Security Policy Monitoring of Composite Services

By Muhammad Asim, Artsiom Yautsiukhin, Achim D. Brucker, Brett Lempereur, and Qi Shi.

One important challenge the Aniketos platform has to address is the effective monitoring of services at runtime to ensure that services behave as promised. A service developer plays the role that is responsible for constructing service compositions and the service provider is responsible for offering them to consumers of the Aniketos platform. Typically, service consumers will have different needs and requirements; they have varying business goals and different expectations from a service, for example in terms of functionality, quality of service and security needs. Given this, it is important to ensure that a service should deliver for which it has been selected and should match the consumer’s expectations. If it fails, the system should take appropriate subsequent reactions, e.g., notifications to the service consumer or service designer. In this chapter, we present the policy-driven monitoring framework which is developed as part of the Aniketos project. The monitoring framework allows different user-specified policies to be monitored simultaneously. The monitor- ing is performed at the business level, as well as at the implementation level, which allows for checking the policies of composite services as well as atomic ones. The framework sends an alarm in case of policy violation to notify the interested parties and triggers re-composition or re-configuration of the service.

Keywords:
Monitoring, Secure Service Composition, Security Policy, Complex Event Processing, SOA, BPMN

Please cite this work as follows:
M. Asim, A. Yautsiukhin, A. D. Brucker, B. Lempereur, and Q. Shi, “Security policy monitoring of composite services,” in Secure and trustworthy service composition: The aniketos approach, A. D. Brucker, F. Dalpiaz, P. Giorgini, P. H. Meland, and E. Rios, Eds. Heidelberg: Springer-Verlag, 2014, pp. 192–202. doi: 10.1007/978-3-319-13518-2_13. Author copy: http://logicalhacking.com/publications/asim.ea-aniketos-monitoring-2014/

BibTeX
@InCollection{ asim.ea:aniketos-monitoring:2014,
  author    = {Muhammad Asim and Artsiom Yautsiukhin and Achim D. Brucker
               and Brett Lempereur and Qi Shi},
  title     = {Security Policy Monitoring of Composite Services},
  areas     = {security, software},
  editor    = {Achim D. Brucker and Fabiano Dalpiaz and Paolo Giorgini and
               Per H{\aa}kon Meland and Erkuden {Rios}},
  booktitle = {Secure and Trustworthy Service Composition: The Aniketos
               Approach},
  publisher = {Springer-Verlag },
  address   = {Heidelberg },
  series    = {Lecture Notes in Computer Science : State of the Art
               Surveys},
  number    = {8900},
  doi       = {10.1007/978-3-319-13518-2_13},
  isbn      = {978-3-319-13517-5},
  year      = {2014},
  pages     = {192--202},
  keywords  = {Monitoring, Secure Service Composition, Security Policy,
               Complex Event Processing, SOA, BPMN},
  abstract  = {One important challenge the Aniketos platform has to address
               is the effective monitoring of services at runtime to ensure
               that services behave as promised. A service developer plays
               the role that is responsible for constructing service
               compositions and the service provider is responsible for
               offering them to consumers of the Aniketos platform.
               Typically, service consumers will have different needs and
               requirements; they have varying business goals and different
               expectations from a service, for example in terms of
               functionality, quality of service and security needs. Given
               this, it is important to ensure that a service should deliver
               for which it has been selected and should match the consumer's
               expectations. If it fails, the system should take appropriate
               subsequent reactions, e.g., notifications to the service
               consumer or service designer. In this chapter, we present the
               policy-driven monitoring framework which is developed as part
               of the Aniketos project. The monitoring framework allows
               different user-specified policies to be monitored
               simultaneously. The monitor- ing is performed at the business
               level, as well as at the implementation level, which allows
               for checking the policies of composite services as well as
               atomic ones. The framework sends an alarm in case of policy
               violation to notify the interested parties and triggers
               re-composition or re-configuration of the service.},
  note      = {Author copy: \url{http://logicalhacking.com/publications/asim.ea-aniketos-monitoring-2014/}},
}