Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Technologies for E-Services

TES 2001: Technologies for E-Services pp 147–162Cite as

Security for Distributed E-Service Composition

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2193))

Abstract

Current developments show that tomorrow’s information systems and applications will no longer be based on monolithic architectures that encompass all the functionality. Rather, the emerging need for distribution and quick adaptation to new requirements stemming from, e.g., virtual enterprises, demands distributed systems that can be extended dynamically to compose new services from existing software components. However, usage of mobile code introduces specific security concerns which a security system must be aware of. We present a comprehensive security architecture for extensible, distributed systems using the example of an Internet query processing service which can be extended by user-defined operators. Before an operator is actually used in queries for the first time, our OperatorCheck server validates its semantics and analyzes its quality. This is done semi-automatically using an oracle-based approach to compare a formal specification of an operator against its implementation. Further security measures are integrated into the query processing engine: during plan distribution secure communication channels are established, authentication and authorization are performed, and overload situations are avoided by admission control. During plan execution operators are guarded using Java’s security model to prevent unauthorized resource access and leakage of data. The resource consumption of operators is monitored and limited with reasonable supplementary costs to avoid resource monopolization. We show that the presented security system is capable of executing arbitrary operators without risks for the executing host and the privacy and integrity of data. In the paper we will concentrate on the OperatorCheck server, as this server can itself be viewed as an e-service that can be used by developers and independent associations.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. S. Bürzsünyi, D. Kossmann, and K. Stocker. The Skyline Operator. In Proc. IEEE Conf. on Data Engineering, pages 421–430, Heidelberg, Germany, 2001.

    Google Scholar 

  2. R. Braumandl, M. Keidl, A. Kemper, D. Kossmann, A. Kreutz, S. Seltzsam, and K. Stocker. ObjectGlobe: Ubiquitous Query Processing on the Internet. The VLDB Journal: Special Issue on E-Services, 2001. To appear.

    Google Scholar 

  3. F. Casati, S. Ilnicki, L.-J. Jin, and M.-C. Shan. An Open, Flexible, and Configurable System for Service Composition. In Proceedings of the Second International Workshop on Advance Issues of E-Commerce and Web-Based Information Systems (WECWIS 2000), pages 125–132, Milpitas, California, 2000.

    Google Scholar 

  4. O.-J. Dahl, E. W. Dijkstra, and C. A. R. Hoare. Structured Programming. Academic Press, Inc., New York, 1972.

    MATH  Google Scholar 

  5. G. Czajkowski, T. Mayr, P. Seshadri, and T. v. Eicken. Resource Control for Database Extensions. Technical Report 98-1718, Department of Computer Science, Cornell University, November 1998.

    Google Scholar 

  6. C. Dalton and T. H. Choo. An Operating System Approach to Securing E-Services. Communications of the ACM, 44(2):58–64, February 2001.

    Article  Google Scholar 

  7. D. DeWitt. The Wisconsin Benchmark: Past, Present, and Future. In J. Gray, editor, The Benchmark Handbook for Database and Transaction Systems. Morgan Kaufmann Publishers, San Mateo, CA, USA, 2. edition, 1993.

    Google Scholar 

  8. S. Frolund, F. Pedone, J. Pruyne, and A. v. Moorsel. Building Dependable Internet Services with E-speak. Technical Report HPL-2000-78, Hewlett-Packard, 2000.

    Google Scholar 

  9. A. K. Ghosh and T. M. Swaminatha. Software Security and Privacy Risks in Mobile E-Commerce. Communications of the ACM, 44(2):51–57, February 2001.

    Article  Google Scholar 

  10. M. Godfrey, T. Mayr, P. Seshadri, and T. v. Eicken. Secure and Portable Database Extensibility. In Proc. of the ACM SIGMOD Conf. on Management of Data, pages 390–401, Seattle, WA, USA, June 1998.

    Google Scholar 

  11. G. Graefe. Query Evaluation Techniques for Large Databases. ACM Computing Surveys, 25(2):73–170, June 1993.

    Article  Google Scholar 

  12. L. M. Haas, W. Chang, G. M. Lohman, J. McPherson, P. F. Wilms, G. Lapis, B. Lindsay, H. Pirahesh, M. J. Carey, and E. Shekita. Starburst Mid-Flight: As the Dust Clears. IEEE Transactions on Knowledge and Data Engineering, 2(1):143–160, March 1990.

    Article  Google Scholar 

  13. J. Hartmanis and J. E. Hopcroft. Independence Results in Computer Science. In SIGACT News, volume 8, pages 13–24, 1976.

    Article  Google Scholar 

  14. R. Housley, W. Ford, W. Polk, and D. Solo. Internet X.509 Public Key Infrastructure Certificate and CRL Profile. http://www.rfc-editor.org/rfc/rfc2459.txt, January 1999.

  15. P. Ion and R. Miner. Mathematical Markup Language. http://www.w3.org/Math/, July 1999.

  16. M. Keidl, A. Kreutz, A. Kemper, and D. Kossmann. Verteilte Metadatenverwaltung für die Anfragebearbeitung auf Internet-Datenquellen. In Proc. GI Conf. on Database Systems for Office, Engineering, and Scientific Applications (BTW), Informatik aktuell, pages 107–126, New York, Berlin, etc., 2001. Springer-Verlag.

    Google Scholar 

  17. H. T. Kung, F. Luccio, and F. P. Preparata. On Finding the Maxima of a Set of Vectors. Journal of the ACM, 22(4):469–476, 1975.

    Article  MATH  MathSciNet  Google Scholar 

  18. G. J. Myers. The Art of Software Testing. John Wiley & Sons, New York, 1979.

    Google Scholar 

  19. S. Oaks. Java Security. O’Reilly & Associates, Sebastopol, CA, USA, 1998.

    Google Scholar 

  20. F. P. Preparata and M. I. Shamos. Computational Geometry: An Introduction. Springer-Verlag, New York, Berlin, etc., 1985.

    Google Scholar 

  21. M. Tork Roth and P. Schwarz. Don’t Scrap It, Wrap It! A Wrapper Architecture for Legacy Data Sources. In Proc. of the Conf. on Very Large Data Bases (VLDB), pages 266–275, Athens, Greece, August 1997.

    Google Scholar 

  22. International Organization for Standardization. Database Language SQL. Document ISO/IEC 9075:1999, 1999.

    Google Scholar 

  23. M. Stonebraker and L. Rowe. The Design of POSTGRES. In Proc. of the ACM SIGMOD Conf. on Management of Data, pages 340–355, Washington, USA, 1986.

    Google Scholar 

  24. G. Weikum. The Web in 2010: Challenges and Opportunities for Database Research. In Informatics-10 Years Back. 10 Years Ahead., volume 2000 of Lecture Notes in Computer Science, pages 1–23. Springer, 2001.

    Google Scholar 

  25. K. Wilkinson, P. Lyngbaek, and W. Hasan. The Iris Architecture and Implementation. IEEE Trans. Knowledge and Data Engineering, 2(1):63–75, March 1990.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fakultät für Mathematik und Informatik, Universität Passau, D-94030, Passau, Germany

    Stefan Seltzsam, Stephan Börzsönyi & Alfons Kemper

Authors
  1. Stefan Seltzsam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stephan Börzsönyi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alfons Kemper
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hewlett-Packard, 1501 Page Mill Road, 1 U-4, Palo Alto, CA, 94304, USA

    Fabio Casati  & Ming-Chien Shan  & 

  2. Telcordia Technologies, 106 E. Sixth Street, Littlefield Building 415, Austin, TX, 78701, USA

    Dimitrios Georgakopoulos

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Seltzsam, S., Börzsönyi, S., Kemper, A. (2001). Security for Distributed E-Service Composition. In: Casati, F., Shan, MC., Georgakopoulos, D. (eds) Technologies for E-Services. TES 2001. Lecture Notes in Computer Science, vol 2193. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44809-8_11

Download citation

  • DOI: https://doi.org/10.1007/3-540-44809-8_11

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42565-6

  • Online ISBN: 978-3-540-44809-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation