Types and effects for secure service orchestration

A distributed calculus is proposed for describing networks of services. We model service interaction through a call-by-property invocation mechanism, by specifying the security constraints that make their composition safe. A static approach is then proposed to determine how to compose services and guarantee that their execution is always secure, without resorting to any dynamic check

[1]  David K. Gifford,et al.  Integrating functional and imperative programming , 1986, LFP '86.

[2]  Pierre Jouvelot,et al.  The type and effect discipline , 1992, [1992] Proceedings of the Seventh Annual IEEE Symposium on Logic in Computer Science.

[3]  G. Winskel The formal semantics of programming languages , 1993 .

[4]  Simon S. Lam,et al.  A semantic model for authentication protocols , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Vasco Thudichum Vasconcelos,et al.  Language Primitives and Type Discipline for Structured Communication-Based Programming Revisited: Two Systems for Higher-Order Session Communication , 1998, SecReT@ICALP.

[6]  Flemming Nielson,et al.  Type and Effect Systems , 1999, Correct System Design.

[7]  Jan Vitek,et al.  Secure composition of untrusted code: wrappers and causality types , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[8]  Takahiro Kawamura,et al.  Semantic Matching of Web Services Capabilities , 2002, SEMWEB.

[9]  Andrew D. Gordon,et al.  Types and effects for asymmetric cryptographic protocols , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[10]  Mike P. Papazoglou,et al.  Service-oriented computing: concepts, characteristics and directions , 2003, Proceedings of the Fourth International Conference on Web Information Systems Engineering, 2003. WISE 2003..

[11]  Mike P. Papazoglou,et al.  Introduction to the Special Issue on Service-Oriented Computing , 2003 .

[12]  Martín Abadi,et al.  Access Control Based on Execution History , 2003, NDSS.

[13]  Jan Vitek,et al.  Secure composition of untrusted code: box π, wrappers, and causality types , 2003 .

[14]  Stefan Tai,et al.  The next step in Web services , 2003, CACM.

[15]  Antonio Vallecillo,et al.  Typing the Behavior of Objects and Component Using Session Types , 2003, FOCLASA.

[16]  Andrew D. Gordon,et al.  A semantics for web services authentication , 2004, Theor. Comput. Sci..

[17]  Antonio Brogi,et al.  Behavioural Types and Component Adaptation , 2004, AMAST.

[18]  Marco Pistore,et al.  Automated Composition of Semantic Web Services into Executable Processes , 2004, SEMWEB.

[19]  Amit P. Sheth,et al.  Enhancing Web Services Description and Discovery to Facilitate Composition , 2004, SWSWPC.

[20]  Valérie Issarny,et al.  Ad Hoc Composition of User Tasks in Pervasive Computing Environments , 2005, SC@ETAPS.

[21]  Gian Luigi Ferrari,et al.  Enforcing secure service composition , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[22]  Julian Rathke,et al.  safeDpi: a language for controlling mobile code , 2005, Acta Informatica.

[23]  Eduardo Bonelli,et al.  Typechecking Safe Process Synchronization , 2005, FGUC.

[24]  Marco Aiello,et al.  Encoding Requests to Web Service Compositions as Constraints , 2005, CP.

[25]  Amit P. Sheth,et al.  Web Service Semantics - WSDL-S , 2005 .

[26]  Daniele Gorla,et al.  Security Policies as Membranes in Systems for Global Computing , 2005, Log. Methods Comput. Sci..

[27]  Mike P. Papazoglou JDL special issue on service-oriented computing: advanced user-centered concepts , 2006, International Journal on Digital Libraries.

[28]  Massimo Bartoletti,et al.  Plans for service composition , 2006 .

[29]  Antonio Brogi,et al.  Towards Semi-automated Workflow-based Aggregation of Web Services , 2005, CIbSE.

[30]  Andrew D. Gordon,et al.  Secure sessions for web services , 2007, SWS '04.

[31]  Priya Narasimhan,et al.  Special Issue Service-Oriented Computing , 2008 .