JSEA  Vol.4 No.1 , January 2011
Security Engineering of SOA Applications Via Reliability Patterns
ABSTRACT
Providing reliable compositions of Web Services is a challenging issue since the workflow architect often has only a limited control over the reliability of the composed services. The architect can instead achieve reliability by properly planning the workflow architecture. To this end he must be able to evaluate and compare the reliability of multiple architectural solutions. In this paper we present a useful tool which allows to conduct reliability analysis on planned workflows, as well as to compare the reliability of alternative solutions in a what-if analysis. The tool is implemented as a plug-in for the widely adopted Active BPEL Designer and exploits the concept of reliability pattern to evaluate the reliability formula of the workflow. The effectiveness of the approach and the operation of the tool are demonstrated with respect to a case study of a business security infrastructure realized by orchestrating simple security services.

Cite this paper
nullL. Coppolino, L. Romano and V. Vianello, "Security Engineering of SOA Applications Via Reliability Patterns," Journal of Software Engineering and Applications, Vol. 4 No. 1, 2011, pp. 1-8. doi: 10.4236/jsea.2011.41001.
References
[1]   L. Cherbakov, G. Galambos, R. Harishankar, S. Kalyana, and G. Rackham, “Impact of Service Orientation at the Business Level,” IBM Systems Journal, Vol. 44, No. 4, 2005, pp. 653-668. doi:10.1147/sj.444.0653

[2]   L. Zeng, B. Benatallah, A. Ngu, M. Dumas, J. Kalagnanam and H. Chang, “QoS-Aware Middleware for Web Services Composition,” IEEE Transactions on Software Engineering, Vol. 30, No. 5, May 2004, pp. 311-327. doi: 10.1109/TSE.2004.11

[3]   BIGSF, “Government Web Application Integrity,” The Business Internet Group, San Francisco, 2003.

[4]   S. Bhiri, O. Perrin and C. Godart, “Ensuring Required Failure Atomicity of Composite Web Services,” Proceedings of the International World Wide Web Conference (WWW’05), Chiba, 2005, pp. 138-147.

[5]   “Will Reliability Kill the Web Service Composition?” 2010. http://www.cs.rutgers.edu/rmartin/teaching/spring 04/cs553/papers/009.pdf

[6]   J. Cardoso, A. Sheth, J. Miller, J. Arnold and K. Kochut, “Quality of Service for Workflows and Web Service Pro- cesses,” Web Semantics: Science, Services and Agents on the World Wide Web, Vol. 1, No. 3, April 2004, pp. 281-308. doi:10.1016/j.websem.2004.03.001

[7]   N. Russell, A. H. ter Hofstede, W. M. van der Aalst and N. Mulyar, “Workflow Control-Flow Patterns: A Revised View,” BPM Center Report BPM-06-22, BPMcenter.org, 2006.

[8]   W. M. P van der Aalst, A. H. M. ter Hofstede, B. Kie- Puszewski and A. P. Barros, “Workflow Patterns,” Distri- buited and Parallel Database, Vol. 14, No. 3, 2003, pp. 5-51.

[9]   Y. Qian, Y. Xu, Z. Wang, G. Pu, H. Zhu and C. Cai, “Tool Support for BPEL Verification in ActiveBPEL Engine,” Proceeding of 18th Australian Software Engineering Conference (ASWEC 2007), Australia, 2007, pp. 90-100. doi:10.1109/ASWEC.2007.50

[10]   “WS-BPEL Specification,” http://www.oasis-open.org/committees/tchome.php?wgabbrev=sbpel(lastaccessed30/11/2010)OASISSecurityAssertionMarkupLanguage(SAML), http://www.oasis?open.org/committees/tchome.php?wgabbrev =security(last accessed30/11/2010)

[11]   E. Gamma, R. Helm, R. Johnson and J. Vlissides, “Design Pattern—Elements of Reusable Object-Oriented Software,” Addison-Wesley, Menlo Park, California 1995.

[12]   S. Bhiri, O. Perrin and C. Godart, “Extending Workflow Patterns with Transactional Dependencies to Define Re- Liable Composite Web Services,” Proceedings of the Ad- vanced International Conference on Telecommunications and International Conference on Internet and Web Applications and Services, Guadeloupe, 2006.

[13]   L. Coppolino, L. Romano, N. Mazzocca and S. Salvi, “Web Services Workflow Reliability Estimation Through Reliability Patterns,” Proceedings of the 3rd International Conference on Security and Privacy in Communications Networks and the Workshops, (SecureComm'07), 2007, pp.107-115.

[14]   F. Campanile, L. Coppolino, S. Giordano and L. Romano, “A Business Process Monitor for a Mobile Phone Re- charging System,” Journal of System Architecture, Vol. 54, No. 9, 2008, pp. 843-848. doi:10.1016/j.sysarc.2008. 02.005

[15]   “The WS-Federation Specification,” 2010, http://msdn2.microsoft.com/enus/library/ms951236.aspx

[16]   “OASIS Security Assertion Markup Language (SAML),” http://www.oasis-open.org/committees/tc_home.php?wg_abbrev = security (last accessed 30/11/2010)

[17]   “MathEclipse Project,” 2010, http://sourceforge.net/projects/matheclipse/

[18]   P. Chan, M. Lyu and M. Malek, “Making Services Fault Tolerant,” Lecture Notes in Computer Science, Vol. 4328, pp. 43-61, 2006. doi:10.1007/11955498_4

 
 
Top