End-to-end security in service-oriented architecture

A service-oriented architecture (SOA)-based application is composed of a number of distributed and loosely-coupled web services, which are orchestrated to accomplish a more complex functionality. Any of these web services is able to invoke other web services to offload part of its functionality. The main security challenge in SOA is that we cannot trust the participating web services in a service composition to behave as expected all the time. In addition, the chain of services involved in an end-to-end service invocation may not be visible to the clients. As a result, any violation of client’s policies could remain undetected. To address these challenges in SOA, we proposed the following contributions. First, we devised two composite trust schemes by using graph abstraction to quantitatively maintain the trust levels of different services. The composite trust values are based on feedbacks from the actual execution of services, and the structure of the SOA application. To maintain the dynamic trust, we designed the trust manager, which is a trusted-third party service. Second, we developed an end-to-end inter-service policy monitoring and enforcement framework (PME framework), which is able to dynamically inspect the interactions between services at runtime and react to the potentially malicious activities according to the client’s policies. Third, we designed an intra-service policy monitoring and enforcement framework based on taint analysis mechanism to monitor the information flow within services and prevent information disclosure incidents. Fourth, we proposed an adaptive and secure service composition engine (ASSC), which takes advantage of an efficient heuristic algorithm to generate optimal service compositions in SOA. The service compositions generated by ASSC maximize the trustworthiness of the selected services while meeting the predefined QoS constraints. Finally, we have extensively studied the correctness and performance of the proposed security measures based on a realistic SOA case study. All experimental studies validated the practicality and effectiveness of the presented solutions

A flexible service selection for executing virtual services

[EN] With the adoption of a service-oriented paradigm on the Web, many software services are likely to fulfil similar functional needs for end-users. We propose to aggregate functionally equivalent software services within one single virtual service, that is, to associate a functionality, a graphical user interface (GUI), and a set of selection rules. When an end user invokes such a virtual service through its GUI to answer his/her functional need, the software service that best responds to the end-user s selection policy is selected and executed and the result is then rendered to the end-user through the GUI of the virtual service. A key innovation in this paper is the flexibility of our proposed service selection policy. First, each selection policy can refer to heterogeneous parameters (e.g., service price, end-user location, and QoS). Second, additional parameters can be added to an existing or new policy with little investment. Third, the end users themselves define a selection policy to apply during the selection process, thanks to the GUI element added as part of the virtual service design. This approach was validated though the design, implementation, and testing of an end-to-end architecture, including the implementation of several virtual services and utilizing several software services available today on the Web.This work was partially supported in part by SERVERY (Service Platform for Innovative Communication Environment), a CELTIC project that aims to create a Service Marketplace that bridges the Internet and Telco worlds by merging the flexibility and openness of the former with the trustworthiness and reliability of the latter, enabling effective and profitable cooperation among actors.Laga, N.; Bertin, E.; Crespi, N.; Bedini, I.; Molina Moreno, B.; Zhao, Z. (2013). A flexible service selection for executing virtual services. World Wide Web. 16(3):219-245. doi:10.1007/s11280-012-0184-2S219245163Aggarwal, R., Verma, K., Miller, J., and Milnor, W.: Constraint Driven Web Service Composition in METEOR-S. In Proceedings of the 2004 IEEE international Conference on Services Computing (September 2004). IEEE Computer Society, Washington, DC, 23–30.Apple Inc. Apple app store.: Available at: www.apple.com/iphone/appstore/ , accessed on May 22nd, 2012.Atzeni, P., Catarci, T., Pernici, B.: Multi-Channel adaptive information Systems. World Wide Web 10(4), 345–347 (2007)Baresi, L., Bianchini, D., Antonellis, V.D., Fugini, M.G., Pernici, B., Plebani, P.: Context-aware Composition of e-Service. In Technologies for E-Services: Third International Workshop, vol. 2819, 28–41, TES 2003, Berlin, German, 2003.Ben Hassine, A., Matsubara, S., Ishida, T.: In Proceedings of the 5th international conference on The Semantic Web (ISWC’06), Isabel Cruz, Stefan Decker, Dean Allemang, Chris Preist, and Daniel Schwabe (Eds.). Springer-Verlag, Berlin, Heidelberg, 130–143 (2006).Blum, N., Dutkowski, S., Magedanz, T.: InSeRt - An Intent-based Service Request API for Service Exposure in Next Generation Networks. In Proceedings of 32nd Annual IEEE Software Engineering Workshop. Porto Sani Resort, Kassandra, Greece, 2008 pp21–30.Boussard, M., Fodor, S., Crespi, N., Iribarren, V., Le Rouzic, J.P., Bedini, I., Marton, G., Moro Fernandez, D., Lorenzo Duenas, O., Molina, B.: SERVERY: the Web-Telco marketplace. ICT-Mobile Summit 2009, Santander (2009)Cabrera, Ó., Oriol, M., Franch, X., Marco, J., López, L., Fragoso, O., Santaolaya, R.: WeSSQoS: A Configurable SOA System for Quality-aware Web Service Selection. CoRR 2011, abs/1110.5574.Casati, F., Ilnicki, S., Jin, L., Krishnamoorthy, V., Shan, M.: Adaptive and Dynamic Service Composition in eFlow. Lecture Notes in Computer Science, Volume 1789/2000, 13–31, 2000.Cibrán, M. A., Verheecke, B., Vanderperren, W., Suvée, D., and Jonckers, V.: “Aspect-oriented Programming for Dynamic Web Service Selection, Integration and Management.” In Proc. World Wide Web 2007, pp. 211–242.Crespi, N., Boussard, M. Fodor, S.: Converging Web 2.0 with telecommunications. eStrategies Projects, Vol. 10, 108–109. British Publishers, ISSN 1758–2369, June 2009.Dey, A.K., Salber, D., Abowd, G.D.: A conceptual framework and a toolkit for supporting the rapid prototyping of context-aware applications. Hum. Comput. Interact. 16, 1–67 (2001)Ding, Q., Li, X., and Zhou, X.: Reputation Based Service Selection in Grid Environment. In Proceedings of the 2008 international Conference on Computer Science and Software Engineering - Volume 03 (December. 2008). CSSE. IEEE Computer Society, Washington, DC, 58–61.Fielding, R.T.: Architectural Styles and the Design of Network-based Software Architectures. Thesis dissertation, 2000.Franch, X., Grünbacher, P., Oriol, M., Burgstaller, B., Dhungana, D., López, L., Marco, J., Pimentel, J.: Goal-driven Adaptation of Service-Based Systems from Runtime Monitoring Data. REFS 2011.Frolund, S., Koisten, J.: QML: A Language for Quality of Service Specification. HP Labs technical reports. Available at http://www.hpl.hp.com/techreports/98/HPL-98-10.html , accessed on May 22nd, 2012.Google. Android market.: Available at: www.android.com/market/ , accessed on May 22nd, 2012.Google. Intents and Intent Filters.: Available at http://developer.android.com/guide/topics/intents/intents-filters.html , accessed on May 22nd, 2012.Gu, X., Nahrstedt, K., Yuan, W., Wichadakul, D., Xu, D.: An Xml-Based Quality of Service Enabling Language for the Web. Technical Report. UMI Order Number: UIUCDCS-R-2001-2212., University of Illinois at Urbana-Champaign.Laga, N., Bertin, E., and Crespi, N.: Building a User Friendly Service Dashboard: Automatic and Non-intrusive Chaining between Widgets. In Proceedings of the 2009 Congress on Services - I (July 06–10, 2009). SERVICES. IEEE Computer Society, Washington, DC, 484–491.Laga, N., Bertin, E., and Crespi, N.: Business Process Personalization Through Web Widgets. In Proceedings of the 2010 IEEE international Conference on Web Services (July 05–10, 2010). ICWS. IEEE Computer Society, Washington, DC, 551–558.Liu, Y., Ngu, A. H., and Zeng, L. Z.: QoS computation and policing in dynamic web service selection. In Proceedings of the 13th international World Wide Web Conference on Alternate Track Papers &Amp; Posters (New York, NY, USA, May 19–21, 2004). WWW Alt. ’04. ACM, New York, NY, 66–73.Malik, Z., Bouguettaya, A.: Rater credibility assessment in Web services interactions. World Wide Web 12(1), 3–25 (2009)Martin, D. et al.: OWL-S: Semantic Markup for Web Services. W3C member submission, available at http://www.w3.org/Submission/2004/SUBM-OWL-S-20041122/ , accessed on May 22nd, 2012.Nestler, T., Namoun, A., Schill, A.: End-user development of service-based interactive web applications at the presentation layer. EICS 2011: 197–206.Newcomer, E.: Understanding Web Services: XML, Wsdl, Soap, and UDDI. Addison, Wesley, Boston, Mass., May 2002.O’Reilly, T.: What Is Web 2.0, Design Patterns and Business Models for the Next Generation of Software.Piessens, F., Jacobs, B., Truyen, E., Joosen, W.: Support for Metadata-driven Selection of Run-time Services in .NET is Promising but Immature. vol. 3, no. 2, Special issue: .NET: The Programmer’s Perspective: ECOOP Workshop, 27–35. 2003.Rasch, K;, Li, F., Sehic, S., Ayani R., and Dustdar, S.: “Context-driven personalized service discovery in pervasive environments,” in Proc World Wide Web, 2011, pp. 295–319.Reichl, P.: From ‘Quality-of-Service’ and ‘Quality-of-Design’ to ‘Quality-of-Experience’: A holistic view on future interactive telecommunication ser-vices. In 15th International Conference on Software, Telecommunications and Computer Networks, 2007. Soft-COM 2007. Sept. 2007. vol., no.,1–6, 27–29.Rolland, C., Kaabi, R.S., Kraiem, N.: On ISOA: Intentional Services Oriented Architecture. In Advanced Information Systems Engineering, volume 4495/2007, 158–172, June 2007.Sanchez, A., Carro, B., Wesner, S.: Telco services for end customers: European Perspective. In Communications Magazine. IEEE 46(2), 14–18 (2008)Santhanam, G. R., Basu, S., and Honavar, V.: On Utilizing Qualitative Preferences in Web Service Composition: A CP-net Based Approach. In Proceedings of IEEE Congress on Services, Services - Part I, vol., no.,538–544, 2008.Spanoudakis, G., Mahbub, K., Zisman, A.: A Platform for Context Aware Runtime Web Service Discovery. In Proc IEEE ICWS, 2007, pp233-240.Tsesmetzis, D., Roussaki, I., Sykas, E.: Modeling and Simulation of QoS-aware Web Service Selection for Provider Profit Maximization. Simulation 83(1), 93–106 (2007)Wang, P., Chao, K., Lo, C., Farmer, R., and Kuo, P.: A Reputation-Based Service Selection Scheme. In Proceedings of the 2009 IEEE international Conference on E-Business Engineering (October 21–23, 2009). ICEBE. IEEE Computer Society, Washington, DC, 501–506.Wang, H., Yang, D., Zhao, Y., and Gao, Y.: Multiagent System for Reputation--based Web Services Selection. In Proceedings of the Sixth international Conference on Quality Software (October 27–28, 2006). QSIC. IEEE Computer Society, Washington, DC, 429–434.Wholesale Applications Community.: WAC Informational Whitepaper. Available at http://www.wholesaleappcommunity.com/About-Wac/BACKGROUND%20TO%20WAC/whitepaper.pdf , accessed on May 22nd, 2012.Windows Marketplace.: Available at http://marketplace.windowsphone.com/default.aspx , accessed on May 22nd, 2012.Xu, Z., Martin, P., Powley, W., Zulkernine, F.: Reputation-Enhanced QoS-based Web Services Discovery. Web Services, 2007. In proceedings of IEEE International Conference on Web Services, ICWS 2007. 249, 256, 9–13 July 2007.Yu, Q., Bouguettaya,A.: “Multi-attribute optimization in service selection”. In Proc World Wide Web,2012, pp. 1–31.Yu, T., Zhang, Y., Lin, K. Efficient algorithms for Web services selection with end-to-end QoS constraints. ACM Transaction Web 1, 1. Article 6, 26 pages. (May 2007),

A service-based testbed for Trust Negotiation

Trust Negotiation allows users to develop trust incrementally, by disclosing credentials step by step. This way, services and resources can be shared in an open environment, and access rights can be granted on the basis of peer-to-peer trust relationships. This article presents a service-based testbed for Trust Negotiation. At its core, it is created as a generic framework based on the WS-Trust standard. It integrates a modular trust engine and a rule engine, which is used as a policy checker. The system is mainly oriented at Web services composition and location-based social networking scenarios

Probabilistic analysis of QoS-aware service composition with Explicit Environment Models

Service composition is one of the primary ways to provide value-added services on the Internet. Quality-of-Service (QoS) represents a crucial indicator for the underlying composition policy adoption, but it is highly influenced by various environmental factors. Existing composition strategies rarely take the influence of environment into consideration explicitly, which may lead to sub-optimal composition policies in a dynamic environment. In this paper, a model-based service composition approach is proposed. Given the user request, it is possible to first find a set of matching abstract web services (AWSs), and then pull relevant concrete web services (CWSs) based on the AWSs. The set of CWSs can be modelled as a Markov decision process (MDP). In addition, we model the environment as a fully probabilistic system, capturing changes of environment probabilistically. The environment model can be further composed with the MDP from the service models, obtaining a monolithic MDP. The policy of which corresponds the selection of concrete services. We demonstrate how probabilistic verification techniques can be used to find the optimal service selection strategy against their QoS and the environment change. A distinguished feature of our approach is that the QoS of services, as well as the dynamic of environment change, are made parametric, so that the formal analysis is adaptive to the environment which is of paramount importance for autonomous and self-adaptive systems. Examples and experiments confirm the feasibility of our approach

Semantic-based policy engineering for autonomic systems

This paper presents some important directions in the use of ontology-based semantics in achieving the vision of Autonomic Communications. We examine the requirements of Autonomic Communication with a focus on the demanding needs of ubiquitous computing environments, with an emphasis on the requirements shared with Autonomic Computing. We observe that ontologies provide a strong mechanism for addressing the heterogeneity in user task requirements, managed resources, services and context. We then present two complimentary approaches that exploit ontology-based knowledge in support of autonomic communications: service-oriented models for policy engineering and dynamic semantic queries using content-based networks. The paper concludes with a discussion of the major research challenges such approaches raise

Design of an autonomous software platform for future symbiotic service management

Nowadays, public as well as private communication infrastructures are all contending for the same limited amount of bandwidth. To optimally share network resources, symbiotic networks have been proposed, which cross logical and physical boundaries to improve the reliability, scalability, and energy efficiency of the network as a whole as well as its constituents. This paper focuses on software services in such symbiotic networks. We propose a platform for the intelligent composition of services provided by symbiotically connected parties, resulting in novel cooperation opportunities. The platform harvests Semantic Web technology to describe services in a highly expressive manner, and constructs service compositions using SeCoA, our tunable best-first search algorithm. The resulting compositions are then enacted via CaPI, a reconfigurable middleware infrastructure. By means of an illustrative scenario, we provide further insight into the platform's functioning

Web Services Support for Dynamic Business Process Outsourcing

Outsourcing of business processes is crucial for organizations to be effective, efficient and flexible. To meet fast-changing market conditions, dynamic outsourcing is required, in which business relationships are established and enacted on-the-fly in an adaptive, fine-grained way unrestricted by geographic distance. This requires automated means for both the establishment of outsourcing relationships and for the enactment of services performed in these relationships over electronic channels. Due to wide industry support and the underlying model of loose coupling of services, Web services increasingly become the mechanism of choice to connect organizations across organizational boundaries. This paper analyzes to which extent Web services support the dynamic process outsourcing paradigm. We discuss contract -based dynamic business process outsourcing to define requirements and then introduce the Web services framework. Based on this, we investigate the match between the two. We observe that the Web services framework requires further support for cross - organizational business processes and mechanisms for contracting, QoS management and process-based transaction support and suggest ways to fill those gaps