Auditing Requirements for Implementing the Chinese Wall Model in the Service Cloud

The service cloud model allows for the composition of services into an application that can respond to tenant requests. The composition of services, which may originate with different vendors, results in a service chain that supports end-to-end round trip messaging. Thus, the service cloud model must support provisioning services for the request without incurring a conflict of interest (COI) in their message exchange among vendors. Service vendors must disclose their COI classes for storage and analysis by the cloud because as services are provisioned to an application, additional conflict classes may be added, preventing the service from future compositions to avoid COI. In this paper, we present a strategy to centrally store and monitor COI classes for services in a service chain using principles of the Chinese Wall Model. We introduce a Security Monitoring Database (SMDB) that audits and monitors the COI classes as they exist or are assigned to hosted services, including the tenant services making requests. We describe an algorithm to prevent COI before provisioning services and dynamically detect it during run time due to concurrent service invocations using the SMDB information.