William Song,Deren Chen,Jen-Yao Chung

DOI: https://doi.org/10.1504/ijeb.2006.010866

2006-01-01

International Journal of Electronic Business

Abstract:The introduction of the semantic web and web service technologies enables business processes, modelling and management to enter an entirely new stage. Traditional web-based business data and transactions can now be extracted to discover new business rules and strategies. Methods equipped with business policies and processes will construct services, workflows, and software functions. As a service intensive activity, micro-payment has many tasks involving different forms of services. Through analysing web service issues for micro-payment systems, we will investigate, discuss and illustrate how the web services technology support and transform the business process and integration model and produce various service flows.

邓水光,吴朝晖,俞镇

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.09.005

2004-01-01

Abstract:A time model for service-based workflow was proposed after analyzing the difference on autonomy and dynamism between traditional workflow and service-based workflow.[Time management is a critical component for workflow management. Because services are autonomous and transparent to their users, it is difficult for process managers to get structure and time information in service-based processes.] In the proposed time model, a process is divided into a public and a private part. The former contains the details of the process, such as all the time and structure information; the latter is abstracted from the former and only involves the nessassary information. An algorithm with polynomial complexity was presented to generate the public part of the process from its private one. Using this time model, process managers can conveniently carry out time management based on the public part of the model without knowing the inner detail information of the (corresponding) private part. Thus, this model ensures the security of processes.

Di Wu,Yabo Dong,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11563952_52

2005-01-01

Abstract:The fast development of E-Commerce and information technology brings much higher requirements for enterprise informationization. Because of the differences in platforms, development languages and standards etc, enterprise application integration (EAI) has become the important form of enterprise informationization to support complex business processes. Web services have emerged as the next generation of integration technology which provides the power to support interoperability. However EAI doesn’t just present new interoperability challenges; it also presents serious privacy and security challenges. This paper presents security architecture of Web Services based EAI which uses distributed Single Sign On authentication and distributed Role-based Access Control authorization. The basic concept and prototype system of the security architecture are described in detail.

Fuwei Fan,Ying Li,Shuiguang Deng

DOI: https://doi.org/10.1109/cscwd.2007.4281495

2007-01-01

Abstract:Recently Web service composition is a hot research spot, but there is no any transitional management issues concerned, including the time management. The time management is a crucial issue in web service composition. This paper presents a time management model for the environment. In this model a service should provide necessary time value,. In this way Web service definition language will be expanded, and time management in web service composition can be simplified. On the other hand, it preserves the autonomy of the web services.

Jingfan Tang,Zhijun He

DOI: https://doi.org/10.1109/cscwd.2006.253075

2006-01-01

Abstract:This paper presents a novel model to support security in dynamic cooperation of cross-enterprise services. With the extended WSDL description and through the replication technique, the service replica can be dynamically deployed and executed on the optimum cross-enterprise server, which is selected from the registered servers in the enhanced UDDI center according to the server evaluation function. In order to ensure the safety and dynamically sharing of the cross-enterprise resources among the Web services, a security mechanism of trusted right delegation is introduced

Z Yu,Sg Deng,Zh Wu

DOI: https://doi.org/10.1109/CACWD.2004.1349055

2004-01-01

Abstract:The time management is a crucial issue in the service-based, loose-coupled workflows. This paper presents a time model for service-based workflows. In this model a service is divided into two parts, public part and private part. Then in this way time management in service-based workflows can be simplified. On the other hand, it preserves the autonomy of the workflow services.

Yu Zhiwei,Tang Rengzhong,Jia Dongjiao,Ye Fanbo

DOI: https://doi.org/10.3321/j.issn:1004-132X.2007.04.021

2007-01-01

Abstract:To identify the security requirements of information systems, a business process-based security requirement analysis method was presented. Focused on the business process security, the related assets which affect the business process security were identified by security tree model. The security requirements of assets were identified by risk packet and risk transferring model, and then the security requirements list was formed after coverage analysis. Finally, a case was studied to illustrate the proposed method.

Hao Li,Yangjian Ji,Xinjian Gu,Guoning Qi,Renzhong Tang

DOI: https://doi.org/10.1016/j.compind.2012.02.015

IF: 10

2012-01-01

Computers in Industry

Abstract:Due to customers' constantly increasing demand for personalized products and services, manufacturing enterprises must provide more diverse physical products and services in the product sale stage. However, the massive diversity of personalized products and services offered leads to the internal diversification of products and services, which greatly increases production costs. The application of the modular method can effectively improve the reusability of a product or service, and reduce internal diversification of the product and service. In this paper, the interactive modular design process is established by the analysis of the relationship between a product or service of integrated service product (ISP) and the analysis of the physical module and service module. This paper deals with the module partition principle of ISP, puts forward the three-stages module partition processes and methods, mainly including service module partition processes based on the ''Top-Down'' and ''Bottom-Up'' methods, the physical module partition process based on the ''Top-Down'', and the module partition methods based on Quality Function Deployment and mapping matrix. Finally, a case study is done on an electric power transformer using proposed principle and methods, and the processes and methods can achieve the interactive module partition of ISP.

Xingdong Shi,Weili Han,Yinsheng Li,Ying Huang

DOI: https://doi.org/10.1109/CIT.2005.166

2005-01-01

Abstract:Enterprises are driven to be more responsive with flexible information systems to meet dynamic business requirements. This paper provides a service-oriented and business process model driven platform for developing on-demand business systems. The platform uses two separate views for users' interaction, i.e., a business view for business consultants and an IT view for IT experts, to relieve them from unfamiliar domains. The platform contains a reasoning engine to support key rules are presented for automatic process transformation from business view to IT view. Business templates are explored to support business process reuse. A case of retail supplier chain system has been developed on the platform to examine the proposed techniques.

jian wang,jianling sun,xinyu wang,hang chen,juefeng li,k sanjeev

DOI: https://doi.org/10.1109/INDIN.2008.4618304

2008-01-01

Abstract:Many software clustering approaches have been proposed for developing enterprise systems in the distributed environment to gain improved performance, good scalability and high availability. The mostly adopted approaches - symmetrical and unsymmetrical clustering, have some negative impact on system performance. Service-partition is a new clustering approach which solves these disadvantages. It divides the core business service into partitions based on data and distributes them on each node hence it enables the "aggressive cache" and reduces the remote invocations and database contention.This paper presents a practical model named Adaptive Partition Model (APM) for building enterprise systems using the service-partition approach. APM consists of the business level and the meta-level which provides an adaptive characteristic that can balance the workload dynamically. A case study is also reported in reengineering a standalone financial trading system using APM. The test results show the reengineered trading system has improved performance, scalability and workload distribution than before.

Qingni Shen,Yahui Yang,Zhonghai Wu,Dandan Wang,Min Long

DOI: https://doi.org/10.1504/ijguc.2013.057118

2013-01-01

International Journal of Grid and Utility Computing

Abstract:With the growth of business, an enterprise would like to make its PSC private storage cloud approach an infrastructure service in a partner/public cloud. In such PSCs, there are some new data security issues, First, how to keep the data rest in the PSC isolated from internal and external attackers; second, how to make secure intra-cloud data migration within the enterprise; third, how to secure inter-cloud data migrating between the PSC and the partner/public cloud. In this paper, we propose an architecture design for enforcing data security services on the layer of HDFS in the PSC, including secure data isolation service, secure intra-cloud data migration service, and secure inter-cloud data migration service. Finally, it gives the prototype implemented as pluggable security modules in accord with our custom security policies through AOP Aspect-Oriented Programming method. The time cost is given and evaluated efficiently.

Chen Zhao,HongHua Gan,Fei Gao

2009-01-01

Abstract:The article proposes a process model for designing, developing and deploying business solutions, primary deals with IT Service Management (ITSM) and IT Infrastructure Library (ITIL), as a process based method. To develop an architecture for information technology service management and design process solutions, it is necessary to establish a common framework for delivering IT services. The model is a framework for organizing the assets that constitute an ITSM design. Using this framework, an organization can document the available set of IT services offered and understand how they are composed from finer-grained services delivered by internal or external providers. This process model can be used by management software vendors to describe the capabilities of their ITSM offerings and to align those with the needs of different customers.

Stephen S. Yau,Ho G. An

DOI: https://doi.org/10.1109/HPCC.2011.101

2011-01-01

Abstract:Computing services, such as web services and cloud services, for various applications have rapidly increased. One of the major concerns in using such service-based systems (SBS) is how to protect users' private and confidential information in the systems. Anonymization of users' identities and their transactions, which means anonymous service usage, is an effective way to provide such protection in SBS. Many approaches to anonymous service usage in various SBS have been introduced, but they have the problem that service providers cannot charge users properly or account for the service usage of users if the real identities of the users are hidden from the service providers. In this paper, an approach is presented to anonymous service usage in SBS and supporting users to pay their service usage without revealing their real identities.

Jia-Kuan Ma,Ya-Sha Wang,Lei Shi,Hong Mei

DOI: https://doi.org/10.1007/978-3-642-14347-2_17

2010-01-01

Abstract:Defining secure processes is an important means for assuring software security. A wealth of dedicated secure processes has emerged in these years. These processes are similar to some extent, while differ from one another in detail. Conceptually, they can be further regarded as a so called "Process Family". In order to integrate practices from different family members, and further improve efficiency and effectiveness compared to using a single process, in this paper we propose an automatic approach to implement the integration of the three forefront secure processes, namely, CLASP, SDL and Touchpoints. Moreover, we select a module from an e-government project in China, and conduct an exploratory experiment to compare our approach with cases when one single secure process is employed. The empirical result confirms the positive effects of our approach.

Fengyu Zhao,Xin Peng,Wenyun Zhao

DOI: https://doi.org/10.1109/icis.2009.80

2009-01-01

Abstract:In service oriented architecture (SOA) environment, the communication and infrastructure security is crucial. The most important specification addressing Web services security is WS-Security, which collaborates with the SOAP message specifications, providing integrity, confidentiality and authentication for Web services. However, WS-Security focuses SOAP message security between trusted partners. In SOA applications, there are other vulnerabilities which can be exploited to attack by anonymous customer or even trusted partners, and these vulnerabilities do not gain enough attention as WS-Security. Among them, denial-of-service (DoS) is one attack cluster, which exhausts computer and network resources and reduces the availability of Web services. Another one is sensitive data leakage in a specific application domain. In this paper, the security of SOA applications is viewed as the security domain and a three-tier domain was divided based on security domain analysis. For each security sub-domain, security requirement scenario and requirements are presented. The security domain models were given which can be used to build up security services for sub-domain. Based on security model and security service assets, which can evolve along with understanding on security domain, the developers can establish the security implementation for SOA application integration.

Yunfei Meng,Zhiqiu Huang,Senzhang Wang,Yu Zhou,Guohua Shen,Changbo Ke

DOI: https://doi.org/10.48550/arXiv.1908.10201

2019-08-23

Cryptography and Security

Abstract:Service-oriented architecture (SOA) system has been widely utilized at many present business areas. However, SOA system is loosely coupled with multiple services and lacks the relevant security protection mechanisms, thus it can easily be attacked by unauthorized access and information theft. The existed access control mechanism can only prevent unauthorized users from accessing the system, but they can not prevent those authorized users (insiders) from attacking the system. To address this problem, we propose a behavior-aware service access control mechanism using security policy monitoring for SOA system. In our mechanism, a monitor program can supervise consumer's behaviors in run time. By means of trustful behavior model (TBM), if finding the consumer's behavior is of misusing, the monitor will deny its request. If finding the consumer's behavior is of malicious, the monitor will early terminate the consumer's access authorizations in this session or add the consumer into the Blacklist, whereby the consumer will not access the system from then on. In order to evaluate the feasibility of proposed mechanism, we implement a prototype system. The final results illustrate that our mechanism can effectively monitor consumer's behaviors and make effective responses when malicious behaviors really occur in run time. Moreover, as increasing the rule's number in TBM continuously, our mechanism can still work well.

Li Kuang,Yingjie Xia,Caijun Sun,Jiaming Wu,Liangdi Bao

DOI: https://doi.org/10.19026/rjaset.5.4738

2013-01-01

Abstract:With wide adoption of Service Computing and Mobile Computing, people tend to invoke services with mobile devices, requiring accurate and real-time feedback from services at any time and any place. Among these services, some are private to limited users and require identity authorization before use; hence secure access control in wireless network should be provided. To address the challenge, in this study, we propose the architecture and protocols of a system of access to private services for mobile clients, which combines the technologies of trusted computing, Diffie-Hellman key agreement protocol, digital certificate, DES data encryption algorithm and twice verification. We further show the implementation of the proposed system, in which we have realized the authentication and authorization of mobile clients and then secure data transfer between mobile clients in the unsafe Internet and private services in the Intranet. © 2013 Maxwell Scientific Organization.

Yunfei Meng,Zhiqiu Huang,Guohua Shen,Changbo Ke

DOI: https://doi.org/10.48550/arXiv.2105.12935

2021-05-27

Cryptography and Security

Abstract:Aiming at the privacy preservation of dynamic Web service composition, this paper proposes a SDN-based runtime security enforcement approach for privacy preservation of dynamic Web service composition. The main idea of this approach is that the owner of service composition leverages the security policy model (SPM) to define the access control relationships that service composition must comply with in the application plane, then SPM model is transformed into the low-level security policy model (RSPM) containing the information of SDN data plane, and RSPM model is uploaded into the SDN controller. After uploading, the virtual machine access control algorithm integrated in the SDN controller monitors all of access requests towards service composition at runtime. Only the access requests that meet the definition of RSPM model can be forwarded to the target terminal. Any access requests that do not meet the definition of RSPM model will be automatically blocked by Openflow switches or deleted by SDN controller, Thus, this approach can effectively solve the problems of network-layer illegal accesses, identity theft attacks and service leakages when Web service composition is running. In order to verify the feasibility of this approach, this paper implements an experimental system by using POX controller and Mininet virtual network simulator, and evaluates the effectiveness and performance of this approach by using this system. The final experimental results show that the method is completely effective, and the method can always get the correct calculation results in an acceptable time when the scale of RSPM model is gradually increasing.

Hao Zeng,Dianfu Ma,Yongwang Zhao,Zhuqing Li

DOI: https://doi.org/10.1007/s11761-013-0143-5

2013-01-01

Abstract:Due to the dynamic, heterogeneous and interorganizational nature, different web services and different ports or operations in the same service, even the same services at different times may have their different security requirements because of their different security domains and different business backgrounds. How to design a flexible, fine-grained and comprehensive architecture for web services security processing has become a matter of great urgency. However, no ideal solutions have been worked out for these problems. As a result of our study, we have presented in this paper a policy-based architecture termed policy-based architecture for web services security processing (PBA4WSSP) to meet the dynamic, complete and fine-grained security requirements. In PBA4WSSP, the processing of all security problems is based on security policy in service stage to support flexibly security configuration. Moreover, we have designed a service policy model to describe the fine-grained security requirements. And the conversion method between security policy model and security policy expression has also been described. In addition, a staged complete security processing architecture is provided to reduce the dependency among protocol implementations. Furthermore, with PBA4WSSP, a web service security module has been designed and implemented as well. Eventually, the performance evaluation results amply demonstrate that our system is flexible and usable.

Feng Wang,Baoshan Ge,Li Zhang,Yong Chen,Yang Xin,Xiayuan Li

DOI: https://doi.org/10.1002/sres.2184

2013-04-04

Systems Research and Behavioral Science

Abstract:After analysing the security conditions in current Enterprise Systems (ES), this paper proposes a systematic framework that is based on the Secure Sockets Layer Virtual Private Network (SSL‐VPN) for improving security management. This framework takes account of several key aspects such as channel strategy, network pattern, workstation authentication, identity authentication, security workflow, etc. The proposed framework has the following advantages: low cost, high performance, easy to implement, and strong security control pattern. In addition, this paper proposes a dynamic security strategy that is about authorizing user ID and roles dynamically and conducting real‐time mapping via agent or proxy technologies. Copyright © 2013 John Wiley & Sons, Ltd.

management,social sciences, interdisciplinary