Constructing secure service compositions with patterns

In service based applications, it is often necessary to construct compositions of services in order to provide required functionality in cases where this is not possible through the use of a single service. Whilst creating service compositions, it is necessary to ensure not only that the functionality required of the composition is achieved but also that certain security properties are preserved. In this paper, we describe an approach to constructing secure service compositions. Our approach is based on the use of composition patterns and rules that determine the security properties that should be preserved by the individual services that constitute a composition in order to ensure that security properties of the overall composition are also satisfied. Our approach extends a framework developed to support the runtime service discovery

Finding secure compositions of software services: Towards a pattern based approach

In service based systems, there is often a need to replace services at runtime as they become either unavailable or they no longer meet required quality or security properties. In such cases, it is often necessary to build compositions of services that can replace a problematic service because no single service with a sufficient match to it can be located. In this paper, we present an approach for building compositions of services that can preserve required security properties. Our approach is based on the use of secure composition patterns which are applied in connection with basic discovery mechanisms to build secure service compositions

Discovering secure service compositions

Security is an important concern for service based systems, i.e., systems that are composed of autonomous and distributed software services. This is because the overall security of such systems depends on the security of the individual services they deploy and, hence, it is difficult to assess especially in cases where the latter services must be discovered and composed dynamically. This paper presents a novel approach for discovering secure compositions of software services. This approach is based on secure service orchestration patterns, which have been proven to provide certain security properties and can, therefore, be used to generate service compositions that are guaranteed to satisfy these properties by construction. The paper lays the foundations of the secure service orchestration patterns, and presents an algorithm that uses the patterns to generate secure service compositions and a tool realising our entire approach

Generating Secure Service Compositions

Ensuring that the compositions of services that constitute service-based systems satisfy given security properties is a key prerequisite for the adoption of the service oriented computing paradigm. In this paper, we address this issue using a novel approach that guarantees service composition security by virtue of the generation of compositions. Our approach generates service compositions that are guaranteed to satisfy security properties based on secure service orchestration (SESO) patterns. These patterns express primitive (e.g., sequential, parallel) service orchestrations, which are proven to have certain global security properties if the individual services participating in them have themselves other security properties. The paper shows how SESO patterns can be constructed and gives examples of proofs for such patterns. It also presents the process of using SESO patterns to generate secure service compositions and presents the results of an initial experimental evaluation of the approach

Designing Secure Service Workflows in BPEL

This paper presents an approach that we have developed to support the design of secure service based applications in BPEL. The approach is based on the use of secure service composition patterns, which are proven to preserve composition level security properties if the services that are composed according to the pattern satisfy other properties individually. The secure service composition patterns are used for two purposes: (a) to analyse whether a given workflow fragment satisfies a given security property, and (b) to generate com-positions of services that could substitute for individual services within the workflow that cause the violation of the security properties. Our approach has been implemented in a tool that is based on Eclipse BPEL Designer

A pattern-based approach for designing reliable cyber-physical systems

Cyber-Physical Systems (CPS) appear to be of paramount importance due to their increasing use on critical infrastructure. New challenges have occurred because of the nature and the complexity of such systems in supporting heterogeneous physical and cyber components simultaneously. Failures or attacks on system components decrease system reliability creating severe consequences to CPS and the attached applications. The construction of complex CPS with respect to security and dependability (SandD) properties is necessary to avoid system vulnerabilities at design level. Design patterns are solutions for reusable designs and interactions of objects. In this work we present a pattern-based language for designing CPS able to guarantee SandD properties. The first set of SandD patterns includes the Reliability Component Composition (RCC) Patterns for designing reliable CPS. RCC patterns are encoded in Drools, which is a rule-based reasoning system. To evaluate our approach, we use RCC patterns as a methodology for designing a reliable wireless sensor network attached to a physical architecture to send monitored data to a central controller through relay nodes and paths

Functional Skills Support Programme: Developing functional skills in music

This booklet is part of "... a series of 11 booklets which helps schools to implement functional skills across the curriculum. The booklets illustrate how functional skills can be applied and developed in different subjects and contexts, supporting achievement at Key Stage 3 and Key Stage 4. Each booklet contains an introduction to functional skills for subject teachers, three practical planning examples with links to related websites and resources, a process for planning and a list of additional resources to support the teaching and learning of functional skills." - The National Strategies website

Patterns for the design of secure and dependable software defined networks

In an interconnected world, cyber and physical networks face a number of challenges that need to be resolved. These challenges are mainly due to the nature and complexity of interconnected systems and networks and their ability to support heterogeneous physical and cyber components simultaneously. The construction of complex networks preserving Security and Dependability (S&D) properties is necessary to avoid system vulnerabilities, which may occur in all the different layers of Software Defined Networking (SDN) architectures. In this paper, we present a model based approach to support the design of secure and dependable SDN. This approach is based on executable patterns for designing networks able to guarantee S&D properties and can be used in SDN networks. The design patterns express conditions that can guarantee specific S&D properties and can be used to design networks that have these properties and manage them during their deployment. To evaluate our pattern approach, we have implemented executable pattern instances, in a rule-based reasoning system, and used them to design and verify wireless SDN networks with respect to availability and confidentiality. To complete this work, we propose and evaluate an implementation framework in which S&D patterns can be applied for the design and verification of SDN networks