Abstract
We use a distributed, enriched λ-calculus for describing networks of services. Both services and their clients can protect themselves, by imposing security constraints on each other’s behaviour. Then, service interaction results in a call-by-property mechanism, that matches the client requests with service’s. A static approach is also described, that determines how to compose services while guaranteeing that their execution is always secure, without resorting to any dynamic check.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-3-540-34895-5_20
Chapter PDF
References
Abadi, M., Fournet, C.: Access control based on execution history. In: Proc. 10th Annual Network and Distributed System Security Symposium (2003)
Akkiraju, R., et al.: Web Service Semantics. WSDL-S technical note (version 1.0) (2005)
Alonso, G., Casati, F., Kuno, H., Machiraju, V.: Web Services: Concepts, Architectures and Applications. Springer, Heidelberg (2004)
Anderson, S., et al.: Web Services Trust Language (WS-Trust) (2005)
Andrews, T., et al.: Business Process Execution Language for Web Services (BPEL4WS), Version 1.1 (2003)
Atkinson, B., et al.: Web Services Security (WS-Security) (2002)
Bartoletti, M., Degano, P., Ferrari, G.L.: Enforcing secure service composition. In: Proc. 18th Computer Security Foundations Workshop (CSFW) (2005)
Bartoletti, M., Degano, P., Ferrari, G.L.: History based access control with local policies. In: Proc. Fossacs (2005)
Bartoletti, M., Degano, P., Ferrari, G.L.: Plans for service composition. In: Workshop on Issues in the Theory of Security (WITS) (2006)
Bartoletti, M., Degano, P., Ferrari, G.L.: Types and effects for secure service orchestration. In: Proc. 19th Computer Security Foundations Workshop (CSFW) (to appear, 2006)
Bhargavan, K., Corin, R., Fournet, C., Gordon, A.D.: Secure sessions for web services. In: Proc. ACM Workshop on Secure Web Services (2004)
Bhargavan, K., Fournet, C., Gordon, A.D.: A semantics for web services authentication. In: Proc. ACM Symposium on Principles of Programming Languages (2004)
Bonelli, E., Compagnoni, A., Gunter, E.: Typechecking safe process synchronization. In: Proc. Foundations of Global Ubiquitous Computing (2004)
Box, D., et al.: Simple Object Access Protocol (SOAP) 1.1. WRC Note (2000)
Box, D., et al.: Web Services Policy Framework (WS-Policy) (2002)
Brogi, A., Canal, C., Pimentel, E.: Behavioural types and component adaptation. In: Rattray, C., Maharaj, S., Shankland, C. (eds.) AMAST 2004. LNCS, vol. 3116, pp. 42–56. Springer, Heidelberg (2004)
Brogi, A., Popescu, R.: Towards semi-automated workflow-based aggregation of web services. In: Benatallah, B., Casati, F., Traverso, P. (eds.) ICSOC 2005. LNCS, vol. 3826, pp. 214–227. Springer, Heidelberg (2005)
Chinnici, R., Gudgina, M., Moreau, J., Weerawarana, S.: Web Service Description Language (WSDL), Version 1.2 (2002)
Curbera, F., Khalaf, R., Mukhi, N., Tai, S., Weerawarane, S.: The next step in web services. Communications of the ACM 46(10) (2003)
Esparza, J.: On the decidability of model checking for several μ-calculi and Petri nets. In: Proc. 19th Int. Colloquium on Trees in Algebra and Programming (1994)
Gifford, D.K., Lucassen, J.M.: Integrating functional and imperative programming. In: ACM Conference on LISP and Functional Programming (1986)
Gordon, A., Jeffrey, A.: Types and effects for asymmetric cryptographic protocols. In: Proc. IEEE Computer Security Foundations Workshop (2002)
Gorla, D., Hennessy, M., Sassone, V.: Security policies as membranes in systems for global computing. In: Proc. FGUC (2004)
Honda, K., Vansconcelos, V., Kubo, M.: Language primitives and type discipline for structures communication-based programming. In: Hankin, C. (ed.) ESOP 1998 and ETAPS 1998. LNCS, vol. 1381, Springer, Heidelberg (1998)
Khalaf, R., Mukhi, N., Weerawarana, S.: Service oriented composition in BPEL4WS. In: Proc. WWW (2003)
Lazovik, A., Aiello, M., Gennari, R.: Encoding requests to web service compositions as constraints. In: van Beek, P. (ed.) CP 2005. LNCS, vol. 3709, pp. 782–786. Springer, Heidelberg (2005)
Mokhtar, S.B., Georgantas, N., Issarny, V.: Ad hoc composition of user tasks in pervasive computing environment. In: Software Composition (2005)
Nielson, F., Nielson, H.R.: Type and effect systems. In: Correct System Design (1999)
Paolucci, M., Kawamura, T., Payne, T., Sycara, K.: Semantic matchmaking of web services capabilities. In: First International Semantic Web Conference on The Semantic Web (2002)
Papazoglou, M.P.: Service-oriented computing: Concepts, characteristics and directions. In: WISE (2003)
Papazouglou, M., Georgakopoulos, D.: Special issue on service oriented computing. Communications of the ACM 46(10) (2003)
Rajasekaran, P., Miller, J.A., Verma, K., Sheth, A.P.: Enhancing web services description and discovery to facilitate composition. In: Semantic Web Services and Web Process Composition (2005)
Sewell, P., Vitek, J.: Secure composition of untrusted code: box-π, wrappers and causality types. Journal of Computer Security 11(2) (2003)
Stal, M.: Web services: Beyond component-based computing. Communications of the ACM 55(10) (2002)
Talpin, J.-P., Jouvelot, P.: The type and effect discipline. Information and Computation 2(111) (1994)
Traverso, P., Pistore, M.: Automated composition of semantic web services into executable processes. In: McIlraith, S.A., Plexousakis, D., van Harmelen, F. (eds.) ISWC 2004. LNCS, vol. 3298, pp. 380–394. Springer, Heidelberg (2004)
Vallecillo, A., Vansconcelos, V., Ravara, A.: Typing the behaviours of objects and components using session types. In: Proc. of FOCLASA (2002)
Vogels, W.: Web services are not distributed objects. IEEE Internet Computing 7(6) (2003)
W3C. UDDI Technical White Paper (2000)
Woo, T., Lam, S.: A semantic model for authentication protocols. In: IEEE Symposium on Security and Privacy (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 IFIP International Federation for Information Processing
About this paper
Cite this paper
Bartoletti, M., Degano, P., Ferrari, G.L. (2006). Security Issues in Service Composition. In: Gorrieri, R., Wehrheim, H. (eds) Formal Methods for Open Object-Based Distributed Systems. FMOODS 2006. Lecture Notes in Computer Science, vol 4037. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11768869_1
Download citation
DOI: https://doi.org/10.1007/11768869_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34893-1
Online ISBN: 978-3-540-34895-5
eBook Packages: Computer ScienceComputer Science (R0)