Finding Secure Compositions of Software Services: Towards a Pattern Based Approach

In service based systems, there is often a need to replace services at runtime as they become either unavailable or they no longer meet required quality or security properties. In such cases, it is often necessary to build compositions of services that can replace a problematic service because no single service with a sufficient match to it can be located. In this paper, we present an approach for building compositions of services that can preserve required security properties. Our approach is based on the use of secure composition patterns which are applied in connection with basic discovery mechanisms to build secure service compositions.

[1]  James Dooley,et al.  A Framework for Dynamic Service Discovery , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[2]  Keita Fujii,et al.  Semantics-Based Dynamic Web Service Composition , 2006, Int. J. Cooperative Inf. Syst..

[3]  Ahmed K. Elmagarmid,et al.  Composing Web services on the Semantic Web , 2003, The VLDB Journal.

[4]  Luís Ferreira Pires,et al.  A Framework for Dynamic Web Services Composition , 2007, WEWST.

[5]  Wil M. P. van der Aalst,et al.  Workflow Patterns , 2004, Distributed and Parallel Databases.

[6]  Gian Luigi Ferrari,et al.  Enforcing secure service composition , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[7]  Andrea Zisman,et al.  A Service Discovery Framework based on Linear Composition , 2007, IEEE International Conference on Services Computing (SCC 2007).

[8]  Keita Fujii,et al.  Semantics-based dynamic service composition , 2005, IEEE Journal on Selected Areas in Communications.

[9]  Jing Dong,et al.  Automated verification of security pattern compositions , 2010, Inf. Softw. Technol..

[10]  John McCarthy,et al.  SOME PHILOSOPHICAL PROBLEMS FROM THE STANDPOINT OF ARTI CIAL INTELLIGENCE , 1987 .

[11]  George Spanoudakis,et al.  An architecture for certification-aware service discovery , 2011, 2011 1st International Workshop on Securing Services on the Cloud (IWSSC).

[12]  Barbara Carminati,et al.  Security Conscious Web Service Composition , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[13]  Jan Jürjens,et al.  Sound development of secure service-based systems , 2004, ICSOC '04.

[14]  Gero Mühl,et al.  QoS aggregation for Web service composition using workflow patterns , 2004 .

[15]  Marc Lelarge,et al.  Automatic Composition of Secure Workflows , 2006, ATC.