The SCIFC Model for Information Flow Control in Web Service Composition

Author

She, Wei ; Yen, I-Ling ; Thuraisingham, Bhavani ; Bertino, Elisa

Author_Institution

Univ. of Texas at Dallas, Dallas, TX, USA

fYear

2009

fDate

6-10 July 2009

Firstpage

1

Lastpage

8

Abstract

Existing Web service access control models focus on individual Web services, and do not consider service composition. In composite services, a major issue is information flow control. Critical information may flow from one service to another in a service chain through requests and responses and there is no mechanism for verifying that the flow complies with the access control policies. In this paper, we propose an innovative access control model to empower the services in a service chain to control the flow of their sensitive information. Our model supports information flow control through a back-check procedure and pass-on certificates. We also introduce additional factors such as the carry-along policy, security class, and transformation factor, to improve the protocol efficiency. A formal analysis is also presented to show the power and complexity of our protocol.

Keywords

Web services; authorisation; Web service composition; back-check procedure; formal analysis; innovative access control model; pass-on certificate; sensitive information; service chain information flow control; Access control; Access protocols; Context modeling; Control systems; Information security; Power system security; Protection; Service oriented architecture; Web services;

fLanguage

English

Publisher

ieee

Conference_Titel

Web Services, 2009. ICWS 2009. IEEE International Conference on

Conference_Location

Los Angeles, CA

Print_ISBN

978-0-7695-3709-2

Type

conf

DOI

10.1109/ICWS.2009.13

Filename

5175800