Reasoning About Policies in Security-Aware Service Discovery Using Answer Set Programming

In order to enable a secure interaction between dynamically discovered software services and the client’s application in a cooperative information system such as service oriented system, one of the pre-requisites is the reconciliation of service-specific security policies of all stakeholders. Existing service discovery research does not address the issue of enormous search space in finding security-aware services based on preferred security policy alternatives of the client of software services. In this paper, we propose an answer set programming (ASP) approach, drawn from the field of artificial intelligence (AI), to explore a viable solution of finding security-aware services for the client. We argue that the ASP approach can significantly reduce the search space and achieve great performance gains. We use ASP to: (i) specify security policies including expressing service-specific security preference weighting and importance scoring in quantifiable terms; and (ii) reason about the compliance between the...

[1]  Li Wei,et al.  Multi-agent based QoS-aware Service Composition , 2010, 2010 IEEE International Conference on Systems, Man and Cybernetics.

[2]  Massimo Mecella,et al.  Verification of Access Control Requirements in Web Services Choreography , 2008, 2008 IEEE International Conference on Services Computing.

[3]  Timo Soininen,et al.  Extending and implementing the stable model semantics , 2000, Artif. Intell..

[4]  Sebastian Mödersheim,et al.  The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures , 2012, TACAS.

[5]  Tao Yu,et al.  Efficient algorithms for Web services selection with end-to-end QoS constraints , 2007, TWEB.

[6]  Jipeng Cui,et al.  Function Level Web Service Discovery Based on Category Function Tree , 2014, 2014 Asia-Pacific Services Computing Conference.

[7]  Maria Luisa Villani,et al.  An approach for QoS-aware service composition based on genetic algorithms , 2005, GECCO '05.

[8]  Martin Gebser,et al.  Domain-Specific Heuristics in Answer Set Programming , 2013, AAAI.

[9]  Esra Erdem,et al.  Inferring Phylogenetic Trees Using Answer Set Programming , 2007, Journal of Automated Reasoning.

[10]  Esra Erdem,et al.  Solving challenging grid puzzles with answer set programming , 2007 .

[11]  Wolfgang Faber,et al.  Look-back Techniques for ASP Programs with Aggregates , 2008, RCRA.

[12]  Yan Zhang,et al.  Ordered completion for logic programs with aggregates , 2015, Artif. Intell..

[13]  Fabio Massacci,et al.  Verifying security protocols as planning in logic programming , 2001, ACM Trans. Comput. Log..

[14]  Wolfgang Faber,et al.  Semantics and complexity of recursive aggregates in answer set programming , 2011, Artif. Intell..

[15]  Martin Gebser,et al.  Tableau Calculi for Logic Programs under Answer Set Semantics , 2013, TOCL.

[16]  Soumya Simanta,et al.  Information assurance challenges and strategies for securing SOA environments and web services , 2009, 2009 3rd Annual IEEE Systems Conference.

[17]  Gian Luigi Ferrari,et al.  Semantics-Based Design for Secure Web Services , 2008, IEEE Transactions on Software Engineering.

[18]  Khaled M. Khan,et al.  A process framework for characterising security properties of component-based software systems , 2004, 2004 Australian Software Engineering Conference. Proceedings..

[19]  Yannick Chevalier,et al.  Automatic Composition of Services with Security Policies , 2008, 2008 IEEE Congress on Services - Part I.

[20]  Joohyung Lee,et al.  First-Order Extension of the FLP Stable Model Semantics via Modified Circumscription , 2011, IJCAI.

[21]  Sushil Jajodia,et al.  A Logic Framework for Flexible and Security-Aware Service Composition , 2013, 2013 IEEE 10th International Conference on Ubiquitous Intelligence and Computing and 2013 IEEE 10th International Conference on Autonomic and Trusted Computing.

[22]  Michael Gelfond,et al.  An A Prolog decision support system for the Space Shuttle , 2001, Answer Set Programming.

[23]  Mario Alviano,et al.  The Third Answer Set Programming Competition: Preliminary Report of the System Competition Track , 2011, LPNMR.

[24]  Christoph Meinel,et al.  Security Requirements Specification in Service-Oriented Business Process Management , 2009, 2009 International Conference on Availability, Reliability and Security.

[25]  Martin Gebser,et al.  Conflict-driven answer set solving: From theory to practice , 2012, Artif. Intell..

[26]  Xinfeng Ye A Game-Theoretic Analysis of Security Investment for Service Computing Applications , 2014, 2014 IEEE World Congress on Services.

[27]  Katsumi Inoue,et al.  Aspartame: Solving Constraint Satisfaction Problems with Answer Set Programming , 2015, LPNMR.

[28]  MengChu Zhou,et al.  A Petri Net-Based Method for Compatibility Analysis and Composition of Web Services in Business Process Execution Language , 2009, IEEE Transactions on Automation Science and Engineering.

[29]  Marco Gavanelli,et al.  An ASP Approach for the Valves Positioning Optimization in a Water Distribution System , 2015, CILC.

[30]  Gerald Pfeifer,et al.  Design and implementation of aggregate functions in the DLV system* , 2008, Theory and Practice of Logic Programming.

[31]  Boualem Benatallah,et al.  Web Service Protocols: Compatibility and Adaptation , 2008, IEEE Data Eng. Bull..

[32]  Khaled M. Khan,et al.  Assessing security properties of software components: a software engineer's perspective , 2006, Australian Software Engineering Conference (ASWEC'06).

[33]  Reijo Sulonen,et al.  A Practical Tool for Mass-Customising Configurable Products , 2003 .

[34]  Joohyung Lee,et al.  Stable models and circumscription , 2011, Artif. Intell..

[35]  Andrew Chi-Chih Yao,et al.  Protocols for secure computations , 1982, FOCS 1982.

[36]  Khaled M. Khan,et al.  Constraint-enhanced role engineering via answer set programming , 2012, ASIACCS '12.

[37]  Leora Morgenstern Knowledge Representation, Reasoning and Declarative Problem Solving, Chitta Baral. Cambridge University Press (2003), 544 pages, ISBN: 0521818028 , 2006 .

[38]  Hans Tompits,et al.  A Uniform Integration of Higher-Order Reasoning and External Evaluations in Answer-Set Programming , 2005, IJCAI.

[39]  Dieter Fensel,et al.  A Logical Framework for Web Service Discovery , 2004, SWS@ISWC.

[40]  Anne H. H. Ngu,et al.  QoS-aware middleware for Web services composition , 2004, IEEE Transactions on Software Engineering.

[41]  Elisa Bertino,et al.  Security-Aware Service Composition with Fine-Grained Information Flow Control , 2013, IEEE Transactions on Services Computing.

[42]  Martin Gebser,et al.  Advanced Conflict-Driven Disjunctive Answer Set Solving , 2013, IJCAI.

[43]  Yi Zhou,et al.  Ordered completion for first-order logic programs on finite structures , 2010, Artif. Intell..

[44]  Jun Han,et al.  Modeling security importance and preferences of software services , 2012, 2012 IEEE International Conference on Computer Science and Automation Engineering.

[45]  E. Michael Maximilien,et al.  A framework and ontology for dynamic Web services selection , 2004, IEEE Internet Computing.

[46]  Paolo Ferraris,et al.  Logic programs with propositional connectives and aggregates , 2008, TOCL.

[47]  Barbara Carminati,et al.  Security Conscious Web Service Composition with Semantic Web Support , 2007, 2007 IEEE 23rd International Conference on Data Engineering Workshop.

[48]  Christoph Meinel,et al.  A Security Meta-model for Service-Oriented Architectures , 2009, 2009 IEEE International Conference on Services Computing.

[49]  Fumiko Satoh,et al.  Security Policy Composition for Composite Web Services , 2011, IEEE Transactions on Services Computing.

[50]  Gerhard Weikum,et al.  Social Wisdom for Search and Recommendation , 2008, IEEE Data Eng. Bull..

[51]  Timothy W. Finin,et al.  Security for DAML Web Services: Annotation and Matchmaking , 2003, SEMWEB.

[52]  Nils Agne Nordbotten,et al.  XML and Web Services Security Standards , 2009, IEEE Communications Surveys & Tutorials.

[53]  Udo Bleimann,et al.  Security Policy Enforcement in BPEL-Defined Collaborative Business Processes , 2007, 2007 IEEE 23rd International Conference on Data Engineering Workshop.

[54]  Michael N. Huhns,et al.  A Scalable Architecture for Automatic Service Composition , 2014, IEEE Transactions on Services Computing.