The SCIFC Model for Information Flow Control in Web Service Composition
- 1 July 2009
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
Existing Web service access control models focus on individual Web services, and do not consider service composition. In composite services, a major issue is information flow control. Critical information may flow from one service to another in a service chain through requests and responses and there is no mechanism for verifying that the flow complies with the access control policies. In this paper, we propose an innovative access control model to empower the services in a service chain to control the flow of their sensitive information. Our model supports information flow control through a back-check procedure and pass-on certificates. We also introduce additional factors such as the carry-along policy, security class, and transformation factor, to improve the protocol efficiency. A formal analysis is also presented to show the power and complexity of our protocol.Keywords
This publication has 6 references indexed in Scilit:
- Enhancing Security Modeling for Web Services Using Delegation and Pass-OnPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2008
- Web Service Composition: A Security PerspectivePublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- A Trust-Based Context-Aware Access Control Model for Web-ServicesDistributed and Parallel Databases, 2005
- The UCON ABC usage control modelACM Transactions on Information and System Security, 2004
- Model-driven trust negotiation for web servicesIEEE Internet Computing, 2003
- Dynamic inference controlPublished by Association for Computing Machinery (ACM) ,2003