Using information flow analysis to detect implicit information leaks for web service composition

被引:0
|
作者
Jia-xin Jiang
Zhi-qiu Huang
Wei-wei Ma
Yan Cao
机构
[1] Nanjing University of Aeronautics and Astronautics,College of Computer Science and Technology
[2] Collaborative Innovation Center of Novel Software Technology and Industrialization,undefined
来源
Frontiers of Information Technology & Electronic Engineering | 2018年 / 19卷
关键词
Information flow analysis; Business process execution language; Petri net; Interference; TP311;
D O I
暂无
中图分类号
学科分类号
摘要
Information leak, which can undermine the compliance of web-service-composition business processes for some policies, is one of the major concerns in web service composition. We present an automated and effective approach for the detection of implicit information leaks in business process execution language (BPEL) based on information flow analysis. We introduce an adequate meta-model for BPEL representation based on a Petri net for transformation and analysis. Building on the concept of Petri net place-based noninterference, the core contribution of this paper is the application of a Petri net reachability graph to estimate Petri net interference and thereby to detect implicit information leaks in web service composition. In addition, a case study illustrates the application of the approach on a concrete workflow in BPEL notation.
引用
收藏
页码:494 / 502
页数:8
相关论文
共 50 条
  • [31] Certified Information Flow Analysis of Service Implementations
    Heinze, Thomas S.
    Tuerker, Jasmin
    2018 IEEE 11TH CONFERENCE ON SERVICE-ORIENTED COMPUTING AND APPLICATIONS (SOCA), 2018, : 177 - 184
  • [32] Constructing information service platform for the Digital Basin using the web service
    Zhou, XF
    Wang, ZJ
    Ai, P
    Li, SJ
    DCABES 2002, PROCEEDING, 2002, : 310 - 313
  • [33] A Statistical Test for Information Leaks Using Continuous Mutual Information
    Chothia, Tom
    Guha, Apratim
    2011 IEEE 24TH COMPUTER SECURITY FOUNDATIONS SYMPOSIUM (CSF), 2011, : 177 - 190
  • [34] A Web Service approach to Grid information service
    Poompatanapong, W
    Piyatamrong, B
    ICWS'03: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON WEB SERVICES, 2003, : 420 - 423
  • [35] Preserving privacy in the web by using information flow control
    Hutter, Dieter
    LONG-TERM AND DYNAMICAL ASPECTS OF INFORMATION SECURITY: EMERGING TRENDS IN INFORMATION AND COMMUNICATION SECURITY, 2007, : 29 - 44
  • [36] A Study on Web Service Analysis and Bio-information based Web Service Security Mechanism
    Lee, Seong-Hoon
    INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2014, 8 (02): : 77 - 86
  • [37] A Framework for Secure Information Flow Analysis in Web Applications
    Adaimy, Ralph
    El-Hajj, Wassim
    Ben Brahim, Ghassen
    Hajj, Hazem
    Safa, Haidar
    2015 IEEE 29th International Conference on Advanced Information Networking and Applications (IEEE AINA 2015), 2015, : 434 - 441
  • [38] Detecting Privacy Leaks in Android Apps using Inter-Component Information Flow Control Analysis
    Bohluli, Zohreh
    Shahriari, Hamid Reza
    2018 15TH INTERNATIONAL ISC (IRANIAN SOCIETY OF CRYPTOLOGY) CONFERENCE ON INFORMATION SECURITY AND CRYPTOLOGY (ISCISC), 2018,
  • [39] Pinpointing side-channel information leaks in web applications
    Mather, Luke
    Oswald, Elisabeth
    JOURNAL OF CRYPTOGRAPHIC ENGINEERING, 2012, 2 (03) : 161 - 177
  • [40] Integration service for biological information resources using agent service to web service gateway
    Jin, H
    Kim, IC
    Fourth Annual ACIS International Conference on Computer and Information Science, Proceedings, 2005, : 659 - 663
12345