Vie privée SOC SOA Privacy 004
14	Convergência entre BPM-SOA e UML-SOA: uma Análise comparativa de integração e de cenários SOUZA, Brunno Wagner Lemos de 25 February 2016 (has links) Submitted by Fabio Sobreira Campos da Costa (fabio.sobreira@ufpe.br) on 2017-03-02T13:55:41Z No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Dissertação Final-Biblioteca_Brunno.pdf: 2392204 bytes, checksum: ade7199e37779e870f0c3d398da9bb4d (MD5) / Made available in DSpace on 2017-03-02T13:55:41Z (GMT). No. of bitstreams: 2 license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Dissertação Final-Biblioteca_Brunno.pdf: 2392204 bytes, checksum: ade7199e37779e870f0c3d398da9bb4d (MD5) Previous issue date: 2016-02-25 / Neste trabalho, foram investigados e analisados conceitos fundamentais da metodologia de BPM (Business Process Modeling) através de sua notação BPMN (Business Process Modelling Notation), bem como o desenvolvimento de software por meio da UML (Unified Modeling Language), ambas atreladas à arquitetura SOA (Service-Oriented Architecture), com o objetivo de integrar as áreas de desenvolvimento de software e de gestão de empresas, a fim de possibilitar uma visão macro dos processos. Optou-se por analisar BPM, pois sua metodologia garante uma prática de desenvolvimento rápido do sistema, tornando-o flexível, e permite a sua reutilização, com uso de tecnologias legadas, pois empresas conseguem alcançar um maior controle dos processos de negócio. Já a UML possibilita a padronização na modelagem de software e, assim como BPM, com possível integração com SOA. O objetivo deste estudo é fazer a apresentação dos diversos cenários verificados a partir de um amplo levantamento da literatura que trata dessa integração. Dessa maneira, foi realizada uma comparação quantitativa e qualitativa dos cenários encontrados, a fim de definir qual é a melhor possibilidade de integração para uma empresa. Tudo isso para assegurar a interoperabilidade entre diferentes entidades, agregando valor e reduzindo custos de manutenção para as empresas. Através de descritores selecionados, foi feita uma busca em bases de dados específicas para levantar trabalhos publicados sobre a integração BPM-SOA e UML-SOA. Esse levantamento permitiu observar distintos cenários de integração, além das vantagens, desvantagens e problemas mencionados por seus autores. A finalidade é compreender quais os principais entraves relacionados à integração e implementação de BPM-SOA e UML-SOA que seja capaz de comprovar, quantitativa e qualitativamente, as integrações e apontar qual a melhor possibilidade. / In this study, we investigated and analyzed the fundamental concepts of BPM methodology (Business Process Modeling) through its BPMN notation (Business Process Modelling Notation) and software development through the UML (Unified Modeling Language), both linked to architecture SOA (Service-Oriented Architecture) with the aim of integrating the software development areas and business management, in order to provide a macro view of the processes. We chose to analyze BPM, because its methodology ensures a practice of rapid system development, making it flexible, and allows reuse, using legacy technologies, as companies can achieve greater control of business processes. Already the UML allows for standardization in software modeling and, as BPM, with possible integration with SOA. The aim of this study is to make the presentation of the various scenarios checked from a broad survey of the literature dealing with this integration. Thus, a quantitative and qualitative comparison of the scenarios found was carried out in order to define what is the best possibility of integration for a company. All this to ensure interoperability between different entities, adding value and reducing maintenance costs for companies. Through selected keywords, a search was made in specific databases for up papers on the integration BPM-SOA and UML-SOA. This survey allowed to observe different integration scenarios, beyond the advantages, disadvantages and problems mentioned by the authors. The purpose is to understand what the main obstacles related to the integration and implementation of BPM-SOA and SOA-UML to be able to prove quantitatively and qualitatively, the integrations and point out what the best possibility. BPM UML SOA Integração BPM UML SOA Integration
15	Validação de padrões de web services transacionais / Transactional web service pattern validation Paulo Roberto de Araújo França Nunes 03 June 2011 (has links) A velocidade das mudanças e a necessidade de informações disponíveis em vários meios têm feito com que os sistemas atuais se integrem cada vez mais. Neste cenário, arquiteturas orientadas a serviços e Web Services ganham evidência. Por utilizarem padrões já bem difundidos, por exemplo XML (extended markup language), Web Services se destacam pela interoperabilidade e dinamismo, disponibilizados através da Internet e utilizado em ambientes heterogêneos. Contudo, isso afeta significativamente atributos não funcionais, por exemplo, confiabilidade, disponibilidade, entre outros. Para Web Services, além de todos os problemas existentes no paradigma de programação distribuída, temos ainda o problema de que erros em um determinado serviço não devem ser propagados para os demais. Dentre as diversas formas de se contornar o problema, existe a definição de padrões transacionais que visam delinear regras específicas para a comunicação entre os serviços. O objetivo do trabalho é identificar casos de testes que permitam validar a adequação, tanto do serviço quanto da aplicação de padrões definidos, de modo a garantir uma maior confiabilidade do sistema como um todo. Para isso, é avaliada a aplicabilidade de técnicas de perturbação e mutação de dados com relação ao padrão estabelecido. Como resultado, obtém-se um subconjunto das técnicas que possuem potencial de identificação de falhas nesse cenário. / Software technology has become essential since it is available in most places. Powered by Internet, nowadays, information quickly flows throw systems. Web Services provide a standard way to meet these objectives, as they use common communication pattern like XML and HTTP. The use of Web Services brings many benefits. On the other hand, it also brings some issues about reliability, availability and other non functional problems. Transactional patterns are an alternative to outline such problems. This study aims to find an effective way to certificate the correct use of those patterns by applying perturbation and mutation testing techniques. As work result, it is expected to determine which of techniques are applicable. Confiabilidade SOA Testes Web Services Reliability SOA Testing Web Service
16	Desktop Integration with a Web Based Application Gustafsson, Johan January 2012 (has links) This master thesis work was done at Ipendo Systems in Linköping, a company that makes an intellectual property management system called Ipendo Platform. The master thesis describes the design and development of an extension to a web based solution to work as desktop application and demonstrating the solution with an Outlook plugin. The goal was to improve the workflow for the user when handling documents received by mail and also find and evaluate a model for product integration that could be re-used for future projects. The result of the master thesis is an Outlook plugin and a web service that exposes part of Ipendo Platform functionality in a service layer. As a final test the solution was tested in a production environment to simulate real world usage. The report provides conclusions about the pros and cons of this kind solution and how the current design and implementation of Ipendo Platform has affected the outcome. SOA Integration Web Services plug-in
17	DEVS Unified Process For Integrated Development and Testing of Service Oriented Architectures Mittal, Saurabh January 2007 (has links) Service Oriented Architectures (SOA) present challenges to current model-based software engineering methodologies such as Rational Unified Process (RUP). In this research effort we propose a process called DEVS Unified Process (DUNIP) that uses the DEVS formalism as a basis for automated generation of models from various requirement specifications and realization as SOA collaborative services. DEVS is inherently based on object oriented methodology and systems theory, and categorically separates the Model, the Simulator and the Experimental frame, and has been used for systems Modeling & Simulation over the years. DUNIP integrates these concepts into DEVSbased Bifurcated Model-Continuity life-cycle development methodology. The life-cycle begins by specifying the system requirements in a number of different formats such as state-based, BPMN/BPEL-based, message-based requirement specifications. DUNIP then automates the generation of DEVS models capable for distributed collaboration. The collaboration uses an XML-based DEVS Modeling Language (DEVSML) framework that provides the capability to integrate models that may be expressed in different DEVS implementation languages. The models are also made available for remote and distributed real-time execution over the SOA middleware in a manner transparent to the user. A prototype simulation framework has been implemented and is illustrated with an application to a system of collaborating military systems implemented and tested using Bifurcated Model-Continuity methodology. We also show how the Department of Defense Architecture Framework (DoDAF) can be enhanced to incorporate simulation based executable models using the DUNIP process. DEVS DUNIP SOA XML SES
18	A software architecture process for SOA-based enterprise applications Dias Junior, José Jorge Lima 31 January 2008 (has links) Made available in DSpace on 2014-06-12T15:51:46Z (GMT). No. of bitstreams: 1 license.txt: 1748 bytes, checksum: 8a4605be74aa9ea9d79846c1fba20a33 (MD5) Previous issue date: 2008 / O crescimento do tamanho, complexidade e demanda por qualidade dos sistemas de software são alguns dos motivos que tem aumentado o interesse na área de arquitetura de software. Consequentemente, processos de arquitetura de software surgiram a fim de auxiliar os arquitetos na construção dessas arquiteturas. Arquitetura Orientada a Serviços (SOA) surgiu como um tipo de arquitetura de software para construir sistemas através da composição de serviços. Assim como o paradigma de orientação a objetos, o paradigma de orientação a serviços tem trazido uma abordagem de projeto distinta que introduz princípios que governam o posicionamento e o projeto dos componentes arquiteturais. Além disso, SOA é um paradigma para organização e utilização de capacidades distribuídas que podem estar sob o controle de diferentes domínios. No contexto empresarial, SOA permite que organizações, que tenham uma infra-estrutura de aplicações fragmentadas sob a administração de diferentes áreas de negócio, possam integrar estas aplicações no nível de serviço. Por um lado, os processos de arquitetura tradicionais não abrangem estes aspectos de SOA. Por outro lado, as abordagens de SOA disponíveis não satisfazem todos os fundamentos da arquitetura de software. Neste sentido, esta dissertação propõe um processo sistemático de arquitetura de software baseado em SOA que compreende os principais fundamentos da arquitetura de software e características inerentes a SOA a fim de guiar os arquitetos na construção de uma descrição arquitetural para SOA. Adicionalmente, um estudo experimental foi definido, planejado, executado e analisado a fim de avaliar o processo proposto SOA Software architecture Architecture process
19	Challenges and success factors in the migration of legacy systems to Service Oriented Architecture (SOA) Vlizko, Nataliya January 2014 (has links) Service-Oriented Architecture (SOA) provides a standards-based conceptual framework for flexible and adaptive systems and has become widely used in the recent years because of it. The number of legacy systems has already been migrated to this platform. As there are still many systems under consideration of such migration, we found it relevant to share the existing experience of SOA migration and highlight challenges that companies meet while adopting SOA. As not all of these migrations were successful, we also look into factors that have influence on the success of SOA projects. The research is based on two methods: a literature review and a survey. The results of the thesis include identification and quantitative analysis of the challenges and success factors of SOA projects. We also compare the survey results for different samples (based on the company industry, work area, size, and respondents experience with SOA and respondents job positions). In total, 13 SOA challenges and 18 SOA success factors were identified, analyzed and discussed in this thesis. Based on the survey results, there are three SOA challenges received the highest importance scores: “Communicating SOA Vision”, “Focus on business perspective, and not only IT perspective” and “SOA Governance”. The highest scored SOA success factor is “Business Process of Company”. While comparing different samples of the survey results, the most obvious differences are identified between the results received from people with development related job positions and people with business related job positions, and the results from companies of different sizes. SOA Service Oriented Architecture SOA challenges SOA migration Legacy Systems SOA success factors Engineering and Technology Teknik och teknologier
20	Standardizace orchestrace v prostředí služeb / Standardization of service orchestration Sova, Jiří January 2009 (has links) This thesis is focused on comparison of common standards used for service orchestration. Orchestration is one of main terms in service oriented architecture, which is a considerable trend in information systems development. This paper is divided into four main parts. The first chapter describes services as a part of current information systems. Definition of service oriented architecture is another subject, where service is a main component for system development and integration. Description of principles of service oriented architecture, that are describing its basis, is the last part of this chapter. The next chapter belongs to coordination of service cooperation, where we can find two basic approaches -- orchestration and choreography. The intention of this chapter is to create theoretical definition of both terms and to compare them. The third part is focused on orchestration methods standardization, where the main standard is BPEL. The history and reasons of creation are mentioned in the beginning, while next section concerns principles of BPEL. Following part describes the version of BPEL called BPEL4WS. Specification of its structure is a main primer for comparison with the latest version named WS-BPEL. The major changes are mentioned in this section. The last chapter is devoted to practical comparison of standards mentioned above. At first, there is created a sample process, based on real situation. The process contains the most important parts of BPEL language. Afterwards, the process is divided into parts, where each of them represents one activity. During description of these parts there is made the above mentioned comparison. The end of the practical part contains main conclusions that were found in this chapter.

Search results