CONTEXT-DRIVEN POLICY ENFORCEMENT AND RECONCILIATION FOR WEB SERVICES

S. Sattanathan, N. C. Narendra, Z. Maamar, G. Kouadri Mostéfaoui

Abstract

Security of Web services is a major factor to their successful integration into critical IT applications. An extensive research in this direction concentrates on low level aspects of security such as message secrecy, data integrity, and authentication. Thus, proposed solutions are mainly built upon the assumption that security mechanisms are static and predefined. However, the dynamic nature of the Internet and the continuously changing environments where Web services operate require innovative and adaptive security solutions. This paper presents our solution for securing Web services based on adaptive policies, where adaptability is satisfied using the contextual information of the Web services. The proposed solution includes a negotiation and reconciliation protocol for security policies.

References

  1. Agarwal, S., and Sprick, B. (2004). Access Control for Semantic Web Services. In Proc. of The 2nd IEEE Int. Conf. on Web Services, San Diego, CA, USA.
  2. Agarwal, S., Sprick, B., and Wortmann, S. (2004). Credential Based Access Control for Semantic Web Services. In Proc. of The 2004 American Association for Artificial Intelligence Spring Symposium Series, Stanford, CA, USA.
  3. Berardi, D., Calvanese, D., De Giacomo, G., Lenzerini, M., and Mecella, M. (2003). A Foundational Vision for E-Services. In Proc. of the Work. on Web Service, E-Business, and the Semantic Web held in conjunction with the 15th Conf. on Advanced Information Systems Engineering, Klagenfurt/Velden, Austria.
  4. Bhatti, R., Bertino, E., and Ghafoor, A. (2004). A Trustbased Context-Aware Access Control Model for Web Services. In Proc. of The 2nd IEEE Int. Conf. on Web Services, San Diego, CA, USA.
  5. Casati F., and Shan, M.C. (2001). Dynamic and Adaptive Composition of E-Services. Information Systems, 26(3).
  6. Damianou, N., Dulay, N., Lupu, E., and Sloman, M. (2001). The Ponder Specification Language. In Proc. of the Work. on Policies for Distributed Systems and Networks, Bristol, UK.
  7. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., and Samarati, P. (2001). Fine Grained Access Control for SOAP E-Services. In Proc. of the 10th Int. World Wide Web Conf., Hong Kong, China.
  8. Damiani, E., De Capitani di Vimercati, S., Fugazza, C., and Samarati, P. (2004). Extending Policy Languages to the Semantic Web. In Proc. of the Int. Conf. on Web Engineering, Munich, Germany.
  9. Hu, J., and Weaver, A.C. (2004). A Dynamic, ContextAware Security Infrastructure for Distributed Healthcare Applications. In Proc. of The 1st Work. on Pervasive Security, Privacy, and Trust held in conjunction with in Conjunction with The 1st Annual Int. Conf. on Mobile and Ubiquitous Systems: Networking and Services, Boston, MA, USA.
  10. Kouadri Mostefaoui, G. (2004). Towards a Conceptual and Software Framework for Integrating ContextBased Security in Pervasive Environments. Ph.D. Thesis No. 1463, University of Fribourg, Switzerland, October.
  11. Kouadri Mostefaoui, G., and Brézillon, P. (2004). Modeling Context-Based Security Policies with Contextual Graphs. In Proc. of The Work. on Context Modeling and Reasoning held in conjunction with The 2nd IEEE Int. Conf. on Pervasive Computing and Communication, Orlando, Florida, USA.
  12. Leune, K., van den Heuvel, W.J., and Papazoglou, M. (2004). Exploring a Multi-Faceted Framework for SOC: How to Develop Secure Web Service Interactions? In Proc. of The 14th Int. Work. on Research Issues on Data Engineering, Boston, USA.
  13. Lilly, J. (2004). Tips and Tricks: Web Services Attacks and Defenses (White Paper). January 2004 (osdn.bitpipe.com/detail/RES/1080320572_938.html), visited June 2004.
  14. Lupu, E., and Sloman, M. (1999). Conflicts in PolicyBased Distributed Systems Management. IEEE Transactions on Software Engineering, 25(6), November/December.
  15. Maamar, Z., Kouadri Mostéfaoui, S., and Yahyaoui, H. (2004). A Web Services Composition Approach based on Software Agents and Context. In Proc. of 19th Annual ACM Symposium on Applied Computing, Nicosia, Cyprus.
  16. Maamar, Z., Narendra, N.C., and Sattanathan, S. (2005). Towards an Ontology-based Approach for Specifying and Securing Web Services. In Information and Software Technology (forthcoming).
  17. Sattanathan, S., Narendra, N.C., and Maamar, Z. (2005). ConWeSc - Context-based Semantic Web Services Composition Towards an Ontology-based Approach for Specifying and Securing Web Services. In Proc. of The 3rd Int. Conf. on Service Oriented Computing, Amsterdam, The Netherlands, December.
  18. Tonti, G., Bradshaw, J., Jeffers, R., Montanari, R., Suri, N., and Uszok, A. (2003). Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder. In Proc. of The 2nd Int. Semantic Web Conf., Sanibel Island, Florida, USA.
  19. Wang, H., Jha, S., Livny, M., and McDaniel, P. D. (2004). Security Policy Reconciliation in Distributed Computing Environments, 2004. In Proc. of the 5th Int. Work. on Policies for Distributed Systems and Networks, New York, USA.
Download


Paper Citation


in Harvard Style

Sattanathan S., C. Narendra N., Maamar Z. and Kouadri Mostéfaoui G. (2006). CONTEXT-DRIVEN POLICY ENFORCEMENT AND RECONCILIATION FOR WEB SERVICES . In Proceedings of the Eighth International Conference on Enterprise Information Systems - Volume 4: ICEIS, ISBN 978-972-8865-44-3, pages 93-99. DOI: 10.5220/0002441000930099


in Bibtex Style

@conference{iceis06,
author={S. Sattanathan and N. C. Narendra and Z. Maamar and G. Kouadri Mostéfaoui},
title={CONTEXT-DRIVEN POLICY ENFORCEMENT AND RECONCILIATION FOR WEB SERVICES},
booktitle={Proceedings of the Eighth International Conference on Enterprise Information Systems - Volume 4: ICEIS,},
year={2006},
pages={93-99},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002441000930099},
isbn={978-972-8865-44-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Eighth International Conference on Enterprise Information Systems - Volume 4: ICEIS,
TI - CONTEXT-DRIVEN POLICY ENFORCEMENT AND RECONCILIATION FOR WEB SERVICES
SN - 978-972-8865-44-3
AU - Sattanathan S.
AU - C. Narendra N.
AU - Maamar Z.
AU - Kouadri Mostéfaoui G.
PY - 2006
SP - 93
EP - 99
DO - 10.5220/0002441000930099