An adaptable security framework for service-based systems

A major advantage of service-based computing technology is the ability to enable rapid formation of large-scale distributed systems by composing massively available services to achieve the system goals, regardless of the programming languages and platforms used to develop and run these services. In these large-scale service-based systems, various capabilities are provided by different organizations and interconnected by various types of networks, including wireless (infrastructure or ad hoc) and wired networks. For these systems which often involve multiple organizations, high confidence and adaptability are of prime concern to ensure that users can use these systems anywhere, any time, through various devices, knowing that their confidentiality and privacy are well protected under various situations. In this paper, an adaptable security framework for large-scale service-based systems is presented. It includes a core ontology and a logic-based situation-aware security specification language for specifying dynamic security policies for service-based systems, an approach to policy conflict detection and resolution, and tools for generating and deploying security agents to enforce security policies. With this framework, various parties of large-scale service-based systems can rapidly specify, update, verify, and enforce security policies in service-based systems to meet their security requirements under various situations.