• DocumentCode
    950836
  • Title

    Semantics-Based Design for Secure Web Services

  • Author

    Bartoletti, Massimo ; Degano, Pierpaolo ; Ferrari, Gian Luigi ; Zunino, Roberto

  • Author_Institution
    Univ. of Pisa, Pisa
  • Volume
    34
  • Issue
    1
  • fYear
    2008
  • Firstpage
    33
  • Lastpage
    49
  • Abstract
    We outline a methodology for designing and composing services in a secure manner. In particular, we are concerned with safety properties of service behavior. Services can enforce security policies locally and can invoke other services that respect given security contracts. This call-by-contract mechanism offers a significant set of opportunities, each driving secure ways to compose services. We discuss how we can correctly plan service compositions in several relevant classes of services and security properties. With this aim, we propose a graphical modeling framework based on a foundational calculus called lambda req [13]. Our formalism features dynamic and static semantics, thus allowing for formal reasoning about systems. Static analysis and model checking techniques provide the designer with useful information to assess and fix possible vulnerabilities.
  • Keywords
    Web services; security of data; call-by-contract mechanism; formal reasoning; foundational calculus; graphical modeling framework; model checking techniques; secure Web services; security policies; semantics-based design; static analysis; static semantics; Web services; call-by-contract; language-based security; static analysis; system verification;
  • fLanguage
    English
  • Journal_Title
    Software Engineering, IEEE Transactions on
  • Publisher
    ieee
  • ISSN
    0098-5589
  • Type

    jour

  • DOI
    10.1109/TSE.2007.70740
  • Filename
    4359467
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=950836