Service Call Graph (SCG) - Information Flow Analysis in Web Service Composition

Ziyi Su, Frédérique Biennier

Abstract

This paper presents a method for analyzing Web Service-based dynamic business process, using a business process slicing method to capture the asset (service or information) derivation pattern, allowing to maintain providers’ policies during the full lifecycle of assets in a collaborative context. Firstly, we propose a Service Call Graph (SCG) model, extending the System Dependency Graph, to describe dependencies among partners in a business process. Analysis can be done based on SCG to group partners into sub-contexts. Secondly, for analyzing SCG, we propose two slicing strategies, namely ’asset-based’ and ’request-based’ slicing, to deal with the scenarios of both pre-processing business process scripts and on-the-fly analyzing service compositions. Security analysis can be achieved focusing on each sub-context, by examining downstream consumers’ security profiles with upstream asset providers’ policies.

References

  1. Bussard, L., Neven, G., and Preiss, F.-S. (2010). Downstream usage control. In Proceedings of the 11th IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 7810, pages 22-29, Washington, DC, USA. IEEE Computer Society.
  2. Daniele, C. and Giles, H. (2009). Cloud Computing: Benefits, risks and recommendations for information security. Technical report, European Network and Information Security Agency (ENISA).
  3. Gu, L., Ding, X., Deng, R. H., Xie, B., and Mei, H. (2008). Remote attestation on program execution. In STC, pages 11-20.
  4. Kagal, L. and Abelson, H. (2010). Access control is an inadequate framework for privacy protection. In W3C Privacy Workshop. W3C.
  5. Linda, B. B., Richard, C., Kristin, L., Ric, T., and Mark, E. (2010). The evolving role of IT managers and CIOsfindings from the 2010 IBM global IT risk study. Technical report, IBM.
  6. OASIS (2005). eXtensible Access Control Markup Language (XACML) version 2.0. http://docs.oasisopen.org/xacml/2.0/.
  7. OASIS (2007). Web services Business Process Execution Language (WS-BPEL). http://docs.oasisopen.org/wsbpel/2.0/wsbpel-v2.0.html.
  8. Park, J. and Sandhu, R. (2002). Originator control in usage control. In Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02), POLICY 7802, pages 60-, Washington, DC, USA. IEEE Computer Society.
  9. Su, Z. and Biennier, F. (2010). End-to-end security policy description and management for collaborative system. In Sixth International Conference on Information Assurance and Security, IAS 2010, pages 137 - 142.
  10. Zhao, J. and Rinard, M. (2003). System dependence graph construction for aspect-oriented programs. Technical Report MIT-LCS-TR-891, Laboratory for Computer Science.MIT.
Download


Paper Citation


in Harvard Style

Su Z. and Biennier F. (2013). Service Call Graph (SCG) - Information Flow Analysis in Web Service Composition . In Proceedings of the 15th International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-8565-60-0, pages 17-24. DOI: 10.5220/0004401900170024


in Bibtex Style

@conference{iceis13,
author={Ziyi Su and Frédérique Biennier},
title={Service Call Graph (SCG) - Information Flow Analysis in Web Service Composition},
booktitle={Proceedings of the 15th International Conference on Enterprise Information Systems - Volume 2: ICEIS,},
year={2013},
pages={17-24},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004401900170024},
isbn={978-989-8565-60-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 15th International Conference on Enterprise Information Systems - Volume 2: ICEIS,
TI - Service Call Graph (SCG) - Information Flow Analysis in Web Service Composition
SN - 978-989-8565-60-0
AU - Su Z.
AU - Biennier F.
PY - 2013
SP - 17
EP - 24
DO - 10.5220/0004401900170024