Skip to main content
SpringerLink
Log in

Minimal role mining method for Web service composition

  • Published:
Journal of Zhejiang University SCIENCE C Aims and scope Submit manuscript

Abstract

Web service composition is a low cost and efficient way to leverage the existing resource and implementation. In current Web service composition implementations, the issue of how to define the role for a new composite Web service has been little addressed. Adjusting the access control policy for a new composite Web service always causes substantial administration overhead from the security administrator. Furthermore, the distributed nature of Web service based applications makes traditional role mining methods obsolete. In this paper, we analyze the minimal role mining problem for Web service composition, and prove that this problem is NP-complete. We propose a sub-optimal greedy algorithm based on the analysis of necessary role mapping for interoperation across multiple domains. Simulation shows the effectiveness of our algorithm, and compared to the existing methods, our algorithm has significant performance advantages. We also demonstrate the practical application of our method in a real agent based Web service system. The results show that our method could find the minimal role mapping efficiently.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  • Atluri, V., 2008. Panel on Role Engineering. Proc. 13th ACM Symp. on Access Control Models and Technologies, p.61–62. [doi:10.1145/1377836.1377846]

  • Carminati, B., Ferrari, E., Huang, P.C.K., 2005. Web Service Composition: A Security Perspective. Proc. Int. Workshop on Challenges in Web Information Retrieval and Integration, p.248–253. [doi:10.1109/WIRI.2005.36]

  • Colantonio, A., di Pietro, R., Ocello, A., 2008. A Cost-Driven Approach to Role Engineering. Proc. ACM Symp. on Applied Computing, p.2129–2136. [doi:10.1145/1363686.1364198]

  • Coyne, E.J., 1996. Role Engineering. Proc. 1st ACM Workshop on Role-Based Access Control, p.15–16. [doi:10.1145/270152.270159]

  • Dustdar, S., Schreiner, W., 2005. A survey on Web services composition. Int. J. Web Grid Serv., 1(1):1–30. [doi:10.1504/IJWGS.2005.007545]

    Article  Google Scholar 

  • Eid, M., Alamri, A., Saddik, A.E., 2008. A reference model for dynamic Web service composition systems. Int. J. Web Grid Serv., 4(2):149–168. [doi:10.1504/IJWGS.2008.018885]

    Article  Google Scholar 

  • Ene, A., Horne, W., Milosavljevic, N., Rao, P., Schreiber, R., Tarjan, R.E., 2008. Fast Exact and Heuristic Methods for Role Minimization Problems. Proc. 13th ACM Symp. on Access Control Models and Technologies, p.1–10. [doi:10.1145/1377836.1377838]

  • Essmayr, W., Probst, S., Weippl, E., 2004. Role-based access controls: status, dissemination, and prospects for generic security mechanisms. Electron. Comm. Res., 4(1/2):127–156. [doi:10.1023/B:ELEC.0000009285.50078.b2]

    Article  Google Scholar 

  • Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R., 2001. Proposed NIST standard for role-based access control. ACM Trans. Inform. Syst. Secur., 4(3):224–274. [doi:10.1145/501978.501980]

    Article  Google Scholar 

  • Ferraiolo, D.F., Chandramouli, R., Ahn, G., Gavrila, S.I., 2003. The Role Control Center: Features and Case Studies. Proc. 8th ACM Symp. on Access Control Models and Technologies, p.12–20. [doi:10.1145/775412.775415]

  • Frank, M., Basin, D., Buhmann, J.M., 2008. A Class of Probabilistic Models for Role Engineering. Proc. 15th ACM Conf. on Computer and Communications Security, p.299–310. [doi:10.1145/1455770.1455809]

  • Garey, M.R., Johnson, D.S., 1979. Computers and Intractability: A Guide to the Theory of NP-Completeness. W.H. Freeman, New York.

    MATH  Google Scholar 

  • Goncalves, G., Poniszewska, M.A., 2008. Role engineering: from design to evolution of security schemes. J. Syst. Softw., 81(8):1306–1326. [doi:10.1016/j.jss.2007.11.003]

    Article  Google Scholar 

  • Huang, C., Sun, J., Wang, X., Si, Y., 2009. Selective Regression Test for Access Control System Employing RBAC. Proc. 3rd Int. Conf. and Workshops on Advances in Information Security and Assurance, p.70–79. [doi:10.1007/978-3-642-02617-1_8]

  • Ko, J.M., Kim, C.O., Kwon, I., 2008. Quality-of-service oriented Web service composition algorithm and planning architecture. J. Syst. Softw., 81(11):2079–2090. [doi:10.1016/j.jss.2008.04.044]

    Article  Google Scholar 

  • Lécué, F., Delteil, A., Léger, A., 2008. Towards the Composition of Stateful and Independent Semantic Web Services. Proc. ACM Symp. on Applied Computing, p.2279–2285. [doi:10.1145/1363686.1364229]

  • Li, N., Tripunitara, M.V., 2006. Security analysis in role-based access control. ACM Trans. Inform. Syst. Secur., 9(4):391–420. [doi:10.1145/1187441.1187442]

    Article  Google Scholar 

  • Li, N., Byun, J., Bertino, E., 2007. A critique of the ANSI standard on role-based access control. IEEE Secur. Priv. Mag., 5(6):41–49. [doi:10.1109/MSP.2007.158]

    Article  Google Scholar 

  • Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E., Calo, S., Lobo, J., 2008. Mining Roles with Semantic Meanings. Proc. 13th ACM Symp. on Access Control Models and Technologies, p.21–30. [doi:10.1145/1377836.1377840]

  • Neumann, G., Strembeck, M., 2002. A Scenario-Driven Role Engineering Process for Functional RBAC Roles. Proc. 7th ACM Symp. on Access Control Models and Technologies, p.33–42. [doi:10.1145/507711.507717]

  • Park, J.S., Sandhu, R., Ahn, G., 2001. Role-based access control on the Web. ACM Trans. Inform. Syst. Secur., 4(1):37–71. [doi:10.1145/383775.383777]

    Article  Google Scholar 

  • Schaad, A., Moffett, J., Jacob, J., 2001. The Role-Based Access Control System of a European Bank: A Case Study and Discussion. Proc. 6th ACM Symp. on Access Control Models and Technologies, p.3–9. [doi:10.1145/373256.373257]

  • Schlegelmilch, J., Steffens, U., 2005. Role Mining with ORCA. Proc. 10th ACM Symp. on Access Control Models and Technologies, p.168–176. [doi:10.1145/1063979.1064008]

  • Sycara, K., Paolucci, M., Ankolekar, A., Srinivasan, N., 2003. Automated discovery, interaction and composition of semantic Web services. J. Web Semant., 1(1):27–46. [doi:10.1016/j.websem.2003.07.02]

    Google Scholar 

  • Talib, M.A., Yang, Z., Ilyas, Q.M., 2006. A framework towards Web services composition modelling and execution. Int. J. Web Grid Serv., 2(1):25–49. [doi:10.1504/IJWGS.2006.008878]

    Article  Google Scholar 

  • Vaidya, J., Atluri, V., Guo, Q., 2007. The Role Mining Problem: Finding a Minimal Descriptive Set of Roles. Proc. 12th ACM Symp. on Access Control Models and Technologies, p.175–184. [doi:10.1145/1266840.1266870]

  • Vaidya, J., Atluri, V., Warner, J., Guo, Q., 2008. Role engineering via prioritized subset enumeration. IEEE Trans. Depend. Secur., 99. [doi:10.1109/TDSC.2008.61]

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Technology, Zhejiang University, Hangzhou, 310027, China

    Chao Huang, Jian-ling Sun, Xin-yu Wang & Yuan-jie Si

Authors
  1. Chao Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jian-ling Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xin-yu Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yuan-jie Si
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jian-ling Sun.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Huang, C., Sun, Jl., Wang, Xy. et al. Minimal role mining method for Web service composition. J. Zhejiang Univ. - Sci. C 11, 328–339 (2010). https://doi.org/10.1631/jzus.C0910186

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1631/jzus.C0910186

Key words

CLC number

Search

Navigation