Home            Contact us            FAQs
    
      Journal Home      |      Aim & Scope     |     Author(s) Information      |      Editorial Board      |      MSP Download Statistics

     Research Journal of Applied Sciences, Engineering and Technology

Research Article   |   OPEN ACCESS

Novel Security Conscious Evaluation Criteria for Web Service Composition

1Homa Movahednejad, 1Suhaimi Bin Ibrahim, 1, 2Mahdi Sharifi, 1Harihodin Bin Selamat, 3Arash Habibi Lashkari and 4Sayed Gholam Hassan Tabatabaei
1Advanced Informatics School (AIS), Universiti Teknologi Malaysia (UTM), International Campus, Kuala Lumpur, Malaysia
2Department of Computer Engineering, Islamic Azad University, Najafabad Branch, Najafabad, Iran
3Department of Computer Engineering, Islamic Azad University, Rasht Branch, Rasht, Iran
4Department of Electrical and Computer Engineering, Isfahan University of Technology, Isfahan, Iran
Research Journal of Applied Sciences, Engineering and Technology  2014  4:673-695
http://dx.doi.org/10.19026/rjaset.7.304  |  © The Author(s) 2014
Received: January 21, 2013  |  Accepted: April 12, 2013  |  Published: January 27, 2014
Back to issue  |  PDF   |   HTML

Abstract

This study aims to present a new mathematical based evaluation method for service composition with respects to security aspects. Web service composition as complex problem solver in service computing has become one of the recent challenging issues in today’s web environment. It makes a new added value service through combination of available basic services to address the problem requirements. Despite the importance of service composition in service computing, security issues have not been addressed in this area. Considering the dazzling growth of number of service based transactions, making a secure composite service from candidate services with different security concerns is a demanding task. To deal with this challenge, different techniques have been employed which have direct impacts on secure service composition efficiency. Nonetheless, little work has been dedicated to deeply investigate those impacts on service composition outperformance. Therefore, the focus of this study is to evaluate the existing approaches based on their applied techniques and QoS aspects. A mathematical- based security-aware evaluation framework is proposed wherein Analytic Hierarchy Process (AHP), a multiple criteria decision making technique, is adopted. The proposed framework is tested on state-of-the-art approaches and the statistical analysis of the results presents the efficiency and correctness of the proposed work.

Keywords:

Decision making, factor analysis, Quality of Service (QoS), security, web service composition,

References

  1. Agarwal, S., B. Sprick and S. Wortmann, 2004. Credential based Access Control for Semantic Web Services, pp: 44-52. Retrieved from: citeseerx.ist. psu. edu/view doc/download? doi...1... -United States.
  2. Bajaj, S., D. Box, D. Chappell, F. Curbera, G. Daniels, P. Hallam-Baker, M. Hondo, C. Kaler, D. Langworthy and A. Nadalin, 2006. Web Services Policy 1.2-framework (WS-policy). W3C Member Submission, April 25, 2006.
    Direct Link
  3. Bertino, E., J. Crampton and F. Paci, 2006. Access control and authorization constraints for WS-BPEL. Proceeding of the International Conference on Web Services (ICWS '06).
    CrossRef    
  4. Bertino, E., L. Martino, F. Paci and A. Squicciarini, 2009. Security for Web Services and Service-oriented Architectures. Springer-Verlag Inc., New York.
  5. Bhatti, R., E. Bertino and A. Ghafoor, 2005. A trust-based context-aware access control model for web-services. Distrib. Parallel Dat., 18: 83-105.
    CrossRef    
  6. Biskup, J., B. Carminati, E. Ferrari, F. Muller and S. Wortmann, 2007. Towards secure execution orders for composite web services. Proceeding of the IEEE International Conference on Web Services (ICWS 2007).
    CrossRef    PMCid:PMC2233633    
  7. Boger, D., J. Fraga, P. Mafra and M. Wangham, 2009. A model to verify quality of protection policies in composite web services. Proceeding of the World Conference on Services-I.
    CrossRef    
  8. Brahim, M., B. Athman and K.E. Ahmed, 2003. Composing web services on the semantic web. VLDB J., 12: 333-351.
    CrossRef    
  9. Carminati, B., E. Ferrari, R. Bishop and P.C.K. Hung, 2007. Security conscious web service composition with semantic Web support. Proceeding of the IEEE 23rd International Conference on Data Engineering Workshop, pp: 695-704.
    CrossRef    
  10. Chafle, G., S. Chandra, V. Mann, M.G. Nanda and I.C. Soc, 2005. Orchestrating composite web services under data flow constraints. Proceedings of the 2005 IEEE International Conference on Web Services (ICWS 2005).
    CrossRef    
  11. Charfi, A. and M. Mezini, 2007. Ao4bpel: An aspect-oriented extension to bpel. World Wide Web, 10: 309-344.
    CrossRef    
  12. Charfi, A., M. Mezini and I.C. Soc, 2005. Using aspects for security engineering of web service compositions. Proceedings of the 2005 IEEE International Conference on Web Services (ICWS 2005).
    CrossRef    
  13. Cheikh, F., G. de Giacomo and M. Mecella, 2006. Automatic Web Services Composition in Trustaware Communities. Retrieved from: citeseerx.ist.psu. edu/viewdoc/download? doi...1...-United States.
    CrossRef    
  14. Chen, S.J.J., C.L. Hwang, M.J. Beckmann and W. Krelle, 1992. Fuzzy Multiple Attribute Decision Making: Methods and Applications. Springer-Verlag Inc., New York.
    CrossRef    
  15. Chevalier, Y., M.A. Mekki and M. Rusinowitch, 2008. Automatic composition of services with security policies. Proceedings of the IEEE Congress on Services Pt I, pp: 529-537.
    CrossRef    
  16. Dersingh, A., R. Liscano, A. Jost, M. Ahmad, V. Saxena, K. Kurn, M. Baumgarten, M. Mulvenna, K. Greer and C. Nugent, 2008. Context-aware access control using semantic policies. Ubiquitous Comput. Commun. J. (UBICC) Special Issue on Autonomic Computing Systems and Applications, 3: 19-32.
  17. Dillon, L.K., A.K. Richard and S. Sankar, 1997. Special issue on formal methods in software practice. IEEE T. Softw. Eng., 23(5).
  18. Emig, C., F. Brandt, S. Abeck, J. Biermann and H. Klarl, 2007. An access control metamodel for web service-oriented architecture. Proceeding of International Conference on Software Engineering Advances (ICSEA 2007), pp: 57.
    CrossRef    
  19. Foerster, T., J.M. Morales and J.E. Stoter, 2008. A classification of generalization operators formalised in OCL. Proceedings of the 6th Geographic Information Days, 32: 141-156.
  20. Garcia, D.Z.G. and M.B. Felgar de Toledo, 2008. Ontology-based security policies for supporting the management of web service business processes. Proceeding of the IEEE International Conference on Semantic Computing, Aug. 4-7, pp: 331-338.
    CrossRef    
  21. Gilmore, S., L. Gönczy, N. Koch, P. Mayer, M. Tribastone and D. Varró, 2010. Non-functional properties in the model-driven development of service-oriented systems. Softw. Syst. Model., 10(3): 287.
    CrossRef    
  22. Hristoskova, A., B. Volckaert and F. De Turck, 2009. Dynamic composition of semantically annotated web services through QoS-aware HTN planning algorithms. Proceeding of 4th International Conference on Internet and Web Applications and Services (ICIW '09), pp: 377-382.
    CrossRef    
  23. IBM and Microsoft, 2002. Security in a Web Services World: A Proposed Architecture and Roadmap. IBM, Microsoft.
  24. Ji, G.F., Y. Tang, F. Huang, P. Wang and G.B. Wu, 2007. An Access Control Model for Service Composite. Proceedings of the 11th International Conference on Computer Supported Cooperative Work in Design, 1-2: 852-857.
    CrossRef    
  25. Ji-Bo, D. and H. Fan, 2003. Task-based access control model. J. Softw., 14: 76-82.
  26. Jian Feng, Z. and R. Kowalczyk, 2006. Agent-based Dis-graph planning algorithm for web service composition. Proceeding of International Conference on Computational Intelligence for Modelling, Control and Automation, 2006 and International Conference on Intelligent Agents, Web Technologies and Internet Commerce. Nov. 28-Dec. 1, pp: 258.
  27. Kerschbaum, F. and P. Robinson, 2009. Security architecture for virtual organizations of business web services. J. Syst. Architect., 55: 224-232.
    CrossRef    
  28. Klarl, H., F. Marmé, C. Wolff, C. Emig and S. Abeck, 2009. An MDA-based environment for generating access control policies. Comput. Inform. Sci., 5695: 115-126.
    CrossRef    
  29. Koshutanski, H. and F. Massacci, 2005. Interactive credential negotiation for stateful business processes. Hermann, P., V. Issarny and S. Shiu (Eds.), Proceedings of the 3rd International Conference onTrust Management.
    CrossRef    
  30. Kuter, U. and J. Golbeck, 2009. Semantic web service composition in social environments. Proceedings of the Semantic Web- Iswc 2009, 5823: 344-358.
    CrossRef    
  31. Lee, T., J. Hendler and O. Lassila, 2001. The semantic web. Sci. Am., 284: 34-43.
    CrossRef    
  32. Liquan, H., X. Zhongyu and Y. Qing'an, 2009. An Approach to web service composition based on service-ontology. Proceeding of the 6th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD '09), pp: 173-177.
  33. Maamar, Z., N.C. Narendra and S. Sattanathan, 2006. Towards an ontology-based approach for specifying and securing web services. Inform. Softw. Technol., 48: 441-455.
    CrossRef    
  34. Malik, Z. and A. Bouguettaya, 2009. Trust Management for Service-oriented Environments. Springer, US.
    CrossRef    
  35. Mokhtar, S., D. Fournier, N. Georgantas and V. Issarny, 2006. Context-aware service composition in pervasive computing environments. Lect. Notes Comput. Sc., 3943: 129-144.
    CrossRef    
  36. Movahednejad, H., S.B. Ibrahim, M. Sharifi, H.B. Selamat and S.G.H. Tabatabaei, 2011. Security-aware web service composition approaches: State-of-the-art. Proceedings of the 13th International Conference on Information Integration and Web-based Applications and Services. Ho Chi Minh City, Vietnam, ACM.
    CrossRef    
  37. Paci, F., E. Bertino and J. Crampton, 2008a. An access-control framework for WS-BPEL. Int. J. Web Serv. Res., 5: 20-43.
    CrossRef    
  38. Paci, F., R. Ferrini and E. Bertino, 2009. Identity attribute-based role provisioning for human WS-BPEL processes. Proceeding of the IEEE International Conference on Web Services (ICWS 2009).
    CrossRef    
  39. Paci, F., R. Ferrini, Y.Q. Sun and E. Bertino, 2008b. Authorization and user failure resiliency for WS-BPEL business processes. Proceedings of the 6th International Conference on Service-oriented Computing (ICSOC 2008).
    CrossRef    
  40. Ramakrishnan, R. and A. Tomkins, 2007. Toward a PeopleWeb. Computer, 40: 63-72.
    CrossRef    
  41. Rao, J. and X. Su, 2005. A survey of automated web service composition methods. Lect. Notes Comput. Sc., 3387: 43-54.
    CrossRef    
  42. Rossebø, J. and R. Bræk, 2006. A policy-driven approach to dynamic composition of authentication and authorization patterns and services. J. Comput., 1: 13.
    CrossRef    
  43. Rouached, M. and C. Godart, 2007. Reasoning about events to specify authorization policies forweb services composition. Proceeding of the IEEE International Conference on Web Services (ICWS 2007). July 9-13, pp: 481-488.
    CrossRef    
  44. She, W., I. Yen, B. Thuraisingham and E. Bertino, 2009. The SCIFC model for information flow control in web service composition. Proceeding of the IEEE International Conference on Web Services (ICWS 2009), pp: 1-8.
    CrossRef    
  45. Singaravelu, L. and C. Pu, 2007. Fine-grain, end-to-end security for web service compositions. Proceeding of the IEEE International Conference on Services Computing (SCC 2007).
    CrossRef    PMCid:PMC2654534    
  46. Sirin, E., 2006. Combining description logic reasoning with ai planning for composition of web services. Ph.D. Thesis, University of Maryland at College Park, College Park, MD, USA.
  47. Sirin, E., B. Parsia, D. Wu, J. Hendler and D. Nau, 2004. HTN planning for web service composition using SHOP2. J. Web Semantics, 1: 377-396.
    CrossRef    
  48. Sivasubramanian, S.P., E. Ilavarasan and G. Vadivelou, 2009. Dynamic web service composition: Challenges and techniques. Proceeding of International Conference on Intelligent Agent and Multi-Agent Systems (IAMA 2009), July 22-24, pp: 1-8.
    CrossRef    
  49. Sodiya, A., A. Onashoga and N. Abeokuta, 2009. Components-based access control architecture. Issues Inform. Sci. Inform. Technol., Vol. 6.
    CrossRef    
  50. Srivatsa, M., A. Iyengar, T. Mikalsen, I. Rouvellou and J. Yin, 2007. An access control system for web service compositions. Proceeding of the IEEE International Conference on Web Services (ICWS 2007). Salt Lake City, UT, pp: 1-8.
    CrossRef    
  51. Tabatabaei, S.G.H., W.M.N. Kadir and S. Ibrahim, 2008. Semantic web service discovery and composition based on AI planning and web service modeling ontology. Proceeding of the IEEE Asia-Pacific Services Computing Conference (APSCC '08). Dec. 9-12, pp: 397-403.
    CrossRef    
  52. Tabatabaei, S., A. Dastjerdi, W. Kadir, S. Ibrahim and E. Sarafian, 2010. Security conscious AI-planning-based composition of semantic web services. Int. J. Web Inform. Syst., 6: 203-229.
    CrossRef    
  53. Ter Beek, M., A. Bucchiarone and S. Gnesi, 2007. Web service composition approaches: From industrial standards to formal methods. Proceeding of the 2nd International Conference on Internet and Web Applications and Services (ICIW '07). May 13-19, pp: 15.
    CrossRef    PMCid:PMC1855883    
  54. Thomas, R. and R. Sandhu, 1998. Task-Based Authorization Controls (TBAC): A family of models for active and enterprise-oriented authorization management. Database Security, 11: 166-181.
    CrossRef    
  55. Timm, J. and G. Gannod, 2005. A model-driven approach for specifying semantic web services. Proceeding of IEEE International Conference on Web Services (ICWS 2005), pp: 313-320.
    CrossRef    
  56. Timm, J.T.E. and G.C. Gannod, 2007. Specifying semantic web service compositions using UML and OCL. Proceeding of IEEE International Conference on Web Services (ICWS 2007), July 9-13, pp: 521-528.
    CrossRef    
  57. Van Der Aalst, W., 2005. Pi calculus versus petri nets: Let us eat" humble pie" rather than further inflate the" pi hype". BP Trends, 3: 1-11.
  58. Xiaochuan, Y. and K.J. Kochut, 2004. A CP-nets-based design and verification framework for Web services composition. Proceeding of IEEE International Conference on Web Services, July 6-9, pp: 756-760.
    CrossRef    
  59. Xu, D.H., Y. Qi, D. Hou, G.Z. Wang and Y. Chen 2008. A novel formal framework for secure dynamic services composition. Proceeding of the 8th IEEE International Conference on Computer and Information Technology. Sydney, NSW, pp: 694-699.
  60. Yuan, E. and J. Tong, 2005. Attributed based access control (ABAC) for Web services. Proceedings of the IEEE International Conference on Web Services, (ICWS 2005).
  61. Zhengdong, Z., L., Ronggui, M. Ruifang and C. Yanping, 2009. Describing and verifying semantic web service composition with MDA. Proceeding of International Conference on E-business and Information System Security (EBISS '09), May 23-24, pp: 1-6.
  62. Zhu, J.Q., Y. Zhou and W.Q. Tong, 2006. Access control on the composition of Web services. Proceedings of the International Conference on Next Generation Web Services Practices (NWeSP 2006). Seoul, pp: 89-93.
    CrossRef    

Competing interests

The authors have no competing interests.

Open Access Policy

This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

Copyright

The authors have no competing interests.
ISSN (Online):  2040-7467
ISSN (Print):   2040-7459
Submit Manuscript
   Information
   Sales & Services
Home   |  Contact us   |  About us   |  Privacy Policy
Copyright © 2024. MAXWELL Scientific Publication Corp., All rights reserved