Rule-Based Security Capabilities Matching for Web Services

Authors:
Bo Yu;Lin Yang;Yongjun Wang;Bofeng Zhang;Yuan Cao;Linru Ma;Xiangyang Luo
Affiliations:
School of Computer, National University of Defense Technology, Changsha, China;Center for Security, Institute of China Electronic Equipment System Engineering, Beijing, China;School of Computer, National University of Defense Technology, Changsha, China;School of Computer, National University of Defense Technology, Changsha, China;School of Computer, National University of Defense Technology, Changsha, China;Center for Security, Institute of China Electronic Equipment System Engineering, Beijing, China;Zhengzhou Information Science and Technology Institute, Zhengzhou, China
Venue:
Wireless Personal Communications: An International Journal
Year:
2013

Citing 16
Cited 0

Authorization and Privacy for Semantic Web Services

IEEE Intelligent Systems
Current Solutions for Web Service Composition

IEEE Internet Computing
Security Conscious Web Service Composition

ICWS '06 Proceedings of the IEEE International Conference on Web Services
Ontology-Based Security Policies for Supporting the Management of Web Service Business Processes

ICSC '08 Proceedings of the 2008 IEEE International Conference on Semantic Computing
Self-optimization of secure web services

Computer Communications
Security Conscious Web Service Composition with Semantic Web Support

ICDEW '07 Proceedings of the 2007 IEEE 23rd International Conference on Data Engineering Workshop
A Security Meta-model for Service-Oriented Architectures

SCC '09 Proceedings of the 2009 IEEE International Conference on Services Computing
Security in the Semantic Web using OWL

Information Security Tech. Report
Policy framework for security and privacy management

IBM Journal of Research and Development
EXAM: a comprehensive environment for the analysis of access control policies

International Journal of Information Security
Access control: what is required in business collaboration?

ADC '09 Proceedings of the Twentieth Australasian Conference on Australasian Database - Volume 92
Transformation and Aggregation of Web Service Security Requirements

ECOWS '10 Proceedings of the 2010 Eighth IEEE European Conference on Web Services
Seamless integration of dependability and security concepts in SOA: A feedback control system based framework and taxonomy

Journal of Network and Computer Applications
Representing web service policies in OWL-DL

ISWC'05 Proceedings of the 4th international conference on The Semantic Web
From business process choreography to authorization policies

DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Security ontology for annotating resources

OTM'05 Proceedings of the 2005 OTM Confederated international conference on On the Move to Meaningful Internet Systems: CoopIS, COA, and ODBASE - Volume Part II

Quantified Score

Hi-index	0.00

Visualization

Abstract

A primary problem for security aware Web service discovery is how to discover security capabilities of Web services and how these security capabilities can be matched with security requirements of various requesters. Presently, most approaches are based on syntactic matching, which is prone to result in false negative because of lacking of semantics. In this paper, we propose a rule-based approach to decide whether security capabilities match security requirements. Based on a semantic model of security policy, security capabilities are inferred from security policy of Web services. General Web service security ontology is proposed to semantically model security requirements of various service requesters. The architecture of rule-based matching engine is also presented to describe the whole matching process. The prototype system and case study show that the proposed approach is flexible and feasible.