EFSOC: A Layered Framework for Developing Secure Interactions between Web-Services

Authors:
Willem-Jan Van Den Heuvel;Kees Leune;Mike P. Papazoglou
Affiliations:
Infolab, Tilburg University, The Netherlands;Infolab, Tilburg University, The Netherlands;Infolab, Tilburg University, The Netherlands
Venue:
Distributed and Parallel Databases
Year:
2005

Citing 9
Cited 1

Telos: representing knowledge about information systems

ACM Transactions on Information Systems (TOIS)
ConceptBase—a deductive object base for meta data management

Journal of Intelligent Information Systems - Special issue: deductive and object-oriented databases
Role-Based Access Control Models

Computer
Future directions in role-based access control

RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
The Power of Events: An Introduction to Complex Event Processing in Distributed Enterprise Systems

The Power of Events: An Introduction to Complex Event Processing in Distributed Enterprise Systems
Handbook of Information Security Management

Handbook of Information Security Management
Introduction: Service-oriented computing

Communications of the ACM - Service-oriented computing
Exploring a Multi-Faceted Framework for SoC: How to Develop Secure Web-Service Interactions?

RIDE '04 Proceedings of the 14th International Workshop on Research Issues on Data Engineering: Web Services for E-Commerce and E-Government Applications (RIDE'04)
Separation of duties for access control enforcement in workflow environments

IBM Systems Journal - End-to-end security

Efficiently supporting secure and reliable collaboration in scientific workflows

Journal of Computer and System Sciences

Quantified Score

Hi-index	0.00

Visualization

Abstract

Enterprises are rapidly extending their relatively stable and internally-oriented business processes and applications with loosely-coupled enterprise software services in order to support highly dynamic, cross-organizational business processes. These services are no longer solely based on internal enterprise systems, but often implemented, deployed and executed by diverse, external service providers. The ability to dynamically configure cross-organizational business processes with a mixture of internal and external services imposes new security requirements on existing security models.In this paper, we address the problem of defining and enforcing access control rules for securing service invocations in the context of a business process. For this purpose, we amortize existing role-based access control models that allow for dynamic delegation and retraction of authorizations. Authorizations are assigned on an event-driven basis, implementing a push-based interaction protocol between services. This novel security model is entitled the Event-driven Framework for Service Oriented Computing (EFSOC). In addition, this article presents an experimental prototype that is explored using a realistic case study.