TY - GEN
T1 - New approach for the dynamic enforcement of web services security
AU - Mourad, Azzam
AU - Ayoubi, Sara
AU - Yahyaoui, Hamdi
AU - Otrok, Hadi
PY - 2010
Y1 - 2010
N2 - We propose in this paper a new approach for the dynamic enforcement of Web services security, which is based on a synergy between Aspect-Oriented Programming (AOP) and composition of Web services. Security policies are specified as aspects. The elaborated aspects are then weaved (integrated) in the Business Process Execution Language (BPEL) process at runtime. The main contributions of our approach are threefold: (1) separating the business and security concerns of composite Web services, and hence developing them separately (2) allowing the modification of the Web service composition at run time and (3) providing modularity for modeling cross-cutting concerns between Web services. We demonstrate the feasibility of our approach by developing a Flight System (FS) that is composed of several Web services. First, a RBAC (Role Based Access Control) model for the flight system, which we called RBAC-FS, is elaborated. Afterwards, the Web services that implement the security features are developed. Finally, the BPEL aspects that integrate the security functionalities dynamically into the BPEL process are created. The devised aspects realize the elaborated RBAC-FS model and provide authentication and access control features to the flight system. Case studies and experimental results are also presented to defend our propositions.
AB - We propose in this paper a new approach for the dynamic enforcement of Web services security, which is based on a synergy between Aspect-Oriented Programming (AOP) and composition of Web services. Security policies are specified as aspects. The elaborated aspects are then weaved (integrated) in the Business Process Execution Language (BPEL) process at runtime. The main contributions of our approach are threefold: (1) separating the business and security concerns of composite Web services, and hence developing them separately (2) allowing the modification of the Web service composition at run time and (3) providing modularity for modeling cross-cutting concerns between Web services. We demonstrate the feasibility of our approach by developing a Flight System (FS) that is composed of several Web services. First, a RBAC (Role Based Access Control) model for the flight system, which we called RBAC-FS, is elaborated. Afterwards, the Web services that implement the security features are developed. Finally, the BPEL aspects that integrate the security functionalities dynamically into the BPEL process are created. The devised aspects realize the elaborated RBAC-FS model and provide authentication and access control features to the flight system. Case studies and experimental results are also presented to defend our propositions.
UR - http://www.scopus.com/inward/record.url?scp=78549284586&partnerID=8YFLogxK
U2 - 10.1109/PST.2010.5593232
DO - 10.1109/PST.2010.5593232
M3 - Conference contribution
AN - SCOPUS:78549284586
SN - 9781424475742
T3 - PST 2010: 2010 8th International Conference on Privacy, Security and Trust
SP - 189
EP - 196
BT - PST 2010
T2 - 2010 8th International Conference on Privacy, Security and Trust, PST 2010
Y2 - 17 August 2010 through 19 August 2010
ER -