A Formal Model for Security-Aware dynamic Web Services Composition

2007 International Conference on Computational Science and its Applications (ICCSA 2007) Pub Date : 2007-08-26 DOI:10.1109/ICCSA.2007.23

Dong-Hong Xu, Yong Qi, Di Hou, Ying Chen, Liang Liu

{"title":"A Formal Model for Security-Aware dynamic Web Services Composition","authors":"Dong-Hong Xu, Yong Qi, Di Hou, Ying Chen, Liang Liu","doi":"10.1109/ICCSA.2007.23","DOIUrl":null,"url":null,"abstract":"Recently, there are imminent requirements to security policies in dynamic Web services composition, so there appear many security specifications. The requirements of security characters are not always constant and the security specifications will need to modify according to the security requirements, however, there is no a uniform formal foundation to support numerous security specifications, it will block the application of these security policies, which have not been deeply investigated so far. To solve these problems, in this paper, we advocate to apply Spi calculus to describe and reason the security properties, for convenience describe and reason we separate security into security enhancing capability and security limiting constraint. Meanwhile we find the original Spi calculus can't completely to solve the properties in security-aware Web service composition. In success, we extend the syntax and semantic of Spi calculus, named SpiWeb calculus, to adapt the security-aware dynamic web service composition. Finally as a case study, the online banking system, we apply the SpiWeb calculus to describe and analysis the security features of this system.","PeriodicalId":386960,"journal":{"name":"2007 International Conference on Computational Science and its Applications (ICCSA 2007)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-08-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2007 International Conference on Computational Science and its Applications (ICCSA 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCSA.2007.23","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 7

Abstract

Recently, there are imminent requirements to security policies in dynamic Web services composition, so there appear many security specifications. The requirements of security characters are not always constant and the security specifications will need to modify according to the security requirements, however, there is no a uniform formal foundation to support numerous security specifications, it will block the application of these security policies, which have not been deeply investigated so far. To solve these problems, in this paper, we advocate to apply Spi calculus to describe and reason the security properties, for convenience describe and reason we separate security into security enhancing capability and security limiting constraint. Meanwhile we find the original Spi calculus can't completely to solve the properties in security-aware Web service composition. In success, we extend the syntax and semantic of Spi calculus, named SpiWeb calculus, to adapt the security-aware dynamic web service composition. Finally as a case study, the online banking system, we apply the SpiWeb calculus to describe and analysis the security features of this system.

查看原文本刊更多论文

安全感知动态Web服务组合的形式化模型

最近，动态Web服务组合中对安全策略的需求日益迫切，因此出现了许多安全规范。安全字符的要求不是始终不变的，安全规范需要根据安全需求进行修改，然而，由于没有一个统一的形式基础来支持众多的安全规范，这将阻碍这些安全策略的应用，到目前为止还没有深入的研究。为了解决这些问题，本文提倡应用Spi演算对安全属性进行描述和推理，为了方便描述和推理，我们将安全分为安全增强能力和安全限制约束。同时，我们发现原来的Spi演算并不能完全解决安全感知Web服务组合中的属性问题。我们成功地扩展了Spi演算的语法和语义，命名为SpiWeb演算，以适应具有安全意识的动态web服务组合。最后以网上银行系统为例，运用SpiWeb演算对该系统的安全特性进行了描述和分析。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2007 International Conference on Computational Science and its Applications (ICCSA 2007)

自引率

0.00%

发文量