Modular plans for secure service composition

Authors:
Gabriele Costa;Pierpaolo Degano;Fabio Martinelli
Affiliations:
Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Italy and Dipartimento di Informatica, Università di Pisa, Pisa, Italy;Dipartimento di Informatica, Università di Pisa, Pisa, Italy;Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Italy
Venue:
Journal of Computer Security - ARSPA-WITS'10
Year:
2012

Citing 15
Cited 0

Compilers: principles, techniques, and tools

Compilers: principles, techniques, and tools
A symbolic semantics for the &pgr;-calculus

Information and Computation
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
Model checking security properties of control flow graphs

Journal of Computer Security
Synthesis of Local Controller Programs for Enforcing Global Security Properties

ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Contract-Driven Implementation of Choreographies

Trustworthy Global Computing
Security Types for Sessions and Pipelines

Web Services and Formal Methods
A theory of contracts for Web services

ACM Transactions on Programming Languages and Systems (TOPLAS)
A perspective on service orchestration

Science of Computer Programming
Local policies for resource usage analysis

ACM Transactions on Programming Languages and Systems (TOPLAS)
Calculi for Service-Oriented Computing

Formal Methods for Web Services
Planning and verifying service composition

Journal of Computer Security - 18th IEEE Computer Security Foundations Symposium (CSF 18)
Synthesis of web services orchestrators in a timed setting

WS-FM'07 Proceedings of the 4th international conference on Web services and formal methods
Secure service orchestration

Foundations of security analysis and design IV
Choreography and orchestration: a synergic approach for system design

ICSOC'05 Proceedings of the Third international conference on Service-Oriented Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Service Oriented Computing SOC is a programming paradigm aiming at characterising Service Networks. Services are entities waiting for requests from clients and they often result from the composition of many sub-services.We address here the problem of statically guaranteeing security of open services, i.e., services with unknown components. Security constraints are expressed by policies that service components must obey.We present here a type and effect system that safely over-approximates the possible run-time behaviour of open services, collecting partial information on the behaviour of their components. From such an approximation, we then extract a partial plan that drives executions of an open system that raises no security violations when plugged in any context.