Information flow control to secure dynamic web service composition

Authors:
Dieter Hutter;Melanie Volkamer
Affiliations:
German Research Center for Artificial Intelligence (DFKI GmbH), Saarbrücken, Germany;German Research Center for Artificial Intelligence (DFKI GmbH), Saarbrücken, Germany
Venue:
SPC'06 Proceedings of the Third international conference on Security in Pervasive Computing
Year:
2006

Citing 13
Cited 4

Secure information flow in a multi-threaded imperative language

POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A sound type system for secure flow analysis

Journal of Computer Security
An algebra for composing access control policies

ACM Transactions on Information and System Security (TISSEC)
Trust-Based Security in Pervasive Computing Environments

Computer
A Type-Based Approach to Program Security

TAPSOFT '97 Proceedings of the 7th International Joint Conference CAAP/FASE on Theory and Practice of Software Development
A Policy Language for the Management of Distributed Agents

AOSE '01 Revised Papers and Invited Contributions from the Second International Workshop on Agent-Oriented Software Engineering II
Possibilistic Definitions of Security - An Assembly Kit

CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
SLAng: A Language for Defining Service Level Agreements

FTDCS '03 Proceedings of the The Ninth IEEE Workshop on Future Trends of Distributed Computing Systems
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions

SP '94 Proceedings of the 1994 IEEE Symposium on Security and Privacy
A general theory of security properties

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Specifying privacy policies with P3P and EPAL: lessons learned

Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Trust in multi-agent systems

The Knowledge Engineering Review
Language-based information-flow security

IEEE Journal on Selected Areas in Communications

Verifiable and Revocable Expression of Consent to Processing of Aggregated Personal Data

ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
A security policy framework for context-aware and user preferences in e-services

Journal of Systems Architecture: the EUROMICRO Journal
Information flow analysis of scientific workflows

Journal of Computer and System Sciences
Propagation of data protection requirements in multi-stakeholder web services systems

WISE'10 Proceedings of the 11th international conference on Web information systems engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

The vision of a landscape of heterogeneous web services deployed as encapsulated business software assets in the Internet is currently becoming a reality as part of the Semantic Web. When pro-active agents handle the context-aware discovery, acquisition, composition, and management of application services and data, ensuring the security of customers' data becomes a principle task. To dynamically compose its offered service, an agent has to process and spread confidential data to other web services demanding the required degree of security. In this paper we propose a methodology based on type-based information flow to control the security of dynamically computed data and their proliferation to other web services.