Toward systematic integration of security policies into web services

Azzam Mourad; Hadi Otrok; Sara Ayoubi

doi:10.1109/EISIC.2011.48

Toward systematic integration of security policies into web services

Azzam Mourad
, Hadi Otrok
, Sara Ayoubi

Computer Science

Lebanese American University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

In this paper, we introduce our approach for the automatic generation of BPEL (Business Process Execution Language) aspects from security policies. It is based on a synergy between policies, Aspect-Oriented Programming (AOP) and composition of web services. Our proposed approach allows first to transform security policies into BPEL aspects. Then, the generated aspects are weaved in the BPEL process of the composed web services at runtime [1]. The main contributions of our approach are: (1) Describing dynamic security policies, (2) generating automatically the BPEL aspects, (3) separating the business and security concerns of composite web services, and hence developing them separately (4) allowing the modification of the dynamic security features and web services composition at run time and (5) providing modularity for modeling cross-cutting concerns between web services.

Original language	British English
Title of host publication	Proceedings - 2011 European Intelligence and Security Informatics Conference, EISIC 2011
Pages	220-223
Number of pages	4
DOIs	https://doi.org/10.1109/EISIC.2011.48
State	Published - 2011
Event	2011 1st European Intelligence and Security Informatics Conference, EISIC 2011 - Athens, Greece Duration: 12 Sep 2011 → 14 Sep 2011

Publication series

Name	Proceedings - 2011 European Intelligence and Security Informatics Conference, EISIC 2011

Conference

Conference	2011 1st European Intelligence and Security Informatics Conference, EISIC 2011
Country/Territory	Greece
City	Athens
Period	12/09/11 → 14/09/11

Keywords

AOP
BPEL
RBAC
Security policies
Web services security

Access to Document

10.1109/EISIC.2011.48

OpenUrl availability

Full text

Cite this

@inproceedings{8f4e6df2c9ff4df88b50138e596b9f99,

title = "Toward systematic integration of security policies into web services",

abstract = "In this paper, we introduce our approach for the automatic generation of BPEL (Business Process Execution Language) aspects from security policies. It is based on a synergy between policies, Aspect-Oriented Programming (AOP) and composition of web services. Our proposed approach allows first to transform security policies into BPEL aspects. Then, the generated aspects are weaved in the BPEL process of the composed web services at runtime [1]. The main contributions of our approach are: (1) Describing dynamic security policies, (2) generating automatically the BPEL aspects, (3) separating the business and security concerns of composite web services, and hence developing them separately (4) allowing the modification of the dynamic security features and web services composition at run time and (5) providing modularity for modeling cross-cutting concerns between web services.",

keywords = "AOP, BPEL, RBAC, Security policies, Web services security",

author = "Azzam Mourad and Hadi Otrok and Sara Ayoubi",

year = "2011",

doi = "10.1109/EISIC.2011.48",

language = "British English",

isbn = "9780769544069",

series = "Proceedings - 2011 European Intelligence and Security Informatics Conference, EISIC 2011",

pages = "220--223",

booktitle = "Proceedings - 2011 European Intelligence and Security Informatics Conference, EISIC 2011",

note = "2011 1st European Intelligence and Security Informatics Conference, EISIC 2011 ; Conference date: 12-09-2011 Through 14-09-2011",

}

Mourad, A , Otrok, H & Ayoubi, S 2011, Toward systematic integration of security policies into web services. in Proceedings - 2011 European Intelligence and Security Informatics Conference, EISIC 2011., 6061238, Proceedings - 2011 European Intelligence and Security Informatics Conference, EISIC 2011, pp. 220-223, 2011 1st European Intelligence and Security Informatics Conference, EISIC 2011, Athens, Greece, 12/09/11. https://doi.org/10.1109/EISIC.2011.48

Toward systematic integration of security policies into web services. / Mourad, Azzam ; Otrok, Hadi; Ayoubi, Sara.
Proceedings - 2011 European Intelligence and Security Informatics Conference, EISIC 2011. 2011. p. 220-223 6061238 (Proceedings - 2011 European Intelligence and Security Informatics Conference, EISIC 2011).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Toward systematic integration of security policies into web services

AU - Mourad, Azzam

AU - Otrok, Hadi

AU - Ayoubi, Sara

PY - 2011

Y1 - 2011

N2 - In this paper, we introduce our approach for the automatic generation of BPEL (Business Process Execution Language) aspects from security policies. It is based on a synergy between policies, Aspect-Oriented Programming (AOP) and composition of web services. Our proposed approach allows first to transform security policies into BPEL aspects. Then, the generated aspects are weaved in the BPEL process of the composed web services at runtime [1]. The main contributions of our approach are: (1) Describing dynamic security policies, (2) generating automatically the BPEL aspects, (3) separating the business and security concerns of composite web services, and hence developing them separately (4) allowing the modification of the dynamic security features and web services composition at run time and (5) providing modularity for modeling cross-cutting concerns between web services.

AB - In this paper, we introduce our approach for the automatic generation of BPEL (Business Process Execution Language) aspects from security policies. It is based on a synergy between policies, Aspect-Oriented Programming (AOP) and composition of web services. Our proposed approach allows first to transform security policies into BPEL aspects. Then, the generated aspects are weaved in the BPEL process of the composed web services at runtime [1]. The main contributions of our approach are: (1) Describing dynamic security policies, (2) generating automatically the BPEL aspects, (3) separating the business and security concerns of composite web services, and hence developing them separately (4) allowing the modification of the dynamic security features and web services composition at run time and (5) providing modularity for modeling cross-cutting concerns between web services.

KW - AOP

KW - BPEL

KW - RBAC

KW - Security policies

KW - Web services security

UR - https://www.scopus.com/pages/publications/81255172334

U2 - 10.1109/EISIC.2011.48

DO - 10.1109/EISIC.2011.48

M3 - Conference contribution

AN - SCOPUS:81255172334

SN - 9780769544069

T3 - Proceedings - 2011 European Intelligence and Security Informatics Conference, EISIC 2011

SP - 220

EP - 223

BT - Proceedings - 2011 European Intelligence and Security Informatics Conference, EISIC 2011

T2 - 2011 1st European Intelligence and Security Informatics Conference, EISIC 2011

Y2 - 12 September 2011 through 14 September 2011

ER -

Toward systematic integration of security policies into web services

Abstract

Publication series

Conference

Keywords

Access to Document

OpenUrl availability

Other files and links

Fingerprint

Cite this