Tisa: A Language Design and Modular Verification Technique for Temporal Policies in Web Services
ESOP '09 Proceedings of the 18th European Symposium on Programming Languages and Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Trustworthy Global Computing
Jalapa: Securing Java with Local Policies
Electronic Notes in Theoretical Computer Science (ENTCS)
The enhanced Lamport signature for secure service overlay networks
ICOIN'09 Proceedings of the 23rd international conference on Information Networking
An accessible verification environment for UML models of services
Journal of Symbolic Computation
On quantitative security policies
PaCT'11 Proceedings of the 11th international conference on Parallel computing technologies
A unifying formal basis for the SENSORIA approach: a white paper
Rigorous software engineering for service-oriented systems
Call-by-contract for service discovery, orchestration and recovery
Rigorous software engineering for service-oriented systems
SENSORIA results applied to the case studies
Rigorous software engineering for service-oriented systems
Formalising security in ubiquitous and cloud scenarios
CISIM'12 Proceedings of the 11th IFIP TC 8 international conference on Computer Information Systems and Industrial Management
UsageQoS: Estimating the QoS of Web Services through Online User Communities
ACM Transactions on the Web (TWEB)
| Hi-index | 0.00 |
We outline a methodology for designing and composing services in a secure manner. In particular, we are concerned with safety properties of service behaviour. Services can enforce security policies locally and can invoke other services respecting given security contracts. This call-by-contract mechanism offers a significant set of opportunities, each driving secure ways to compose services. We discuss how to correctly plan services compositions in several relevant classes of services and security properties. To this aim, we propose a graphical modelling framework, based on a foundational calculus called lambda-req. Our formalism features dynamic and static semantics, so allowing for formal reasoning about systems. Static analysis and model checking techniques provide the designer with useful information to assess and fix possible vulnerabilities.