Using Aspects for Security Engineering of Web Service Compositions
ICWS '05 Proceedings of the IEEE International Conference on Web Services
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Security Conscious Web Service Composition
ICWS '06 Proceedings of the IEEE International Conference on Web Services
Dynamic Weaving of Security Aspects in Service Composition
SOSE '06 Proceedings of the Second IEEE International Symposium on Service-Oriented System Engineering
Security-Oriented Service Composition and Evolution
APSEC '06 Proceedings of the XIII Asia Pacific Software Engineering Conference
Developing Web Services with Apache Axis
Developing Web Services with Apache Axis
A BPMN Extension for the Modeling of Security Requirements in Business Processes
IEICE - Transactions on Information and Systems
Defining Secure Business Processes with Respect to Multiple Objectives
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Objective Types for the Valuation of Secure Business Processes
ICIS '08 Proceedings of the Seventh IEEE/ACIS International Conference on Computer and Information Science (icis 2008)
Ontology-Based Security Policies for Supporting the Management of Web Service Business Processes
ICSC '08 Proceedings of the 2008 IEEE International Conference on Semantic Computing
Security Specification at Process Level
SCC '08 Proceedings of the 2008 IEEE International Conference on Services Computing - Volume 1
Access Control for Human Tasks in Service Oriented Architecture
ICEBE '08 Proceedings of the 2008 IEEE International Conference on e-Business Engineering
Quality-Driven Business Policy Specification and Refinement for Service-Oriented Systems
ICSOC '08 Proceedings of the 6th International Conference on Service-Oriented Computing
Sec-MoSC Tooling - Incorporating Security Requirements into Service Composition
ICSOC-ServiceWave '09 Proceedings of the 7th International Joint Conference on Service-Oriented Computing
Configuring private data management as access restrictions: from design to enforcement
ICSOC'12 Proceedings of the 10th international conference on Service-Oriented Computing
| Hi-index | 0.00 |
Despite an increasing need for considering security requirements in service composition, the incorporation of security requirements into service composition is still a challenge for many reasons: no clear identification of security requirements for composition, absence of notations to express them, difficulty in integrating them into the business processes, complexity of mapping them into security mechanisms, and the complexity inherent to specify and enforce complex security requirements. We identify security requirements for service composition and define notations to express them at different levels of abstraction. We present a novel approach consisting of a methodology, called Sec-MoSC, to incorporate security requirements into service composition, map security requirements into enforceable mechanisms, and support execution. We have implemented this approach in a prototype tool by extending BPMN notation and building on an existing BPMN editor, BPEL engine and Apache Rampart. We showcase an illustrative application of the Sec-MoSC toolset.