Abstract
This paper presents an approach that we have developed to support the design of secure service based applications in BPEL. The approach is based on the use of secure service composition patterns, which are proven to preserve composition level security properties if the services that are composed according to the pattern satisfy other properties individually. The secure service composition patterns are used for two purposes: (a) to analyse whether a given workflow fragment satisfies a given security property, and (b) to generate compositions of services that could substitute for individual services within the workflow that cause the violation of the security properties. Our approach has been implemented in a tool that is based on Eclipse BPEL Designer.
Chapter PDF
References
Pawar, P., Tokmakoff, A.: Ontology-Based Context-Aware Service Discovery for Pervasive Environments. In: 1st IEEE International Workshop on Services Integration in Pervasive Environments (SIPE 2006), in conjunction with IEEE ICPS 2006 (2006)
Mikhaiel, R., Stroulia, E.: Examining usage protocols for service discovery. In: Dan, A., Lamersdorf, W. (eds.) ICSOC 2006. LNCS, vol. 4294, pp. 496–502. Springer, Heidelberg (2006)
Spanoudakis, G., Zisman, A.: Discovering Services During Service Based Systems Design Using UML. IEEE Trans. on Software Eng. 36(3), 371–389 (2010)
Fujii, K., Suda, T.: Semantics-Based Dynamic Web Service Composition. IEEE Journal on Selected Areas in Communications 23(12), 2361–2372 (2005)
Silva, E., Pires, L.F., van Sinderen, M.: On the Support of Dynamic Service Composition at Runtime. In: Dan, A., Gittler, F., Toumani, F. (eds.) ICSOC/ServiceWave 2009. LNCS, vol. 6275, pp. 530–539. Springer, Heidelberg (2010)
Pino, L., Spanoudakis, G.: Constructing Secure Service Compositions with Patterns. In: IEEE SERVICES 2012, pp. 184–191. IEEE Press (2012)
BPEL Designer Project, http://www.eclipse.org/bpel/
ASSERT4SOA Consortium: ASSERTs Aware Service Based Systems Adaptation. ASSERT4SOA Project, Deliverable D2.3 (2012)
Drools – Jboss Community, http://drools.jboss.org
Aggarwal, R., Verma, K., et al.: Constraint Driven Web Service Composition in METEOR-S. In: IEEE SCC 2004, pp. 23–30. IEEE Press (2004)
Souza, A.R.R., et al.: Incorporating Security Requirements into Service Composition: From Modelling to Execution. In: Baresi, L., Chi, C.-H., Suzuki, J. (eds.) ICSOC-ServiceWave 2009. LNCS, vol. 5900, pp. 373–388. Springer, Heidelberg (2009)
Charfi, A., Mezini, M.: Using aspects for security engineering of web service compositions. In: IEEE ICWS 2005, pp. 59–66. IEEE Press (2005)
Hafner, M., Breu, R., et al.: Sectet: An extensible framework for the realization of secure inter-organizational workflows. Internet Research 16(5), 491–506 (2006)
Gutiérrez, C., Fernández-Medina, E., Piattini, M.: Towards a process for web services security. J. of Research and Practice in Information Technology 38(1), 57–68 (2006)
Bartoletti, M., Degano, P., et al.: Semantics-based design for secure web services. IEEE Trans. on Software Eng. 34(1), 33–49 (2008)
Deubler, M., Grünbauer, J., Jürjens, J., Wimmel, G.: Sound development of secure service-based systems. In: ICSOC 2004, pp. 115–124. ACM, New York (2004)
Georg, G., Anastasakis, K., et al.: Verification and trade-off analysis of security properties in UML system models. IEEE Trans. on Software Eng. 36(3), 338–356 (2010)
Menzel, M., Warschofsky, R., Meinel, C.: A pattern-driven generation of security policies for service-oriented architectures. In: IEEE ICWS 2010, pp. 243–250. IEEE Press (2010)
Séguran, M., Hébert, C., Frankova, G.: Secure workflow development from early requirements analysis. In: IEEE ECOWS 2008, pp. 125–134. IEEE Press (2008)
McLean, J.: A general theory of composition for trace sets closed under selective interleaving functions. In: 1994 IEEE Symp. on Sec. and Privacy, pp. 79–93. IEEE CS Press (1994)
Mantel, H.: On the composition of secure systems. In: 2002 IEEE Symp. on Sec. and Privacy, pp. 88–101. IEEE CS Press (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pino, L., Mahbub, K., Spanoudakis, G. (2014). Designing Secure Service Workflows in BPEL. In: Franch, X., Ghose, A.K., Lewis, G.A., Bhiri, S. (eds) Service-Oriented Computing. ICSOC 2014. Lecture Notes in Computer Science, vol 8831. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45391-9_48
Download citation
DOI: https://doi.org/10.1007/978-3-662-45391-9_48
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-45390-2
Online ISBN: 978-3-662-45391-9
eBook Packages: Computer ScienceComputer Science (R0)