A static approach is proposed to study secure composition of services. We extend the λ-calculus with primitives for selecting and invoking ser- vices that respect given security requirements. Security-critical code is en- closed in policy framings with a possibly nested, local scope. Policy fram- ings enforce safety and liveness properties. The actual run-time behaviour of services is over-approximated by a type and effect system. Types are standard, and effects include the actions with possible security concerns — as well as information about which services may be invoked at run-time. An approximation is model-checked to verify policy framings within their scopes. This allows for removing any run-time execution monitor, and for determining the plans driving the selection of those services that match the security requirements on demand.

Planning and verifying service composition

BARTOLETTI, MASSIMO;DEGANO, PIERPAOLO;FERRARI, GIAN-LUIGI;ZUNINO, ROBERTO
2009

Abstract

A static approach is proposed to study secure composition of services. We extend the λ-calculus with primitives for selecting and invoking ser- vices that respect given security requirements. Security-critical code is en- closed in policy framings with a possibly nested, local scope. Policy fram- ings enforce safety and liveness properties. The actual run-time behaviour of services is over-approximated by a type and effect system. Types are standard, and effects include the actions with possible security concerns — as well as information about which services may be invoked at run-time. An approximation is model-checked to verify policy framings within their scopes. This allows for removing any run-time execution monitor, and for determining the plans driving the selection of those services that match the security requirements on demand.
Bartoletti, Massimo; Degano, Pierpaolo; Ferrari, GIAN-LUIGI; Zunino, Roberto
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11568/196809
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 30
  • ???jsp.display-item.citation.isi??? ND
social impact