DISC-SeT: Handling Temporal and Security Aspects in the Web Services Composition

In this paper we propose the DISC-SeT framework to handle the representation, solution computation and verification of temporal and security requirements in the services composition. The proposed approach provides a flexible event calculus based composition design, that allows for modeling different temporal (response time, time-units and other) and security aspects (access control, confidentiality and others) for Web services with different synchronization modes. The use of a formal approach allows to reason about and verify the security and temporal requirements. Further, as the proposed approach is integrated and builds upon the DISC framework, it allows to learn from run-time security and temporal constraints violations to take recovery actions.

[1]  Jun Li,et al.  Incorporating Security Requirements into Service Composition: From Modelling to Execution , 2009, ICSOC/ServiceWave.

[2]  Maria Beatriz Felgar de Toledo,et al.  Ontology-Based Security Policies for Supporting the Management of Web Service Business Processes , 2008, 2008 IEEE International Conference on Semantic Computing.

[3]  Marek J. Sergot,et al.  A logic-based calculus of events , 1989, New Generation Computing.

[4]  Fabio Casati,et al.  On Temporal Abstractions of Web Service Protocols , 2005, CAiSE Short Paper Proceedings.

[5]  Thierry Vidal,et al.  CTP: A New Constraint-Based Formalism for Conditional, Temporal Planning , 2003, Constraints.

[6]  Fabio Casati,et al.  Fine-Grained Compatibility and Replaceability Analysis of Timed Web Service Protocols , 2007, ER.

[7]  Christoph Meinel,et al.  Security Requirements Specification in Service-Oriented Business Process Management , 2009, 2009 International Conference on Availability, Reliability and Security.

[8]  François Charoy,et al.  Dynamic Authorisation Policies for Event-Based Task Delegation , 2010, CAiSE.

[9]  Stéphanie Chollet,et al.  Security Specification at Process Level , 2008, 2008 IEEE International Conference on Services Computing.

[10]  Raman Kazhamiakin,et al.  Representation, Verification, and Computation of Timed Properties in Web , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[11]  Massimo Mecella,et al.  When are Two Web Services Compatible? , 2004, TES.

[12]  Thomas Neubauer,et al.  Defining Secure Business Processes with Respect to Multiple Objectives , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[13]  Claude Godart,et al.  DISC: A Declarative Framework for Self-Healing Web Services Composition , 2010, 2010 IEEE International Conference on Web Services.

[14]  Shixiong Zheng,et al.  Dynamic Weaving of Security Aspects in Service Composition , 2006, 2006 Second IEEE International Symposium on Service-Oriented System Engineering (SOSE'06).

[15]  Claude Godart,et al.  Mashup Model and Verification Using Mashup Processing Network , 2008, CollaborateCom.

[16]  Remco M. Dijkman,et al.  Methodological support for service-oriented design with ISDL , 2004, ICSOC '04.

[17]  David Basin,et al.  Model driven security: From UML models to access control infrastructures , 2006, TSEM.

[18]  Nawal Guermouche,et al.  Timed Model Checking Based Approach for Web Services Analysis , 2009, 2009 IEEE International Conference on Web Services.

[19]  Wil M. P. van der Aalst,et al.  A Declarative Approach for Flexible Business Processes Management , 2006, Business Process Management Workshops.

[20]  Wil M. P. van der Aalst,et al.  DecSerFlow: Towards a Truly Declarative Service Flow Language , 2006, WS-FM.

[21]  E. Davis,et al.  Common Sense Reasoning , 2014, Encyclopedia of Social Network Analysis and Mining.

[22]  Nawal Guermouche,et al.  Asynchronous Timed Web Service-Aware Choreography Analysis , 2009, CAiSE.

[23]  Mario Piattini,et al.  A BPMN Extension for the Modeling of Security Requirements in Business Processes , 2007, IEICE Trans. Inf. Syst..