Mudhakar Srivatsa,Arun Iyengar,Thomas Mikalsen,Isabelle Rouvellou,Jian Yin

DOI: https://doi.org/10.1109/ICWS.2007.31

2007-01-01

Abstract:Service composition has emerged as a fundamental technique for developing Web applications. Multiple services, often from different organizations or trust domains, may be dynamically composed to satisfy a user's request. Access control in the presence of service compositions is a challenging security problem. In this paper, we present an access control model and techniques for specifying and enforcing access control rules on Web service compositions. A key advantage of our approach is that past histories of service invocations can be used to make access control decisions. Our approach allows role hierarchies and separation of duty constraints. Access controls rules may be parameterized by one or more arguments. We have implemented our access control model via a declarative policy specification language which uses pure-past linear temporal logic (PPLTL). We describe an implementation of our approach using a supply chain management (SCM) application. Our experiments show that our approach can enforce expressive and flexible access control policies while incurring reasonable performance overhead on the application.

Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1109/tvt.2006.877704

2005-01-01

Abstract:Privacy and security are two important but seemingly contradict objectives in pervasive computing environments (PCEs). On the one hand, service providers want to authenticate service users and make sure they are accessing only authorized services in a legitimate way. On the other hand, users want to maintain necessary privacy without being tracked down for wherever they are and whatever they are doing. In this paper we propose a novel privacy enhanced authentication and access control scheme to secure the interactions between mobile users and services in PCEs. The proposed scheme seamlessly integrates two underlying cryptographic primitives, blind signature and hash chain, into a highly flexible and lightweight authentication and key establishment protocol. It provides explicit mutual authentication between a user and a service, while allowing the user to anonymously interact with the service. Differentiated service access control is also enabled in the proposed scheme by classifying mobile users into different service groups.

Hua Guan,Shi Ying,Xiangyang Jia,Caoqing Jiang

DOI: https://doi.org/10.2495/isme20131191

2014-01-01

Abstract:This paper outlines the access control challenges for web services; the access control models today are mostly static and coarsely grained, and they are not well-suited for the service-oriented environments where information access is dynamic and ad hoc in nature. We proposed a uniform access control platform of web service based on semantic message (SMUACP4WS) as a new approach. SMUACP4WS uses ontology to annotate some semantic policy element, and is based on description logic to represent access control policy. We illustrate the design principle of this platform; define the format of access control's semantic message; and focus on the design of access control policy. Finally, we use a typical case of campus to illustrate the reasoning process of access control policy based on description logic representation. Through the analysis of this case, SMUACP4WS adopts the authorization mechanism flexibility and fine-grained, and has some intelligence.

Siyan Zhan

2010-01-01

Abstract:The development of computing science is to serve human,so it needs a people centered computing paradigm,and ubiquitous computing breeds as such an innovatory computing model.Access control is widely applied to system security as an important safety precaution,and system security in pervasive computing likewise needs an appropriate strategy.For that purpose,compare the characteristics and application scope of the existing access control models,analyze the special access control policy requirements in pervasive environments.On these bases,give a minute description on implementation method of dynamic access of pervasive computing.And simulated part of the dynamic access control mechanism in pervasive computing using available resources of ARM7 embedded experimental box.

Chunming Gao,Shizhang Ji,Rongsheng Liu,Huowang Chen

DOI: https://doi.org/10.1109/spca.2006.297503

2006-01-01

Abstract:This paper proposes a method checking compatibility and a tool for checking web services composition in pervasive computing. In order to ensure the correctness of the composite web service, we have developed the verification tool which can be embedded into web services composition platform. Based on the mapping between BPEL4WS and extended pi-calculus with type system that can express XML Schema; the tool implements the compatibility examination algorithm of the composite web services. An example in which the loan approval process is used to illustrate the compatibility checking method is feasible clearly. Finally, a novel method for discovering and matching services under the guidance of checking compatibility of composite web services is discussed.

Kangkang Zhang,Qingzhong Li,Qi Sui

DOI: https://doi.org/10.1109/SPCA.2006.297491

2006-01-01

Abstract:It is an important problem for pervasive computing to coordinate and compose large numbers of devices and services to achieve users' various task goals. The pervasive computing environment is transparent for users. In order to simply the interaction between users and the environment, this paper presents a goal-driven approach of service composition. We build a task-oriented semantic representation model of web services and based on this model goal-driven service composition is performed dynamically to achieve user's goal. We also describe a simulated application scenario in this paper and discuss the process of task definition and service composition according to the scenario. This approach simplifies the interaction between users and pervasive computing environment and improves the flexibility of service cooperation and composition in the environment.

Kangkang Zhang,l i qingzhong

2007-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:The pervasive computing environment is transparent for users. In order to simplify the interaction between users and the environment, this paper presents a goal-driven approach of service composition. A task-oriented semantic representation model of Web services is built and based on this model goal-driven service composition is performed dynamically to achieve user's goal. A simulated application scenario is described and the process of task definition and service composition according to the scenario are discussed in this paper. This approach simplifies the interaction between users and pervasive computing environment and improves the flexibility of service cooperation and composition in the environment.

Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1007/s11036-006-0008-7

2006-01-01

Mobile Networks and Applications

Abstract:In pervasive computing environments (PCEs), privacy and security are two important but contradictory objectives. Users enjoy services provided in PCEs only after their privacy issues being sufficiently addressed. That is, users could not be tracked down for wherever they are and whatever they are doing. However, service providers always want to authenticate the users and make sure they are accessing only authorized services in a legitimate way. In PCEs, such user authentication may include context authentication in addition to the entity authentication. In this paper, we propose a novel privacy enhanced anonymous authentication and access control scheme to secure the interactions between mobile users and services in PCEs with optional context authentication capability. The proposed scheme seamlessly integrates two underlying cryptographic primitives, blind signature and hash chain, into a highly flexible and lightweight authentication and key establishment protocol. It provides explicit mutual authentication and allows multiple current sessions between a user and a service, while allowing the user to anonymously interact with the service. The proposed scheme is also designed to be DoS resilient by requiring the user to prove her legitimacy when initializing a service session.

XU Xiang-hua

2007-01-01

Abstract:Access control for Web service is a challenging problem mainly because of the properties of web services and the complexity of distributed net-environment.This paper presents a novel access control model for Web services,which introduces context parameters to control decision according to context-dependent at the time,and is context-aware.This model adopts user's attribute-based access authorization method for Web services,user responsible for proving the possession of the required attributes for the requested services by providing relevant credentials.This model resolves the emerging problem of web services,and is appropriate to a distributed and dynamic web services environment.

JIANG Wei-chao,XIA Yang,HUANG Xiao

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.06.042

2005-01-01

Abstract:Web services, which adopt general protocol and technology, can be easily accessed by users and have been the research hotspot in distributed computing, but the downside of this easiness is that security is compromised. An access control system for web services is presented based on SAML and XACML, which uses SAML to single sign-on and introduces XACML to control the access of users. Based on SAML, XACML is imported to control the protected resources on web sites, and achieves the security of access control of web services.

bo yu,lin yang,s h chen,lin ru ma

DOI: https://doi.org/10.4028/www.scientific.net/AMM.336-338.2348

2013-01-01

Applied Mechanics and Materials

Abstract:Service computing facilitates resource sharing and business collaboration for cross-domain partiers by universal service description and discovery. The multi-domain nature of service oriented environments introduces challenging security issues, especially with regard to information flow control which controls the flow of privacy resources. This paper presents a state-of-the-art review of information flow control technology in service oriented environments. We review the research background and classifications of information flow control, and discuss architecture and existing technologies of both centralized and distributed information flow approach. We outline the features, advantages and limitations of existing information flow control approaches. The analysis results show that the research of collaboration and dynamic nature are important, but insufficient to secure information flow.

Fang Pu,Daoqin Sun,Qiying Cao,Haibin Cai,Fan Yang

DOI: https://doi.org/10.1109/iih-msp.2006.142

2006-01-01

Abstract:The proliferation of smart gadgets, appliances, mobile devices and sensors has enabled the construction of pervasive computing environment, transforming regular physical spaces into "Active Information Spaces". However, access control remains a major challenge for the deployment of this computing paradigm in real-life. A context access control model based on UCON_ABC model is presented in this paper, which not only focuses on authorization, but also introduces obligations, and conditions. And it includes pre-authentication, pre-condition, pre-obligation, active-right and passive-right sub-models. The operations of sub-models are presented. And the security, flexibility and usefulness of our proposed model are demonstrated by a typical pervasive computing scenario.

XU Feng,LIN Guo-Yuan,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1002-137X.2005.02.001

2005-01-01

Computer Science

Abstract:Security is currently one of the biggest concerns about future development of Web services. This paper brief reviews the state of the research for access control in the Web service environment. In this paper,we first discuss the way to study the access control technology from the protocol stack of the Web services. Then we discusscd the access control technology of XML documents and the SOAP protocol,as well as correlation standard. Finally,the conclusion is given and the problems are pointed out,which should be resolved in further reserach.

P Fenkam,S Dustdar,E Kirda,G Reif,H Gall

DOI: https://doi.org/10.1109/ENABL.2002.1029995

2002-01-01

Abstract:Access control is one of the key requirements in enterprise security. A number of approaches in distributed systems have been designed that support various (new) paradigms such as peer-to-peer, nomadic working, and teamworking. Few of them, however explicitly take into account the possible superposition of these concepts. Such a superposition often results in conflicting and additional requirements. We present ongoing work in developing an access control system for Peer-to-Peer mobile teamwork environments. This system is developed as part of the MOTION project. The goal of this project is to develop a service architecture for mobile teamwork, providing support for various devices and taking into account diverse connectivity modes. We present the requirements for an access control system that simultaneously supports mobility, collaboration, and peer-to-peer, illustrate our solution, and discuss how it meets the requirements.

LU Gang,SHE Kun,ZHOU Ming-tian,ZHENG Fang-wei,NIU Xin-zheng,LIU Heng,LI Gui-lin

DOI: https://doi.org/10.3321/j.issn:1002-8331.2007.06.024

2007-01-01

Computer Engineering and Applications Journal

Abstract:This paper addresses the issue of secure resource access control in pervasive environments.We study the requirements needed to deploy the access control platform and present a prototype implementation after having presented detailed design thoughts.Combination of PKI,PMI,PRBAC and RBAC are the cornerstone of proposed solution.Main motivation of our work is the absence of significant related work.The prototype implementation has been built and tested,the results are promising.

Yang Zhang,Jun-Liang Chen

DOI: https://doi.org/10.1109/SCC.2011.75

2011-01-01

Abstract:Privacy becomes an increasing concern in modern society because personal information is being collected by more and more online services on the Internet. Although many privacy-aware models and methods were proposed, the protection technology of privacy is underway. This paper aims at addressing privacy-aware access control in composite services. We introduce an automaton-based monitoring solution for privacy-vital information flow for a single execution of a composite service. In addition, this paper also gives a policy consolidation algorithm based on orchestration structures and attribute composition, which can also be used to combine privacy policies.

Xiuxia Tian,Chaofeng Sha,Xiaoling Wang,Aoying Zhou

DOI: https://doi.org/10.1109/ICWS.2011.46

2011-01-01

Abstract:With the convenient connection to network, more and more individual information including sensitive information, such as contact list in Mobile Phone or PDA, can be delegated to the professional third service provider to manage and maintain. The benefit of this paradigm is, on one hand to avoid the sensitive information leakage when individual devices failed or lost, on the other hand to make only the authorized users access and share the delegated information online anytime and anywhere. However, in this paradigm the critical problems to be resolved are to guarantee both the privacy of delegated individual information and the privacy of authorized users, and what is more important to afford the owners of communication devices to have high level of control and power to create their own particular access control policies. In this paper, we present an approach to implement the personalized access control at third service provider in a privacy preserving way. Our approach implements the critical problems above in this paradigm by using selective encryption, blind signature and the combination of role based access control and discretionary access control.

J Zhou,J Riekki,M Ylianttila,J Zhou,F Tang,M Guo

2010-01-01

Abstract:Pervasive Service Computing (PSC) is proposed as a Web services-based solution to pervasive computing in our ongoing international joint project funded by National Natural Science Foundation of China (NSFC) and Academy of Finland. This paper presents the state of the art on the project. The state of the art consists of two parts. Part 1 collects the latest results achieved by Finnish partner, including a generic user activity model, conceptual modeling of service collaboration and peer coordination, a reference model for Pervasive Service Computing, and a contextaware pervasive service composition architecture. Part 2 collects the latest results achieved by Chinese partner, including iShadow architecture, U-lab model, context model for iCampus applications, Petri net modeling for contextaware workflow management, and iCampus prototypes.

Tianyang Li,Ting He

DOI: https://doi.org/10.1109/ICSS.2014.26

2014-01-01

Abstract:Privacy protection is still a key challenge in the web service composition area. The user and web service provider frequently share their privacy data with other web service will increase the risk of misuse and disclosure of privacy. In this paper, we first analyze the privacy protection problem according to define four types shared data within web service composition, and then present web service composition and privacy models, our models allow user and web service provider to define user's privacy preference and web service's privacy policy specification. An algorithm is presented to check the policy compliance on the dependency edge and select a set of policy compliant web services with compositing a well privacy protection web service composition. Experiments demonstrate the applicability of our models and algorithm.