Paper Info
Title
Incorporating Security Requirements into Service Composition: From Modelling to Execution
Abstract
Despite an increasing need for considering security requirements in service composition, the incorporation of security requirements into service composition is still a challenge for many reasons: no clear identification of security requirements for composition, absence of notations to express them, difficulty in integrating them into the business processes, complexity of mapping them into security mechanisms, and the complexity inherent to specify and enforce complex security requirements. We identify security requirements for service composition and define notations to express them at different levels of abstraction. We present a novel approach consisting of a methodology, called Sec-MoSC, to incorporate security requirements into service composition, map security requirements into enforceable mechanisms, and support execution. We have implemented this approach in a prototype tool by extending BPMN notation and building on an existing BPMN editor, BPEL engine and Apache Rampart. We showcase an illustrative application of the Sec-MoSC toolset.
Year
DOI
Venue
2009
10.1007/978-3-642-10383-4_27
ICSOC/ServiceWave
Keywords
Field
DocType
business process
Data mining,Security testing,Software engineering,Business process,Security engineering,Computer science,Security service,Business Process Execution Language,Security information and event management,Computer security model,Database,Business Process Model and Notation
Conference
Volume
ISSN
Citations 
5900
0302-9743
16
PageRank 
References 
Authors
0.90
13
11
Name
Order
Citations
PageRank
Andre R. R. Souza1191.31
Bruno Silva212416.86
Fernando Antônio Aires Lins3314.00
Julio Cesar Damasceno4161.58
Nelson Souto Rosa523229.55
Paulo Romero Martins Maciel636359.24
Robson W. A. Medeiros7191.31
Bryan Stephenson8615.45
Hamid R. Motahari Nezhad933826.93
Jun Li1013817.59
Caio Northfleet11363.59