A Framework for Secure Service Composition

By Achim D. Brucker, Francesco Malmignati, Madjid Merabti, Qi Shi, and Bo Zhou.

Modern applications are inherently heterogeneous: they are built by composing loosely coupled services that are, usually, offered and operated by different service providers. While this approach increases the flexibility of the composed applications, it makes the implementation of security and trustworthiness requirements much more difficult. As the requirements for security and trustworthiness, in nearly all sectors, are increasing dramatically, there is a need for new approaches that integrate security requirements right from the beginning while composing service-based applications.

In this paper, we present a framework for secure service composition using a model-based approach for specifying, building, and executing composed services. As a unique feature, this framework integrates security requirements as a first class citizen and, thus, avoids the ``security as an afterthought” paradigm.

Keywords:
Secure Service Composition, BPMN, Service Modelling, Service Availability

Supplementary material:
Slides  ]

Please cite this work as follows:
A. D. Brucker, F. Malmignati, M. Merabti, Q. Shi, and B. Zhou, “A framework for secure service composition,” in International conference on information privacy, security, risk and trust (PASSAT), Los Alamitos, CA, USA: IEEE Computer Society, 2013, pp. 647–652. doi: 10.1109/SocialCom.2013.97. Author copy: https://logicalhacking.com/publications/brucker.ea-framework-2013/

BibTeX
@InCollection{ brucker.ea:framework:2013,
  abstract       = {Modern applications are inherently heterogeneous: they are
                    built by composing loosely coupled services that are, usually,
                    offered and operated by different service providers. While
                    this approach increases the flexibility of the composed
                    applications, it makes the implementation of security and
                    trustworthiness requirements much more difficult. As the
                    requirements for security and trustworthiness, in nearly all
                    sectors, are increasing dramatically, there is a need for new
                    approaches that integrate security requirements right from the
                    beginning while composing service-based applications.
                    
                    In this paper, we present a framework for secure service
                    composition using a model-based approach for specifying,
                    building, and executing composed services. As a unique
                    feature, this framework integrates security requirements as a
                    first class citizen and, thus, avoids the ``security as an
                    afterthought'' paradigm.},
  keywords       = {Secure Service Composition, BPMN, Service Modelling, Service
                    Availability},
  author         = {Achim D. Brucker and Francesco Malmignati and Madjid Merabti
                    and Qi Shi and Bo Zhou},
  booktitle      = {International Conference on Information Privacy, Security,
                    Risk and Trust (PASSAT)},
  ieee_booktitle = {International Conference on Social Computing (SocialCom)},
  language       = {USenglish},
  publisher      = {IEEE Computer Society },
  address        = {Los Alamitos, CA, USA },
  title          = {A Framework for Secure Service Composition},
  areas          = {security, software},
  year           = {2013},
  doi            = {10.1109/SocialCom.2013.97},
  pages          = {647--652},
  note           = {Author copy: \url{https://logicalhacking.com/publications/brucker.ea-framework-2013/}},
  pdf            = {https://logicalhacking.com/publications/brucker.ea-framework-2013/brucker.ea-framework-2013.pdf},
}