A formal aspect-oriented method to model and analyse secure service composition

被引:0
作者
Fan, Guisheng [1 ,2 ]
Yu, Huiqun [1 ]
Chen, Liqiong [3 ]
Liu, Dongmei [1 ]
机构
[1] Department of Computer Science and Engineering, East China University of Science and Technology, Shanghai
[2] Shanghai Key Laboratory of Computer Software Evaluating and Testing, Shanghai
[3] Department of Computer Science and Information Engineering, Shanghai Institute of Technology, Shanghai
来源
International Journal of Autonomous and Adaptive Communications Systems | 2015年 / 8卷 / 2-3期
关键词
Access control; Aspect orientation; Petri nets; Security; Service composition;
D O I
10.1504/IJAACS.2015.069574
中图分类号
学科分类号
摘要
Service-oriented computing (SOC) is becoming a prominent paradigm for creating value-added enterprise applications by composing web services. However, this flexibility comes along with new security risks. In this paper, Petri nets are used to precisely describe the different components of service composition, such as service, component, the basic relation between components, etc. The dynamic matching strategy of service composition is proposed, aspect orientation is used to weave it into the base net, which includes evaluation concern, authorisation concern and failure processing concern, the weaving mechanism dynamically integrates these schemas into a secure aspect model. Based on this, the operation semantics and related theories of Petri nets help prove the effectiveness and feasibility of proposed method, the enforcement algorithm is also given. An example explains the modelling process of service composition, and a series of experiments are done to explain that the use of aspects for service composition is more efficient than conventional techniques. © 2015 Inderscience Enterprises Ltd.
引用
收藏
页码:119 / 140
页数:21
相关论文
共 18 条
[1]  
Charfi A., Mezini M., Aspect-oriented Web service composition with AO4BPEL, Proceedings of the 2nd European Conference on Web Services (ECOWS 2004), pp. 168-182, (2004)
[2]  
Ehrig H., Ermel C., Runge O., Bucchiarone A., Pelliccione P., Formal analysis and verification of self-healing systems, Fundamental Approaches to Software Engineering, pp. 139-153, (2010)
[3]  
Emig C., Brandt F., Abeck S., Et al., An access control metamodel for web service-oriented architecture', in, Proceedings of the International Conference on Software Engineering Advances, (2007)
[4]  
Esmaeeli A., Shahriari H., Privacy protection of grid service requesters through distributed attribute based access control model, Advances in Grid and Pervasive Computing, pp. 573-582, (2010)
[5]  
Guan L.W., Li X.Y., Hu H., Et al., A Petri net-based approach for supporting aspect-oriented modeling, Processing of the 2008 2nd IFIP/IEEE International Symposium on Theoretical Aspects of Software Engineering, pp. 83-90, (2008)
[6]  
Hokamura K., Ubayashi N., Nakajima S., Et al., Aspect-oriented programming for Web controller layer, Processing of the 15th Asia-Pacific Software Engineering Conference (APSEC '08), pp. 529-536, (2008)
[7]  
Karastoyanova D., Leymann F., BPEL'n'Aspects: Adapting service orchestration logic, IEEE International Conference on Web Services (ICWS 2009), pp. 222-229, (2009)
[8]  
Kiczales G., Lamping J., Mendhekar A., Et al., Aspect-oriented programming, Proceedings of the European Conference on Object-Oriented Programming, pp. 220-242, (1997)
[9]  
Li X.T., Fan Y.S., Sheng Q.Z., Et al., A Petri net approach to analyzing behavioral compatibility and similarity of web services, IEEE Transactions on Systems, Man, and Cybernetics, Part A, 41, 3, pp. 510-521, (2011)
[10]  
Mabuchi M., Shinjo Y., Sato A., Et al., An access control model for web-services that supports delegation and creation of authority', in, Proceedings of the Seventh International Conference on Networking, pp. 213-222, (2008)
12