Incorporating Security Requirements into Service Composition: From Modelling to Execution

Souza, Andre; Silva, Bruno L.; Lins, Fernando; Damasceno, Julio; Rosa, Nelson Souto; Maciel, Paulo; Medeiros, Robson Wagner Albuquerque de; Stephenson, Bryan; Motahari-Nezhad, Hamid Reza; Li, Jun; Northfleet, Caio

doi:10.1007/978-3-642-10383-4_27

Cited by 26 publications

(29 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The Sec-MoSC tool [33] supports the addition of required security properties to BPMN processes [7] and the selection of default mechanisms for implementing them. The BPMN processes along with the selected mechanisms are transformed to BPEL and a security engine is used to realise the security mechanisms added to the process.…”

Section: Related Workmentioning

confidence: 99%

Pattern-Based Design and Verification of Secure Service Compositions

Pino

Spanoudakis

Krotsiani

et al. 2020

IEEE Trans. Serv. Comput.

View full text Add to dashboard Cite

This is the accepted version of the paper.This version of the publication may differ from the final published version. Abstract-Ensuring the preservation of security is a key requirement and challenge for Service-Based Systems (SBS) due to the use of third party software services not operating under different security perimeters. In this paper, we present an approach for verifying the security properties of SBS workflows and adapting them if such properties are not preserved. Our approach uses secure service composition patterns. These patterns encode proven dependencies between service level and workflow level security properties. These dependencies are used in reasoning processes supporting the verification of SBS workflows with respect to workflow security properties and their adaptation in ways that guarantee the properties if necessary. Our approach has been implemented by extending the Eclipse BPEL Designer and validated experimentally. The experimental evaluation has produced positive results, indicating that even for complex workflows and large sets of secure service composition patterns verification can be performed efficiently. Permanent repository link

show abstract

Section: Related Workmentioning

confidence: 99%

Pattern-Based Design and Verification of Secure Service Compositions

Pino

Spanoudakis

Krotsiani

et al. 2020

IEEE Trans. Serv. Comput.

View full text Add to dashboard Cite

show abstract

“…For example, work in [30] identified a collection of security requirements (such as data encryption, authentication of web services, and event logging) of service composition and present an approach called Sec-MoSC to incorporate the requirements into security mechanisms. The major advantage of this approach is that it is easily extensible.…”

Section: Related Workmentioning

confidence: 99%

CRESCENT+: a self-protecting framework for reliable composite web service delivery

et al. 2018

View full text Add to dashboard Cite

One way to ensure reliable and secure composite web service delivery is by making them autonomous (i.e., become selfmanaging services, where they can be self-organizing, self-healing, self-optimizing, and self-protecting). The CRESCENT framework was previously proposed towards achieving such vision. It managed to satisfy the first three properties, but did not handle the self-protection property. To overcome such limitation, this paper extends CRESCENT and proposes CRES-CENT+; a self-protecting framework for reliable composite web service delivery. This is done by performing vulnerability analysis to identify CRESCENT weaknesses, then performing a STRIDE-based threat analysis to identify possible attacks on CRESCENT, and finally proposing different solutions and countermeasures to be integrated into CRESCENT to overcome such problems. Experimental results show that CRESCENT+ increased the reliability of the CRESCENT framework trading off the overall throughput. However, we argue that such loss in the overall throughput is still acceptable as a price for having autonomous composite web services; especially, the obtained overall throughput is still higher than existing industrial standards.

show abstract

“…The annotations are then used to discover appropriate services for the BPEL process, using an annotated registry. The Sec-MoSC (Security for Model-oriented Service Composition) tool [11] is an extension of the Eclipse BPMN Modeller that allows to design BPMN business processes and to add security properties to them. These two approaches focus only on the validation single service of security properties, while our approach allows the validation of workflow fragments and the substitution of services with service compositions.…”

Section: Related Workmentioning

confidence: 99%

Designing Secure Service Workflows in BPEL

Pino

Mahbub

Spanoudakis

2014

Service-Oriented Computing

View full text Add to dashboard Cite

This is the accepted version of the paper.This version of the publication may differ from the final published version. Abstract. This paper presents an approach that we have developed to support the design of secure service based applications in BPEL. The approach is based on the use of secure service composition patterns, which are proven to preserve composition level security properties if the services that are composed according to the pattern satisfy other properties individually. The secure service composition patterns are used for two purposes: (a) to analyse whether a given workflow fragment satisfies a given security property, and (b) to generate compositions of services that could substitute for individual services within the workflow that cause the violation of the security properties. Our approach has been implemented in a tool that is based on Eclipse BPEL Designer. Permanent

show abstract

Incorporating Security Requirements into Service Composition: From Modelling to Execution

Cited by 26 publications

References 12 publications

Pattern-Based Design and Verification of Secure Service Compositions

Pattern-Based Design and Verification of Secure Service Compositions

CRESCENT+: a self-protecting framework for reliable composite web service delivery

Designing Secure Service Workflows in BPEL

Contact Info

Product

Resources

About