Security Policy Monitoring of Composite Services

  • Muhammad Asim
  • Artsiom Yautsiukhin
  • Achim D. Brucker
  • Brett Lempereur
  • Qi Shi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8900)


One important challenge the Aniketos platform has to address is the effective monitoring of services at runtime to ensure that services behave as promised. A service developer plays the role that is responsible for constructing service compositions and the service provider is responsible for offering them to consumers of the Aniketos platform. Typically, service consumers will have different needs and requirements; they have varying business goals and different expectations from a service, for example in terms of functionality, quality of service and security needs. Given this, it is important to ensure that a service should deliver for which it has been selected and should match the consumer’s expectations. If it fails, the system should take appropriate subsequent reactions, e.g., notifications to the service consumer or service designer.

In this chapter, we present the policy-driven monitoring framework which is developed as part of the Aniketos project. The monitoring framework allows different user-specified policies to be monitored simultaneously. The monitoring is performed at the business level, as well as at the implementation level, which allows for checking the policies of composite services as well as atomic ones. The framework sends an alarm in case of policy violation to notify the interested parties and triggers re-composition or re-configuration of the service.


monitoring secure service composition security policy complex event processing SOA BPMN 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ghezzi, C., Guinea, S.: Run-time Monitoring in Service Oriented Architectures. In: Test and Analysis of Web Services. Springer, Heidelberg (2007)Google Scholar
  2. 2.
    OMG, Business Process Model and Notation (BPMN) Version 2.0 (2011),
  3. 3.
    Rademakers, T.: Activiti in Action:Executable business processes in BPMN 2.0. Manning Publications (2012)Google Scholar
  4. 4.
    Baresi, L., Guinea, S., Nano, O., Spanoudakis, G.: Comprehensive monitoring of BPEL processes. IEEE Internet Computing 14(3), 50–57 (2010)CrossRefGoogle Scholar
  5. 5.
    Haiteng, Z., Zhiqing, S., Hong, Z.: Runtime Monitoring Web Services Implemented in BPEL. In: International Conference on Uncertainty Reasoning and Knowledge Engineering (URKE), Bali, Indonesia, vol. 1, pp. 228–231 (2011)Google Scholar
  6. 6.
    Wu, G., Wei, J., Huang, T.: Flexible Pattern Monitoring for WS-BPEL through Stateful Aspect Extension. In: Proc. of the IEEE Intl. Conf. on Web Services (ICWS 2008), Beijing, China, pp. 577–584 (2008)Google Scholar
  7. 7.
    Baresi, L., Ghezzi, C., Guinea, S.: Smart Monitors for Composed Services. In: Proceedings of the 2nd International Conference on Service Oriented Computing (ICSOC 2004), New York, USA, pp. 193–202 (2004)Google Scholar
  8. 8.
    Aniketos Consortium, Deliverable D9.2: Demonstration material and events from the complete project (2012)Google Scholar
  9. 9.
    eXtensible Access Control Markup Language (XACML) Version 3.0,
  10. 10.
    Shanahan, M.: The Event Calculus Explained. In: Veloso, M.M., Wooldridge, M.J. (eds.) Artificial Intelligence Today. LNCS (LNAI), vol. 1600, pp. 409–430. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  11. 11.
    Bonatti, P.A., De Coi, J.L., Olmedilla, D., Sauro, L.: PROTUNE: A Rule-based PROvisionalTrUst Negotia-tion Framework (2010)Google Scholar
  12. 12.
    Aktug, I., Naliuka, K.: ConSpec: A Formal Language for Policy Specification. In: Proceedings of the First International Workshop on Run Time Enforcement for Mobile and Distributed Systems (2007)Google Scholar
  13. 13.
    Erlingsson, U.: The inlined reference monitor approach to security policy enforcement. PhD thesis, Department of Computer Science, Cornell University (2004)Google Scholar
  14. 14.
    Brucker, A.D.: Integrating Security Aspects into Business Process Models. IT - Information Technology 55(6), 239–246 (2013)CrossRefGoogle Scholar
  15. 15.
  16. 16.
    Activiti engine,
  17. 17.
    Aniketos Consortium, Deliverable D9.2: Demonstration material and events from the complete project (2012)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Muhammad Asim
    • 1
  • Artsiom Yautsiukhin
    • 2
  • Achim D. Brucker
    • 3
  • Brett Lempereur
    • 1
  • Qi Shi
    • 1
  1. 1.School of Computing and Mathematical SciencesLiverpool John Moores UniversityUK
  2. 2.Istituto di Informatica e TelematicaConsiglio Nazionale delle RicercheItaly
  3. 3.SAP SEKarlsruheGermany

Personalised recommendations