The usually heterogeneous and decentralized nature of entities in the service-oriented architecture has paved the ground for the implementation of approaches distributed according to the constantly changing needs of business. Also, as the distribu- tion of entities and processes increases, the need to provide security over software and hardware sources, which have reached the public thanks to an open space as a result of the service-oriented architecture, is felt. Therefore, security modeling at the level of service-oriented architecture can boost system reliability and enhance its stability once applied and employed. This research provides a secure framework through which to develop software based on the service-oriented architecture. The proposed framework has been modeled using the SoaML profile, which has been introduced for modeling service-oriented environments. The framework’s security aspects have been tested by the modeling and specification language Alloy, which is based on the first-order logic. Its accuracy has also been well investigated. Tapping into the modeldriven development, this framework can provide an answer to existing security challenges for service-oriented architecture software. Copyright © 2015 John Wiley & Sons, Ltd.
