论文信息 - Automated detection of critical code in composite web services

Automated detection of critical code in composite web services

One of the important goals of the software development process is to verify that the produced system always meets the predefined requirements. However, current testing approaches on web services composition involve several manual tasks and, hence, are error-prone and costly. Furthermore, composite web services impose additional analysis complexity as they are consumed by a plethora of clients having different desires. This provides frequent changes within composite services. Therefore, it is inevitable to provide tools and mechanisms that enable efficient and effective detection of critical codes within these complex systems. In this paper, we developed a formalbased framework namely ADCC (Automated Detection of Critical Code) framework that takes as input a composite WS and a security policy and automatically detect critical sections of the code that should be tested.

Mahjoub Langar | Riadh Robbana | Imene Hadded

[1] Kevin W. Hamlen,et al. Computability classes for enforcement mechanisms , 2006, TOPL.

[2] Sebastián Uchitel,et al. Model-based verification of Web service compositions , 2003, 18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings..

[3] Koushik Sen,et al. Generating Optimal Monitors for Extended Regular Expressions , 2003, RV@CAV.

[4] Lujo Bauer,et al. Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.

[5] Sebastián Uchitel,et al. LTSA-WS: a tool for model-based verification of web service compositions and choreography , 2006, ICSE.

[6] Kamel Adi,et al. Using Edit Automata for Rewriting-Based Security Enforcement , 2009, DBSec.

[7] Raman Kazhamiakin,et al. A Parametric Communication Model for the Verification of BPEL4WS Compositions , 2005, EPEW/WS-FM.

[8] Jocelyn Simmonds,et al. Monitoring and recovery for web service applications , 2012, Computing.

[9] Saeed Jalili,et al. WSCMon: runtime monitoring of web service orchestration based on refinement checking , 2012, Service Oriented Computing and Applications.

[10] Fred B. Schneider,et al. Enforceable security policies , 2000, TSEC.

[11] Mahjoub Langar,et al. Formal enforcement of security policies on concurrent systems , 2011, J. Symb. Comput..

[12] Xiang Fu,et al. Analysis of interacting BPEL web services , 2004, WWW '04.