Abstract:A major advantage of the emerging service-oriented computing technology is its ability to enable rapid formation of large-scale distributed systems by composing massively available services to achieve the system goals, regardless of the programming languages and platforms used to develop and run these services. For these systems which often involve interactions among multiple organizations over various networks, how to manage and enforce security policies is the prime concern in assuring that only authorized users or systems have the access to massively available services. However, with the increasing scalability and flexibility required by the dynamic service-oriented computing environments, manage and enforce security policies in such systems is a very challenging task. Existing research efforts have not sufficiently addressed this challenging task for enabling systematic security policy management and enforcement in service-oriented systems. In this dissertation research, a framework based on formal foundations is developed for dynamically, yet systematically, managing and enforcing security policies in service-oriented systems. This framework includes a security policy meta-model and a runtime security policy execution model for security decision making and enforcement. The security policy meta-model will be used to provide unambiguous security policy specifications and to facilitate sound and complete security policy reasoning, such as consistency checking, redundancy analysis, security policy specification composition, and automated security service synthesis from declarative security policy specifications. Analysis of expressiveness of this security policy meta-model is also provided in this dissertation. The runtime security policy execution model is developed for enforcing the security policies with provable correctness. This framework will also include tools for generating and deploying security services to compute and enforce security decisions based on security policies, credentials and situational information. With this framework, various parties of large-scale service-oriented systems can easily manage and enforce security policies to meet their security requirements under various situations. Examples are provided to show the effectiveness of the framework.

A framework for managing and enforcing security policies in service-oriented systems

A System Framework of Security Management in Enterprise Systems

Enforcing Enterprise-wide Policies over Standard Client-Server Interactions.

Ontology-Based Conceptual Modeling Of Policy-Driven Control Framework: Oriented To Multi-Agent System For Web Services Management

An operational model of security policies in Service-Oriented Applications

Trusted Enforcement of Application-specific Security Policies

Scalable Security Enforcement for Cyber Physical Systems

A Policy-Driven Autonomous System to Implement Web Services.

A Model Transformation based Security Policy Automatic Management Framework for Software-defined Networking

Pba4wssp: A Policy-Based Architecture for Web Services Security Processing

A New Model of Security for Distributed Systems

A Web Services Security Policy Description Model

Enabling Security-Oriented Orchestration of Microservices

A Policy-Based Framework for Automated Service Level Agreement Negotiation

A Rigorous Framework for Specification, Analysis and Enforcement of Access Control Policies

A Formal Model of Security Controls' Capabilities and Its Applications to Policy Refinement and Incident Management

A Novel Formal Framework for Secure Dynamic Services Composition

A System Framework For Web Service Semantic And Automatic Orcbestration

Towards Secure Management of Edge-Cloud IoT Microservices using Policy as Code

A Policy based Security Architecture for Software Defined Networks

SDN-based Runtime Security Enforcement Approach for Privacy Preservation of Dynamic Web Service Composition