Abstract
In this chapter we present an innovative approach towards the design and application of Security and Dependability (S&D) solutions for Web services and service-based workflows. Recently, several standards have been published that prescribe S&D solutions for Web services, e.g. OASIS WS-Security. However,the application of these solutions in specific contexts has been proven problematic. We propose a new framework for the application of such solutions based on the SERENITY S&D Pattern concept. An S&D Pattern comprises all the necessary information for the implementation, verification, deployment, and active monitoring of an S&D Solution. Thus, system developers may rely on proven solutions that are dynamically deployed and monitored by the Serenity Runtime Framework. Finally, we further extend this approach to cover the case of executable workflows which are realised through the orchestration of Web services.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Apache Software Foundation (2008) Apache Axis2 User Guide. http://ws.apache.org/axis2/1_4/userguide.html. Accessed 19 July 2008
Benameur A, Abdul Kadir F, Fenet S (2008) XML Rewriting Attacks: Existing Solutions and their Limitation. In: Proceedings of IADIS Applied Computing 2008, Algarve, Portugal
Bhargavan K, Fournet C, Gordon A. (2004) Verifying policy-based security for Web services. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS2004, ACM Press
Delessy NA, Fernadez EB (2008) A Pattern-Driven Security Process for SOA Applications. In: Proceedings of ACM SAC 08
Foster H, Uchitel S, Magee J, Krammer J (2006) LTSA-WS: A Tool for Model-Based Verification of Web Service Compositions and Choreography. In: Proceedings of the 28th International Conference on Software Engineering, ICSE2006, May 2006, Shanghai, China
Grimm R, Ochsenschlager P (2001) Binding Cooperation, A Formal Model for Electronic Commerce. Comput Netw 37:171–193
Kokolakis S, Rudolph C, Velikova Z (2008) Enhanced Specification Language for Workflow S&D Requirements/Properties. Deliverable A2.D2.3 Serenity Project. http://www.serenity-forum.org/Work-package-1-2,8.html. Accessed 1 December 2008
OASIS (2006) Web Services Security, v1.1. http://www.oasis-open.org/specs/index.php#wssv1.1. Accessed 29 June 2008
OASIS (2007) WS-Security Policy v1.2. http://www.oasis-open.org/specs/index.php#wssecpolv1.2. Accessed 29 June 2008
OASIS (2007) Web Services Business Process Execution Language Version 2.0. http://docs.oasis-open.org/wsbpel/2.0/wsbpel-v2.0.html. Accessed 20 July 2008
Ochsenschlager P, Repp J, Rieke R, Nitsche U (1999) The SH-Verification Tool – Abstraction-Based Verification of Co-operating Systems. Form Asp Comput 11:1–24
Rouached M, Perrin O, Godart C (2006) Securing Web Service Compositions: Formalizing Authorization policies using Event Calculus. In: Dan A, Lamersdorf W (eds) Service-Oriented Computing – ICSOC 2006. Springer, Berlin, Germany
Sinha SK, Benameur A (2008) A Formal Solution to Rewriting Attacks on SOAP Messages. In: Proceedings of ACM Secure Web Service Workshop 2008, Fairfax, VA
W3C (2007) SOAP Version 1.2 Part 1: Messaging Framework (Second Edition), April 2007. http://www.w3.org/TR/soap12-part1. Accessed 29 June 2008
Yang YP, Tan QP, Xiao Y (2005) Verifying Web Services Composition Based on Hierarchical Colored Petri Nets. In: Proceedings of IHIS'05, November 2005, Bremen, Germany
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag US
About this chapter
Cite this chapter
Kokolakis, S., Rizomiliotis, P., Benameur, A., Sinha, S.K. (2009). Security and Dependability Solutions for Web Services and Workflows. In: Kokolakis, S., Gómez, A., Spanoudakis, G. (eds) Security and Dependability for Ambient Intelligence. Advances in Information Security, vol 45. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-88775-3_6
Download citation
DOI: https://doi.org/10.1007/978-0-387-88775-3_6
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-88774-6
Online ISBN: 978-0-387-88775-3
eBook Packages: Computer ScienceComputer Science (R0)