Context-aware and model-driven approach for embedding and verifying security into composed web services. (c2013)

Abstract

Today's process-oriented composition languages such as BPEL (Business Process Execution Language) offer a high level of abstraction and sophistication to Web services composition. However, such languages suffer serious drawbacks with respect to security, modularity and adaptability. Particularly, they lack the security features needed in distributed computational environments like Web services composition. In addition, they do not provide means for an explicit and well-modularized specification of cross-cutting concerns. They also do not support the dynamic adaptation with the environmental execution changes. In this thesis, we advocate new approach that provides systematic and model-driven security specification at the Web services composition level, in addition to dynamic integration in a seamless fashion. It is based on an extension of the BPEL meta-model with new aspect-oriented constructs for designing and building modularized, secure, conflict-free and highly adaptable Web services composition within BPEL processes. Moreover, we extend our approach by adopting security licenses in BPEL and provide process level license verification that replaces the monopolization of such validation at the Web services side. Furthermore, we introduce two different real-life case studies along with performance analysis and experimental results to demonstrate the usefulness of our proposition. Finally, we carry out a formal verification mechanism to ensure that the integration of the new security aspects does not affect the original behavior of the Web services business process, which remains deadlock and conflictfree.