The formal semantics of programming languages: an introduction
The formal semantics of programming languages: an introduction
The type and effect discipline
Information and Computation
Integrating functional and imperative programming
LFP '86 Proceedings of the 1986 ACM conference on LISP and functional programming
Enforcing trace properties by program transformation
Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ACM Transactions on Information and System Security (TISSEC)
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Web services: beyond component-based computing
Communications of the ACM
The WSLA Framework: Specifying and Monitoring Service Level Agreements for Web Services
Journal of Network and Systems Management
Distributed and Parallel Databases
Language Primitives and Type Discipline for Structured Communication-Based Programming
ESOP '98 Proceedings of the 7th European Symposium on Programming: Programming Languages and Systems
On the Decidability of Model Checking for Several µ-calculi and Petri Nets
CAAP '94 Proceedings of the 19th International Colloquium on Trees in Algebra and Programming
Secure composition of untrusted code: box π, wrappers, and causality types
Journal of Computer Security - CSFW13
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A Semantic Model for Authentication Protocols
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Introduction: Service-oriented computing
Communications of the ACM - Service-oriented computing
Communications of the ACM - Service-oriented computing
Service -Oriented Computing: Concepts, Characteristics and Directions
WISE '03 Proceedings of the Fourth International Conference on Web Information Systems Engineering
A semantics for web services authentication
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A Programming Model for the Orchestration of Web Services
SEFM '04 Proceedings of the Software Engineering and Formal Methods, Second International Conference
Web Services Are Not Distributed Objects
IEEE Internet Computing
Interfaces for stack inspection
Journal of Functional Programming
Enforcing Secure Service Composition
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Secure sessions for web services
SWS '04 Proceedings of the 2004 workshop on Secure web service
Semantic Web Services, Processes and Applications (Semantic Web and Beyond: Computing for Human Experience)
Disciplining Orchestration and Conversation in Service-Oriented Computing
SEFM '07 Proceedings of the Fifth IEEE International Conference on Software Engineering and Formal Methods
A theory of contracts for web services
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A Foundational Theory of Contracts for Multi-party Service Composition
Fundamenta Informaticae - Fundamentals of Software Engineering 2007: Selected Contributions
Structured communication-centred programming for web services
ESOP'07 Proceedings of the 16th European conference on Programming
A calculus for orchestration of web services
ESOP'07 Proceedings of the 16th European conference on Programming
Type abstractions of name-passing processes
FSEN'07 Proceedings of the 2007 international conference on Fundamentals of software engineering
COORDINATION'08 Proceedings of the 10th international conference on Coordination models and languages
COORDINATION'08 Proceedings of the 10th international conference on Coordination models and languages
The conversation calculus: a model of service-oriented computation
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Web Services: Concepts, Architectures and Applications
Web Services: Concepts, Architectures and Applications
SOCK: a calculus for service oriented computing
ICSOC'06 Proceedings of the 4th international conference on Service-Oriented Computing
Symbolic and cryptographic analysis of the secure WS-ReliableMessaging scenario
FOSSACS'06 Proceedings of the 9th European joint conference on Foundations of Software Science and Computation Structures
JSCL: a middleware for service coordination
FORTE'06 Proceedings of the 26th IFIP WG 6.1 international conference on Formal Techniques for Networked and Distributed Systems
History-based access control with local policies
FOSSACS'05 Proceedings of the 8th international conference on Foundations of Software Science and Computation Structures
SCC: a service centered calculus
WS-FM'06 Proceedings of the Third international conference on Web Services and Formal Methods
Verified reference implementations of WS-Security protocols
WS-FM'06 Proceedings of the Third international conference on Web Services and Formal Methods
Foundations of security analysis and design IV
Secure Service Composition with Symbolic Effects
SEEFM '09 Proceedings of the 2009 Fourth South-East European Workshop on Formal Methods
Modular plans for secure service composition
ARSPA-WITS'10 Proceedings of the 2010 joint conference on Automated reasoning for security protocol analysis and issues in the theory of security
Secure service orchestration in open networks
Journal of Systems Architecture: the EUROMICRO Journal
On quantitative security policies
PaCT'11 Proceedings of the 11th international conference on Parallel computing technologies
Call-by-contract for service discovery, orchestration and recovery
Rigorous software engineering for service-oriented systems
Types for coordinating secure behavioural variations
COORDINATION'12 Proceedings of the 14th international conference on Coordination Models and Languages
Nominal automata for resource usage control
CIAA'12 Proceedings of the 17th international conference on Implementation and Application of Automata
Formalising security in ubiquitous and cloud scenarios
CISIM'12 Proceedings of the 11th IFIP TC 8 international conference on Computer Information Systems and Industrial Management
Bring your own device, securely
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Towards nominal context-free model-checking
CIAA'13 Proceedings of the 18th international conference on Implementation and Application of Automata
Modular plans for secure service composition
Journal of Computer Security - ARSPA-WITS'10
Service net algebra based on logic Petri nets
Information Sciences: an International Journal
| Hi-index | 0.00 |
A static approach is proposed to study secure composition of services. We extend the λ-calculus with primitives for selecting and invoking services that respect given security requirements. Security-critical code is enclosed in policy framings with a possibly nested, local scope. Policy framings enforce safety and liveness properties. The actual run-time behaviour of services is over-approximated by a type and effect system. Types are standard, and effects include the actions with possible security concerns - as well as information about which services may be invoked at run-time. An approximation is model checked to verify policy framings within their scopes. This allows for removing any run-time execution monitor, and for determining the plans driving the selection of those services that match the security requirements on demand.