Locations of visitors to this page

Web Service Security and Privacy

Today the Web is the main means by which companies and organizations are carrying on their business. The central role that the Web is currently playing in business world has forced many companies to reorganize their businesses by adopting the Web service paradigm. For this reason, we are currently investigating security and privacy issues in Web services. The research activities in this area follow two main directions.

Web Service Composition

The first research direction is related to security issues in Web service composition. Both Web services requestors and providers may have security requirements that must be taken into account when composing Web services. We refer to Web service composition driven by security requirements as security conscious composition. Such constraints must be carefully considered when composing Web services, since they can drive the composition process. A result of our research efforts is the definition of a brokered architecture for composing Web services according to the specified security constraints. Related to Web service composition, we have also investigated the problem of how to enforce a correct and secure deployment of the composition. Typically, a composite Web service provider exposes the workflow description and it is responsible for the centralized execution of the overall process which is described. Our aim is to provide a decentralized mechanism and a related supporting framework according to which the execution of the overall process is not always in charge of a single entity, rather the execution is as much as possible delegated to participating Web services, by, at the same time, ensuring the correctness of the control flow as well as the main security requirements. In particular, our framework ensures that the deployment will be carried on by: (a) following the control fow described in the corresponding WS-BPEL document; (b) effectively executing all operations of the workflow; (c) ensuring that a web service accesses only those information strictly necessary for correctly executing the invoked operations.

Related publications

PDF Towards Secure Execution Orders for Composite Web Services (2007)

Joachim Biskup, Barbara Carminati, Elena Ferrari, Frank Müller, Sandra Wortmann

Proceedings: IEEE International Conference on Web Services (ICWS 2007), pp. 489–496, 2007

PDF Security Conscious Web Service Composition with Semantic Web Support (2007)

Barbara Carminati, Elena Ferrari, Ryan Bishop, Patrick C. K. Hung

Proceedings: ICDE Workshops 2007, pp. 695–704, 2007

PDF Security Conscious Web Service Composition (2006)

Barbara Carminati, Elena Ferrari, Patrick C. K. Hung

Proceedings: IEEE International Conference on Web Services (ICWS 2006), pp. 489–496, 2006

Privacy in Web Service Architecture

Another area of research is related to privacy. We have investigated these issues in Web services discovery agencies in the context of the publish and find Web services paradigm. As a result, we have proposed different technical approaches to tackle the privacy issues of publishing service descriptions at UDDI registries.

Related publications

PDF Exploring Privacy Issues in Web Services Discovery Agencies (2005)

Barbara Carminati, Elena Ferrari, Patrick C. K. Hung

IEEE Security & Privacy 3(5):14–21, 2005.

PDF Merkle Tree Authentication in UDDI Registries (2004)

Elisa Bertino, Barbara Carminati, Elena Ferrari

International Journal of Web Services Research 1(2):37–57, 2004.

The documents distributed by this server have been provided by the contributing authors as a means to ensure timely dissemination of scholarly and technical work on a noncommercial basis. Copyright and all rights therein are maintained by the authors or by other copyright holders, notwithstanding that they have offered their works here electronically. It is understood that all persons copying this information will adhere to the terms and constraints invoked by each author's copyright. These works may not be reposted without the explicit permission of the copyright holder.

Credits: Icons by http://ldodds.com, http://dryicons.com, http://kalsey.com, http://pooliestudios.com, http://www.askthecssguy.com