Toward Systematic Integration of Security Policies into Web Services

Author

Mourad, Azzam ; Otrok, Hadi ; Ayoubi, Sara

Author_Institution

Dept. of Comput. Sci. & Math., Lebanese American Univ., Beirut, Lebanon

fYear

2011

fDate

12-14 Sept. 2011

Firstpage

220

Lastpage

223

Abstract

In this paper, we introduce our approach for the automatic generation of BPEL (Business Process Execution Language) aspects from security policies. It is based on a synergy between policies, Aspect-Oriented Programming (AOP) and composition of web services. Our proposed approach allows first to transform security policies into BPEL aspects. Then, the generated aspects are weaved in the BPEL process of the composed web services at runtime [1]. The main contributions of our approach are: (1) Describing dynamic security policies, (2) generating automatically the BPEL aspects, (3) separating the business and security concerns of composite web services, and hence developing them separately (4) allowing the modification of the dynamic security features and web services composition at run time and (5) providing modularity for modeling cross-cutting concerns between web services.

Keywords

Web services; aspect-oriented programming; business data processing; security of data; Web service composition; aspect-oriented programming; automatic BPEL generation; business process execution language; dynamic security policy; systematic integration; Access control; Authentication; Business; Runtime; Weaving; Web services; AOP; BPEL; RBAC; Security Policies; Web Services Security;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligence and Security Informatics Conference (EISIC), 2011 European

Conference_Location

Athens

Print_ISBN

978-1-4577-1464-1

Electronic_ISBN

978-0-7695-4406-9

Type

conf

DOI

10.1109/EISIC.2011.48

Filename

6061238