1st International ICST Workshop on Secure and Multimodal Pervasive Enviroments

Research Article

Optimizing Secure Web Services with MAWeS: a Case Study

  • @INPROCEEDINGS{10.1109/SECCOM.2007.4550321,
        author={Massimiliano Rak and Valentina Casola and Nicola Mazzoccca and Emilio  Pasquale Mancini and Umberto Villano},
        title={Optimizing Secure Web Services with MAWeS: a Case Study},
        proceedings={1st International ICST Workshop on Secure and Multimodal Pervasive Enviroments},
        keywords={Web Services  autonomic  performance prediction  policy  security  self-optimization  simulation},
  • Massimiliano Rak
    Valentina Casola
    Nicola Mazzoccca
    Emilio Pasquale Mancini
    Umberto Villano
    Year: 2008
    Optimizing Secure Web Services with MAWeS: a Case Study
    DOI: 10.1109/SECCOM.2007.4550321
Massimiliano Rak1,*, Valentina Casola2,*, Nicola Mazzoccca2,*, Emilio Pasquale Mancini3,*, Umberto Villano3,*
  • 1: Dipartimento di Ingegneria dell’Informazione Seconda Universit`a di Napoli Via Roma 29, Aversa (CE), 81031 Italy
  • 2: Dipartimento di informatica e Sistemistica Universita degli Studi di Napoli “Federico II” Via Claudio 21, Napoli, 80125 Italy
  • 3: RCOST and Dipartimento di Ingegneria, Universita del Sannio
*Contact email: massimiliano.rak@unina2.it, valentina.casola@unina.it, n.mazzocca@unina.it, epmancini@unisannio.it, villano@unisannio.it


Service-oriented architectures (SOA) and, in particular, Web Services are the emerging technologies to develop interoperable systems. In spite of the maturity of these new architectural models and technologies, the security of open services is still a challenging open issue; furthermore, the overall performance of a service built by composition of many atomic services can depend on many factors that need to be addressed. We are working on the design and the development of the MAWeS architecture, a framework that supports the development of self-optimizing autonomic systems for Web Services architectures. It relies on a simulation service to predict system performance and adopts a security evaluation service that implements a policy-based methodology for security description and evaluation. In this paper we sketch the MAWeS architecture, illustrating how to use it to optimize the performance of a typical compound Web Services application while at the same time guaranteeing that a set of security requirements, expressed by a security policy, are met.