Abstract : Service Oriented Architecture is now the de facto standard that allows companies to open their services to others. Nowadays customers can build their own architectures and provide services by selecting the required interfaces from different business partners. Services can be combined in a loosely-coupled fashion over the network. But this new way of providing services across geographically dislocated organizations have significantly changed the security models. This new paradigm has forced security models to evolve from point-to-point to end-to-end security. However, this evolution is not straightforward and naive usage of the new models, such as WS-Security, can lead to security flaws. Our work addresses several security properties at different layers of the Web Service stack. In this context, we have proposed three complementary contributions. First, we proposed an approach named business process security view that is similar to view materialization in relational databases. This concept enhances security in cross-organizational business processes by ensuring the need-to-know principle on workflows. To achieve this we formalized business processes by regular expressions called flow control rules. In combination with a security specification, that expresses conditional accessibility based on the actual data flowing across business process, we presented an algorithm for the automatic derivation of such views. Second, we tackled security at the message layer, namely SOAP messages. These messages are prone to attacks that can lead to code injection, unauthorized accesses, identity theft, and more. This type of attacks, classified in literature as XML rewriting attacks, are all based on unauthorized, yet possible, modifications of SOAP messages. We proposed a formal solution to XML rewriting attacks on SOAP messages using regular tree grammar. The formal solution proposed here is a context-sensitive XML signature. To address the additional requirements of end-to-end security, where a SOAP message can pass through several intermediaries before reaching the final receiver, an adaptive variant of context-sensitive signature is also proposed. The solution addresses all known forms of XML rewriting attacks. Finally, we assess security properties by the mean of passive testing. This methodology relies on the execution trace of a system to validate security properties. We made an initial demonstration of this methodology by applying it to an industrial case study, SAP R/3. Then we adapted this methodology for SOA environment. It involved the development of a non-intrusive trace collection module dedicated to SOA, integrated to our case study prototype. This flexible methodology allowed us to validate properties like SoD that we addressed at business process level. All this research work has been implemented around an e-business case study.