Automated Validation of Security-Sensitive Web Services Specified in BPEL and RBAC

Authors:
Alberto Calvi;Silvio Ranise;Luca Vigano
Affiliations:
-;-;-
Venue:
SYNASC '10 Proceedings of the 2010 12th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing
Year:
2010

Citing 0
Cited 1

A declarative two-level framework to specify and verify workflow and authorization policies in service-oriented architectures

Service Oriented Computing and Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

We formalize automated analysis techniques for the validation of web services specified in BPEL and a RBAC variant tailored to BPEL. The idea is to use decidable fragments of first-order logic to describe the state space of a certain class of web services and then use state-of-the-art SMT solvers to handle their reach ability problems. To assess the practical viability of our approach, we have developed a prototype tool implementing our techniques and applied it to a digital contract signing service inspired by an industrial case study.