Abstract
Web service composition is one of the main research challenges of the last decades. Several frameworks have been developed to compose services in order to meet requirements and constraints imposed by a service consumer. Hereafter, we survey research work on evaluation and automatic synthesis of service composition with a particular eye to security aspects.
Furthermore, we describe our logical approach based on the partial model checking technique and open system analysis for the synthesis of secure service orchestrators that are also able to exploit some cryptographic primitives. We also show two implementations able to automatically generate an orchestrator process that composes several services in such a way to guarantee both functional and security requirements.
The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grants no 256980 (NESSoS).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andersen, H.R.: Partial model checking. In: LICS, p. 398. IEEE (1995)
Armando, A., et al.: The avispa tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)
Armando, A., et al.: The AVANTSSAR platform for the automated validation of trust and security of service-oriented architectures. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 267–282. Springer, Heidelberg (2012)
Arnold, A., Vincent, A., Walukiewicz, I.: Games for synthesis of controllers with partial observation. Theoretical Computer Science 303(1), 7–34 (2003)
Arsac, W., Compagna, L., Pellegrino, G., Ponta, S.E.: Security validation of business processes via model-checking. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 29–42. Springer, Heidelberg (2011)
Asarin, E., Maler, O., Pnueli, A.: Symbolic Controller Synthesis for Discrete and Timed Systems. In: Antsaklis, P.J., Kohn, W., Nerode, A., Sastry, S.S. (eds.) HS 1994. LNCS, vol. 999, pp. 1–20. Springer, Heidelberg (1995)
Avanesov, T., Chevalier, Y., Anis Mekki, M., Rusinowitch, M., Turuani, M.: Distributed Orchestration of Web Services under Security Constraints. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM 2011 and SETOP 2011. LNCS, vol. 7122, pp. 235–252. Springer, Heidelberg (2012)
Avanesov, T., et al.: Intruder deducibility constraints with negation. Decidability and application to secured service compositions. CoRR, abs/1207.4871 (2012)
Avanesov, T., Chevalier, Y., Rusinowitch, M., Turuani, M.: Towards the Orchestration of Secured Services under Non-disclosure Policies. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 130–145. Springer, Heidelberg (2012)
AVANTSSAR. Deliverable 2.3 (update): ASLan++ specification and tutorial (2011), http://www.avantssar.eu
Baldoni, M., Baroglio, C., Martelli, A., Patti, V.: Reasoning about interaction protocols for web service composition. Electr. Notes Theor. Comput. Sci. 105, 21–36 (2004)
Bao, L., Zhang, W., Zhang, X.: Describing and Verifying Web Service Using CCS. pdcat, 421–426 (2006)
Bartoletti, M., Degano, P., Ferrari, G.L.: Plans for Service Composition. In: Workshop on Issues in the Theory of Security (WITS) (2006)
Bartoletti, M., Degano, P., Ferrari, G.-L.: Security issues in service composition. In: Gorrieri, R., Wehrheim, H. (eds.) FMOODS 2006. LNCS, vol. 4037, pp. 1–16. Springer, Heidelberg (2006)
Bartoletti, M., Degano, P., Ferrari, G.L.: Types and Effects for Secure Service Orchestration. In: Proc. 19th Computer Security Foundations Workshop (CSFW) (2006)
Benatallah, B., Casati, F., Ponge, J., Toumani, F.: Compatibility and replaceability analysis for timed web service protocols. In: BDA (2005)
Benatallah, B., Casati, F., Ponge, J., Toumani, F.: On Temporal Abstractions of Web Service Protocols. In: CAiSE Short Paper Proceedings (2005)
Bravetti, M., Zavattaro, G.: Service oriented computing from a process algebraic perspective. The Journal of Logic and Algebraic Programming 70(1), 3–14 (2007)
Busi, N., Gorrieri, R., Guidi, C., Lucchi, R., Zavattaro, G.: Choreography and orchestration: A synergic approach for system design. In: Benatallah, B., Casati, F., Traverso, P. (eds.) ICSOC 2005. LNCS, vol. 3826, pp. 228–240. Springer, Heidelberg (2005)
Cámara, J., Canal, C., Cubo, J., Vallecillo, A.: Formalizing WSBPEL Business Processes Using Process Algebra. ENTCS 154(1), 159–173 (2006)
Carbone, R., Minea, M., Mödersheim, S.A., Ponta, S.E., Turuani, M., Viganò, L.: Towards Formal Validation of Trust and Security in the Internet of Services. In: Domingue, J., et al. (eds.) Future Internet Assembly. LNCS, vol. 6656, pp. 193–207. Springer, Heidelberg (2011)
Chevalier, Y., Mekki, M.A., Rusinowitch, M.: Automatic Composition of Services with Security Policies. In: SERVICES 2008 - Part I, pp. 529–537. IEEE (2008)
Ciancia, V., Martin, J.A., Martinelli, F., Matteucci, I., Petrocchi, M., Pimentel, E.: A tool for the synthesis of cryptographic orchestrators. In: ACM (ed.) Model Driven Security Workshop, MDSEC (2012)
Ciancia, V., Martinelli, F., Matteucci, I., Petrocchi, M., Martn, J.A., Pimentel, E.: Automated synthesis and ranking of secure BPMN orchestrators (2013) (to apper)
Dong, J.S., Liu, Y., Sun, J., Zhang, X.: Verification of Computation Orchestration Via Timed Automata. In: Liu, Z., Kleinberg, R.D. (eds.) ICFEM 2006. LNCS, vol. 4260, pp. 226–245. Springer, Heidelberg (2006)
Ferrara, A.: Web services: A process algebra approach. In: ICSOC, pp. 242–251 (2004)
Havelund, K., Roşu, G.: Synthesizing monitors for safety properties. In: Katoen, J.-P., Stevens, P. (eds.) TACAS 2002. LNCS, vol. 2280, pp. 342–356. Springer, Heidelberg (2002)
Kazhamiakin, R., Pandya, P., Pistore, M.: Timed modelling and analysis in web service compositions. In: ARES 2006: Proceedings of the First International Conference on Availability, Reliability and Security, ARES 2006, pp. 840–846. IEEE Computer Society, Washington, DC (2006)
Kupferman, O., Madhusudan, P., Thiagarajan, P.S., Vardi, M.Y.: Open systems in reactive environments: Control and synthesis. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 92–107. Springer, Heidelberg (2000)
Lapadula, A., Pugliese, R., Tiezzi, F.: A calculus for orchestration of web services. In: De Nicola, R. (ed.) ESOP 2007. LNCS, vol. 4421, pp. 33–47. Springer, Heidelberg (2007)
Li, J., Yarvis, M., Reiher, P.: Securing Distributed Adaptation. Computer Networks 38(3) (2002)
Marchignoli, D., Martinelli, F.: Automatic verification of cryptographic protocols through compositional analysis techniques. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 148–162. Springer, Heidelberg (1999)
Martín, J.A., Martinelli, F., Pimentel, E.: Synthesis of secure adaptors. J. Log. Algebr. Program. 81(2), 99–126 (2012)
Martín, J.A., Pimentel, E.: Contracts for security adaptation. J. Log. Algebr. Program. 80(3-5), 154–179 (2011)
Martinelli, F.: Languages for description and analysis of authentication protocols. In: Proceedings of 6th Italian Conference on Theoretical Computer Science, pp. 304–315 (1998)
Martinelli, F.: Analysis of security protocols as open systems. Theoretical Computer Science 290(1), 1057–1106 (2003)
Martinelli, F., Matteucci, I.: A framework for automatic generation of security controller. In: STVR (2010)
Martinelli, F., Matteucci, I.: Synthesis of web services orchestrators in a timed setting. In: Dumas, M., Heckel, R. (eds.) WS-FM 2007. LNCS, vol. 4937, pp. 124–138. Springer, Heidelberg (2008)
Martinelli, F., Petrocchi, M., Vaccarelli, A.: Automated Analysis of Some Security Mechanisms of SCEP. In: Chan, A.H., Gligor, V. (eds.) ISC 2002. LNCS, vol. 2433, pp. 414–427. Springer, Heidelberg (2002)
Martinelli, F., Petrocchi, M., Vaccarelli, A.: Formal analysis of some secure procedures for certificate delivery. STVR 16(1), 33–59 (2006)
Merlin, P., Bochmann, G.V.: On the Construction of Submodule Specification and Communication Protocols. ACM Transactions on Programming Languages and Systems 5, 1–25 (1983)
Milner, R.: Communication and Concurrency. Prentice-Hall, Inc., Upper Saddle River (1989)
OMG. Business Process Model and Notation (BPMN)
OMG. Introduction To OMG’s Unified Modeling Language
Oquendo, F.: p-ADL for WS-Composition: A Service-Oriented Architecture Description Language for the Formal Development of Dynamic Web Service Compositions. In: SBCARS, pp. 52–66 (2008)
Papazoglou, M.P.: Web Services - Principles and Technology. Prentice-Hall, Inc. (2008)
Pinchinat, S., Riedweg, S.: A Decidable Class of Problems for Control under Partial Observation, vol. 95, pp. 454–460 (2005)
Pistore, M., Roberti, P., Traverso, P.: Process-Level Composition of Executable Web Services: “On-the-fly” Versus “Once-for-all” Composition. In: Gómez-Pérez, A., Euzenat, J. (eds.) ESWC 2005. LNCS, vol. 3532, pp. 62–77. Springer, Heidelberg (2005)
Pistore, M., Traverso, P., Bertoli, P.: Automated Composition of Web Services by Planning in Asynchronous Domains. In: ICAPS, pp. 2–11 (2005)
Qayyum, Z., Oquendo, F.: .NET Extensions to the p-architecture Description Languages. In: SEKE, pp. 244–249 (2008)
Raclet, J., Pinchinat, S.: The control of non-deterministic systems: A logical approach. In: Proc. 16th IFAC Word Congress, Prague, Czech Republic (2005)
Reisig, W.: Modeling- and analysis techniques for web services and business processes. In: Steffen, M., Zavattaro, G. (eds.) FMOODS 2005. LNCS, vol. 3535, pp. 243–258. Springer, Heidelberg (2005)
Riedweg, S., Pinchinat, S.: Quantified Mu-Calculus for Control Synthesis. In: Rovan, B., Vojtáš, P. (eds.) MFCS 2003. LNCS, vol. 2747, pp. 642–651. Springer, Heidelberg (2003)
Riedweg, S., Pinchinat, S.: You Can Always Compute Maximally Permissive Controllers Under Partial Observation When They Exist. In: Proc. 2005 American Control Conference, Portland, Oregon (2005)
Rosu, G., Havelund, K.: Synthesizing Dynamic Programming Algorithms from Linear Temporal Logic Formulae. Technical report (2001)
Salaun, G., Bordeaux, L., Schaerf, M.: Describing and Reasoning on Web Services using Process Algebra. In: Proceedings of the IEEE International Conference on Web Services (ICWS 2004), p. 43. IEEE Computer Society, Washington, DC (2004)
Turuani, M.: The CL-Atse Protocol Analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006)
Viganò, L.: Automated Security Protocol Analysis with the AVISPA Tool. ENTCS 155, 69–86 (2006)
W3C. Xquery 3.0: An xml query language
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Martín, J.A., Martinelli, F., Matteucci, I., Pimentel, E., Turuani, M. (2014). On the Synthesis of Secure Services Composition. In: Heisel, M., Joosen, W., Lopez, J., Martinelli, F. (eds) Engineering Secure Future Internet Services and Systems. Lecture Notes in Computer Science, vol 8431. Springer, Cham. https://doi.org/10.1007/978-3-319-07452-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-07452-8_6
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07451-1
Online ISBN: 978-3-319-07452-8
eBook Packages: Computer ScienceComputer Science (R0)