Verifying the Consistency of Security Policies by Abstracting into Security Types

I
ICWS
2007
IEEE International Conference on Web Services (ICWS 2007)
Abstract - Verifying the Consistency of Security Policies by Abstracting into Security Types

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Kouichi Ono Articles by Yuichi Nakamura Articles by Fumiko Satoh Articles by Takaaki Tateishi

IEEE International Conference on Web Services (ICWS 2007)

Salt Lake City, Utah, USA

July 09-July 13

ISBN: 0-7695-2924-0

	ASCII Text	x
	Kouichi Ono, Yuichi Nakamura, Fumiko Satoh, Takaaki Tateishi, "Verifying the Consistency of Security Policies by Abstracting into Security Types," Web Services, IEEE International Conference on, pp. 497-504, IEEE International Conference on Web Services (ICWS 2007), 2007.

	BibTex	x
	@article{ 10.1109/ICWS.2007.187, author = {Kouichi Ono and Yuichi Nakamura and Fumiko Satoh and Takaaki Tateishi}, title = {Verifying the Consistency of Security Policies by Abstracting into Security Types}, journal ={Web Services, IEEE International Conference on}, volume = {0}, year = {2007}, isbn = {0-7695-2924-0}, pages = {497-504}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICWS.2007.187}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Web Services, IEEE International Conference on TI - Verifying the Consistency of Security Policies by Abstracting into Security Types SN - 0-7695-2924-0 SP497 EP504 A1 - Kouichi Ono, A1 - Yuichi Nakamura, A1 - Fumiko Satoh, A1 - Takaaki Tateishi, PY - 2007 VL - 0 JA - Web Services, IEEE International Conference on ER -

Kouichi Ono, Tokyo Research Laboratory, IBM Research

Yuichi Nakamura, Tokyo Research Laboratory, IBM Research

Fumiko Satoh, Tokyo Research Laboratory, IBM Research

Takaaki Tateishi, Tokyo Research Laboratory, IBM Research

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICWS.2007.187

The Service-Oriented Architecture (SOA) makes application development easier, because applications can be built from existing services with a bottom-up methodology. However, it is difficult to determine if a desired new service can be built from existing services. Not only the functional consistency of the existing services, but also the consistency of their non-functional (such as security) aspects must be verified. Message protection is an aspect of security. Every service needs an appropriate security policy defining the protection of messages exchanged between the parties to the service. Because of the intricacy of the Web Services Security Policy Language, it is difficult to verify the consistency of the security policies.

We are developing a method to verify the consistency of security policies by abstracting them. Each security policy is abstracted, and then attached as a security type to the corresponding service in the application model. The security type denotes a security level for message protection. The security developer defines the possible abstraction methods. In this paper, we define the constraint of abstraction methods based on the semantics of the policy language. And also we state verifying the consistemcy of security types by using information flow analysis.

Citation:

Kouichi Ono, Yuichi Nakamura, Fumiko Satoh, Takaaki Tateishi, "Verifying the Consistency of Security Policies by Abstracting into Security Types," icws, pp.497-504, IEEE International Conference on Web Services (ICWS 2007), 2007

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.