This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Security-Aware Service Composition with Fine-Grained Information Flow Control
July-Sept. 2013 (vol. 6 no. 3)
pp. 330-343
Wei She, University of Texas at Dallas, Richardson
I-Ling Yen, University of Texas at Dallas, Richardson
Bhavani Thuraisingham, University of Texas at Dallas, Richardson
Elisa Bertino, Purdue University, West Lafayette
Enforcing access control in composite services is essential in distributed multidomain environment. Many advanced access control models have been developed to secure web services at execution time. However, they do not consider access control validation at composition time, resulting in high execution-time failure rate of composite services due to access control violations. Performing composition-time access control validation is not straightforward. First, many candidate compositions need to be considered and validating them can be costly. Second, some service composers may not be trusted to access protected policies and validation has to be done remotely. Another major issue with existing models is that they do not consider information flow control in composite services, which may result in undesirable information leakage. To resolve all these problems, we develop a novel three-phase composition protocol integrating information flow control. To reduce the policy evaluation cost, we use historical information to efficiently evaluate and prune candidate compositions and perform local/remote policy evaluation only on top candidates. To achieve effective and efficient information flow control, we introduce the novel concept of transformation factor to model the computation effect of intermediate services. Experimental studies show significant performance benefit of the proposed mechanism.
Index Terms:
Access control,Protocols,Concrete,Web services,Medical diagnostic imaging,information flow control,Secure service composition,access control
Citation:
Wei She, I-Ling Yen, Bhavani Thuraisingham, Elisa Bertino, "Security-Aware Service Composition with Fine-Grained Information Flow Control," IEEE Transactions on Services Computing, vol. 6, no. 3, pp. 330-343, July-Sept. 2013, doi:10.1109/TSC.2012.3
Usage of this product signifies your acceptance of the Terms of Use.