Policy-Driven Service Composition with Information Flow Control
- 1 July 2010
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
Ensuring secure information flow is a critical task for service composition in multi-domain systems. Research in security-aware service composition provides some preliminary solutions to this problem, but there are still issues to be addressed. In this paper, we develop a service composition mechanism specifically focusing on the secure information flow control issues. We first introduce a general model for information flow control in service chains, considering the transformation factors of services and security classes of data resources in a service chain. Then, we develop general rules to guide service composition satisfying secure information flow requirements. Finally, to achieve efficient service composition, we develop a three-phase protocol to allow rapid filtering of candidate compositions that are unlikely to satisfy the information flow constraints and thorough evaluation of highly promising candidates. Our approach can achieve effective and efficient service composition considering secure information flow.Keywords
This publication has 9 references indexed in Scilit:
- The SCIFC Model for Information Flow Control in Web Service CompositionPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2009
- Verification of Access Control Requirements in Web Services ChoreographyPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2008
- An Access Control System for Web Service CompositionsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2007
- Access Control on the Composition of Web ServicesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- Security Conscious Web Service CompositionPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2006
- A fine-grained access control model for web servicesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004
- A trust-based context-aware access control model for Web-servicesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004
- Access control for semantic Web servicesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2004
- Fine grained access control for SOAP E-servicesPublished by Association for Computing Machinery (ACM) ,2001