The formal semantics of programming languages: an introduction
The formal semantics of programming languages: an introduction
A symbolic semantics for the &pgr;-calculus
Information and Computation
ACM Transactions on Information and System Security (TISSEC)
Model checking security properties of control flow graphs
Journal of Computer Security
TAPSOFT '87/CAAP '87 Proceedings of the International Joint Conference on Theory and Practice of Software Development, Volume 1: Advanced Seminar on Foundations of Innovative Software Development I and Colloquium on Trees in Algebra and Programming
Contract-Driven Implementation of Choreographies
Trustworthy Global Computing
A theory of contracts for Web services
ACM Transactions on Programming Languages and Systems (TOPLAS)
Planning and verifying service composition
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Synthesis of web services orchestrators in a timed setting
WS-FM'07 Proceedings of the 4th international conference on Web services and formal methods
Choreography and orchestration: a synergic approach for system design
ICSOC'05 Proceedings of the Third international conference on Service-Oriented Computing
History-based access control with local policies
FOSSACS'05 Proceedings of the 8th international conference on Foundations of Software Science and Computation Structures
Call-by-contract for service discovery, orchestration and recovery
Rigorous software engineering for service-oriented systems
| Hi-index | 0.00 |
Local policies represent security properties that are applied to (parts of) programs or services. They are amenable for developers since they provide for a full compositionality (through scope nesting), for a simple, automaton-like structure and for a direct enforcing through a corresponding execution monitor. Compliance w.r.t. local policies is statically verified against a safe over-approximation of all the possible execution traces, namely a history expression. Given a service, a safe type and effect system extracts a history expression, from which a viable composition plan can be automatically produced. Viable plans drive executions that never rise policy exceptions. Our main contribution consists in defining a type and effect system that also deals with open systems. Weextend the syntax of a service-oriented version of the lambda-calculus, namely lambda-req, with resources and external branching operators. Then, we safely over-approximate the possible run-time behaviour of services collecting partial information on the relationship between the program flow and the actual resources. Indeed, the history expressions obtained in this way are compact, rather accurate and able to derive viable plansin most cases.