Effective and efficient implementation of an information flow control protocol for service composition

Due to the potential of composing Web services from multiple domains under diverse security administrations, ensuring the security in service composition can be a very challenging task. A major problem is the potential of information leakage between the interacting services. Most existing Web service security models consider the access to a single Web service and do not consider the control of such information flows. In our previous work, we proposed a novel access control model, SCIFC, that empowers the services to effectively control the flow of their sensitive information. In this paper, we consider additional mechanisms to further improve the efficiency and effectiveness of the SCIFC protocols, including a carry-along policy propagation mechanism to minimize the message sizes for policy exchanges and a transformation factor analysis scheme based on symbolic execution to assist with transformation factor assignments. Based on these enhancements, we implement the SCIFC protocol and study its performance. We develop an extensive Web service simulation framework to simulate a diverse range of Web services. The performance study of the SCIFC protocol is conducted on top of this simulation framework. Finally, we develop a case study system to validate the feasibility and effectiveness of the SCIFC protocols.