Abstract
Current developments show that tomorrow’s information systems and applications will no longer be based on monolithic architectures that encompass all the functionality. Rather, the emerging need for distribution and quick adaptation to new requirements stemming from, e.g., virtual enterprises, demands distributed systems that can be extended dynamically to compose new services from existing software components. However, usage of mobile code introduces specific security concerns which a security system must be aware of. We present a comprehensive security architecture for extensible, distributed systems using the example of an Internet query processing service which can be extended by user-defined operators. Before an operator is actually used in queries for the first time, our OperatorCheck server validates its semantics and analyzes its quality. This is done semi-automatically using an oracle-based approach to compare a formal specification of an operator against its implementation. Further security measures are integrated into the query processing engine: during plan distribution secure communication channels are established, authentication and authorization are performed, and overload situations are avoided by admission control. During plan execution operators are guarded using Java’s security model to prevent unauthorized resource access and leakage of data. The resource consumption of operators is monitored and limited with reasonable supplementary costs to avoid resource monopolization. We show that the presented security system is capable of executing arbitrary operators without risks for the executing host and the privacy and integrity of data. In the paper we will concentrate on the OperatorCheck server, as this server can itself be viewed as an e-service that can be used by developers and independent associations.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
S. Bürzsünyi, D. Kossmann, and K. Stocker. The Skyline Operator. In Proc. IEEE Conf. on Data Engineering, pages 421–430, Heidelberg, Germany, 2001.
R. Braumandl, M. Keidl, A. Kemper, D. Kossmann, A. Kreutz, S. Seltzsam, and K. Stocker. ObjectGlobe: Ubiquitous Query Processing on the Internet. The VLDB Journal: Special Issue on E-Services, 2001. To appear.
F. Casati, S. Ilnicki, L.-J. Jin, and M.-C. Shan. An Open, Flexible, and Configurable System for Service Composition. In Proceedings of the Second International Workshop on Advance Issues of E-Commerce and Web-Based Information Systems (WECWIS 2000), pages 125–132, Milpitas, California, 2000.
O.-J. Dahl, E. W. Dijkstra, and C. A. R. Hoare. Structured Programming. Academic Press, Inc., New York, 1972.
G. Czajkowski, T. Mayr, P. Seshadri, and T. v. Eicken. Resource Control for Database Extensions. Technical Report 98-1718, Department of Computer Science, Cornell University, November 1998.
C. Dalton and T. H. Choo. An Operating System Approach to Securing E-Services. Communications of the ACM, 44(2):58–64, February 2001.
D. DeWitt. The Wisconsin Benchmark: Past, Present, and Future. In J. Gray, editor, The Benchmark Handbook for Database and Transaction Systems. Morgan Kaufmann Publishers, San Mateo, CA, USA, 2. edition, 1993.
S. Frolund, F. Pedone, J. Pruyne, and A. v. Moorsel. Building Dependable Internet Services with E-speak. Technical Report HPL-2000-78, Hewlett-Packard, 2000.
A. K. Ghosh and T. M. Swaminatha. Software Security and Privacy Risks in Mobile E-Commerce. Communications of the ACM, 44(2):51–57, February 2001.
M. Godfrey, T. Mayr, P. Seshadri, and T. v. Eicken. Secure and Portable Database Extensibility. In Proc. of the ACM SIGMOD Conf. on Management of Data, pages 390–401, Seattle, WA, USA, June 1998.
G. Graefe. Query Evaluation Techniques for Large Databases. ACM Computing Surveys, 25(2):73–170, June 1993.
L. M. Haas, W. Chang, G. M. Lohman, J. McPherson, P. F. Wilms, G. Lapis, B. Lindsay, H. Pirahesh, M. J. Carey, and E. Shekita. Starburst Mid-Flight: As the Dust Clears. IEEE Transactions on Knowledge and Data Engineering, 2(1):143–160, March 1990.
J. Hartmanis and J. E. Hopcroft. Independence Results in Computer Science. In SIGACT News, volume 8, pages 13–24, 1976.
R. Housley, W. Ford, W. Polk, and D. Solo. Internet X.509 Public Key Infrastructure Certificate and CRL Profile. http://www.rfc-editor.org/rfc/rfc2459.txt, January 1999.
P. Ion and R. Miner. Mathematical Markup Language. http://www.w3.org/Math/, July 1999.
M. Keidl, A. Kreutz, A. Kemper, and D. Kossmann. Verteilte Metadatenverwaltung für die Anfragebearbeitung auf Internet-Datenquellen. In Proc. GI Conf. on Database Systems for Office, Engineering, and Scientific Applications (BTW), Informatik aktuell, pages 107–126, New York, Berlin, etc., 2001. Springer-Verlag.
H. T. Kung, F. Luccio, and F. P. Preparata. On Finding the Maxima of a Set of Vectors. Journal of the ACM, 22(4):469–476, 1975.
G. J. Myers. The Art of Software Testing. John Wiley & Sons, New York, 1979.
S. Oaks. Java Security. O’Reilly & Associates, Sebastopol, CA, USA, 1998.
F. P. Preparata and M. I. Shamos. Computational Geometry: An Introduction. Springer-Verlag, New York, Berlin, etc., 1985.
M. Tork Roth and P. Schwarz. Don’t Scrap It, Wrap It! A Wrapper Architecture for Legacy Data Sources. In Proc. of the Conf. on Very Large Data Bases (VLDB), pages 266–275, Athens, Greece, August 1997.
International Organization for Standardization. Database Language SQL. Document ISO/IEC 9075:1999, 1999.
M. Stonebraker and L. Rowe. The Design of POSTGRES. In Proc. of the ACM SIGMOD Conf. on Management of Data, pages 340–355, Washington, USA, 1986.
G. Weikum. The Web in 2010: Challenges and Opportunities for Database Research. In Informatics-10 Years Back. 10 Years Ahead., volume 2000 of Lecture Notes in Computer Science, pages 1–23. Springer, 2001.
K. Wilkinson, P. Lyngbaek, and W. Hasan. The Iris Architecture and Implementation. IEEE Trans. Knowledge and Data Engineering, 2(1):63–75, March 1990.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Seltzsam, S., Börzsönyi, S., Kemper, A. (2001). Security for Distributed E-Service Composition. In: Casati, F., Shan, MC., Georgakopoulos, D. (eds) Technologies for E-Services. TES 2001. Lecture Notes in Computer Science, vol 2193. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44809-8_11
Download citation
DOI: https://doi.org/10.1007/3-540-44809-8_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42565-6
Online ISBN: 978-3-540-44809-9
eBook Packages: Springer Book Archive