Preventing data leakage in service orchestration

Abstract : Web Services are currently the base of a lot a ecommerce applications. Nevertheless, clients often use these services without knowing anything about their internals. Moreover, they have no clue about the use of their personal data inside the global applications. In this paper, we offer the opportunity to the user to specify constraints on the use of its personal data. To ensure the privacy of data at runtime, we define a distributed security policy model. This policy is configured at runtime by the user of the BPEL program. This policy is enforced within a BPEL interpreter, and ensures that no information flow can be produced from the user data to unauthorized services. However, the dynamic aspects of web services lead to situations where the policy prohibits the nominal operation of orchestration (e.g., when using a service that is unknown by the user). To solve this problem, we propose to let user to dynamically permit exceptional unauthorized flows. In order to make decision, the user is provided with all information necessary for decisionmaking. We also present an implementation inside the Orchestra BPEL interpreter. As far as we know this implementation is the first information flow monitor for web services that is also enduser configurable.
Document type :
Conference papers
Complete list of metadatas

Cited literature [9 references]  Display  Hide  Download

https://hal-supelec.archives-ouvertes.fr/hal-00657796
Contributor : Anne Cloirec <>
Submitted on : Monday, January 9, 2012 - 11:46:28 AM
Last modification on : Thursday, December 13, 2018 - 8:06:02 PM
Long-term archiving on : Tuesday, December 13, 2016 - 8:44:04 PM

File

ias2011-2.pdf
Files produced by the author(s)

Identifiers

Citation

Thomas Demongeot, Eric Totel, Valérie Viet Triem Tong, Yves Le Traon. Preventing data leakage in service orchestration. IAS 2011, Dec 2011, Malacca, Malaysia. 6 p., ⟨10.1109/ISIAS.2011.6122806⟩. ⟨hal-00657796⟩

Share

Metrics

Record views

944

Files downloads

256