The SCIFC Model for Information Flow Control in Web Service Composition

1 July 2009

conference paper
conference paper
Published by Institute of Electrical and Electronics Engineers (IEEE)

p. 1-8
https://doi.org/10.1109/icws.2009.13

Abstract

Existing Web service access control models focus on individual Web services, and do not consider service composition. In composite services, a major issue is information flow control. Critical information may flow from one service to another in a service chain through requests and responses and there is no mechanism for verifying that the flow complies with the access control policies. In this paper, we propose an innovative access control model to empower the services in a service chain to control the flow of their sensitive information. Our model supports information flow control through a back-check procedure and pass-on certificates. We also introduce additional factors such as the carry-along policy, security class, and transformation factor, to improve the protocol efficiency. A formal analysis is also presented to show the power and complexity of our protocol.

Keywords

This publication has 6 references indexed in Scilit:

Enhancing Security Modeling for Web Services Using Delegation and Pass-On
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2008
Web Service Composition: A Security Perspective
Published by Institute of Electrical and Electronics Engineers (IEEE) ,2005
A Trust-Based Context-Aware Access Control Model for Web-Services
Distributed and Parallel Databases, 2005
The UCON _ABC usage control model
ACM Transactions on Information and System Security, 2004
Model-driven trust negotiation for web services
IEEE Internet Computing, 2003
Dynamic inference control
Published by Association for Computing Machinery (ACM) ,2003

Cited by 28 articles