Aligning Service-Oriented Architectures with Security Requirements

Aligning requirements and architectures is a long-standing concern in software engineering. Alignment is crucial in the area of systems evolution, wherein requirements and system architectures keep changing after system deployment. The authors address a specific alignment problem, i.e., checking the compliance of a service-oriented architecture representing a composite service with security requirements. Service oriented architectures are dynamic (services can be replaced on-the-fly), and assessing compliance with security requirements is key, since noncompliance may lead to sanctions as well as privacy violation.