Skip to main content
SpringerLink
Log in

From ASTD Access Control Policies to WS-BPEL Processes Deployed in a SOA Environment

  • Conference paper
Web Information Systems Engineering – WISE 2010 Workshops (WISE 2010)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 6724))

Included in the following conference series:

  • 988 Accesses

Abstract

Controlling access to Web services of public agencies as well as private corporations primarily depends on specification and deployment of functional security rules in order to satisfy strict regulations imposed by governments, particularly in financial and health sectors. This paper focuses on one aspect of the SELKIS and EB3SEC projects related to security of Web-based information systems, namely the automatic transformation of security rules, instantiated from security rule patterns written in a graphical notation with a denotational semantics close to statecharts, into WS-BPEL (or BPEL for short) processes. The latter are executed by a BPEL engine integrated into a policy decision point, a component of a policy enforcement manager similar to the one proposed in the XACML standard.

The research described in this paper was supported in part by the Natural Sciences and Engineering Research Council of Canada (NSERC) and the French National Research Agency (ANR).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Basin, D.A., Burri, S.J., Karjoth, G.: Dynamic enforcement of abstract separation of duty constraints. In: 14th European Symposium on Research in Computer Security, pp. 250–267 (2009)

    Google Scholar 

  2. Konopacki, P., Frappier, M., Laleau, R.: Expressing access control policies with an event-based approach. Technical Report TR-LACL-2010-6, LACL (Laboratory of Algorithms, Complexity and Logic), University of Paris-Est (2010)

    Google Scholar 

  3. Konopacki, P., Frappier, M., Laleau, R.: Modélisation de politiques de sécurité à l’aide d’une algèbre de processus. RSTI - Ingénierie des systèmes d’information 15(3), 113–136 (2010)

    Google Scholar 

  4. Yao, W., Moody, K., Bacon, J.: A model of OASIS role-based access control and its support for active security. In: 6th ACM Symposium on Access Control Models and Technologies, pp. 171–181 (2001)

    Google Scholar 

  5. Harel, D.: Statecharts: A visual formalism for complex systems. Science of Computer Programming 8(3), 231–274 (1987)

    Article  MATH  MathSciNet  Google Scholar 

  6. Milhau, J., Frappier, M., Gervais, F., Laleau, R.: Systematic translation rules from astd to event-B. In: Méry, D., Merz, S. (eds.) IFM 2010. LNCS, vol. 6396, pp. 245–259. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  7. Abrial, J.R.: Modeling in Event-B. Cambridge University Press, Cambridge (2010)

    Book  MATH  Google Scholar 

  8. Frappier, M., Gervais, F., Laleau, R., Fraikin, B.: Algebraic state transition diagrams. Technical Report 24, Département d’informatique, Université de Sherbrooke (2008)

    Google Scholar 

  9. OASIS: eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS (2005)

    Google Scholar 

  10. Embe Jiague, M., Frappier, M., Gervais, F., Konopacki, P., Milhau, J., Laleau, R., St-Denis, R.: Model-driven engineering of functional security policies. In: International Conference on Enterprise Information Systems, vol. 3, pp. 374–379 (2010)

    Google Scholar 

  11. Frappier, M., Gervais, F., Laleau, R., Fraikin, B., St-Denis, R.: Extending statecharts with process algebra operators. Innovations in Systems and Software Engineering 4(3), 285–292 (2008)

    Article  Google Scholar 

  12. OASIS: Web Services Business Process Execution Language Version 2.0. OASIS (2007)

    Google Scholar 

  13. Aït-Sadoune, I., Aït-Ameur, Y.: Stepwise design of BPEL Web services compositions, an Event B refinement based approach. In: 8th ACIS International Conference on Software Engineering Research, Management and Applications, pp. 51–68 (2010)

    Google Scholar 

  14. Abrial, J.R., Butler, M., Hallerstede, S., Hoang, T.S., Mehta, F., Voisin, L.: Rodin: an open toolset for modelling and reasoning in Event-B. Software Tools for Technology Transfer 12(6), 447–466 (2010)

    Article  Google Scholar 

  15. INCITS: Role Base Access Control. ANSI (2004)

    Google Scholar 

  16. Sohr, K., Mustafa, T., Bao, X., Ahn, G.J.: Enforcing role-based access control policies in Web services with UML and OCL. In: 24th Annual Computer Security Applications Conference, pp. 257–266 (2008)

    Google Scholar 

  17. Kolundžija, M.: Security types for sessions and pipelines. In: Bruni, R., Wolf, K. (eds.) WS-FM 2008. LNCS, vol. 5387, pp. 175–190. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  18. Boreale, M., Bruni, R., Nicola, R., Loreti, M.: Sessions and pipelines for structured service programming. In: 10th IFIP WG 6.1 International Conference on Formal Methods for Open Object-Based Distributed Systems, pp. 19–38 (2008)

    Google Scholar 

  19. Hassan, W., Slimani, N., Adi, K., Logrippo, L.: Secrecy UML method for model transformations. In: 2nd International Conference ABZ Short Papers, pp. 16–21 (2010)

    Google Scholar 

  20. Li, N., Wang, Q.: Beyond separation of duty: an algebra for specifying high-level security policies. In: 13th ACM Conference on Computer and Communications Security, pp. 356–369 (2006)

    Google Scholar 

  21. Hoare, C.A.R.: Communicating sequential processes. Communications of the ACM 21(8), 666–677 (1978)

    Article  MATH  Google Scholar 

  22. Paci, F., Bertino, E., Crampton, J.: An access-control framework for WS-BPEL. International Journal of Web Services Research 5(3), 20–43 (2008)

    Article  Google Scholar 

  23. Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26(2), 214–260 (2001)

    Article  MATH  Google Scholar 

  24. Wong, P.Y.H., Gibbons, J.: A process-algebraic approach to workflow specification and refinement. In: Software Composition, pp. 51–65 (2007)

    Google Scholar 

  25. van der Aalst, W.M.P.: The application of Petri nets to workflow management. The Journal of Circuits, Systems and Computers 8(1), 21–66 (1998)

    Article  Google Scholar 

  26. Massuthe, P., Reisig, W., Schmidt, K.: An operating guideline approach to the SOA. Annals of Mathematics, Computing & Teleinformatics 1, 35–43 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. GRIL, Département d’informatique, Université de Sherbrooke, Sherbrooke, Québec, J1K 2R1, Canada

    Michel Embe Jiague, Marc Frappier & Richard St-Denis

  2. LACL, IUT Sénart Fontainebleau, Département Informatique, Université Paris-Est, Route Hurtault, 77300, Fontainebleau, France

    Michel Embe Jiague, Frédéric Gervais & Régine Laleau

Authors
  1. Michel Embe Jiague
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marc Frappier
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Frédéric Gervais
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Régine Laleau
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Richard St-Denis
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dickson Computer Systems, 7A Victory Avenue 4/F Homantin, Kowloon, Hong Kong, China

    Dickson K. W. Chiu

  2. Ecole Nationale Supérieure de Mécanique et d’Aréotechnique, Laboratoire d’Informatique Scientifique et Industrielle, Téléport 2 - avenue Clément Ader, 86961, Futuroscope Chasseneuil Cedex, France

    Ladjel Bellatreche

  3. Dept. of Computer Science and Engineering, Ritsumeikan University, Wakakusa 6-4-10, 525-0045, Kusatu, Shiga, Japan

    Hideyasu Sasaki

  4. Department of Computer Science and Engineering, The Chinese University of Hong Kong, Sha Tin, Hong Kong, China

    Ho-fung Leung

  5. Department of Computer Science and Engineering, Hong Kong University of Science and Technology, Clear Water Bay, Kowloon, Hong Kong, China

    Shing-Chi Cheung

  6. School of Computer Science, Hangshou Dianzi University, Xiasha Higher Education Zone, 310018, Hanshou City, Zhejiang, China

    Haiyang Hu

  7. Department of Computer Science and Software Engineering, The University of Melbourne, 3010, Parkville, Victoria, Australia

    Jie Shao

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jiague, M.E., Frappier, M., Gervais, F., Laleau, R., St-Denis, R. (2011). From ASTD Access Control Policies to WS-BPEL Processes Deployed in a SOA Environment. In: Chiu, D.K.W., et al. Web Information Systems Engineering – WISE 2010 Workshops. WISE 2010. Lecture Notes in Computer Science, vol 6724. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24396-7_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-24396-7_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-24395-0

  • Online ISBN: 978-3-642-24396-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation