Advertisement

Security and Dependability Solutions for Web Services and Workflows

  • Spyros Kokolakis
  • Panagiotis Rizomiliotis
  • Azzedine Benameur
  • Smriti Kumar Sinha
Chapter
Part of the Advances in Information Security book series (ADIS, volume 45)

Abstract

In this chapter we present an innovative approach towards the design and application of Security and Dependability (S&D) solutions for Web services and service-based workflows. Recently, several standards have been published that prescribe S&D solutions for Web services, e.g. OASIS WS-Security. However,the application of these solutions in specific contexts has been proven problematic. We propose a new framework for the application of such solutions based on the SERENITY S&D Pattern concept. An S&D Pattern comprises all the necessary information for the implementation, verification, deployment, and active monitoring of an S&D Solution. Thus, system developers may rely on proven solutions that are dynamically deployed and monitored by the Serenity Runtime Framework. Finally, we further extend this approach to cover the case of executable workflows which are realised through the orchestration of Web services.

Keywords

Service Orient Architecture Dependability Solution Event Calculus Soap Message Executable Component 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Apache Software Foundation (2008) Apache Axis2 User Guide. http://ws.apache.org/axis2/1_4/userguide.html. Accessed 19 July 2008
  2. 2.
    Benameur A, Abdul Kadir F, Fenet S (2008) XML Rewriting Attacks: Existing Solutions and their Limitation. In: Proceedings of IADIS Applied Computing 2008, Algarve, PortugalGoogle Scholar
  3. 3.
    Bhargavan K, Fournet C, Gordon A. (2004) Verifying policy-based security for Web services. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS2004, ACM PressGoogle Scholar
  4. 4.
    Delessy NA, Fernadez EB (2008) A Pattern-Driven Security Process for SOA Applications. In: Proceedings of ACM SAC 08Google Scholar
  5. 5.
    Foster H, Uchitel S, Magee J, Krammer J (2006) LTSA-WS: A Tool for Model-Based Verification of Web Service Compositions and Choreography. In: Proceedings of the 28th International Conference on Software Engineering, ICSE2006, May 2006, Shanghai, ChinaGoogle Scholar
  6. 6.
    Grimm R, Ochsenschlager P (2001) Binding Cooperation, A Formal Model for Electronic Commerce. Comput Netw 37:171–193CrossRefGoogle Scholar
  7. 7.
    Kokolakis S, Rudolph C, Velikova Z (2008) Enhanced Specification Language for Workflow S&D Requirements/Properties. Deliverable A2.D2.3 Serenity Project. http://www.serenity-forum.org/Work-package-1-2,8.html. Accessed 1 December 2008
  8. 8.
    OASIS (2006) Web Services Security, v1.1. http://www.oasis-open.org/specs/index.php#wssv1.1. Accessed 29 June 2008
  9. 9.
    OASIS (2007) WS-Security Policy v1.2. http://www.oasis-open.org/specs/index.php#wssecpolv1.2. Accessed 29 June 2008
  10. 10.
    OASIS (2007) Web Services Business Process Execution Language Version 2.0. http://docs.oasis-open.org/wsbpel/2.0/wsbpel-v2.0.html. Accessed 20 July 2008
  11. 11.
    Ochsenschlager P, Repp J, Rieke R, Nitsche U (1999) The SH-Verification Tool – Abstraction-Based Verification of Co-operating Systems. Form Asp Comput 11:1–24CrossRefGoogle Scholar
  12. 12.
    Rouached M, Perrin O, Godart C (2006) Securing Web Service Compositions: Formalizing Authorization policies using Event Calculus. In: Dan A, Lamersdorf W (eds) Service-Oriented Computing – ICSOC 2006. Springer, Berlin, GermanyGoogle Scholar
  13. 13.
    Sinha SK, Benameur A (2008) A Formal Solution to Rewriting Attacks on SOAP Messages. In: Proceedings of ACM Secure Web Service Workshop 2008, Fairfax, VAGoogle Scholar
  14. 14.
    W3C (2007) SOAP Version 1.2 Part 1: Messaging Framework (Second Edition), April 2007. http://www.w3.org/TR/soap12-part1. Accessed 29 June 2008
  15. 15.
    Yang YP, Tan QP, Xiao Y (2005) Verifying Web Services Composition Based on Hierarchical Colored Petri Nets. In: Proceedings of IHIS'05, November 2005, Bremen, GermanyGoogle Scholar

Copyright information

© Springer-Verlag US 2009

Authors and Affiliations

  • Spyros Kokolakis
    • 1
  • Panagiotis Rizomiliotis
    • 2
  • Azzedine Benameur
    • 3
  • Smriti Kumar Sinha
    • 3
  1. 1.University of the AegeanAegeanGreece
  2. 2.University of the AegeanAegeanGreece
  3. 3.Trust 805 Avenue du Docteur Maurice DonatSAP ResearchMouginsFrance

Personalised recommendations