Aligning Service-Oriented Architectures with Security Requirements

Abstract. Aligning requirements and architectures is a long-standing concern in software engineering. Alignment is crucial in the area of systems evolution, wherein requirements and system architectures keep changing after system deployment. We address a specific alignment problem, i.e., checking the compliance of a service-oriented architecture— representing a composite service—with security requirements. Serviceoriented architectures are dynamic (services can be replaced on-the-fly), and assessing compliance with security requirements is key, since noncompliance may lead to sanctions as well as privacy violation. After motivating and describing the problem, we propose algorithms to check two specific security requirements: non-disclosure and non-repudiation. We illustrate the approach using a scenario about e-government