Modelling, Validating, and Ranking of Secure Service Compositions

By Achim D. Brucker, Bo Zhou, Francesco Malmignati, Qi Shi, and Madjid Merabti.

In the world of large-scale applications, software-as-a-service (SaaS) in general and use of micro-services, in particular, is bringing service-oriented architectures (SOA) to a new level: systems in general and systems that interact with human users (e.g., socio-technical systems) in particular are built by composing micro-services that are developed independently and operated by different parties. At the same time, SaaS applications are used more and more widely by enterprises as well as public services for providing critical services, including those processing security or privacy of relevant data. Therefore providing secure and reliable service compositions is increasingly needed to ensure the success of SaaS solutions. Building such service compositions securely, is still an unsolved problem. In this paper, we present a framework for modelling, validating, and ranking secure service compositions that integrate both automated services as well as services that interact with humans. As a unique feature, our approach for ranking services integrates validated properties (e. g., based on the result of formally analysing the source code of a service implementation) as well as contractual properties that are part of the service- level-agreement and, thus, not necessarily ensured on a technical level.

Keywords:
Service Design, Human-Centred Service Compositions, Service Modelling, Service Deployment, Service Ranking, Secure Service Composition, Service Availability, SecureBPMN

Please cite this work as follows:
A. D. Brucker, B. Zhou, F. Malmignati, Q. Shi, and M. Merabti, “Modelling, validating, and ranking of secure service compositions,” Software: Practice and Expierence (SPE), vol. 47, pp. 1912–1943, Dec. 2017, doi: 10.1002/spe.2513. Author copy: http://logicalhacking.com/publications/brucker.ea-secure-services-2017/

BibTeX
@Article{ brucker.ea:secure-services:2017,
  author    = {Achim D. Brucker and Bo Zhou and Francesco Malmignati and Qi
               Shi and Madjid Merabti},
  journal   = {Software: Practice and Expierence (SPE)},
  publisher = {John Wiley \& Sons },
  address   = {},
  language  = {USenglish},
  title     = {Modelling, Validating, and Ranking of Secure Service
               Compositions},
  volume    = {47},
  issue     = {12},
  month     = {dec},
  pages     = {1912--1943},
  year      = {2017},
  areas     = {security, software},
  doi       = {10.1002/spe.2513},
  keywords  = {Service Design, Human-Centred Service Compositions, Service
               Modelling, Service Deployment, Service Ranking, Secure Service
               Composition, Service Availability, SecureBPMN},
  abstract  = {In the world of large-scale applications,
               software-as-a-service (SaaS) in general and use of
               micro-services, in particular, is bringing service-oriented
               architectures (SOA) to a new level: systems in general and
               systems that interact with human users (e.g., socio-technical
               systems) in particular are built by composing micro-services
               that are developed independently and operated by different
               parties. At the same time, SaaS applications are used more and
               more widely by enterprises as well as public services for
               providing critical services, including those processing
               security or privacy of relevant data. Therefore providing
               secure and reliable service compositions is increasingly
               needed to ensure the success of SaaS solutions. Building such
               service compositions securely, is still an unsolved problem.
               In this paper, we present a framework for modelling,
               validating, and ranking secure service compositions that
               integrate both automated services as well as services that
               interact with humans. As a unique feature, our approach for
               ranking services integrates validated properties (e. g., based
               on the result of formally analysing the source code of a
               service implementation) as well as contractual properties that
               are part of the service- level-agreement and, thus, not
               necessarily ensured on a technical level.},
  note      = {Author copy: \url{http://logicalhacking.com/publications/brucker.ea-secure-services-2017/}},
}