Regulating Data Exchange in Service Oriented Applications

  • Alessandro Lapadula
  • Rosario Pugliese
  • Francesco Tiezzi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4767)

Abstract

We define a type system for COWS, a formalism for specifying and combining services, while modelling their dynamic behaviour. Our types permit to express policies constraining data exchanges in terms of sets of service partner names attachable to each single datum. Service programmers explicitly write only the annotations necessary to specify the wanted policies for communicable data, while a type inference system (statically) derives the minimal additional annotations that ensure consistency of services initial configuration. Then, the language dynamic semantics only performs very simple checks to authorize or block communication. We prove that the type system and the operational semantics are sound. As a consequence, we have the following data protection property: services always comply with the policies regulating the exchange of data among interacting services. We illustrate our approach through a simplified but realistic scenario for a service-based electronic marketplace.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Schneider, F.B., Morrisett, G., Harper, R.: A language-based approach to security. In: Wilhelm, R. (ed.) Informatics. LNCS, vol. 2000, pp. 86–101. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Brogi, A., Canal, C., Pimentel, E., Vallecillo, A.: Formalizing web service choreographies. ENTCS 105, 73–94 (2004)Google Scholar
  3. 3.
    Viroli, M.: Towards a formal foundational to orchestration languages. ENTCS 105, 51–71 (2004)Google Scholar
  4. 4.
    Geguang, P., Xiangpeng, Z., Shuling, W., Zongyan, Q.: Towards the semantics and verification of bpel4ws. In: WLFM, Elsevier, Amsterdam (2005)Google Scholar
  5. 5.
    Busi, N., Gorrieri, R., Guidi, C., Lucchi, R., Zavattaro, G.: Choreography and orchestration conformance for system design. In: Ciancarini, P., Wiklicky, H. (eds.) COORDINATION 2006. LNCS, vol. 4038, pp. 63–81. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Laneve, C., Padovani, L.: Smooth orchestrators. In: Aceto, L., Ingólfsdóttir, A. (eds.) FOSSACS 2006 and ETAPS 2006. LNCS, vol. 3921, pp. 32–46. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Lapadula, A., Pugliese, R., Tiezzi, F.: A WSDL-based type system for WS-BPEL. In: Ciancarini, P., Wiklicky, H. (eds.) COORDINATION 2006. LNCS, vol. 4038, pp. 145–163. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Guidi, C., Lucchi, R., Gorrieri, R., Busi, N., Zavattaro, G.: SOCK: a calculus for service oriented computing. In: Dan, A., Lamersdorf, W. (eds.) ICSOC 2006. LNCS, vol. 4294, pp. 327–338. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Lapadula, A., Pugliese, R., Tiezzi, F.: A Calculus for Orchestration of Web Services. In: ESOP. LNCS, vol. 4421, pp. 33–47. Springer, Heidelberg (2007)Google Scholar
  10. 10.
    De Nicola, R., Gorla, D., Pugliese, R.: Confining data and processes in global computing applications. Science of Computer Programming 63, 57–87 (2006)MATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    OASIS. Web Services Business Process Execution Language Version 2.0. Technical report, WS-BPEL TC OASIS (August 2006), http://www.oasis-open.org/
  12. 12.
    Lapadula, A., Pugliese, R., Tiezzi, F.: A Calculus for Orchestration of Web Services (full version). Technical report, Dipartimento di Sistemi e Informatica, Univ. Firenze (2007), http://rap.dsi.unifi.it/cows
  13. 13.
    Goguen, H.: Typed operational semantics. In: Dezani-Ciancaglini, M., Plotkin, G. (eds.) TLCA 1995. LNCS, vol. 902, pp. 186–200. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  14. 14.
    Merro, M., Sangiorgi, D.: On asynchrony in name-passing calculi. Mathematical Structures in Computer Science 14(5), 715–767 (2004)MATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Lapadula, A., Pugliese, R., Tiezzi, F.: Regulating data exchange in service oriented applications (full version). Technical report, Dipartimento di Sistemi e Informatica, Univ. Firenze (2007), http://rap.dsi.unifi.it/cows
  16. 16.
    Ross-Talbot, S., Fletcher, T.: Web services choreography description language: Primer (working draft). Technical report, W3C (June 2006)Google Scholar
  17. 17.
    Kirli, Z.D.: Confined mobile functions. In: CSFW, pp. 283–294. IEEE, Los Alamitos (2001)Google Scholar
  18. 18.
    Cardelli, L., Ghelli, G., Gordon, A.D.: Types for the ambient calculus. Inf. Comput. 177(2), 160–194 (2002)MATHMathSciNetGoogle Scholar
  19. 19.
    Cardelli, L., Ghelli, G., Gordon, A.D.: Secrecy and group creation. Inf. Comput. 196(2), 127–155 (2005)MATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Vitek, J., Bokowski, B.: Confined types in java. SPE 31(6), 507–532 (2001)MATHGoogle Scholar
  21. 21.
    Zhao, T., Palsber, J., Vitek, J.: Lightweight confinement for featherweight java. In: OOPSLA, pp. 135–148. ACM Press, New York (2003)Google Scholar
  22. 22.
    Carbone, M., Honda, K., Yoshida, N.: A calculus of global interaction based on session types. In: DCM, Elsevier, Amsterdam (2006) (to appear as ENTCS)Google Scholar
  23. 23.
    Yoshida, N., Vasconcelos, V.T.: Language primitives and type discipline for structured communication-based programming revisited: Two systems for higher-order session communication. In: SecReT. ENTCS, Elsevier, Amsterdam (2006)Google Scholar
  24. 24.
    Kobayashi, N.: Type systems for concurrent programs. In: Aichernig, B.K., Maibaum, T.S.E. (eds.) Formal Methods at the Crossroads. From Panacea to Foundational Support. LNCS, vol. 2757, pp. 439–453. Springer, Heidelberg (2003)Google Scholar
  25. 25.
    Igarashi, A., Kobayashi, N.: A generic type system for the pi-calculus. Theor. Comput. Sci. 311(1-3), 121–163 (2004)MATHCrossRefMathSciNetGoogle Scholar
  26. 26.
    Kobayashi, N., Suenaga, K., Wischik, L.: Resource usage analysis for the π-calculus. In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, pp. 298–312. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  27. 27.
    Laneve, C., Zavattaro, G.: Foundations of web transactions. In: Sassone, V. (ed.) FOSSACS 2005. LNCS, vol. 3441, pp. 282–298. Springer, Heidelberg (2005)Google Scholar
  28. 28.
    Mazzara, M., Lucchi, R.: A pi-calculus based semantics for WS-BPEL. Journal of Logic and Algebraic Programming 70(1), 96–118 (2006)MathSciNetGoogle Scholar
  29. 29.
    Bruni, R., Melgratti, H.C., Montanari, U.: Theoretical foundations for compensations in flow composition languages. In: POPL, pp. 209–220. ACM Press, New York (2005)CrossRefGoogle Scholar
  30. 30.
    Bruni, R., Butler, M., Ferreira, C., Hoare, T., Melgratti, H.C., Montanari, U.: Comparing two approaches to compensable flow composition. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 383–397. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  31. 31.
    Garcia-Molina, H., Salem, K.: Sagas. In: SIGMOD, pp. 249–259. ACM Press, New York (1987)Google Scholar
  32. 32.
    Bartoletti, M., Degano, P., Ferrari, G.: Security Issues in Service Composition. In: Gorrieri, R., Wehrheim, H. (eds.) FMOODS 2006. LNCS, vol. 4037, pp. 1–16. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Alessandro Lapadula
    • 1
  • Rosario Pugliese
    • 1
  • Francesco Tiezzi
    • 1
  1. 1.Dipartimento di Sistemi e Informatica Università degli Studi di Firenze 

Personalised recommendations