A Formal Dynamic Verification of Choreographed Web Services Conversations

  • Karim Dahmani
  • Mahjoub LangarEmail author
  • Riadh Robbana
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9451)


Performing runtime verification of composite web services is one of the actual main research challenges. This paper presents a formal approach for dynamically enforcing security policies on web services choreographies. We define a security framework for monitoring choreographed web services by inlining a monitor that checks whether a choreography adheres to some constraints dictated by a security policy. Therefore, this monitor prohibits the execution of undesirable behaviors during runtime and does not change the original behavior of the choreography until an action is about to violate the security policy.


Monitoring Choreography Formal verification Web service composition Security policy enforcement Runtime verification 


  1. 1.
    Corporation, I.: Business process execution language for web services bpel-4ws (2002).
  2. 2.
    Kavantzas, N., Burdett, D., Ritzinger, G., Fletcher, T., Lafon, Y.: Web services choreography description language version 1.0. W3C Working Draft, December 2004Google Scholar
  3. 3.
    Morrisett, G., Walker, D., Crary, K., Glew, N.: From system f to typed assembly language. ACM Trans. Program. Lang. Syst. 21(3), 527–568 (1999)CrossRefzbMATHGoogle Scholar
  4. 4.
    Necula, G.C.: Proof-carrying code. In: Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages. POPL ’97, pp. 106–119. ACM, New York, NY, USA (1997)Google Scholar
  5. 5.
    Ligatti, J., Bauer, L., Walker, D.: Edit automata: enforcement mechanisms for run-time security policies. Int. J. Inf. Secur. 4(1–2), 2–16 (2005)CrossRefGoogle Scholar
  6. 6.
    Martinell, F., Matteucci, I.: Through modeling to synthesis of security automata. In: Proceedings of the Second International Workshop on Security and Trust Management (STM 2006). Electronic Notes in Theoretical Computer Science, vol. 179, pp. 31–46 (2007)Google Scholar
  7. 7.
    Erlingsson, Schneider, F.: Irm enforcement of java stack inspection. In: 2000 Proceedings of IEEE Symposium on Security and Privacy, 2000. S P 2000, pp. 246–255 (2000)Google Scholar
  8. 8.
    Carbone, M., Honda, K., Yoshida, N.: Theoretical aspects of communication-centred programming. Electr. Notes Theor. Comput. Sci. 209, 125–133 (2008)CrossRefzbMATHGoogle Scholar
  9. 9.
    Milner, R., Parrow, J., Walker, D.: A calculus of mobile processes. I. Inf. Comput. 100(1), 1–40 (1992)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Honda, K., Vasconcelos, V.T., Kubo, M.: Language primitives and type discipline for structured communication-based programming. In: Hankin, C. (ed.) ESOP 1998. LNCS, vol. 1381, pp. 122–138. Springer, Heidelberg (1998) CrossRefGoogle Scholar
  11. 11.
    Hennessy, M., Riely, J.: Resource access control in systems of mobile agents. Electr. Notes Theor. Comput. Sci. 16(3), 174–188 (1998)CrossRefzbMATHGoogle Scholar
  12. 12.
    Carbone, M., Nielsen, M., Sassone, V.: A calculus for trust management. In: Lodaya, K., Mahajan, M. (eds.) FSTTCS 2004. LNCS, vol. 3328, pp. 161–173. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  13. 13.
    Kozen, D.: Kleene algebra with tests. ACM Trans. Program. Lang. Syst. 19(3), 427–443 (1997)CrossRefMathSciNetzbMATHGoogle Scholar
  14. 14.
    Dumez, C., Bakhouya, M., Gaber, J., Wack, M., Lorenz, P.: Model-driven approach supporting formal verification for web service composition protocols. J. Netw. Comput. Appl. 36(4), 1102–1115 (2013)CrossRefGoogle Scholar
  15. 15.
    Tan, W., Fan, Y., Zhou, M.: A petri net-based method for compatibility analysis and composition of web services in business process execution language. IEEE Trans. Autom. Sci. Eng. 6(1), 94–106 (2009)CrossRefGoogle Scholar
  16. 16.
    Dranidis, D., Ramollari, E., Kourtesis, D.: Run-time verification of behavioural conformance for conversational web services. In: ECOWS, pp. 139–147 (2009)Google Scholar
  17. 17.
    Ardissono, L., Furnari, R., Goy, A., Petrone, G., Segnan, M.: Monitoring choreographed services. In: Sobh, T. (ed.) Innovations and Advanced Techniques in Computer and Information Sciences and Engineering, pp. 283–288. Springer, Netherlands (2007)CrossRefGoogle Scholar
  18. 18.
    Gay, R., Mantel, H., Sprick, B.: Service automata. In: Barthe, G., Datta, A., Etalle, S. (eds.) FAST 2011. LNCS, vol. 7140, pp. 148–163. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  19. 19.
    She, W., Yen, I., Thuraisingham, B.M., Bertino, E.: Security-aware service composition with fine-grained information flow control. IEEE Trans. Serv. Comput. 6(3), 330–343 (2013)CrossRefGoogle Scholar
  20. 20.
    Martín, J.A., Martinelli, F., Matteucci, I., Pimentel, E., Turuani, M.: On the synthesis of secure services composition. In: Heisel, M., Joosen, W., Lopez, J., Martinelli, F. (eds.) Engineering Secure Future Internet Services and Systems. LNCS, vol. 8431, pp. 140–159. Springer, Heidelberg (2014) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.LIP2 Research LaboratoryFaculté des Sciences de TunisTunisTunisia

Personalised recommendations