Title :
SEWSEC: A Secure Web Service Composer using Information Flow Control
Author :
Zorgati, Hela ; Abdellatif, Takoua
Author_Institution :
Univ. of Sousse, Sousse, Tunisia
Abstract :
In this paper, we describe SEWSEC, a Secure Web Service Composer that assists the system designer to secure his composed Web Services. The system designer can use standard tools like BPEL to compose services and configures the security of some exchanged data and internal resources. By abstracting the system to a hierarchy of dependence graphs, SEWSEC applies an Information Flow Control verifying that the configuration ensures an end-to-end security. In case of insecure configuration, SEWSEC helps the designer to modify it and the security code is generated. A use case study on a real system illustrates SEWSEC practical usage, its interoperability with web services standards and its acceptable performance.
Keywords :
Web services; graph theory; open systems; security of data; BPEL; SEWSEC; dependence graphs; end-to-end security; information flow control; interoperability; secure Web service composer; security code; Buildings; Generators; Humidity; Input variables; Interference; Security; Web services; Dependence Graphs; Information Flow control; Secure Web Service Composition;
Conference_Titel :
Risk and Security of Internet and Systems (CRiSIS), 2011 6th International Conference on
Conference_Location :
Timisoara
Print_ISBN :
978-1-4577-1890-8
Electronic_ISBN :
978-1-4577-1889-2
DOI :
10.1109/CRiSIS.2011.6061842
