The formal semantics of programming languages: an introduction
The formal semantics of programming languages: an introduction
A symbolic semantics for the &pgr;-calculus
Information and Computation
ACM Transactions on Information and System Security (TISSEC)
Model checking security properties of control flow graphs
Journal of Computer Security
TAPSOFT '87/CAAP '87 Proceedings of the International Joint Conference on Theory and Practice of Software Development, Volume 1: Advanced Seminar on Foundations of Innovative Software Development I and Colloquium on Trees in Algebra and Programming
On the Decidability of Model Checking for Several µ-calculi and Petri Nets
CAAP '94 Proceedings of the 19th International Colloquium on Trees in Algebra and Programming
Controlling Usage in Business Process Workflows through Fine-Grained Security Policies
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Contract-Driven Implementation of Choreographies
Trustworthy Global Computing
A theory of contracts for Web services
ACM Transactions on Programming Languages and Systems (TOPLAS)
Planning and verifying service composition
Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Types and Effects for resource usage analysis
FOSSACS'07 Proceedings of the 10th international conference on Foundations of software science and computational structures
Synthesis of web services orchestrators in a timed setting
WS-FM'07 Proceedings of the 4th international conference on Web services and formal methods
Foundations of security analysis and design IV
Choreography and orchestration: a synergic approach for system design
ICSOC'05 Proceedings of the Third international conference on Service-Oriented Computing
History-based access control with local policies
FOSSACS'05 Proceedings of the 8th international conference on Foundations of Software Science and Computation Structures
Towards the orchestration of secured services under non-disclosure policies
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
| Hi-index | 0.00 |
Service Oriented Computing is a paradigm for creating a fully compositional service infrastructure. Compositionality makes security issues difficult to establish. As a matter of fact, defining global security properties on distribute, large-scale network seems to have little or even no sense at all. In a recent proposal, every single service specify its ad hoc security policies that are applied to (parts of) programs or services. These are called local policies and are amenable for developers. They are specified using a simple automaton-like structure, they offer full compositionality (through scope nesting) and a direct enforcing through a corresponding execution monitor. Compliance w.r.t. local policies is statically verified against a superset of the possible program execution traces, namely a history expression. History expressions for services are obtained through a type and effect system and then model checked for validity. A valid history expression only contains traces that never rise policy exceptions. Such history expressions drive the synthesis of composition plans, i.e. safe service orchestration. In this paper this approach is extended to work also on open networks, i.e. networks that are only partially specified. This allows one to compose services in a bottom-up fashion, while guaranteeing their correctness by construction. The potential, practical impact of our proposal is shown by applying it to a well known case study.