Skip to main content
SpringerLink
Log in

Generating Secure Service Compositions

  • Conference paper
  • First Online:
Cloud Computing and Services Sciences (CLOSER 2014)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 512))

Included in the following conference series:

Abstract

Ensuring that the compositions of services that constitute service-based systems satisfy given security properties is a key prerequisite for the adoption of the service oriented computing paradigm. In this paper, we address this issue using a novel approach that guarantees service composition security by virtue of the generation of compositions. Our approach generates service compositions that are guaranteed to satisfy security properties based on secure service orchestration (SESO) patterns. These patterns express primitive (e.g., sequential, parallel) service orchestrations, which are proven to have certain global security properties if the individual services participating in them have themselves other security properties. The paper shows how SESO patterns can be constructed and gives examples of proofs for such patterns. It also presents the process of using SESO patterns to generate secure service compositions and presents the results of an initial experimental evaluation of the approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Aggarwal, R., et al.,: Constraint driven web service composition in METEOR-S. In: Proceedings of the IEEE International Conference on Services Computing (SCC 2004), pp. 23–30 (2004)

    Google Scholar 

  2. Alrifai, M., Risse, T., Nejdl, W.: A hybrid approach for efficient Web service composition with end-to-end QoS constraints. ACM Trans. Web 6(2), 7:1–7:31 (2012)

    Article  Google Scholar 

  3. Anisetti, M., Ardagna, C., Damiani, E.: Security certification of composite services: a test-based approach. In: Proceedings of the IEEE 20th International Conference on Web Services, pp. 475–482 (2013)

    Google Scholar 

  4. Bartoletti, M., Degano, P., Ferrari, G.L.: Enforcing secure service composition. In: Proceedings of the 18th Computer Security Foundations Workshop (CSFW), pp. 211–223. IEEE Computer Society (2005)

    Google Scholar 

  5. Carminati, B., Ferrari, E., Hung, P.C.K.:. Security conscious web service composition. In: Proceedings of the International Conference on Web Services (ICWS), pp. 489–496. IEEE Computer Society (2006)

    Google Scholar 

  6. Deubler, M., et al.: Sound development of secure service-based systems. In: Proceedings of 2nd International Conference on Service Oriented Computing, pp. 115–124 (2004)

    Google Scholar 

  7. Dong, J., Peng, T., Zhao, Y.: Automated verification of security pattern compositions. Inf. Softw. Technol. 52(3), 274–295 (2010)

    Article  Google Scholar 

  8. Drools. http://www.jboss.org/drools/

  9. Gürgens, S., Rudolph, C., Ochsenschläger, P.: Authenticity and provability - a formal framework. In: Rees, O., Frankel, Y., Davida, G.I. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 227–245. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  10. Gürgens, S., Ochsenschläger, P., Rudolph, C.: Abstractions preserving parameter confidentiality. In: di Vimercati, S., Gollmann, D., Syverson, P.F. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 418–437. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  11. Gürgens, S., et al.: D05.1 Formal Models and Model Composition. ASSERT4SOA Project, Technical report (2011). http://assert4soa.eu/public-deliverables/

  12. Gürgens, S., et al.: D05.3 Model Based Certification Artefacts. ASSERT4SOA Project, Technical report (2013). http://assert4soa.eu/public-deliverables/

  13. IBM BPM industry packs. http://www.ibm.com/software/products/us/en/business-process-manager-industry-packs/

  14. Jaeger, M.C., Rojec-Goldmann, G., Muhl, G.: QoS aggregation for web service composition using workflow patterns. In: Proceedings of the 8th IEEE International Enterprise Distributed Object Computing Conference, pp. 149–159 (2004)

    Google Scholar 

  15. Khan, K.M., Erradi, A., Alhazbi, S., Han, J.: Security oriented service composition: A framework. In: Proceedings of International Conference on Innovations in Information Technology (IIT), pp. 48–53 (2012)

    Google Scholar 

  16. Riabov, A.V., Liu, Z., Lelarge, M.: Automatic composition of secure workflows. In: Ungerer, T., Yang, L.T., Jin, H., Ma, J. (eds.) ATC 2006. LNCS, vol. 4158, pp. 322–331. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Majithia, S., Walker, D.W., Gray, W.A.: A framework for automated service composition in service-oriented architectures. In: Bussler, C.J., Davies, J., Fensel, D., Studer, R. (eds.) ESWS 2004. LNCS, vol. 3053, pp. 269–283. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  18. Mantel, H.: On the composition of secure systems. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy (SP2002). IEEE Computer Society (2002)

    Google Scholar 

  19. Medjahed, B., Bouguettaya, A., Elmagarmid, A.K.: Composing web services on the semantic web. VLDB J. 12(4), 333–351 (2003)

    Article  Google Scholar 

  20. Pino, L., Spanoudakis, G.: Constructing secure service compositions with patterns. In: Proceedings of 2012 IEEE 8th World Congress on Services, pp. 184–191 (2012)

    Google Scholar 

  21. Pino, L., et al.: D02.2 ASSERT aware service orchestration patterns. ASSERT4SOA Project, Technical report (2012). http://assert4soa.eu/public-deliverables/

  22. Pino, L., Spanoudakis, G., Gürgens, S., Fuchs, A.: Discovering secure service compositions. In: Proceedings of the International Conference on Cloud Computing and Services Science (2014)

    Google Scholar 

  23. Ponnekanti, S.R., Fox, A.: Sword: a developer toolkit for web service composition. In: Proceedings of the 11th World Wide Web Conference, pp. 7–11 (2002)

    Google Scholar 

  24. Raman, B., et al.: The SAHARA model for service composition across multiple providers. In: Mattern, F., Naghshineh, M. (eds.) PERVASIVE 2002. LNCS, vol. 2414, pp. 1–14. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  25. RosettaNet. Available: http://www.rosettanet.org/

  26. Shirey, R.: Internet Security Glossary, Version 2. RFC 4949 (Informational), IETF (2007). Available: http://www.ietf.org/rfc/rfc4949.txt

  27. Tan, W., Fan, Y., Zhou, M.: A petri net-based method for compatibility analysis and composition of web services in business process execution language. IEEE Trans. Autom. Sci. Eng. 6(1), 94–106 (2009)

    Article  Google Scholar 

  28. Zisman, A., Spanoudakis, G., Dooley, J., Siveroni, I.: Proactive and reactive runtime service discovery: A framework and its evaluation. IEEE Trans. Softw. Eng. 39(7), 954–974 (2013)

    Article  Google Scholar 

Download references

Acknowledgements

The work reported in this paper has been partially funded by the EU F7 project ASSERT4SOA (grant no.257351).

Author information

Authors and Affiliations

  1. Department of Computer Science, City University London, London, UK

    Luca Pino & George Spanoudakis

  2. Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany

    Andreas Fuchs & Sigrid Gürgens

Authors
  1. Luca Pino
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. George Spanoudakis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andreas Fuchs
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sigrid Gürgens
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Luca Pino .

Editor information

Editors and Affiliations

  1. School of Computing, Dublin City University, Dublin 9, Ireland

    Markus Helfert

  2. LIP / Inria Ecole normale supérieure de Lyon, Lyon, France

    Frédéric Desprez

  3. Dell, ROUND ROCK, USA

    Donald Ferguson

  4. University of Stuttgart, Stuttgart, Germany

    Frank Leymann

  5. Universitat Autònoma de Barcelona, Bellaterra, Spain

    Victor Méndez Munoz

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Pino, L., Spanoudakis, G., Fuchs, A., Gürgens, S. (2015). Generating Secure Service Compositions. In: Helfert, M., Desprez, F., Ferguson, D., Leymann, F., Méndez Munoz, V. (eds) Cloud Computing and Services Sciences. CLOSER 2014. Communications in Computer and Information Science, vol 512. Springer, Cham. https://doi.org/10.1007/978-3-319-25414-2_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25414-2_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25413-5

  • Online ISBN: 978-3-319-25414-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation