Middleware for Automated Implementation of Security Protocols

We propose a middleware for automated implementation of security protocols for Web services. The proposed middleware consists of two main layers: the communication layer and the service layer. The communication layer is built on the SOAP layer and ensures the implementation of security and service protocols. The service layer provides the discovery of services and the authorization of client applications. In order to provide automated access to the platform services we propose a novel specification of security protocols, consisting of a sequential component, implemented as a WSDL-S specification, and an ontology component, implemented as an OWL specification. Specifications are generated using a set of rules, where information related to the implementation of properties such as cryptographic algorithms or key sizes, are provided by the user. The applicability of the proposed middleware is validated by implementing a video surveillance system.

[1]  Cas J. F. Cremers,et al.  Checking Secrecy by Means of Partial Order Reduction , 2004, SAM.

[2]  David L. Martin,et al.  Bringing Semantic Annotations to Web Services: OWL-S from the SAWSDL Perspective , 2007, ISWC/ASWC.

[3]  Zahir Tari,et al.  On the Move to Meaningful Internet Systems 2005: CoopIS, DOA, and ODBASE, OTM Confederated International Conferences CoopIS, DOA, and ODBASE 2005, Agia Napa, Cyprus, October 31 - November 4, 2005, Proceedings, Part I , 2005, OTM Conferences.

[4]  Béla Genge,et al.  Extending WS-Security to Implement Security Protocols for Web Services , 2009, ArXiv.

[5]  Mohammed Ghazal,et al.  A Modular Distributed Video Surveillance System Over IP , 2006, 2006 Canadian Conference on Electrical and Computer Engineering.

[6]  John A. Clark,et al.  A Survey of Authentication Protocol Literature , 2010 .

[7]  Stefan Leue,et al.  Scenarios: Models, Transformations and Tools, International Workshop, Dagstuhl Castle, Germany, September 7-12, 2003, Revised Selected Papers , 2005, Scenarios: Models, Transformations and Tools.

[8]  Myong H. Kang,et al.  Security Ontology for Annotating Resources , 2005, OTM Conferences.

[9]  Gavin Lowe,et al.  Some new attacks upon security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[10]  Paul Syverson,et al.  Fail-Stop Protocols: An Approach to Designing Secure Protocols (Preprint) , 1995 .

[11]  Mario Piattini,et al.  A Systematic Review and Comparison of Security Ontologies , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[12]  Anna van Raaphorst OASIS (Organization for the Advancement of Structured Information Standards) , 2006 .

[13]  John A. Clark,et al.  A survey of authentication protocol literature: Version 1.0 , 1997 .

[14]  Amit P. Sheth,et al.  Web Service Semantics - WSDL-S , 2005 .

[15]  Rudolf Schmid,et al.  Organization for the advancement of structured information standards , 2002 .

[16]  Timothy W. Finin,et al.  Security in the Semantic Web using OWL , 2005, Inf. Secur. Tech. Rep..

[17]  Daniel A. Menascé,et al.  PROTOCOL SPECIFICATION AND AUTOMATIC IMPLEMENTATION USING XML AND CBSE , 2003 .

[18]  David L. Martin,et al.  Toward Semantic Annotations of Web Services : OWLS from the SAWSDL Perspective , 2007 .

[19]  Ernestina Menasalvas Ruiz,et al.  Automatic implementation system of security protocols based on formal description techniques , 2002, Proceedings ISCC 2002 Seventh International Symposium on Computers and Communications.

[20]  Cas J. F. Cremers,et al.  Compositionality of Security Protocols: A Research Agenda , 2004, VODCA@FOSAD.