Semantics-based design for secure web services

IEEE Transactions on Software Engineering

Volumn 34, Issue 1, 2008, Pages 33-49

  Bartoletti, Massimo ^a   Degano, Pierpaolo ^a   Ferrari, Gian Luigi ^a   Zunino, Roberto ^a  

^a UNIVERSITY OF PISA   (Italy)

Author keywords

Call by contract; Language based security; Static analysis; System verification; Web services

Indexed keywords

COMPUTER PROGRAMMING LANGUAGES; GRAPH THEORY; MATHEMATICAL MODELS; MODEL CHECKING; SECURITY OF DATA; SEMANTICS; SOFTWARE DESIGN; SOFTWARE ENGINEERING;

GRAPHICAL MODELLING; LANGUAGE-BASED SECURITY; SYSTEM VERIFICATION;

WEB SERVICES;

EID: 40449126543     PISSN: 00985589     EISSN: None     Source Type: Journal    
DOI: 10.1109/TSE.2007.70740     Document Type: Article

References (51)

1. M. Abadi and C. Fournet, "Access Control Based on Execution History," Proc. 10th Ann. Network and Distributed System Security Symp., 2003.
2. G. Alonso, F. Casati, H. Kuno, and V. Machiraju, Web Services: Concepts, Architectures and Applications. Springer, 2004.
3. S. Anderson et al., "Web Services Trust Language (WS-Trust)," technical report, 2005.
4. B. Atkinson et al., "Web Services Security (WS-Security)," technical report, 2002.
5. A. Banerjee and D.A. Naumann, "History-Based Access Control and Secure Information Flow," Proc. Workshop Construction and Analysis of Safe, Secure, and Interoperable Smart Cards, 2004.
6. H.P. Barendregt et al., "Term Graph Rewriting," Parallel Languages on PARLE: Parallel Architectures and Languages Europe, 1987.
7. M. Bartoletti, P. Degano, and G.L. Ferrari, "History Based Access Control with Local Policies," Proc. Eight Int'l Conf. Foundations of Software Science and Computation Structures, 2005.
8. M. Bartoletti, P. Degano, and G.L. Ferrari, "Planning and Verifying Service Composition," Technical Report TR-07-02, Dept. of Informatics, Univ. of Pisa, 2007, J. Computer Security, to appear.
9. M. Bartoletti, P. Degano, G.L. Ferrari, and R. Zunino, "Types and Effects for Resource Usage Analysis," Proc. 10th Int'l Conf. Foundations of Software Science and Computation Structures, 2007.
10. M. Bartoletti, P. Degano, and G.L. Ferrari, "Enforcing Secure Service Composition," Proc. 18th Computer Security Foundations Workshop, 2005.
11. M. Bartoletti, P. Degano, and G.L. Ferrari, "Plans for Service Composition," Proc. Sixth Int'l Workshop Issues in the Theory of Security, 2006.
12. M. Bartoletti, P. Degano, and G.L. Ferrari, Security Issues in Service Composition, Proc. Eighth IFIP Intl Conf. Formal Methods for Open Object-Based Distributed Systems, 2006.
13. M. Bartoletti, P. Degano, and G.L. Ferrari, "Types and Effects for Secure Service Orchestration," Proc. 19th Computer Security Foundations Workshop, 2006.
14. K. Bhargavan, R. Corin, C. Fournet, and A.D. Gordon, "Secure Sessions for Web Services," Proc. ACM Workshop Secure Web Services, 2004.
15. K. Bhargavan, C. Fournet, and A.D. Gordon, "A Semantics for Web Services Authentication," Proc. 31st Ann. ACM Symp. Principles of Programming Languages, 2004.
16. B. Bloch et al., "Web Services Business Process Execution Language Version 2.0," TC OASIS technical report, 2005.
17. D. Booth et al., "Web Service Description Language (WSDL) Version 2.0," technical report, 2006.
18. M. Boreale et al., "SCC: A Service Centered Calculus," Proc. Third Int'l Workshop Web Services and Formal Methods, 2006.
19. D. Box et al., Simple Object Access Protocol (SOAP) 1.1, W3C note, 2000.
20. R. Bruni, H. Melgratti, and U. Montanari, "Theoretical Foundations for Compensations in Flow Composition Languages," Proc. 32nd Symp. Principles of Programming Languages, 2005.
21. N. Busi, R. Gorrieri, C. Guidi, R. Lucchi, and G. Zavattaro, "Choreography and Orchestration: A Synergic Approach for System Design," Proc. Third Int'l Conf. Service Oriented Computing, 2005.
22. N. Busi, R. Gorrieri, C. Guidi, R. Lucchi, and G. Zavattaro, "Choreography and Orchestration Conformace for System Design," Proc. Eighth Int'l Conf. Coordination Models and Languages, 2006.
23. M. Carbone, K. Honda, and N. Yoshida, "Structured Global Programming for Communicating Behavior," Proc. 16th European Symp. Programming Languages, 2007.
24. "Building Systems Using a Service-Oriented Architecture," SCA Consortium, white paper, 2005.
25. F. Curbera, R. Khalaf, N. Mukhi, S. Tai, and S. Weerawarane, "The Next Step in Web Services," Comm. ACM, vol. 46, no. 10, 2003.
26. W. Van der Aalst, A. ter Hofstede, B. Kiepuszewski, and A. Barros, "Workflow Patterns," Distributed and Parallel Databases, vol. 14, no. 1, 2003.
27. G. Edjlali, A. Acharya, and V. Chaudhary, "History-Based Access Control for Mobile Code," Proc. Fifth ACM Conf. Computer and Comm. Security 1999.
28. G.L. Ferrari, R. Guanciale, and D. Strollo, "JSCL: A Middleware for Service Coordination," Proc. 26th Int'l Conf. Formal Methods for Networked and Distributed Systems, 2006.
29. J.L. Fiadeiro, A. Lopez, and L. Bocchi, "A Formal Approach to Service Component Architecture," Proc. Third Int'l Workshop Web Services and Formal Methods, 2006.
30. P.W. Fong, "Access Control by Tracking Shallow Execution History," Proc. IEEE Symp. Security and Privacy, 2004.
31. H. Foster, S. Uchitel, J. Magee, and J. Kramer, "Model-Based Verification of Web Services," Proc. 18th IEEE Int'l Conf. Automated Software Eng., 2003.
32. H. Garcia-Molina and K. Salem, "Sagas," Proc. ACM SIGMOD'87, 1987.
33. T. Gardner et al., "UML 1.4 Profile for Automated Business Process with a Mapping to the BPEL 1.0," white paper, 2003.
34. L. Gong, Inside Java 2 Platform Security: Architecture, API Design, and Implementation. Addison-Wesley, 1999.
35. C. Guidi, R. Lucchi, R. Gorrieri, N. Busi, and G. Zavattaro, "SOCK: A Calculus for Service-Oriented Computing," Proc. Fourth Int'l Conf. Service-Oriented Computing, 2006.
36. A. Igarashi and N. Kobayashi, "Resource Usage Analysis," Proc. 29th Symp. Principles of Programming Languages, 2002.
37. A. Lapadula, R. Pugliese, and F. Tiezzi, "A Calculus for Orchestration of Web Services," Proc. 16th European Symp. Programming Languages 2007.
38. J. Misra, "A Programming Model for the Orchestration of Web Services," Proc. Second Int'l Conf. Software Eng. and Formal Methods, 2004.
39. C. Montangero and L. Semini, "Barbed Model-Driven Software Development: A Case Study," SENSORIA Technical Report IST-2005-016004, 2007.
40. F. Nielson, H.R. Nielson, and C. Hankin, Principles of Program Analysis. Springer-Verlag, 1999.
41. M. Papazoglou, "Service-Oriented Computing: Concepts, Characteristics and Directions," Proc. Fourth Int'l Conf. Web Information Systems Eng., 2003.
42. M. Papazoglou and D. Georgakopoulos, Comm. ACM, special issue on service-oriented computing, vol. 46, no. 10, 2003.
43. F.B. Schneider, "Enforceable Security Policies," ACM Trans. Information and System Security, vol. 3, no. 1, 2000.
44. C. Skalka and S. Smith, "History Effects and Verification," Proc. Second Asian Programming Languages Symp., 2004.
45. M. Stal, "Web Services: Beyond Component-Based Computing," Comm. ACM, vol. 55, no. 10, 2002.
46. I. Toma and D. Foxvog, Non-Functional Properties in Web Services, WSMO Deliverable, 2006.
47. Vedamuthu et al., "Web Services Policy Framework (WS-Policy)," technical report, 2006.
48. W. Vogels, "Web Services Are Not Distributed Objects," IEEE Internet Computing, vol. 7, no. 6, Nov./Dec. 2003.
49. "UDDI technical white paper," W3C, 2000.
50. M. Wirsing et al., "Semantic-Based Development of Service-Oriented Systems," Proc. 26th Int'l Conf. Formal Methods for Networked and Distributed Systems, 2006.
51. R. Yahalom, B. Klein, and Th. Beth, "Trust Relationships in Secure Systems: A Distributed Authentication Perspective," Proc. IEEE Symp. Security and Privacy, 1993.