Building Autonomic and Secure Service Oriented Architectures with MAWeS

  • Valentina Casola
  • Emilio Pasquale Mancini
  • Nicola Mazzocca
  • Massimiliano Rak
  • Umberto Villano
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4610)


Service-oriented architectures (SOA) and, in particular, Web Services designs are currently widely used for the development of open, large-scale interoperable systems. In those systems performance, security and trustability are challenging open issues. As regards performance, in Web Services designs, abstraction layers completely hide the underlying system to all users, and classical techniques for system optimization (such as ad-hoc tuning, performance engineered software development, ...) are not applicable. As far as security is concerned, the need of trust mechanisms in open environments is a well-known problem, widely discussed in the literature, but few techniques for security evaluation are available. In this paper we propose an integrated solution to optimize performance and to guarantee security of Web Services architectures. The proposed solution is based on a framework, MAWeS, which adopts simulation in order to predict system performances and adopts policies for security description and evaluation.


Security Level Service Level Agreement Decision Unit Security Evaluation Autonomic Computing 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Booth, D., Haas, H., McCabe, F., Newcomer, E., Champion, M., Ferris, C., Orchard, D.: Web Services Architecture. W3C Web Services Architecture Working Group (2004),
  2. 2.
    Balasubramanian, V., Bashian, A.: Document management and web technologies: Alice marries the Mad Hatter. In: Commun. ACM., vol. 41(7), pp. 107–115. ACM Press, New York (1998)Google Scholar
  3. 3.
    Chandrasekaran, S., Silver, G., Miller, J.A., Cardoso, J., Sheth, A.P.: Web service technologies and their synergy with simulation. In: Proc. of Winter Sim. Conf., San Diego, California, USA, vol. 1, pp. 606–615. ACM, New York (2002)Google Scholar
  4. 4.
    Chandrasekaran, S., Miller, J.A., Silver, G., Arpinar, I., Sheth, A.P.: Performance analysis and simulation of composite web services. In: Electronic Markets, USA, Routledge, vol. 13(2), pp. 120–132 (2003)Google Scholar
  5. 5.
    Bishop, M.: Computer Security. In: Art and Science, Addison-Wesley, London (2003)Google Scholar
  6. 6.
    Bicarregui, J., Dimitrakos, T., Matthews, B.: Towards security and trust management policies on the web (2000)Google Scholar
  7. 7.
    Beth, T., Borcherding, M., Klein, B.: Valuation of trust in open networks. In: Gollmann, D. (ed.) Computer Security - ESORICS 1994. LNCS, vol. 875, pp. 3–18. Springer, Heidelberg (1994)Google Scholar
  8. 8.
    Department of Defense: Trusted computer system evaluation criteria, Department of Defense Standard 5200.28-STD (Orange Book) (1985)Google Scholar
  9. 9.
    Xiong, L., Liu, L.: Building trust in decentralized peer-to-peer electronic communities. In: Proceedings of ICECR-5, Montreal, Canada (2002)Google Scholar
  10. 10.
    Dini, O., Moh, M., Clemm, A.: Web services: Self-adaptable trust mechanisms. In: Proc. of Advanced Industrial Conference on Telecomunication/Service Assurance with Partial and Intermitted Resource Conference /E-Learning on Telecomunication Workshop, IEEE Press, New York (2005)Google Scholar
  11. 11.
    Chung, J., Zhang, J., Zhang, L.: WS-Trustworthy: A framework for web services centered trustworthy computing. In: Proc. of IEEE Int. Conf. on Services Computing (SCC 2004), Washington, DC, USA, pp. 186–193. IEEE Computer Society, Los Alamitos (2004)Google Scholar
  12. 12.
    Birman, K.P., van Renesse, R., Vogels, W.: Adding high availability and autonomic behavior to web services. In: Proc. of 26th Int. Conf. on Software Engineering (ICSE 2004, pp. 17–26. IEEE Computer Society, Los Alamitos (2004)CrossRefGoogle Scholar
  13. 13.
    IBM Corp.: An architectural blueprint for autonomic computing, USA (2004)Google Scholar
  14. 14.
    Kephart, J.O., Chess, D.M.: The vision of autonomic computing. In: Computer, vol. 36(1), pp. 41–50. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  15. 15.
    Zhang, Y., Liu, A., Qu, W.: Software architecture design of an autonomic system. In: Proc. of 5th Australasian Workshop on Soft. and System Arch. pp. 5–11 (2004)Google Scholar
  16. 16.
    Mancini, E.P., Rak, M., Villano, U.: Predictive autonomicity of web services in MAWeS framework. Journal of Comp. Science 2, 513–520 (2006)CrossRefGoogle Scholar
  17. 17.
    Casola, V., Mazzeo, A., Mazzocca, N., Vittorini, V.: A security metric for public key infrastructures. Journal of Computer Security 15(2) (2007)Google Scholar
  18. 18.
    Whitepaper: Security in a web services world: A proposed architecture and roadmap (2002)Google Scholar
  19. 19.
    Atkinson, B., et al.: Ws-security specification, web services security ver. 1.0 (2002)Google Scholar
  20. 20.
    Mancini, E.P., Rak, M., Villano, U.: Autonomic service oriented architectures with mawes. Journal of Autonomic and Trusted Computing, American Scientific Publishers (to be published) (2007)Google Scholar
  21. 21.
    Casola, V., Coppolino, L., Rak, M.: An architectural model for trusted domains in web services. Journal of Information Assurance and Security 1(2) (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Valentina Casola
    • 1
  • Emilio Pasquale Mancini
    • 2
  • Nicola Mazzocca
    • 1
  • Massimiliano Rak
    • 3
  • Umberto Villano
    • 2
  1. 1.Dipartimento di Informatica e Sistemistica, Università degli studi di Napoli Federico II 
  2. 2.RCOST and Dip. di Ingegneria, Università del Sannio 
  3. 3.Dipartimento di Ingegneria dell’Informazione, Seconda Università di Napoli 

Personalised recommendations