Using Aspects for Security Engineering of Web Service Compositions
ICWS '05 Proceedings of the IEEE International Conference on Web Services
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
Security Conscious Web Service Composition
ICWS '06 Proceedings of the IEEE International Conference on Web Services
Dynamic Weaving of Security Aspects in Service Composition
SOSE '06 Proceedings of the Second IEEE International Symposium on Service-Oriented System Engineering
A BPMN Extension for the Modeling of Security Requirements in Business Processes
IEICE - Transactions on Information and Systems
Defining Secure Business Processes with Respect to Multiple Objectives
ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Objective Types for the Valuation of Secure Business Processes
ICIS '08 Proceedings of the Seventh IEEE/ACIS International Conference on Computer and Information Science (icis 2008)
Ontology-Based Security Policies for Supporting the Management of Web Service Business Processes
ICSC '08 Proceedings of the 2008 IEEE International Conference on Semantic Computing
Security Specification at Process Level
SCC '08 Proceedings of the 2008 IEEE International Conference on Services Computing - Volume 1
Access Control for Human Tasks in Service Oriented Architecture
ICEBE '08 Proceedings of the 2008 IEEE International Conference on e-Business Engineering
Quality-Driven Business Policy Specification and Refinement for Service-Oriented Systems
ICSOC '08 Proceedings of the 6th International Conference on Service-Oriented Computing
Model-driven business process security requirement specification
Journal of Systems Architecture: the EUROMICRO Journal
Security Conscious Web Service Composition with Semantic Web Support
ICDEW '07 Proceedings of the 2007 IEEE 23rd International Conference on Data Engineering Workshop
From business process models to process-oriented software systems
ACM Transactions on Software Engineering and Methodology (TOSEM)
SERVICES '10 Proceedings of the 2010 6th World Congress on Services
Hi-index | 0.00 |
Modelling and enforcing security requirements is an important but challenging task in web service composition. However, the explicit treatment of security requirements is challenging for many reasons: diversity of security background of involved stakeholders, absence or complexity of notations to express security requirements, complexity of mapping security requirements into security mechanisms and enforcing them at runtime. Existing work often delays considering the security requirements until the implementation and execution. We present an approach to design and enforce security in web service composition. By adopting the proposed approach, security requirements are incorporated during the business process definition and service composition code generation, and enforced at runtime. The proposed approach is supported by a set of tools that allows annotating business processes with security requirements, refining the security annotated business process and enforcing security annotations at execution time. We showcase an illustrative application to demonstrate the proposed approach and developed tools.