Xiaolie Ye,Lejian Liao

DOI: https://doi.org/10.1007/978-3-642-18029-3_14

2011-01-01

Abstract:Due to the importance of security within Semantic Web services, every interaction protocol embedded in dynamic behaviors of composed services should be formally modeled and verified for the satisfaction of some security requirement, such as the compliance of authentication, authorization and privacy policy. Our purpose is to model interactive behaviors and verifying security properties in the ontology-base semantic layer. Towards the aim, we present an OWL-based Past Linear Temporal Logic (Past-LTL) to describe temporal properties within interactions of Semantic Web services and refine some algorithms to reduce the validity of an OWL-based Past-LTL formula into the entailment relationship in OWL. With the help of the action theory on describing dynamic aspect of Semantic Web services, we propose an approach to transform the verification of the authenticity in interactive behaviors of Semantic Web services into the validity of the OWL-based Past-LTL formula corresponding.

Ye Xiaolie,Liao Lejian

DOI: https://doi.org/10.1109/nswctc.2009.329

2009-01-01

Abstract:The security of protocols for Web Services needs to be verified for variety and internal semi-structure of XML messages and composition of standard Web services specifications. Relying on the specifications of WS-Trust and WS-SecureConversation, a secure session protocol based on trust brokering model has been presented, which protects a SOAP message as well as protects a session between Web services by the derivation of keys. Furthermore, the security of the protocol is verified by using a security analysis tool, AVISPA, which compares with another tool.

Xiaolie Ye,Lejian Liao

2010-01-01

Abstract:The Semantic Web techniques, like OWL1, bring more semantic to the static information about functionalities and non-functionalities of Web services. However, it is not smooth to faithfully describe some dynamic aspects and support reasoning tasks. When discussing the security of interactions of Web services, we should solve such problems like how to describe interactive behaviors, static information, and the security properties required in the ontological layer, and how to validate those properties by a reasonable reduction method. As well-known, a knowledge base (e.g. that contains assertive axioms in OWL), can be used to represent the possible states of a world. Then, using a set of the assertions( assertion changes)that describe the update and erasure in instance level for a knowledge base, we propose an approach to conceptualize transitions of states for modeling interactions of Web services. Furthermore, we present an OWL-based Past Linear Temporal Logic (Past-LTL)2 to describe temporal properties within a finite sequence of interactions and refine some algorithms to reduce the validity of an OWL-based Past-LTL formula into the entailment relationship in OWL.

Hong Xia,Zengzhi Li

DOI: https://doi.org/10.1109/kam.2009.316

2009-01-01

Abstract:In order to ensure the correctness and reliability of Web services composition based on OWL-S, verify the interaction protocol of Web services. It is provided that three lay architecture. Composition service based on OWL-S, GA model is the middle model and the Promela model is the verification model, SPIN as a model validator. The OWL-S composition Web services transform a top-down conversation protocol process into a GA model, use WAST tool into Promela model, the SPIN tool analysis and verification structure and performance of composition services. This method is flexibility and scalability which provide a solution for Web services composition model verification.

YL Shi,L Zhang,B Liu,FF Liu,LL Lin,BL Shi

DOI: https://doi.org/10.1109/cit.2005.10

2005-01-01

Abstract:Due to the promising features of Web services, their deployment and research are booming. Among them, various techniques for Web service composition have been developed. In this paper, we propose a new composition framework. We use automata to describe behaviors of Web services. Each of underlying Web services can interact with others through asynchronous messages passing according to its interaction role (client or server). All these messages are recorded by a virtual global observer and the observation result is just the composition conversation of Web services. We also develop a formal a top-down verification mechanism on this framework and provide some realizable conditions for a successful composition

Cong Sun,Ning Xi,Jinku Li,Qingsong Yao,Jianfeng Ma

DOI: https://doi.org/10.1109/APSEC.2014.60

2014-01-01

Abstract:Information flow security has been considered as a critical requirement on software systems, especially when heterogeneous components from different parties cooperate to achieve end-to-end enforcement on data confidentiality. Enforcing the information flow security properties on complicated systems faces a great challenge because the properties cannot be preserved under composition and most of the current approaches are not scalable enough. To address this problem, there have been several recent efforts on the compositional information flow analyses developed for different abstraction levels. But these approaches have rarely been considered to incorporate with the process of system design. Integrating the security enforcement with the model-based development process can provide the designer with ability to verify information flow security in the early stage of system development. We propose a compositional information flow verification which is integrated with model-based system design in Sys ML by an automated model translation from semi-formal behavior and structure models to interface automata. Our compositional approach is general to support the complex security lattices and a variety of in distinguish ability relations. The evaluation results show the usability of our approach on practical system designs and the scalability of the compositional verification.

Li Yuanzhang,Ma Dongyan,Liu Chen,Han Wencong,Jiang Hongwei,Hu Jingjing

DOI: https://doi.org/10.1007/s11036-019-01486-2

2020-01-01

Abstract:With the development of service-oriented architecture, Web service composition has become more important for mitigating potential security vulnerabilities. When the scale of services increases, it will lead to the problem of state explosion. Symbolic model checking is a common method used to alleviate the problem of state-space explosion. However, for a large Web service composition system, the number of services is large, and the corresponding state space may exceed the magnitude of the symbolic model checking that can verify it. As it alleviates the state-space explosion problem, bounded model checking was utilized in the present study to verify the properties of the service composition system. Bounded model checking searches for bounded counterexamples in a limited local space and reduces the state space. This study verifies the composition of semantic Web services described by OWL-S and proposes a timed service model (TSM) to formally model the service composition system. Furthermore, the auto-mapping relationship between the OWL-S service description and the model is established. For more efficient verification, this study uses SMT-based (SMT: satisfiability modulo theory) encoding in the TSM. Finally, a public emergency service composition system was built to verify the proposed model and the efficiency of the proposed algorithm.

Dong-Hong Xu,Yong Qi,Di Hou,Ying Chen,Liang Liu

DOI: https://doi.org/10.1109/nwesp.2007.11

2007-01-01

Abstract:Orchestration and choreography are two basic questions in dynamic web services composition. In the original orchestration, it can't adapt the dynamic services selection and composition. Choreography lacks security mechanism in open environment. We Designed a MAS structure named CSMWC(Collaborative Structure of MAS for the Web Services Composition)from a new view of the dynamic web service composition to remedy these shortcomings, We formally describe the constructed MAS system framework by using Spi calculus and reason the dynamic property, its adaptability, securities etc for the dynamic web service composition. Finally, we test and demonstrate our idea by the SPRITE tool based Spi calculus.

王晨,王红兵,许迅

DOI: https://doi.org/10.3969/j.issn.1001-3695.2008.12.080

2008-01-01

Abstract:OWL-S and BPEL4WS are two widely used services description language which applied in modeling and implementing service composition.In the real services composition,the verification of Web services process plays an important role.Through the verification,the paper proved that a control flow of the services composition could satisfy some important or expected properties,some key properties such as no deadlock,no infinite loop and so on;also the service provider may verify Web services process to ensure that the Web services which they provided were completely correct.However,little attention had been paid to the methods which verify these two description language.And proposed a verification method of Web services which used TLA to model the services process,and then used the technology,model checking to verify some key properties.Through experiments,proves that it has good effect and is a potential and useful method in real environment.

Li Bao,Weishi Zhang,Xiuguo Zhang

DOI: https://doi.org/10.1109/PDCAT.2006.52

2006-01-01

Abstract:Formal method is an effective way for modeling and verifying concurrent system. An important research field is to describe and verify Web services by formal method. Guaranteeing the validity of Web services composition is necessary for enhancing the value of this composite service. CCS is a kind of process algebra which can be used to model concurrent systems. Web services and their composition are described and modeled based on CCS in this paper. Rules about applying CCS to Web services are explained. Finally, a case study is carried and the validity of composition model is verified. Some important points in verification are discussed.

YinXing Wei,ShenSheng Zhang,Farong Zhong

2005-01-01

Abstract:Web services are becoming an important paradigm for Web-based computing. However the mainstream Web service description language such as WSDL (Web Service Description Language) is lack of formal basis. In order to verify the behavioral properties of Web services, we adopt the π-calculus as a precise language because it provides many useful facilities such as behavioral equivalence, mobility that are lack in other formal language. The basic elements of WSDL are translated into the terms in the π-calculus. By means of the MWB (Mobility Workbench), a concurrency tool, the behavioral property of Web services denoted by processes is verified.

Hongbing Wang,Li,Chen Wang,Zuling Kang,Dongxi Liu,Jemma Wu,Athman Bouguettaya

DOI: https://doi.org/10.1109/soca.2009.5410266

2009-01-01

Abstract:Web services composition is an emerging paradigm for enabling application integration within and across organizational boundaries. Effectively verifying service composition to comply with the requirements is challenging. Verifying the composed service against certain properties is discussed in this paper. TLA (Temporal Logic of Actions) is introduced to enable effective verification. In particular, algorithms to transforming Web services from OWL-S to TLA are proposed. We then show that automatically verifying Web service behaviours can be achieved by using TLC (TLA model checking tool). A case study is given to illustrate the transformation and verification.

Wang Yuying,Chen Ping

DOI: https://doi.org/10.4028/www.scientific.net/amr.753-755.2892

2013-01-01

Abstract:The biggest problem in model checking is state space explosion. Using predicate abstraction, state space of colored Petri net models were abstracted, and an algorithm was proposed to obtain the abstracted state space of a colored Petri net model without its original state space generated. A method to verify safety properties of Web service composition by abstracted state space was proposed. The problem of state space explosion is solved to some extend in this way. Finally an application of the method is illustrated with an example, which its efficiency shown.

Li Bao,Weishi Zhang,Xiuguo Zhang

DOI: https://doi.org/10.1109/ICNSC.2008.4525471

2008-01-01

Abstract:Formal method is an effective way for modeling and verifying software system. Describing and verifying Web services by formal method is an important research field. Guaranteeing the validity of Web services composition is necessary for enhancing the value of services. CCS is a kind of process algebra which can be used to model concurrent systems. Web services and their composition are described and verified based on CCS in this paper. Some differences among the CCS and other formal methods are discussed. Rules about applying CCS to Web services are explained. Finally, a demo is constructed and the validity of composition model is verified. Some important points in verification are discussed.

Zhi Fang,Lejian Liao,Ruoyu Chen

DOI: https://doi.org/10.1504/ijwmc.2014.062006

2014-01-01

International Journal of Wireless and Mobile Computing

Abstract:We propose a model for a class of web services which are powered by relational databases and annotated by social commitment. Our model can be viewed as an extension of WSDL specification where schemas of service operations specify not only input-output signatures but also data constraints, control-flow constraints, state/output/effect rules. The data-aware temporal properties about interactions between services and users are specified in Linear Temporal First-Order Logic with Social Commitment LTL-FO sc< small>< sup>. we have proved it is possible to use existing tools e.g. wave originally designed for verification of web applications verify such properties.< p>sc<>

Hai Huang,Wei-Tek Tsai,Raymond Paul,Yinong Chen

DOI: https://doi.org/10.1109/ISORC.2005.16

2005-01-01

Abstract:Web Services form a new distributed computing paradigm. Collaborative verification and validation are important when Web Services from different vendors are integrated together to carry out a coherent task. This paper presents a new approach to verify Web Services by model checking the process model of OWL-S (Web Ontology Language for Web Services) and to validate them by the test cases automatically generated in the model checking process. We extend the BLAST, a model checker that handles control flow model naturally, to handle the concurrency in OWL-S. We also propose enhancement in OWL-S and PDDL (Planning Domain Definition Language) to facilitate the automated test case generation. Experiments on realistic examples are provided to illustrate the process.

Xiaoyu Zheng,Dongmei Liu,Hong Zhu,Ian Bayley

DOI: https://doi.org/10.1109/sose49046.2020.00018

2020-01-01

Abstract:Security is one of the most important problems in the engineering of online service-oriented systems. The current best practice in security design is a pattern-oriented approach. A large number of security design patterns have been identified, categorised and documented in the literature. The design of a security solution for a system starts with identification of security requirements and selection of appropriate security design patterns; these are then composed together. It is crucial to verify that the composition of security design patterns is valid in the sense that it preserves the features, semantics and soundness of the patterns and correct in the sense that the security requirements are met by the design. This paper proposes a methodology that employs the algebraic specification language SOFIA to specify security design patterns and their compositions. The specifications are then translated into the Alloy formalism and their validity and correctness are verified using the Alloy model checker. A tool that translates SOFIA into Alloy is presented. A case study with the method and the tool is also reported.

TENG Xing-quan,LI Zeng-zhi

DOI: https://doi.org/10.3969/j.issn.1000-7180.2007.12.017

2007-01-01

Abstract:In order to ensure the correctness and reliability of Web services composition based on OWL-S,and verify the interaction protocol of Web services,we adopt a three-level architecture idea,use OWL-S to compose Web services,use a GA model as an intermediate representation,and use a Promela model as the verification model.We design and implement the translation from OWL-S Web services composition models to GA models,which are then translated into Promela models.Finally,we use SPIN to complete the verification.This method has good agility and expansibility because of the intermediate representation.It also preferably overcomes the challenges brought by the characters of Web Services.

Jianhua Li,Songqiao Chen,Lin Jian,Hongyu Zhang

DOI: https://doi.org/10.1109/TrustCom.2011.216

2011-01-01

Abstract:Web service is a key distributed computing technology to achieve "software as a service" (SaaS) in cloud computing. How to integrate various web services according to business processes correctly and efficiently, realize the seamless integration of services, and form enterprise level service processes with abundant functions has become an important problem. In this paper, we presented a new web services composition model and its verification algorithm based on interface automata. By extending interface automata, this model supports semantic descriptions of web services. We proposed the transformation rules and transformation algorithm between BPEL and the semantic service interface automata model. Furthermore, an interface automata composition algorithm was designed to achieve the concurrent composition of interface automata. In order to judge whether the service process generated satisfies the business function requirements, a verification algorithm was designed to validate the execution sequence of the concurrent composite interface automaton, and the simulation experiment showed that verification algorithm could be used to validate the consistency of the service process and the business process correctly and effectively.

Huiqun Zhao,Wenwen Wang,Jing Sun,Ying Wei

DOI: https://doi.org/10.1109/icis.2012.92

2012-01-01

Abstract:With the development of Web Service composition, more and more diversified and complex business demands are satisfied. But the logical validity cannot be guaranteed. After a short view of recent research efforts of formal modeling and verification about Web Service, this paper proposes a new formal model for WS-BPEL described Web Service composition. The specification language of the model is LOTOS. Model checking is adopted to ensure the validity of this model. Finally, an example is presented to illustrate the practicality of the model.