Posted on by Achim D. Brucker, licensed under CC BY-ND 4.0.

Monitoring Security in Service Compositions

Enforcing the secure execution of BPMN-based service composition required a flexible monitoring and enforcement approach that allows to control the compliance of the highly dynamic system during run-time.

To address the challenges crated by combining loosely coupled services that are offered and operated by different service providers, we developed a framework for monitoring services at run-time and ensuring that services behave as they have promised. In particular, we focus on monitoring nonfunctional properties that are specified within an agreed security contract. The novelty of our work is based on the way in which monitoring information can be combined from multiple dynamic services to automate the monitoring of business processes and proactively report compliance violations.

The security policy enforcement and monitoring framework

Our framework allows to both specify policy diagrammatically and by using a textual policy language. Moreover, the framework supports the enables monitoring of both atomic and composite services.

Want to learn the details or read our case study? Have a look at our latest paper in the Journal of Software: Evolution and Process [1].

PS: The monitoring framework works nicely together with our tools for End-to-End Secure Service Compositions.


M. Asim, A. Yautsiukhin, A. D. Brucker, T. Baker, Q. Shi, and B. Lempereur, “Security policy monitoring of BPMN-based service compositions,” Journal of Software: Evolution and Process, 2018, doi: 10.1002/smr.1944.

Welcome to the blog of the Software Assurance & Security Research Team at the University of Exeter. We blog regularly news, tips & tricks, as well as fun facts about software assurance, reliability, security, testing, verification, hacking, and logic.

You can also follow us on Twitter: @logicalhacking.




academia ai android apidesign appsec bitcoin blockchain bpmn browser browserextensions browsersecurity bug certification chrome composition cordova dast devops devsecops dom dsbd efsm epsrc event extensions fixeffort floss formaldocument formalmethods funding hol-ocl hol-testgen humanfactor hybridapps iast industry internetofthings iot isabelle/hol isabelledof isadof latex logic maintance malicous mbst mobile mobile apps modelinference modeling monads monitoring msc ocl ontology opensource owasp patches pet phd phdlife phishing policy protocols publishing reliability research safelinks safety sap sast sdlc secdevops secureprogramming security securityengineering securitytesting semantics servicecomposition skills smartcontract smartthings softwareeinginering softwaresecurity softwaresupplychain solidity staff&positions statemachine studentproject tcb test&proof testing tips&tricks tools transport tuos uk uoe upgrade usability verification vulnerabilities vulnerableapplication webinar websecurity


blog whole site