3rd International ICST Conference on Collaborative Computing: Networking, Applications and Worksharin

Research Article

Secure Scripting Based Composite Application Development: Framework, Architecture, and Implementation

  • @INPROCEEDINGS{10.1109/COLCOM.2007.4553815,
        author={Tom Dinkelaker and Alisdair Johnstone and Yuecel Karabulut and Ike Nassi},
        title={Secure Scripting Based Composite Application Development: Framework, Architecture, and Implementation},
        proceedings={3rd International ICST Conference on Collaborative Computing: Networking, Applications and Worksharin},
        publisher={IEEE},
        proceedings_a={COLLABORATECOM},
        year={2008},
        month={6},
        keywords={Scripting security composite application},
        doi={10.1109/COLCOM.2007.4553815}
    }
    
  • Tom Dinkelaker
    Alisdair Johnstone
    Yuecel Karabulut
    Ike Nassi
    Year: 2008
    Secure Scripting Based Composite Application Development: Framework, Architecture, and Implementation
    COLLABORATECOM
    IEEE
    DOI: 10.1109/COLCOM.2007.4553815
Tom Dinkelaker1, Alisdair Johnstone1, Yuecel Karabulut1,*, Ike Nassi1
  • 1: SAP Research Center Palo Alto, SAP Labs, LLC, Palo Alto, USA
*Contact email: yuecel.karabulut@sap.com

Abstract

Dynamic scripting languages such as Ruby provide language features that enable developers to express their intent more rapidly and with fewer expressions. Organizations started using these languages in order to add enhancements to their existing applications or create composite applications. Current research has not yet addressed how security specification and enforcement can be done for scripting based application development. To fill this gap, we developed a framework for the design and facilitation of security. Our approach enables a business oriented application developer to add high-level security intentions to his business process model. The framework supports the automatic generation of security configuration and enforcement. As a proof-of-concept, we present an architecture and report the implementation status