Security Policy Monitoring of Composite Services
One important challenge the Aniketos platform has to address is the effective monitoring of services at runtime to ensure that services behave as promised. A service developer plays the role that is responsible for constructing service compositions and the service provider is responsible for offering them to consumers of the Aniketos platform. Typically, service consumers will have different needs and requirements; they have varying business goals and different expectations from a service, for example in terms of functionality, quality of service and security needs. Given this, it is important to ensure that a service should deliver for which it has been selected and should match the consumer’s expectations. If it fails, the system should take appropriate subsequent reactions, e.g., notifications to the service consumer or service designer.
In this chapter, we present the policy-driven monitoring framework which is developed as part of the Aniketos project. The monitoring framework allows different user-specified policies to be monitored simultaneously. The monitoring is performed at the business level, as well as at the implementation level, which allows for checking the policies of composite services as well as atomic ones. The framework sends an alarm in case of policy violation to notify the interested parties and triggers re-composition or re-configuration of the service.
Keywordsmonitoring secure service composition security policy complex event processing SOA BPMN
Unable to display preview. Download preview PDF.
- 1.Ghezzi, C., Guinea, S.: Run-time Monitoring in Service Oriented Architectures. In: Test and Analysis of Web Services. Springer, Heidelberg (2007)Google Scholar
- 2.OMG, Business Process Model and Notation (BPMN) Version 2.0 (2011), http://www.omg.org/spec/BPMN/2.0/
- 3.Rademakers, T.: Activiti in Action:Executable business processes in BPMN 2.0. Manning Publications (2012)Google Scholar
- 5.Haiteng, Z., Zhiqing, S., Hong, Z.: Runtime Monitoring Web Services Implemented in BPEL. In: International Conference on Uncertainty Reasoning and Knowledge Engineering (URKE), Bali, Indonesia, vol. 1, pp. 228–231 (2011)Google Scholar
- 6.Wu, G., Wei, J., Huang, T.: Flexible Pattern Monitoring for WS-BPEL through Stateful Aspect Extension. In: Proc. of the IEEE Intl. Conf. on Web Services (ICWS 2008), Beijing, China, pp. 577–584 (2008)Google Scholar
- 7.Baresi, L., Ghezzi, C., Guinea, S.: Smart Monitors for Composed Services. In: Proceedings of the 2nd International Conference on Service Oriented Computing (ICSOC 2004), New York, USA, pp. 193–202 (2004)Google Scholar
- 8.Aniketos Consortium, Deliverable D9.2: Demonstration material and events from the complete project (2012)Google Scholar
- 9.eXtensible Access Control Markup Language (XACML) Version 3.0, http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf
- 11.Bonatti, P.A., De Coi, J.L., Olmedilla, D., Sauro, L.: PROTUNE: A Rule-based PROvisionalTrUst Negotia-tion Framework (2010)Google Scholar
- 12.Aktug, I., Naliuka, K.: ConSpec: A Formal Language for Policy Specification. In: Proceedings of the First International Workshop on Run Time Enforcement for Mobile and Distributed Systems (2007)Google Scholar
- 13.Erlingsson, U.: The inlined reference monitor approach to security policy enforcement. PhD thesis, Department of Computer Science, Cornell University (2004)Google Scholar
- 16.Activiti engine, http://www.activiti.org/
- 17.Aniketos Consortium, Deliverable D9.2: Demonstration material and events from the complete project (2012)Google Scholar