Top

Wireless Personal Communications

Published in:

01-12-2013

Rule-Based Security Capabilities Matching for Web Services

Authors: Bo Yu, Lin Yang, Yongjun Wang, Bofeng Zhang, Yuan Cao, Linru Ma, Xiangyang Luo

Published in: Wireless Personal Communications | Issue 4/2013

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

A primary problem for security aware Web service discovery is how to discover security capabilities of Web services and how these security capabilities can be matched with security requirements of various requesters. Presently, most approaches are based on syntactic matching, which is prone to result in false negative because of lacking of semantics. In this paper, we propose a rule-based approach to decide whether security capabilities match security requirements. Based on a semantic model of security policy, security capabilities are inferred from security policy of Web services. General Web service security ontology is proposed to semantically model security requirements of various service requesters. The architecture of rule-based matching engine is also presented to describe the whole matching process. The prototype system and case study show that the proposed approach is flexible and feasible.

previous article Advanced Information Technologies in Future Computing Environments

next article Time-Efficient Handover Using Enhanced Route Optimization in Global PMIPv6

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Milanovic, N., & Malek, M. (2004). Current solutions for Web service composition. IEEE Internet Computing, 8(6), 51–59.CrossRef

Kagal, L., Paolucci, M., Srinivasan, N., Denker, G., Finin, T., & Sycara, K. (2004). Authorization and privacy for semantic Web services. Journal of IEEE Intelligent Systems, 19(4), 50–56.CrossRef

Silas, S., Ezra, K., & Rajsingh, E. B. (2012). A novel fault tolerant service selection framework for pervasive computing. Human-Centric Computing and Information Sciences, 2(5), 5–18.CrossRef

Wang, X., Sang, Y., Liu, Y., & Luo, Y. (2011). Considerations on security and trust measurement for virtualized environment. Journal of Convergence, 2(2), 19–24.

Shalaby, M., & El-Kassas, S. (2012). Applying scrum framework in the IT service support domain. Journal of Convergence, 3(1), 21–28.

Nadalin, A., Goodner, M., Gudgin, M., Barbir, A., & Grangvist, H. (2007). WS-SecurityPolicy 1.2. Resource document. OASIS. http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-os.pdf. Accessed 23 July 2012 .

Luo, H., & Shyu, M. L. (2011). Quality of service provision in mobile multimedia—A survey. Human-Centric Computing and Information Sciences, 1(1), 5–19.CrossRef

He, D. D., Compton, M., Taylor, K., & Yang, J. (2009). Access control: What is required in business collaboration? In Proceedings of 20th Australasian conference on Australasian database, pp. 105–114.

Carminati, B., Ferrari, F., Bishop, R., & Huang, P. C. K. (2007). Security conscious Web service composition with semantic Web support. In Proceedings of the 23rd IEEE international conference on data engineering, pp. 695–704.

10.

McGuinness, D. L., & Harmelen F. V. (2004). OWL Web ontology language overview. W3C. http://www.w3.org/TR/owl-features/. Accessed 23 July 2012.

11.

Vedamuthu, A. S., Orchard, D., Hirsch, F., Hondo, M., Yendluri, P., Boubez, T., & Yalcinalp, U. (2007). Web services policy 1.5-Framework. Resource document. W3C. http://www.w3.org/TR/2007/REC-ws-policy-20070904/. Accessed 23 July 2012.

12.

Martin, D., Burstein, M., Hobbs, J., Lassila, O., McMermott, D., McIlraith, S., et al. (2006). OWL-S: Semantic markup for Web services. W3C. http://www.w3.org/Submission/2004/SUBM-OWL-S-20041122/. Accessed 23 July 2012.

13.

Vladimir, K., Bijan, P., Yarden, K., & James, H. (2006). Representing Web service policies in OWL-DL. In Proceedings of the international semantic web conference, pp. 461–475.

14.

Diego, Z. G., & Maria, B. F. (2008). Ontology-based security policies for supporting the management of Web service business processes. In Proceedings of the IEEE international conference on semantic computing, pp. 331–338.

15.

Denker, G., Kagal, L., & Finin, T. (2005). Security in the semantic Web using OWL. Information Security Technical Report, 10(1), 51–58.CrossRef

16.

Denker, G., Kagal, L., Finin, T., Sycara, K., & Paoucci, M. (2003). Security for DAML Web services: Annotation and matchmaking. In Proceedings of the 2nd international semantic web conference, pp. 335–350.

17.

Kim, A., Luo, J., & Kang, M. (2005). Security ontology for annotating resources. In Proceedings of 4th international conference on ontologies, databases, and applications of semantics, pp. 1483–1499.

18.

Carminati, B., Ferrari, E., & Huang, P. C. (2006). Security conscious Web service composition. In Proceedings of IEEE international conference on web service, pp. 489–496.

19.

Hu, J., Khalil, I., Han, S., & Mahmood, A. (2011). Seamless integration of dependability and security concepts in soa: A feedback control system based framework and taxonomy. Journal of Network and Computer Applications, 34, 1150–1159.CrossRef

20.

Karat, J., Karat, C. M., Bertino, E., Li, N., Ni, Q., Brodie, L. C. J., et al. (2009). Policy framework for security and privacy management. IBM Journal of Research and Development, 53, 242–255.CrossRef

21.

Warschofsky, R., Menzel, M., & Meinel, M. (2010). Transformation and aggregation of Web service security requirements. In Proceedings of 2010 eighth IEEE European conference on web services, pp. 43–50.

22.

Martin, J. A., & Pimentel, E. (2011). Contracts for security adaptation. The Journal of Logic and Algebraic Programming, 80, 154–179.CrossRefMATH

23.

Casola, V., Mancini, E. P., Mazzocca, N., Rak, M., & Villano, U. (2008). Self-optimization of secure Web services. Journal of Computer Communications, 31, 4312–4323.CrossRef

24.

Robinson, P., Kerschbaum, F., & Schaad, A. (2006). From business process choreography to authorization policies. Lecture Notes in Computer Science, 4127, 297–309.CrossRef

25.

Menzel, M., Thomas, I., & Meinel, C. (2009). Security requirements specification in service-oriented business process management. In Proceedings of 2009 international conference on availability, reliability and security, pp. 41–48.

26.

Menzel, M., & Meinel, C. (2009). A security meta-model for service-oriented architectures. In Proceedings of 2009 IEEE International Conference on Services Computing, pp. 251–259.

27.

Lin, D., Rao, P., Bertino, E., Li, N., & Lobo, J. (2010). EXAM—A comprehensive environment for the analysis of access control policies. International Journal Information Security, 9, 253–273.CrossRef

28.

Horrocks, I., Patel-Schneider, P. F., Boley, H., Tabet, S., Grosof, B., & Dean, M. (2004) SWRL: A semantic Web rule language combining OWL and RuleML. W3C. http://www.w3.org/Submission/2004/SUBM-SWRL-20040521/. Accessed 23 July 2012.

Title: Rule-Based Security Capabilities Matching for Web Services
Authors: Bo Yu
Lin Yang
Yongjun Wang
Bofeng Zhang
Yuan Cao
Linru Ma
Xiangyang Luo
Publication date: 01-12-2013
Publisher: Springer US
Published in: Wireless Personal Communications / Issue 4/2013
Print ISSN: 0929-6212
Electronic ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-013-1254-1

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 4/2013

User Requirement Analysis and IT Framework Design for Smart Airports

An Adaptable Job Submission System Based on Moderate Price-Adjusting Policy in Market-Based Grids

A Semantic Approach for Transforming XML Data into RDF Ontology

Technology Acceptance Model for the Use of Tablet PCs

Advanced Information Technologies in Future Computing Environments

Contents Recommendation Method Using Social Network Analysis