Service-oriented architectures play a major role in today's business world as well as the governmental sector. Their design allows a flexible and dynamic mapping of capabilities exposed as services to complex business processes. Many of these business processes are critical with regard to security and therefore demand appropriate security mechanisms. The multitude of participants in a SOA, their heterogeneity as well as their different security requirements and characteristics make the assessment of a SOA's security a difficult and complex task.
The goal of this project assigned by the Bundesamt für Sicherheit in der Informationstechnik (BSI) is the conduction of a study for the "measurability of security in SOA". The study shall give an overview on existing metrics for security, which can be used to assess the security of a service-oriented architecture. The study complements the SOA security compendium 2.0 which has been published by the BSI in 2009 and which already provides a comprehensive insight into SOA security mechanisms.
A preliminary version of the study (in german) can be downloaded here.