[ PDF |
BibTeX |
EndNote |
RIS |
Word ]
A Framework for Secure Service Composition
By Achim D. Brucker, Francesco Malmignati, Madjid Merabti, Qi Shi, and Bo Zhou.
Modern applications are inherently heterogeneous: they are built by composing loosely coupled services that are, usually, offered and operated by different service providers. While this approach increases the flexibility of the composed applications, it makes the implementation of security and trustworthiness requirements much more difficult. As the requirements for security and trustworthiness, in nearly all sectors, are increasing dramatically, there is a need for new approaches that integrate security requirements right from the beginning while composing service-based applications.
In this paper, we present a framework for secure service composition using a model-based approach for specifying, building, and executing composed services. As a unique feature, this framework integrates security requirements as a first class citizen and, thus, avoids the ``security as an afterthought” paradigm.
Keywords: secure service composition, BPMN, service modelling, service availability
Further Reading: This presentation is based on the following publication: A. D. Brucker, F. Malmignati, M. Merabti, Q. Shi, and B. Zhou, “A framework for secure service composition,” in International conference on information privacy, security, risk and trust (PASSAT), Los Alamitos, CA, USA: IEEE Computer Society, 2013, pp. 647–652. doi: 10.1109/SocialCom.2013.97. Author copy: https://logicalhacking.com/publications/brucker.ea-framework-2013/
Please cite this work as follows: A. D. Brucker, F. Malmignati, M. Merabti, Q. Shi, and B. Zhou, “A framework for secure service composition,” presented at the ASE/IEEE international conference on information privacy, security, risk and trust (PASSAT), Washington D.C., USA, Sep. 11, 2013. Author copy: https://logicalhacking.com/publications/talk-brucker.ea-framework-2013/
BibTeX
@Unpublished{ talk:brucker.ea:framework:2013,
abstract = {Modern applications are inherently heterogeneous: they are
built by composing loosely coupled services that are, usually,
offered and operated by different service providers. While
this approach increases the flexibility of the composed
applications, it makes the implementation of security and
trustworthiness requirements much more difficult. As the
requirements for security and trustworthiness, in nearly all
sectors, are increasing dramatically, there is a need for new
approaches that integrate security requirements right from the
beginning while composing service-based applications.
In this paper, we present a framework for secure service
composition using a model-based approach for specifying,
building, and executing composed services. As a unique
feature, this framework integrates security requirements as a
first class citizen and, thus, avoids the ``security as an
afterthought'' paradigm.},
keywords = {secure service composition, BPMN, service modelling, service
availability},
author = {Achim D. Brucker and Francesco Malmignati and Madjid Merabti
and Qi Shi and Bo Zhou},
eventtitle = {ASE/IEEE International Conference on Information Privacy,
Security, Risk and Trust (PASSAT)},
language = {USenglish},
venue = {Washington D.C., USA},
title = {A Framework for Secure Service Composition},
date = {2013-09-11},
slideshare = {26227039},
slideshare_width = {427},
slideshare_height = {356},
areas = {software, security},
note = {Author copy: \url{https://logicalhacking.com/publications/talk-brucker.ea-framework-2013/}},
pdf = {https://logicalhacking.com/publications/talk-brucker.ea-framework-2013/talk-brucker.ea-framework-2013.pdf},
}