Skip to main content

Information Flow Control to Secure Dynamic Web Service Composition

  • Conference paper
Security in Pervasive Computing (SPC 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3934))

Included in the following conference series:

  • 733 Accesses

Abstract

The vision of a landscape of heterogeneous web services deployed as encapsulated business software assets in the Internet is currently becoming a reality as part of the Semantic Web. When pro-active agents handle the context-aware discovery, acquisition, composition, and management of application services and data, ensuring the security of customers’ data becomes a principle task. To dynamically compose its offered service, an agent has to process and spread confidential data to other web services demanding the required degree of security. In this paper we propose a methodology based on type-based information flow to control the security of dynamically computed data and their proliferation to other web services.

Parts of this work were sponsored by grants from the German Ministry for Technology and Education (BMBF) and the German Science Foundation (DFG).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Baader, F., Horrocks, I., Sattler, U.: Description logics as ontology languages for the semantic web. In: Hutter, D., Stephan, W. (eds.) Mechanizing Mathematical Reasoning. LNCS (LNAI), vol. 2605, Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  2. Bell, D.E., LaPadula, L.: Secure computer systems: Unified exposition and multics interpretation. Technical Report MTR-2997, MITRE (1976)

    Google Scholar 

  3. Benjamins, V.R., Plaza, E., Motta, E., Fensel, D., Studer, R., Wielinga, B., Schreiber, G., Zdrahal, Z.: Ibrow3 - an intelligent brokering service for knowledge-component reuse on the world wide web. In: 11th Knowledge Acquisition for Knowledge-Based System Workshop (KAW 1998) (1998)

    Google Scholar 

  4. Berners-Lee, T., Hendler, J.,, J., Lassila, O.: The semantic web, Scientific American (May 2001)

    Google Scholar 

  5. Bonatti, P.A., De Capitani di Vimercati, S., Samarati, P.: An algebra for composing access control policies. ACM Transactions on Information and System Security 5(1), 1–35 (2002)

    Article  Google Scholar 

  6. Bryson, J., Martin, D., McIlraith, S.I., Stein, L.A.: Agent-based composite services in DAML-S: The behavior-oriented design of an intelligent semantic web. In: Zhong, N., Liu, J., Lao, Y. (eds.) Web Intelligence, Springer, Heidelberg (2002)

    Google Scholar 

  7. DAML-S DARPA agent markup language for services, version 0.9, http://www.daml.org/services/daml-s/0.9/daml-s.html

  8. Dulay, N., Damianou, N., Lupu, E., Sloman, M.: A policy language for the management of distributed agents. In: Agent Oriented Software Engineering, AOSE, pp. 84–100. Springer, Heidelberg (2001)

    Google Scholar 

  9. Goguen, J.A., Meseguer, J.: Security Policies and Security Models. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 11–20 (1982)

    Google Scholar 

  10. Goguen, J.A., Meseguer, J.: Inference Control and Unwinding. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 75–86 (1984)

    Google Scholar 

  11. IBM and Microsoft. Security in a Web Service World: A proposed architecture and roadmap (April 2002), www-106.ibm.com/developerworks/webservices/library/ws-secmap

  12. Kagal, L., Finin, T., Joshi, A.: Trust based security for pervasive computing enviroments. IEEE Computer 24(12), 154–157 (2001)

    Article  Google Scholar 

  13. Kagal, L., Finin, T., Joshi, A.: Developing secure agent systems using delegation based trust management. In: Fischer, K., Hutter, D. (eds.) Security of Mobile MultiAgent Systems (SEMAS 2002) held at Autonomous Agents and MultiAgent Systems (AAMAS 2002) (2002)

    Google Scholar 

  14. Klusch, M., Gerber, A., Schmidt, M.: Semantic web service composition planning with owls-xplan. In: 1st Intl. AAAI Fall Symposium on Agents and the Semantic Web (2005)

    Google Scholar 

  15. Lamanna, D.D., Skene, J., Emmerich, W.: Slang: A language for defining service level agreements. In: IEEE Workshop on Future Trends of Distributed Computing Systems, FTDCS, p. 100 (2003)

    Google Scholar 

  16. Mantel, H.: Possibilistic Definitions of Security – An Assembly Kit. In: Proceedings of the IEEE Computer Security Foundations Workshop, Cambridge, UK, pp. 185–199 (2000)

    Google Scholar 

  17. McLean, J.D.: Proving Noninterference and Functional Correctness using Traces. Journal of Computer Security 1(1), 37–57 (1992)

    Article  Google Scholar 

  18. McLean, J.D.: A general theory of composition for trace sets closed under selective interleaving functions. In: Proceedings of IEEE Symposium on Security and Privacy, IEEE Computer Society, Los Alamitos (1994)

    Google Scholar 

  19. OWL ontology web language, w3c standard technical recommendation (2003), http://www.w3.org/TR/,/WD-owl-ref-20030331/

  20. Patwardhan, A., Korolev, V., Kagal, L., Joshi, A.: Enforcing policies in pervasive environments. In: MobiQuitous, pp. 299–308 (2004)

    Google Scholar 

  21. Peer, J.: Web service composition as ai planning - a survey. Technical report, University of St. Gallen (March 2005)

    Google Scholar 

  22. Ramchurn, S.D., Huynh, D., Jennings, N.R.: Trust in multi-agent systems. The Knowledge Engineering Review 19(1), 1–25 (2004)

    Article  Google Scholar 

  23. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1) (2003)

    Google Scholar 

  24. Sheshagiri, M., desJardins, M., Finin, T.: A planner for composing services described in DAML-S. In: Proceedings of AAMAS 2003 Workshop on Web Services and Agent-Based Engineering (2003)

    Google Scholar 

  25. Smith, G., Volpano, D.: Secure information flow in a multi-threaded imperative language. In: Conference Record of POPL 1998: The 25TH ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Diego, California, pp. 355–364. New York, NY (1998)

    Google Scholar 

  26. Stufflebeam, W.H., Antón, A.I., He, Q., Jain, N.: Specifying privacy policies with p3p and epal: lessons learned. In: Workshop on Privacy in the Electronic Society, WPES, p. 35 (2004)

    Google Scholar 

  27. Uszok, A., Bradshaw, J.M., Jeffers, R., Tate, A., Dalton, J.: Applying kaos services to ensure policy compliance for semantic web services workflow composition and enactment. In: International Semantic Web Conference, pp. 425–440 (2004)

    Google Scholar 

  28. Volpano, D.M., Smith, G.: A sound type system for secure flow analysis. Journal of Computer Security 4(3), 167–187 (1996)

    Article  Google Scholar 

  29. Volpano, D.M., Smith, G.: A type-based approach to program security. In: TAPSOFT, pp. 607–621 (1997)

    Google Scholar 

  30. Waldinger, R.: Deductive composition of web software agents. In: Rash, J.L., Rouff, C.A., Truszkowski, W., Gordon, D.F., Hinchey, M.G. (eds.) FAABS 2000. LNCS (LNAI), vol. 1871, Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  31. Wu, D., Parsia, B., Sirin, E., Hendler, J., Nau, D.: Automating DAML-S web services composition using SHOP2. In: Proceedings of the 2nd International Semantic Web Conference (ISWC 2003), Sanibel Island, Florida, USA, October 2003, pp. 20–23 (2003)

    Google Scholar 

  32. Zakinthinos, A., Lee, E.S.: A General Theory of Security Properties. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, pp. 94–102 (1997)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hutter, D., Volkamer, M. (2006). Information Flow Control to Secure Dynamic Web Service Composition. In: Clark, J.A., Paige, R.F., Polack, F.A.C., Brooke, P.J. (eds) Security in Pervasive Computing. SPC 2006. Lecture Notes in Computer Science, vol 3934. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11734666_15

Download citation

  • DOI: https://doi.org/10.1007/11734666_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-33376-0

  • Online ISBN: 978-3-540-33377-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics