Abstract
Web service flow is essentially a description of a distributed collaboration system, in which more than one Web service providers participate. The flow should have safety properties such as deadlock freedom and application specific progress properties. At the same time, the flow should satisfy some security properties since it is executed in an open network environment. This paper introduces an idea of a lattice-based security label into BPEL, a Web flow description language being standardized, in order to detect potential insecure information leakage. It further discusses that both the safety and security aspects can be analyzed in a single framework using the model-checking verification techniques.
Chapter PDF
Similar content being viewed by others
References
Bishop, M.A.: Computer Security: Art and Science. Addison-Wesley, Reading (2003)
Christensen, E., Curbera, F., Meredith, G., Weerawarana, S.: Web Service Description Language (WSDL). W3C Web Site (2001)
Curbera, F., Goland, Y., Klein, J., Leymann, F., Roller, D., Thatte, S., Weerawarana, S.: Business Process Execution Language for Web Services. Version 1.1 (May 2003)
Curbera, F., Khalaf, R., Mukhi, N., Tai, S., Weerawarana, S.: The Next Step in Web Services. Comm. ACM 46(10), 29–34 (2003)
Clarke, E., Grumberg, O., Peled, D.: Model Checking. The MIT Press, Cambridge (1999)
Davey, B., Priestley, H.: Introduction to Lattices and Order, 2nd edn., Cambridge (2002)
Denning, D.E.: A Lattice Model of Secure Information Flow. Comm. ACM 19(5), 236–243 (1976)
Foster, H., Uchitel, S., Magee, J., Kramer, J.: Model-based Verification of Web Service Compositions. In: Proc. ASE (September 2003)
Gordon, A., Bhargavan, K., Fournet, C.: A Semantics for Web Services Authentication. In: Proc. POPL 2004, January 2004, pp. 198–209 (2004)
Holzmann, G.J.: The SPIN Model Checker. Addison-Wesley, Reading (2004)
Leymann, F.: Web Services Flow Language (WSFL 1.0). IBM Corporation (May 2001)
Nakajima, S.: On Verifying Web Service Flows. In: Proc. SAINT 2002 Workshop, January 2002, pp. 223–224 (2002)
Nakajima, S.: Verification of Web Service Flows with Model-Checking Techniques. In: Proc. Cyber World 2002, November 2002, pp. 378–385. IEEE, Los Alamitos (2002)
Nakajima, S.: Model-Checking of Web Service Flow (in Japanese). Trans. IPS Japan 44(3), 942–952 (2003); A concise version presented at OOPSLA 2002 Workshop on Object-Oriented Web Service (November 2002)
Narayanan, S., Mcllraith, S.A.: Simulation, Verification and Automated Composition of Web Services. In: Proc. WWW-11 (2002)
Sandhu, R.: Lattice-Based Access Control Models. IEEE Computer 26(11), 9–19 (1993)
Thatte, S.: XLANG – Web Services for Business Process Design. Microsoft Corporation (May 2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nakajima, S. (2004). Model-Checking of Safety and Security Aspects in Web Service Flows. In: Koch, N., Fraternali, P., Wirsing, M. (eds) Web Engineering. ICWE 2004. Lecture Notes in Computer Science, vol 3140. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-27834-4_60
Download citation
DOI: https://doi.org/10.1007/978-3-540-27834-4_60
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22511-9
Online ISBN: 978-3-540-27834-4
eBook Packages: Springer Book Archive