A Security Policy Model for Agent Based Service-Oriented Architectures

  • Eckehard Hermann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6908)


During the last years service oriented architectures (SOA) have gained in importance, when looking at today’s implementation of business processes. A SOA is a loosely coupled system of services, where a service is implemented by an agent. The protection of information and data objects and their well-directed flow are essential for the success of enterprises, which also applies to the communication inside a SOA. To guarantee an approved protection of data objects and to prevent an illegal information flow, approved security policy models are chosen that are suitable for the considered use case. The Limes Security Model [1] is based on a not necessarily symmetric, not necessarily reflexive and not necessarily transitive conflict of interest relation. The model is introduced for pure subject/object relationships, where agents are not taken into account. The current paper extends the Limes Security Model by the support of agents, suitable for the use in a SOA.


security models service-oriented architectures principal agent theory information flow control 


  1. 1.
    Hermann, E.: The Limes Security Model for Information Flow Control. In: FARES Workshop of the Sixth International Conference on Availability, Reliability and Security (ARES 2011), Vienna, Austria, Aug 22-26 (accepted, 2011)Google Scholar
  2. 2.
    Booth, D., Haas, H., McCabe, F., Newcomer, E., Champion, M., Ferris, C., Orchard, D.: Web Services Architecture, W3C Working Group Note, February 11 (2004),
  3. 3.
    Brewer, D.F.C., Nash, M.J.: The Chinese Wall Security Policy. In: IEEE Symposium on Security and Privacy, Oakland, pp. 206–214 (1989)Google Scholar
  4. 4.
    Lin, T.Y.: Chinese Wall Security Policy-An Aggressive Model. In: Proceedings of the Fifth Aerospace Computer Security Application Conference, December 4-8, pp. 286–293 (1989)Google Scholar
  5. 5.
    Bell, D., LaPadula, L.: Secure Computer Systems: Mathematical Foundations. MITRE Corporation, Bedford, MA, Technical Report MTR-2547, Vol. I (1973)Google Scholar
  6. 6.
    Clark, D., Wilson, D.: A Comparison of Commercial and Military Security Policies. In: IEEE Symposium on Security and Privacy, pp. 184–194 (1987)Google Scholar
  7. 7.
    Loock, M., Eloff, J.H.P.: A new Access Control model based on the Chinese Wall Security Policy Model. In: Proceedings of the ISSA 2005 New Knowledge Today Conference, Information Security South Africa (ISSA), pp. 1–10 (2005)Google Scholar
  8. 8.
    Burbeck, S.: The Tao of E-Business Services. IBM Developer Works (2000),
  9. 9.
    Pratt, J.W., Zeckhausen, R.J., Principals and Agents: The Structure of Business, Harvard Business School Press, Boston, 1985Google Scholar
  10. 10.
    Ricci, A., Buda, C., Zaghini, N.: An Agent-Oriented Programming Model for SOA & Web Services. In: 5th IEEE International Conference on Industrial Informatics, Vienna (2007)Google Scholar
  11. 11.
    Hsiao, Y.-C., Hwang, G.-H.: Implementing the Chinese Wall Security Model in Workflow Management Systems. In: Proceedings of the International Symposium on Parallel and Distributed Processing with Applications (ISPA 2010), pp. 574–581. IEEE Computer Society, Washington, DC (2010)CrossRefGoogle Scholar
  12. 12.
    Hung, P.C.K., Qiu, G.-S.: Implementing Conflict of Interest Assertions for Web Services Matchmaking Process. In: 2003 IEEE International Conference on E-Commerce Technology (CEC 2003), Newport Beach, California, USA (2003)Google Scholar
  13. 13.
    Debasish, J., Bijan, B.B.: Security Model of Service Oriented Computational Grids. In: 2006 Annual IEEE India Conference, New Delhi, September 15-17 (2006)Google Scholar
  14. 14.
    Wu, R., Ahn, G.-J., Hu, H., Singhal, M.: Information flow control in cloud computing. In: 6th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), Chicago (2010)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Eckehard Hermann
    • 1
  1. 1.Department of Secure Information SystemsUpper Austria University of Applied SciencesAustria

Personalised recommendations