Abstract
Secure adaptation of service composition is crucial for service-oriented applications. An effective adaptation method must improve a composition’s adherence to specified behaviour, performance and security guarantees at reasonable cost in terms of computing complexity and time consumption. This chapter discusses current techniques that have been developed to help achieve secure service composition. Based on security verification results, which have been categorised into four patterns in this chapter, a simple heuristics-based adaptation strategy is proposed. This proposal aims at more accurate yet relatively fast secure service adaptation strategy. In order to make direct comparisons of different services, a simple quantification method is also introduced.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Aniketos website. http://www.aniketos.eu/. Accessed 12 Sept 2013.
Chan SW. Security annotations and authorization in GlassFish and the Java EE 5 SDK. http://www.oracle.com/technetwork/articles/javaee/security-annotation-142276.html (2006). Accessed 12 Sept 2013.
OMG. Business process model and notation 2 specification. http://www.omg.org/spec/BPMN/2.0/PDF (2011). Accessed 12 Sept 2013.
Christensen E, Curbera F, Meredith G, Weerawarana S. Web services description language (WSDL) 1.1. http://www.w3.org/TR/2001/NOTE-wsdl-20010315 (2001). Accessed 12 Sept 2013.
Akkiraju IR, et al. Web Service Semantics—WSDL-S. http://www.w3.org/Submission/2005/SUBM-WSDL-S-20051107/ (2005). Accessed 12 Sept 2013.
Kadner K, Oberle D, et al. Unified service description language XG final report. http://www.w3.org/2005/Incubator/usdl/XGR-usdl-20111027/ (2011). Accessed 12 Sept 2013.
Miao W, Liu S. Service-oriented modeling using the SOFL formal engineering method. IEEE Asia-Pacific services computing conference. IEEE CS press, Jeju; 7–11 Dec 2009. doi:10.1109/APSCC.2009.5394123. p. 187–192
Dragoni N, et al. Security-by-contract (SxC) for software and services of mobile systems. In: Di Nitto et al., editors. At your service: service-oriented computing from an EU perspective. Cambridge: MIT Press; 2009. p. 429–454.
Costa G, et al. Security-by-contract-with-trust for mobile devices. J Wirel Mob Netw Ubiquitous Comput Dependable Appl. 2010;1:75–91.
Miao W, Liu S. A formal specification-based testing approach to accurate web service selection. IEEE Asia Pacific Services Computing Conference. IEEE CS Press, Jeju, Korea; 12–15 Dec 2011. p. 259–266. doi:10.1109/APSCC.2011.34.
AVANTSSAR website. 2013. http://www.avantssar.eu/. Accessed 12 Sept 2013.
SAP Product Page: Netweaver Composition Environment. 2013 http://scn.sap.com/community/netweaver. Accessed 12 Sept 2013.
Zhou B, Drew O, Arabo A, Llewellyn-Jones D, Kifayat K, Merabti M, Shi Q, Craddock R, Waller A, Jones G. System-of-systems boundary check in a public event scenario. 5th international conference on systems of systems engineering, winner of the conference best paper award, Loughborough, UK; June 2010. doi:10.1109/SYSOSE.2010.5544013.
Gritzalis S, Spinellis D. The cascade vulnerability problem: the detection problem and a simulated annealing approach to its correction. Microprocess Microsyst. 1998;21(10):621–8.
Zhou B, Llewellyn-Jones D, Shi Q, Asim M, Merabti M, Lamb D. Secure service composition adaptation based on simulated annealing. Proceedings of the 6th layered assurance workshop, annual computer security applications conference (ACSAC 2012), Orlando, Florida, USA; Dec 2012. p. 49–55.
Aktug I, Naliuka K. ConSpec—a formal language for policy specification. Electron Notes Theoret Comput Sci (ENTCS). 2008;197(1):45–58.
Acknowledgments
The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant no. 257930 (http://www.aniketos.eu/).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Zhou, B., Llewellyn-Jones, D., Lamb, D., Asim, M., Shi, Q., Merabti, M. (2014). A Heuristic Approach for Secure Service Composition Adaptation. In: Blackwell, C., Zhu, H. (eds) Cyberpatterns. Springer, Cham. https://doi.org/10.1007/978-3-319-04447-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-04447-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04446-0
Online ISBN: 978-3-319-04447-7
eBook Packages: Computer ScienceComputer Science (R0)