Skip to main content
SpringerLink
Log in

A Formal Dynamic Verification of Choreographed Web Services Conversations

  • Conference paper
  • First Online:
Provable Security (ProvSec 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9451))

Included in the following conference series:

Abstract

Performing runtime verification of composite web services is one of the actual main research challenges. This paper presents a formal approach for dynamically enforcing security policies on web services choreographies. We define a security framework for monitoring choreographed web services by inlining a monitor that checks whether a choreography adheres to some constraints dictated by a security policy. Therefore, this monitor prohibits the execution of undesirable behaviors during runtime and does not change the original behavior of the choreography until an action is about to violate the security policy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Corporation, I.: Business process execution language for web services bpel-4ws (2002). http://www.ibm.com/developerworks/library/ws-bpel/

  2. Kavantzas, N., Burdett, D., Ritzinger, G., Fletcher, T., Lafon, Y.: Web services choreography description language version 1.0. W3C Working Draft, December 2004

    Google Scholar 

  3. Morrisett, G., Walker, D., Crary, K., Glew, N.: From system f to typed assembly language. ACM Trans. Program. Lang. Syst. 21(3), 527–568 (1999)

    Article  MATH  Google Scholar 

  4. Necula, G.C.: Proof-carrying code. In: Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. POPL ’97, pp. 106–119. ACM, New York, NY, USA (1997)

    Google Scholar 

  5. Ligatti, J., Bauer, L., Walker, D.: Edit automata: enforcement mechanisms for run-time security policies. Int. J. Inf. Secur. 4(1–2), 2–16 (2005)

    Article  Google Scholar 

  6. Martinell, F., Matteucci, I.: Through modeling to synthesis of security automata. In: Proceedings of the Second International Workshop on Security and Trust Management (STM 2006). Electronic Notes in Theoretical Computer Science, vol. 179, pp. 31–46 (2007)

    Google Scholar 

  7. Erlingsson, Schneider, F.: Irm enforcement of java stack inspection. In: 2000 Proceedings of IEEE Symposium on Security and Privacy, 2000. S P 2000, pp. 246–255 (2000)

    Google Scholar 

  8. Carbone, M., Honda, K., Yoshida, N.: Theoretical aspects of communication-centred programming. Electr. Notes Theor. Comput. Sci. 209, 125–133 (2008)

    Article  MATH  Google Scholar 

  9. Milner, R., Parrow, J., Walker, D.: A calculus of mobile processes. I. Inf. Comput. 100(1), 1–40 (1992)

    Article  MathSciNet  MATH  Google Scholar 

  10. Honda, K., Vasconcelos, V.T., Kubo, M.: Language primitives and type discipline for structured communication-based programming. In: Hankin, C. (ed.) ESOP 1998. LNCS, vol. 1381, pp. 122–138. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  11. Hennessy, M., Riely, J.: Resource access control in systems of mobile agents. Electr. Notes Theor. Comput. Sci. 16(3), 174–188 (1998)

    Article  MATH  Google Scholar 

  12. Carbone, M., Nielsen, M., Sassone, V.: A calculus for trust management. In: Lodaya, K., Mahajan, M. (eds.) FSTTCS 2004. LNCS, vol. 3328, pp. 161–173. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  13. Kozen, D.: Kleene algebra with tests. ACM Trans. Program. Lang. Syst. 19(3), 427–443 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  14. Dumez, C., Bakhouya, M., Gaber, J., Wack, M., Lorenz, P.: Model-driven approach supporting formal verification for web service composition protocols. J. Netw. Comput. Appl. 36(4), 1102–1115 (2013)

    Article  Google Scholar 

  15. Tan, W., Fan, Y., Zhou, M.: A petri net-based method for compatibility analysis and composition of web services in business process execution language. IEEE Trans. Autom. Sci. Eng. 6(1), 94–106 (2009)

    Article  Google Scholar 

  16. Dranidis, D., Ramollari, E., Kourtesis, D.: Run-time verification of behavioural conformance for conversational web services. In: ECOWS, pp. 139–147 (2009)

    Google Scholar 

  17. Ardissono, L., Furnari, R., Goy, A., Petrone, G., Segnan, M.: Monitoring choreographed services. In: Sobh, T. (ed.) Innovations and Advanced Techniques in Computer and Information Sciences and Engineering, pp. 283–288. Springer, Netherlands (2007)

    Chapter  Google Scholar 

  18. Gay, R., Mantel, H., Sprick, B.: Service automata. In: Barthe, G., Datta, A., Etalle, S. (eds.) FAST 2011. LNCS, vol. 7140, pp. 148–163. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  19. She, W., Yen, I., Thuraisingham, B.M., Bertino, E.: Security-aware service composition with fine-grained information flow control. IEEE Trans. Serv. Comput. 6(3), 330–343 (2013)

    Article  Google Scholar 

  20. Martín, J.A., Martinelli, F., Matteucci, I., Pimentel, E., Turuani, M.: On the synthesis of secure services composition. In: Heisel, M., Joosen, W., Lopez, J., Martinelli, F. (eds.) Engineering Secure Future Internet Services and Systems. LNCS, vol. 8431, pp. 140–159. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LIP2 Research Laboratory, Faculté des Sciences de Tunis, Tunis, Tunisia

    Karim Dahmani, Mahjoub Langar & Riadh Robbana

Authors
  1. Karim Dahmani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mahjoub Langar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Riadh Robbana
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mahjoub Langar .

Editor information

Editors and Affiliations

  1. The Hong Kong Polytechnic University, Hong Kong, China

    Man-Ho Au

  2. Japan Advanced Inst. of Science and Tech, Ishikawa, Japan

    Atsuko Miyaji

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Dahmani, K., Langar, M., Robbana, R. (2015). A Formal Dynamic Verification of Choreographed Web Services Conversations. In: Au, MH., Miyaji, A. (eds) Provable Security. ProvSec 2015. Lecture Notes in Computer Science(), vol 9451. Springer, Cham. https://doi.org/10.1007/978-3-319-26059-4_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26059-4_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26058-7

  • Online ISBN: 978-3-319-26059-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation