Compliance Validation of Secure Service Compositions

By Achim D. Brucker, Luca Compagna, and Pierre Guilleminot.

The Aniketos Secure Composition Framework supports the specification of secure and trustworthy composition plans in term of BPMN. The diversity of security and trust properties that is supported by the Aniketos framework allows, on the one hand, for expressing a large number of security and compliance requirements. On the other hand, the resulting expressiveness results in the risk that high-level compliance requirements (, separation of duty) are not implemented by low-level security means (, role-based access control configurations).

In this chapter, we present the Composition Security Validation Module (CSVM). The CSVM provides a service for checking the compliance of secure and trustworthy composition plans to the service designer. As proof-of-concept we created a prototype in which the CSVM module is deployed on the SAP NetWeaver Cloud and two CSVM Connectors are built supporting two well-known BPMN tools: SAP NetWeaver BPM and Activiti Designer.

Keywords:
Validation, Security, BPMN, SecureBPMN, Compliance

Please cite this work as follows:
A. D. Brucker, L. Compagna, and P. Guilleminot, “Compliance validation of secure service compositions,” in Secure and trustworthy service composition: The aniketos approach, A. D. Brucker, F. Dalpiaz, P. Giorgini, P. H. Meland, and E. Rios, Eds. Heidelberg: Springer-Verlag, 2014, pp. 136–149. doi: 10.1007/978-3-319-13518-2_10. Author copy: http://logicalhacking.com/publications/brucker.ea-aniketos-compliance-2014/

BibTeX
@InCollection{ brucker.ea:aniketos-compliance:2014,
  author    = {Achim D. Brucker and Luca Compagna and Pierre Guilleminot},
  title     = {Compliance Validation of Secure Service Compositions},
  areas     = {security, software},
  editor    = {Achim D. Brucker and Fabiano Dalpiaz and Paolo Giorgini and
               Per H{\aa}kon Meland and Erkuden {Rios}},
  booktitle = {Secure and Trustworthy Service Composition: The Aniketos
               Approach},
  publisher = {Springer-Verlag },
  address   = {Heidelberg },
  series    = {Lecture Notes in Computer Science : State of the Art
               Surveys},
  number    = {8900},
  doi       = {10.1007/978-3-319-13518-2_10},
  isbn      = {978-3-319-13517-5},
  year      = {2014},
  pages     = {136--149},
  keywords  = {Validation, Security, BPMN, SecureBPMN, Compliance},
  abstract  = {The Aniketos Secure Composition Framework supports the
               specification of secure and trustworthy composition plans in
               term of BPMN. The diversity of security and trust properties
               that is supported by the Aniketos framework allows, on the one
               hand, for expressing a large number of security and compliance
               requirements. On the other hand, the resulting expressiveness
               results in the risk that high-level compliance requirements
               (\eg, separation of duty) are not implemented by low-level
               security means (\eg, role-based access control
               configurations).
               
               In this chapter, we present the Composition Security
               Validation Module (CSVM). The CSVM provides a service for
               checking the compliance of secure and trustworthy composition
               plans to the service designer. As proof-of-concept we created
               a prototype in which the CSVM module is deployed on the SAP
               NetWeaver Cloud and two CSVM Connectors are built supporting
               two well-known BPMN tools: SAP NetWeaver BPM and Activiti
               Designer.},
  note      = {Author copy: \url{http://logicalhacking.com/publications/brucker.ea-aniketos-compliance-2014/}},
}