New approach for the dynamic enforcement of Web services security

LAUR Repository

Show simple item record

dc.contributor.author Mourad, Azzam
dc.contributor.author Ayoubi, Sara
dc.contributor.author Yahyaoui, Hamdi
dc.contributor.author Otrok, Hadi
dc.date.accessioned 2017-03-08T11:22:12Z
dc.date.available 2017-03-08T11:22:12Z
dc.identifier.isbn 9781424475513 en_US
dc.identifier.uri http://hdl.handle.net/10725/5331
dc.description.abstract We propose in this paper a new approach for the dynamic enforcement of Web services security, which is based on a synergy between Aspect-Oriented Programming (AOP) and composition of Web services. Security policies are specified as aspects. The elaborated aspects are then weaved (integrated) in the Business Process Execution Language (BPEL) process at runtime. The main contributions of our approach are threefold: (1) separating the business and security concerns of composite Web services, and hence developing them separately (2) allowing the modification of the Web service composition at run time and (3) providing modularity for modeling cross-cutting concerns between Web services. We demonstrate the feasibility of our approach by developing a Flight System (FS) that is composed of several Web services. First, a RBAC (Role Based Access Control) model for the flight system, which we called RBAC-FS, is elaborated. Afterwards, the Web services that implement the security features are developed. Finally, the BPEL aspects that integrate the security functionalities dynamically into the BPEL process are created. The devised aspects realize the elaborated RBAC-FS model and provide authentication and access control features to the flight system. Case studies and experimental results are also presented to defend our propositions. en_US
dc.language.iso en en_US
dc.publisher IEEE en_US
dc.title New approach for the dynamic enforcement of Web services security en_US
dc.type Conference Paper / Proceeding en_US
dc.author.school SAS en_US
dc.author.idnumber 200904853 en_US
dc.author.department Computer Science and Mathematics en_US
dc.description.embargo N/A en_US
dc.keywords Web services en_US
dc.keywords Authentication en_US
dc.keywords Business en_US
dc.keywords Lead en_US
dc.keywords Authorized en_US
dc.identifier.doi http://dx.doi.org/10.1109/PST.2010.5593232 en_US
dc.identifier.ctation Mourad, A., Ayoubi, S., Yahyaoui, H., & Otrok, H. (2010, August). New approach for the dynamic enforcement of Web services security. In 2010 Eighth International Conference on Privacy, Security and Trust (pp. 189-196). IEEE. en_US
dc.author.email azzam.mourad@lau.edu.lb en_US
dc.conference.date 17 - 19 Aug 2010 en_US
dc.conference.pages 189-196 en_US
dc.conference.place Ottawa, ON, Canada en_US
dc.conference.title 2010 Eighth Annual International Conference on Privacy Security and Trust en_US
dc.identifier.tou http://libraries.lau.edu.lb/research/laur/terms-of-use/articles.php en_US
dc.identifier.url http://ieeexplore.ieee.org/abstract/document/5593232/ en_US
dc.orcid.id https://orcid.org/0000-0001-9434-5322 en_US
dc.publication.date 2010 en_US
dc.author.affiliation Lebanese American University en_US

Files in this item

Files Size Format View

There are no files associated with this item.

This item appears in the following Collection(s)

Show simple item record

Search LAUR

Advanced Search


My Account