Designing Secure Service Workflows in BPEL

  • Luca Pino
  • Khaled Mahbub
  • George Spanoudakis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8831)


This paper presents an approach that we have developed to support the design of secure service based applications in BPEL. The approach is based on the use of secure service composition patterns, which are proven to preserve composition level security properties if the services that are composed according to the pattern satisfy other properties individually. The secure service composition patterns are used for two purposes: (a) to analyse whether a given workflow fragment satisfies a given security property, and (b) to generate compositions of services that could substitute for individual services within the workflow that cause the violation of the security properties. Our approach has been implemented in a tool that is based on Eclipse BPEL Designer.


Service Discovery Security Property Individual Service Security Solution Control Flow Activity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Pawar, P., Tokmakoff, A.: Ontology-Based Context-Aware Service Discovery for Pervasive Environments. In: 1st IEEE International Workshop on Services Integration in Pervasive Environments (SIPE 2006), in conjunction with IEEE ICPS 2006 (2006)Google Scholar
  2. 2.
    Mikhaiel, R., Stroulia, E.: Examining usage protocols for service discovery. In: Dan, A., Lamersdorf, W. (eds.) ICSOC 2006. LNCS, vol. 4294, pp. 496–502. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  3. 3.
    Spanoudakis, G., Zisman, A.: Discovering Services During Service Based Systems Design Using UML. IEEE Trans. on Software Eng. 36(3), 371–389 (2010)CrossRefGoogle Scholar
  4. 4.
    Fujii, K., Suda, T.: Semantics-Based Dynamic Web Service Composition. IEEE Journal on Selected Areas in Communications 23(12), 2361–2372 (2005)CrossRefGoogle Scholar
  5. 5.
    Silva, E., Pires, L.F., van Sinderen, M.: On the Support of Dynamic Service Composition at Runtime. In: Dan, A., Gittler, F., Toumani, F. (eds.) ICSOC/ServiceWave 2009. LNCS, vol. 6275, pp. 530–539. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Pino, L., Spanoudakis, G.: Constructing Secure Service Compositions with Patterns. In: IEEE SERVICES 2012, pp. 184–191. IEEE Press (2012)Google Scholar
  7. 7.
    BPEL Designer Project,
  8. 8.
    ASSERT4SOA Consortium: ASSERTs Aware Service Based Systems Adaptation. ASSERT4SOA Project, Deliverable D2.3 (2012)Google Scholar
  9. 9.
    Drools – Jboss Community,
  10. 10.
    Aggarwal, R., Verma, K., et al.: Constraint Driven Web Service Composition in METEOR-S. In: IEEE SCC 2004, pp. 23–30. IEEE Press (2004)Google Scholar
  11. 11.
    Souza, A.R.R., et al.: Incorporating Security Requirements into Service Composition: From Modelling to Execution. In: Baresi, L., Chi, C.-H., Suzuki, J. (eds.) ICSOC-ServiceWave 2009. LNCS, vol. 5900, pp. 373–388. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Charfi, A., Mezini, M.: Using aspects for security engineering of web service compositions. In: IEEE ICWS 2005, pp. 59–66. IEEE Press (2005)Google Scholar
  13. 13.
    Hafner, M., Breu, R., et al.: Sectet: An extensible framework for the realization of secure inter-organizational workflows. Internet Research 16(5), 491–506 (2006)CrossRefGoogle Scholar
  14. 14.
    Gutiérrez, C., Fernández-Medina, E., Piattini, M.: Towards a process for web services security. J. of Research and Practice in Information Technology 38(1), 57–68 (2006)Google Scholar
  15. 15.
    Bartoletti, M., Degano, P., et al.: Semantics-based design for secure web services. IEEE Trans. on Software Eng. 34(1), 33–49 (2008)CrossRefGoogle Scholar
  16. 16.
    Deubler, M., Grünbauer, J., Jürjens, J., Wimmel, G.: Sound development of secure service-based systems. In: ICSOC 2004, pp. 115–124. ACM, New York (2004)Google Scholar
  17. 17.
    Georg, G., Anastasakis, K., et al.: Verification and trade-off analysis of security properties in UML system models. IEEE Trans. on Software Eng. 36(3), 338–356 (2010)CrossRefGoogle Scholar
  18. 18.
    Menzel, M., Warschofsky, R., Meinel, C.: A pattern-driven generation of security policies for service-oriented architectures. In: IEEE ICWS 2010, pp. 243–250. IEEE Press (2010)Google Scholar
  19. 19.
    Séguran, M., Hébert, C., Frankova, G.: Secure workflow development from early requirements analysis. In: IEEE ECOWS 2008, pp. 125–134. IEEE Press (2008)Google Scholar
  20. 20.
    McLean, J.: A general theory of composition for trace sets closed under selective interleaving functions. In: 1994 IEEE Symp. on Sec. and Privacy, pp. 79–93. IEEE CS Press (1994)Google Scholar
  21. 21.
    Mantel, H.: On the composition of secure systems. In: 2002 IEEE Symp. on Sec. and Privacy, pp. 88–101. IEEE CS Press (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Luca Pino
    • 1
  • Khaled Mahbub
    • 1
  • George Spanoudakis
    • 1
  1. 1.Department of Computer ScienceCity University LondonLondonUnited Kingdom

Personalised recommendations