ABSTRACT
Complex applications such as medical, financial, military, and legal, have become very important in the last few years. These applications are typically distributed and implemented in systems that have additional nonfunctional requirements such as reliability, fault tolerance, or real-time constraints. They are composed of a variety of units, some built ad hoc and some bought or outsourced. Another typical aspect of these systems is that they may need to follow regulatory standards, e.g., HIPAA [23], Sarbanes/Oxley [32], Graham-Leach-Bliley [22], or military standards. Their architectures may include databases of different types and typically require Internet and wireless access. The applications in these systems are usually integrated using a Web Application Server (WAS), a type of middleware that has a global enterprise model, implemented with object-oriented components such as J2EE or .NET. These applications are of fundamental value to enterprises and their security is extremely important. Security is complicated by the need to support distribution, heterogeneity, and different types of policies and mechanisms. A systematic approach is required to build these applications so they can reach the appropriate level of security We look here at some security aspects of the middleware structure needed to support such applications.
