8th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

Research Article

Secure Composition of Cascaded Web Services

Download664 downloads
  • @INPROCEEDINGS{10.4108/icst.collaboratecom.2012.250522,
        author={Basit Shafiq and Soon Chun and Jaideep Vaidya and nazia badar and Nabil Adam},
        title={Secure Composition of Cascaded Web Services},
        proceedings={8th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing},
        publisher={IEEE},
        proceedings_a={COLLABORATECOM},
        year={2012},
        month={12},
        keywords={web service composition security privacy},
        doi={10.4108/icst.collaboratecom.2012.250522}
    }
    
  • Basit Shafiq
    Soon Chun
    Jaideep Vaidya
    nazia badar
    Nabil Adam
    Year: 2012
    Secure Composition of Cascaded Web Services
    COLLABORATECOM
    ICST
    DOI: 10.4108/icst.collaboratecom.2012.250522
Basit Shafiq1,*, Soon Chun2, Jaideep Vaidya3, nazia badar, Nabil Adam3
  • 1: Lahore University of Management Sciences
  • 2: CUNY
  • 3: Rutgers University
*Contact email: basit@lums.edu.pk

Abstract

A business process can be developed as a composition of Web services provided by different service providers. These service providers may have their own policies and constraints for service provisioning and collaboration. In this paper, we focus on secure composition of services, specifically from the perspective of service enactment. Service enactment requires finding an execution plan for the service composition that conforms to the requirements and constraints of the service requester and all service providers. However, due to privacy and security concerns, participants may selectively expose their Web service operations and process details. We propose an approach for service enactment that does not require the participants to reveal their internal operations and constraints and that can still result in an execution plan which satisfies the requirements and constraints of all participants. The proposed approach uses Finite State Machines (FSM) to model component Web service operations, their interdependencies, as well security and access control policy constraints. Model checking is used to generate an appropriate Web service execution plan in an incremental manner. Commutative encryption based techniques are used to preserve privacy and security.