Security-Oriented Service Composition and Evolution

This paper introduces a framework for security-oriented software service composition and evolution. Key building blocks of the framework are a semantic model for specifying the security objectives and properties at the service and system levels, the negotiation and re-negotiation techniques for service composition and evolution, and the analysis techniques for checking the security compatibility between services and the satisfaction of system-level security goals. It focuses on developing techniques that allow system developers to design required security into service compositions with predictability and to maintain or adapt service compositions in changed security contexts.

[1]  Jeannette M. Wing,et al.  Specification matching of software components , 1995, TSEM.

[2]  Jan Vitek,et al.  Secure composition of insecure components , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[3]  Chitta Baral,et al.  Logic Programming and Knowledge Representation , 1994, J. Log. Program..

[4]  Daryl McCullough,et al.  A Hookup Theorem for Multilevel Security , 1990, IEEE Trans. Software Eng..

[5]  Priya Narasimhan,et al.  Special Issue Service-Oriented Computing , 2008 .

[6]  Claudio Bartolini,et al.  Towards Agent-Based Service Composition through Negotiation in Multiple Auctions , 2001 .

[7]  Bob Atkinson Web Services Security (WS-Security) , 2003 .

[8]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[9]  James A. Whittaker,et al.  Building software securely from the ground up , 2002, IEEE Software.

[10]  Israel Ben-Shaul,et al.  A negotiation model for dynamic composition of distributed applications , 1998, Proceedings Ninth International Workshop on Database and Expert Systems Applications (Cat. No.98EX130).

[11]  R. Lewicki Essentials of Negotiation , 1996 .

[12]  Martín Abadi,et al.  Composing Specifications , 1989, REX Workshop.

[13]  Jeffrey M. Voas,et al.  The Challenges Of Using COTS Software In Component-Based Development , 1998, Computer.

[14]  Huaglory Tianfield,et al.  Agent Technologies, Infrastructures, Tools, and Applications for E-Services , 2002, Lecture Notes in Computer Science.

[15]  Israel Ben-Shaul,et al.  Dynamic Adaptation and Deployment of Distributed Components In Hadas , 2001, IEEE Trans. Software Eng..

[16]  Anne H. H. Ngu,et al.  QoS-aware middleware for Web services composition , 2004, IEEE Transactions on Software Engineering.

[17]  Khaled M. Khan,et al.  A security characterisation framework for trustworthy component based software systems , 2003, Proceedings 27th Annual International Computer Software and Applications Conference. COMPAC 2003.

[18]  N. R. Jennings,et al.  To appear in: Int Journal of Group Decision and Negotiation GDN2000 Keynote Paper Automated Negotiation: Prospects, Methods and Challenges , 2022 .

[19]  Mark O'Neill,et al.  Web Services Security , 2003 .

[20]  Jeffrey S. Rosenschein,et al.  Rules of Encounter - Designing Conventions for Automated Negotiation among Computers , 1994 .

[21]  Timothy W. Finin,et al.  Security for DAML Web Services: Annotation and Matchmaking , 2003, SEMWEB.

[22]  Khaled M. Khan,et al.  Composing Security-Aware Software , 2002, IEEE Softw..

[23]  Iyad Rahwan,et al.  Intelligent Agents for Automated One-to-Many E-Commerce Negotiation , 2002, ACSC.

[24]  Nael B. Abu-Ghazaleh,et al.  Using automatable proof obligations for component-based design checking , 1999, Proceedings ECBS'99. IEEE Conference and Workshop on Engineering of Computer-Based Systems.