Towards a Formal Framework for Developing Secure Web Services

Haidar, Ali Nasrat and Abdallah, Ali E. (2006) Towards a Formal Framework for Developing Secure Web Services. In: Automated Specification and Verification of Web Systems, 2006. WWV '06. 2nd International Workshop. IEEE Conference Publications, pp. 61-70. ISBN 0-7695-2826-0

Full text not available from this repository. (Request a copy)

Abstract

In this paper, we experiment with use of a formal framework for developing secure Web services (WSs) from components. The framework focuses on separating security requirements from the functional ones. For each component, the approach makes use of two complementary models: one is state-based, described in Z, and the other is event-based, expressed in Hoare's communicating sequential processes (CSP) process algebra. The former is particularly useful to capture persistent data and model "back-end" operations whereas the latter is particularly useful to model behaviour, and in particular, "front-end" interactions and communications. The whole system can then be seen in Z as a combination of the constituent components. In CSP the software architecture of the whole system could be viewed as a parallel composition of appropriate customization of the behaviour of relevant components. The CSP descriptions can be implemented as Web services using current technologies such as Java 2 Enterprise Edition (J2EE) and Microsoft's .NET framework. We illustrate this approach with a case study for a conference management system. With this approach, it is possible to specify the core functionalities of a system independently from the security mechanisms. Authentication and authorization are viewed as components which are carefully integrated with the global system

Item Type: Book Section
Uncontrolled Keywords: authorization, secure Web services, communicating sequential processes, process algebra, front-end interactions, front-end communications, security mechanisms, authentication , Web services, Authentication, Simple object access protocol, Authorization, Business, XML, Proposals, Buildings, Data security, Algebra
Subjects: G400 Computer Science
Divisions: Faculty of Computing, Engineering and the Built Environment
Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology
Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology > Cyber Security
UoA Collections > UoA11: Computer Science and Informatics
Depositing User: Oana-Andreea Dumitrascu
Date Deposited: 06 Apr 2017 14:53
Last Modified: 06 Apr 2017 14:53
URI: http://www.open-access.bcu.ac.uk/id/eprint/4216

Actions (login required)

View Item View Item

Research

In this section...