论文信息 - Security Specification at Process Level

Security Specification at Process Level

In this paper, we present a process-oriented tool allowing the specification of security properties at the service composition level. The tool is based on the notions of abstract and concrete services as well as on the concept of separation of concerns. It provides a framework that allows different people to effectively discuss security issues. Abstract services can be viewed as activities rather than as technical services and are such better understood by non-technical people. Similarly, security is discussed in terms of needs and no complex security technologies are to be specified. The tool relies between these two meta-models specifying orchestration-related concepts and security concepts. Meta-links between the meta-models have been defined to specify the authorized security constraints on the orchestrated services. The tool has been validated on an application specified by Thales.

Stéphanie Chollet | Philippe Lalanda

[1] Mamoon Yunus,et al. An Empirical Study of Security Threats and Countermeasures in Web Services-Based Services Oriented Architectures , 2005, WISE.

[2] Phillip Hallam-Baker,et al. Web services security: soap message security , 2003 .

[3] Jacky Estublier,et al. Apel: A Graphical Yet Executable Formalism for Process Modeling , 2004, Automated Software Engineering.

[4] Mark O'Neill,et al. Web Services Security , 2003 .

[5] Chi-Chun Lo,et al. A fuzzy outranking approach in risk analysis of web service security , 2007, Cluster Computing.

[6] Francisco Curbera,et al. Web Services Business Process Execution Language Version 2.0 , 2007 .

[7] Asir S Vedamuthu,et al. Web Services Policy 1.5 - Framework , 2007 .

[8] Philippe Lalanda,et al. A Domain-Configurable Development Environment for Service-Oriented Applications , 2007, IEEE Software.

[9] Colombe Hérault,et al. A distributed service-oriented mediation tool , 2007, IEEE International Conference on Services Computing (SCC 2007).

[10] Michiaki Tatsubori,et al. Best-practice patterns and tool support for configuring secure Web services messaging , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[11] Siddharth Bajaj,et al. Web Services Federation Language (WS- Federation) , 2003 .

[12] Elisabetta Di Nitto,et al. SCENE: A Service Composition Execution Environment Supporting Dynamic Changes Disciplined Through Rules , 2006, ICSOC.