A Formal Model for Resource Protections in Web Service Applications

How to protect sensible resources is an important issue in the development of web service applications. This paper presents a formal model for resource protections, aiming at statically analyzing and verifying that the applications use these resources in a valid manner, i.e., obeying all the protection policies. The policies are logical properties of resource usage behaviors. The usage behaviors are extracted from the execution of web services by a type and effect system, and represented as concurrent regular expressions. After a suitable transformation, the expressions can be checked for validity by model-checking tools. Web service applications use the resources correctly if their concurrent regular expressions are verified valid. The analysis result shows our approach can improve system performances in comparison with runtime checkers, e.g., execution monitors.

[1]  Gian Luigi Ferrari,et al.  Types and Effects for Resource Usage Analysis , 2007, FoSSaCS.

[2]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[3]  David Van Horn,et al.  Types and trace effects of higher order programs , 2008, J. Funct. Program..

[4]  Sanjiva Weerawarana,et al.  Web Services Definition Language , 2001, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[5]  Deborah L. McGuinness,et al.  Bringing Semantics to Web Services: The OWL-S Approach , 2004, SWSWPC.

[6]  Henk Barendregt,et al.  The Lambda Calculus: Its Syntax and Semantics , 1985 .

[7]  Gian Luigi Ferrari,et al.  Local policies for resource usage analysis , 2009, TOPL.

[8]  Howard Foster,et al.  A rigorous approach to engineering web service compositions , 2006 .

[9]  David Cachera,et al.  Certified Memory Usage Analysis , 2005, FM.

[10]  Luciano Baresi,et al.  Smart monitors for composed services , 2004, ICSOC '04.

[11]  Flemming Nielson,et al.  Type and Effect Systems , 1999, Correct System Design.

[12]  Jun Wei,et al.  Runtime Monitoring of Data-centric Temporal Properties for Web Services , 2011, 2011 IEEE International Conference on Web Services.

[13]  Sebastián Uchitel,et al.  LTSA-WS: a tool for model-based verification of web service compositions and choreography , 2006, ICSE.

[14]  Frank Leymann,et al.  Modeling Stateful Resources with Web Services , 2004 .

[15]  Naoki Kobayashi,et al.  Resource Usage Analysis for the π-Calculus DRAFT : DO NOT DISTRIBUTE , 2005 .

[16]  Naoki Kobayashi Time regions and effects for resource usage analysis , 2003, TLDI '03.

[17]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[18]  Elvira Albert,et al.  Resource Usage Analysis and Its Application to Resource Certification , 2009, FOSAD.

[19]  Jorge A. Navas,et al.  User-Definable Resource Usage Bounds Analysis for Java Bytecode , 2009, BYTECODE@ETAPS.

[20]  Wojciech Penczek,et al.  Runtime Monitoring of Contract Regulated Web Services , 2010, Fundam. Informaticae.

[21]  Wojciech Penczek,et al.  Runtime Monitoring of Contract Regulated Web Services , 2011, Fundam. Informaticae.

[22]  Atsushi Igarashi,et al.  Resource usage analysis , 2002, POPL '02.

[23]  Slim Kallel,et al.  Specifying and Monitoring Temporal Properties in Web Services Compositions , 2009, 2009 Seventh IEEE European Conference on Web Services.

[24]  Pierre Jouvelot,et al.  The type and effect discipline , 1992, [1992] Proceedings of the Seventh Annual IEEE Symposium on Logic in Computer Science.

[25]  Abdelkarim Erradi,et al.  WS-Policy based Monitoring of Composite Web Services , 2007, Fifth European Conference on Web Services (ECOWS'07).

[26]  Jerry R. Hobbs,et al.  DAML-S: Semantic Markup for Web Services , 2001, SWWS.

[27]  Anupriya Ankolekar,et al.  Towards a Formal Verification of OWL-S Process Models , 2005, SEMWEB.