Preventing data leakage in service orchestration - CentraleSupélec Accéder directement au contenu
Communication Dans Un Congrès Année : 2011

Preventing data leakage in service orchestration

Résumé

Web Services are currently the base of a lot a ecommerce applications. Nevertheless, clients often use these services without knowing anything about their internals. Moreover, they have no clue about the use of their personal data inside the global applications. In this paper, we offer the opportunity to the user to specify constraints on the use of its personal data. To ensure the privacy of data at runtime, we define a distributed security policy model. This policy is configured at runtime by the user of the BPEL program. This policy is enforced within a BPEL interpreter, and ensures that no information flow can be produced from the user data to unauthorized services. However, the dynamic aspects of web services lead to situations where the policy prohibits the nominal operation of orchestration (e.g., when using a service that is unknown by the user). To solve this problem, we propose to let user to dynamically permit exceptional unauthorized flows. In order to make decision, the user is provided with all information necessary for decisionmaking. We also present an implementation inside the Orchestra BPEL interpreter. As far as we know this implementation is the first information flow monitor for web services that is also enduser configurable.
Fichier principal
Vignette du fichier
ias2011-2.pdf (182.12 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-00657796 , version 1 (09-01-2012)

Identifiants

Citer

Thomas Demongeot, Eric Totel, Valérie Viet Triem Tong, Yves Le Traon. Preventing data leakage in service orchestration. IAS 2011, Dec 2011, Malacca, Malaysia. 6 p., ⟨10.1109/ISIAS.2011.6122806⟩. ⟨hal-00657796⟩
343 Consultations
256 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More