Advertisement

Middleware for Automated Implementation of Security Protocols

  • Béla Genge
  • Piroska Haller
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5554)

Abstract

We propose a middleware for automated implementation of security protocols for Web services. The proposed middleware consists of two main layers: the communication layer and the service layer. The communication layer is built on the SOAP layer and ensures the implementation of security and service protocols. The service layer provides the discovery of services and the authorization of client applications. In order to provide automated access to the platform services we propose a novel specification of security protocols, consisting of a sequential component, implemented as a WSDL-S specification, and an ontology component, implemented as an OWL specification. Specifications are generated using a set of rules, where information related to the implementation of properties such as cryptographic algorithms or key sizes, are provided by the user. The applicability of the proposed middleware is validated by implementing a video surveillance system.

Keywords

Middleware Web services security protocols automated execution ontologies 

References

  1. 1.
    Cremers, C.J.F., Mauw, S.: Checking secrecy by means of partial order reduction. In: Leue, S., Systä, T.J. (eds.) Scenarios: Models, Transformations and Tools. LNCS, vol. 3466. Springer, Heidelberg (2005)Google Scholar
  2. 2.
    Mengual, L., Barcia, N., Jimenez, E., Menasalvas, E., Setien, J., Yaguez, J.: Automatic implementation system of security protocols based on formal description techniques. In: Proceedings of the Seventh International Symposium on Computers and Communications, pp. 355–401 (2002)Google Scholar
  3. 3.
    Abdullah, I., Menascé, D.: Protocol specification and automatic implementation using XML and CBSE. In: IASTED conference on Communications, Internet and Information Technology (2003)Google Scholar
  4. 4.
    Akkiraju, R., Farrell, J., Miller, J., Nagarajan, M., Schmidt, M., Verma, K.: Web Service Semantics - WSDL-S. A joint UGA-IBM Technical Note (2005)Google Scholar
  5. 5.
    Clark, J., Jacob, J.: A Survey of Authentication Protocol Literature: Version 1.0. York University (1997)Google Scholar
  6. 6.
    Gavin, L.: Some new attacks upon security protocols. In: Proceedings of the 9th CSFW, pp. 162–169. IEEE Computer Society Press, Los Alamitos (1996)Google Scholar
  7. 7.
    Cremers, C.J.F.: Compositionality of Security Protocols: A Research Agenda. Electr. Notes Theor. Comput. Sci. 142, 99–110 (2006)CrossRefGoogle Scholar
  8. 8.
    Kim, A., Luo, J., Kang, M.: Security ontology for annotating resources. In: Meersman, R., Tari, Z. (eds.) OTM 2005. LNCS, vol. 3761, pp. 1483–1499. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Blanco, C., Lasheras, J., Valencia-Garcia, R., Fernandez-Medina, E., Toval, A., Piattini, M.: A systematic review and comparison of security ontologies. In: Proc. of the Third International Conference on Availability, Reliability and Security, pp. 813–820 (2008)Google Scholar
  10. 10.
    Denkera, G., Kagal, L., Finin, T.: Security in the semantic web using owl. Information Security Technical Report 1(10), 51–58 (2005)CrossRefGoogle Scholar
  11. 11.
    Gong, L.: Fail-Stop Protocols: An Approach to Designing Secure Protocols. In: Proceedings of the 5th IFIP Conference on Dependable Computing and Fault-Tolerant Systems, pp. 44–55 (1995)Google Scholar
  12. 12.
    Martin, D., Paolucci, M., Wagner, M.: Toward Semantic Annotations of Web Services: OWL-S from the SAWSDL Perspective. In: OWL-S: Experiences and Directions - workshop at 4th European Semantic Web Conf. (2007)Google Scholar
  13. 13.
    Ostheimer, D., Lemay, S., Ghazal, M., Mayisela, D., Amer, A., Dagba, P.: A Modular Distributed Video Surveillance System Over IP. In: Electrical and Computer Engineering Canadian Conference, pp. 518–521 (2006)Google Scholar
  14. 14.
    Genge, B., Haller, P.: Extending WS-Security to Implement Security Protocols for Web Services. In: International Conference on Recent Achievements in Mechatronics, Automation, Computer Science and Robotics, Targu Mures, Romania (to appear, 2009)Google Scholar
  15. 15.
    World Wide Web Consortium, OWL Web Ontology Language Reference, W3C Recommendation (2004)Google Scholar
  16. 16.
    Gutmann, P.: Cryptlib Encryption Toolkit, http://www.cs.auckland.ac.nz/-~pgut001/cryptlib/index.html
  17. 17.
    OpenSSL Project, version 0.9.8h, http://www.openssl.org/
  18. 18.
    Laboratoire Specification et Verification, Security Protocol Open Repository, http://www.lsv.ens-cachan.fr/spore
  19. 19.
    Organization for the Advancement of Structured Information Standards, SAML V2.0 OASIS Standard Specification (2007), http://saml.xml.org/
  20. 20.
    Organization for the Advancement of Structured Information Standards, OASIS Web Services Security (WSS) (2006), http://saml.xml.org/
  21. 21.
    Organization for the Advancement of Structured Information Standards, WS-Trust (2007), http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html
  22. 22.
    Organization for the Advancement of Structured Information Standards, UDDI (2004), http://www.uddi.org/pubs/uddi_v3.htm

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Béla Genge
    • 1
  • Piroska Haller
    • 1
  1. 1.Department of Electrical Engineering“Petru Maior” University of Târgu MureşTârgu MureşRomania

Personalised recommendations