Enforcing ASTD Access-Control Policies with WS-BPEL Processes in SOA Environments

Authors:
Michel Embe Jiague;Marc Frappier;Frédéric Gervais;Régine Laleau;Richard St-Denis
Affiliations:
Université de Sherbrooke, Canada, and Université Paris-Est Créteil Val-de-Marne, France;Université de Sherbrooke, Canada;Université Paris-Est Créteil Val-de-Marne, France;Université Paris-Est Créteil Val-de-Marne, France;Université de Sherbrooke, Canada
Venue:
International Journal of Systems and Service-Oriented Engineering
Year:
2011

Citing 12
Cited 2

A model of OASIS role-based access control and its support for active security

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Flexible support for multiple access control policies

ACM Transactions on Database Systems (TODS)
Access Control and Authorization Constraints for WS-BPEL

ICWS '06 Proceedings of the IEEE International Conference on Web Services
Beyond separation of duty: an algebra for specifying high-level security policies

Proceedings of the 13th ACM conference on Computer and communications security
Sessions and Pipelines for Structured Service Programming

FMOODS '08 Proceedings of the 10th IFIP WG 6.1 international conference on Formal Methods for Open Object-Based Distributed Systems
Enforcing Role-Based Access Control Policies in Web Services with UML and OCL

ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Security Types for Sessions and Pipelines

Web Services and Formal Methods
A process-algebraic approach to workflow specification and refinement

SC'07 Proceedings of the 6th international conference on Software composition
Dynamic enforcement of abstract separation of duty constraints

ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Rodin: an open toolset for modelling and reasoning in Event-B

International Journal on Software Tools for Technology Transfer (STTT) - Special Section on VSTTE 2008
Systematic translation rules from ASTD to event-B

IFM'10 Proceedings of the 8th international conference on Integrated formal methods
Secrecy UML method for model transformations

ABZ'10 Proceedings of the Second international conference on Abstract State Machines, Alloy, B and Z

Combining UML, ASTD and B for the formal specification of an access control filter

Innovations in Systems and Software Engineering
A metamodel for the design of access-control policy enforcement managers: work in progress

FPS'11 Proceedings of the 4th Canada-France MITACS conference on Foundations and Practice of Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Controlling access to the Web services of public agencies and private corporations depends primarily on specifying and deploying functional security rules to satisfy strict regulations imposed by governments, particularly in the financial and health sectors. This paper focuses on one aspect of the SELKIS and EB3SEC projects related to the security of Web-based information systems, namely, the automatic transformation of security rules into WS-BPEL or BPEL, for short processes. The former are instantiated from security-rule patterns written in a graphical notation, called ASTD that is close to statecharts. The latter are executed by a BPEL engine integrated into a policy decision point, which is a component of a policy enforcement manager similar to that proposed in the XACML standard.