Download Business System Management and Engineering: From Open Issues to Applications PDF

TitleBusiness System Management and Engineering: From Open Issues to Applications
File Size5.0 MB
Total Pages206
Table of Contents
Front matter
1. On Some Challenges in Business Systems Management and Engineering for the Networked Enterprise of the Future
	On Some Challenges in Business Systems Management and Engineering for the Networked Enterprise of the Future
		Evolution of Business Trends and Flexible Business Processes of the Future
		A Reference Model of a Business Network
		Basic Types of Changes in Business Webs
			Challenges in Business Webs
			Challenges in IT System Management
		Challenges in “Linking Business to ICT”
			Business-Aware Transaction Management
			Data Integration: Diverging Data Standards
			Process Integration: Orchestration vs. Choreography
			Decision Support for Optimization of Service Networks
			Platform as a Service
			Service Provisioning, Delivery, and Consumption
2. Digital Ecosystems for Business e-Services in Knowledge-Intensive Firms
	Digital Ecosystems for Business e-Services in Knowledge-Intensive Firms
		A Case-Study
		Digital Ecosystem of Services
			Design of the Service System
			Collaboration Based on SaaS and Business Artifacts
		SaaS-Based Front Office in an e-Service System
		Conclusion and Future Work
3. Inter-organizational Reference Models â•fi May Inter-organizational Systems Profit from Reference Modeling?
	Inter-organizational Reference Models – May Inter-organizational Systems Profit from Reference Modeling?
		Introduction and Motivation
		Related Work
			Reference Modeling
			Inter-organizational Models
		A Tour on BSopt
		Road towards Inter-organizational Reference Models
			Research Contributions
4. On Guaranteeing Global Dependability Properties in Collaborative Business Process Management
	On Guaranteeing Global Dependability Properties in Collaborative Business Process Management
			Collaborative Business Process Model
			Failure Model
			Contract Definition
		Configuration Actions
			Task Implementation
			Task Implementation Selection
		A Model to Drive CBP Configuration
		Architectural Issues
			Centralized vs. Decentralized Architecture
5. Capturing and Aligning Assurance Requirements for Business Services Systems
	Capturing and Aligning Assurance Requirements for Business Services Systems
		A Service System for the Construction Sector
		Capturing Business Requirements for Service Systems
			The ISO 15504 Assurance and Performance Framework Model
			Using the 15504 for Capturing Business Service Requirements
		From the Requirements to the Business Service System Solution
		Methodology and Tooling Support
			Presentation of the Global Methodology
			Tool Support
6. Container-Level Security Certification of Services
	Container-Level Security Certification of Services
		Web Service Security
			Fundamentals of Web Service Security
			Web Service Security Specifications
		Security Properties
			Container-Level Security Properties
			Implementation-Level Security Properties
		Container-Level Certification
			Web Service Modeling
			Security Patterns for Web Services
		Related Work
		Conclusions and Future Work
7. An Architectural Style for Trustworthy Adaptive Service Based Applications
	An Architectural Style for Trustworthy Adaptive Service Based Applications
		Objectives and Approach
		Scientific Background
		Architectural Style for Trustworthy Adaptive Custom Systems
		Adaptability in Service Based Applications
		Remarks on Self-adaptability in Semantic Service Systems
8. A Conceptual Architecture for Business-Aware Transaction Management
	A Conceptual Architecture for Business-Aware Transaction Management
			Structure of This Paper
		Features of Business-Aware Transaction Management
		Previous and Related Work
		Conceptual Architecture
			Provision of Services
			Designing and Building Transactions
			Deploying the Service-Based Application
			Monitoring the Business-Aware Transaction
			Adapting the SBA
		Technical Realization
			Service Selection
			Negotiation & Agreement
			Lifecycle Manager
			Monitoring: Complex Event Processing
9. Composition in Heterogeneous Service Networks: Requirements and Solutions
	Composition in Heterogeneous Service Networks: Requirements and Solutions
		Background and State of the Art
		Requirements of a Unified Service Layer
		The Ericsson Composition Engine
			Service Descriptions
			Application Skeletons
			Skeleton Execution and Just-in-Time Orchestration
			Composition Execution Agent (CEA)
			Shared State
			Deployment Setup
			Experiences and Performance
		Policy Enforcement and Handling of Cross-Cutting Concerns
			Aspect Oriented Extension of the Composition Engine
		Conclusion and Outlook
10. Ontology-Based Querying of Composite Services
	Ontology-Based Querying of Composite Services
		Knowledge Representation Framework
			Introducing BPAL
			Behavioral Semantics of Business Process Schemas
			Semantic Enrichment of Process Schemas
		QuBPAL Query Platform
			Business Process Knowledge Base
			The QuBPAL Query Language
			Compiling QuBPAL Queries into LP Queries
			Query Examples
			BPAL Reasoner
			BPKB Editor
		Related Work
11. A Graph Grammar-Based Dynamic Reconfiguration for Virtualized Web Service-Based Composite Architectures
	A Graph Grammar-Based Dynamic Reconfiguration for Virtualized Web Service-Based Composite Architectures
		Related Work
		Architectural Model Representation Approach
		The Graph Grammar-Based Rule-Oriented Reconfiguration
			Monolithic Service Substitution Policy
			Cost-Aware Composite Service Substitution Policy
		Implementation of the Reconfiguration Management Process
			Architectural Framework
			Architectural Reconfiguration
		The FoodShop Case Study: A Web Application
			Description of the Case Study
			Application of Our Approach
			Composite Service Substitution According to WS Cost Policy
Back matter
Document Text Contents
Page 2

Lecture Notes in Computer Science 7350
Commenced Publication in 1973
Founding and Former Series Editors:
Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen

Editorial Board

David Hutchison, UK

Josef Kittler, UK

Alfred Kobsa, USA

John C. Mitchell, USA

Oscar Nierstrasz, Switzerland

Bernhard Steffen, Germany

Demetri Terzopoulos, USA

Gerhard Weikum, Germany

Takeo Kanade, USA

Jon M. Kleinberg, USA

Friedemann Mattern, Switzerland

Moni Naor, Israel

C. Pandu Rangan, India

Madhu Sudan, USA

Doug Tygar, USA

Services Science

Subline of Lectures Notes in Computer Science

Subline Editors-in-Chief

Robert J.T. Morris, IBM Research, USA

Michael P. Papazoglou, University of Tilburg, The Netherlands

Darrell Williamson, CSIRO, Sydney, Australia

Subline Editorial Board

Boualem Bentallah, Australia

Athman Bouguettaya, Australia

Murthy Devarakonda, USA

Carlo Ghezzi, Italy

Chi-Hung Chi, China

Hani Jamjoom, USA

Paul Klingt, The Netherlands

Ingolf Krueger, USA

Paul Maglio, USA

Christos Nikolaou, Greece

Klaus Pohl, Germany

Stefan Tai, Germany

Yuzuru Tanaka, Japan

Christopher Ward, USA

Page 103

94 M. Anisetti, C.A. Ardagna, and E. Damiani

As already discussed in the literature [2,18], from a software engineering (and
security) point of view, the SOA paradigm requires careful re-thinking of cur-
rent development, testing, and verification methodologies. A major concern is
the software assurance, that is, the set of activities carried out by software de-
velopers and suppliers to increase users’ confidence that software products will
satisfy their functional and non-functional requirements. The outcome of these
activities is usually made known to the user via written documentation that,
in some cases, may be certified by an accredited, trusted third party. Today,
(security) certification is increasingly considered in a service-based scenario to
make trusted assurance information available in SOA-based business process en-
actment [12]. When a business process is enhanced by run-time selection and
composition of different services, certified evidence of assurance regarding in-
dividual services could be used to select the appropriate ones. Unfortunately,
current software certification schemes, that consider monolithic software and
provide human-readable, system-wide certificates to be used at deployment and
installation time, do not match the requirements introduced by a service-based
infrastructure in terms of compositional and machine-readable certificates to
be used at run time. Moreover, differently from traditional software certifica-
tion, services can be certified at two different levels: i) container-level security
certification, involving certification of the service container including proof-of-
compliance with web service security specifications and proof-of-enforcement of
web service policies; ii) implementation-level security certification, involving cer-
tification of service implementation independently from the container in which
the service is deployed.

In this chapter, we focus on container-level security certification, and we dis-
cuss how container-level certification of services can be achieved by integrating
the model of the services as transition systems and security patterns for web ser-
vice security specifications. In the following, we first present a summary of web
service security specifications (Section 2). We then discuss security properties
to be certified distinguishing among container-level and implementation-level
properties (Section 3). We introduce a modeling of web services as transition
systems and we provide an approach to the certification of container-level prop-
erties that considers security patterns for web services (Section 4). Finally, we
discuss related work (Section 5) and give our conclusions (Section 6).

2 Web Service Security

Security is a fundamental requirement and a practical pressing need that has
influenced and will influence the Internet of Services. In the following of this
section, we describe the basic concepts of service security focusing on web service
security specifications.

2.1 Fundamentals of Web Service Security

Originally, no specific security technology for web services was available, but
rather traditional and existing transport protocol security mechanisms were

Page 104

Container-Level Security Certification of Services 95

used. For instance, web service message confidentiality was achieved using trans-
port security protocols like HTTPS, while web service authentication relied on
transport authentication (i.e., the Basic or Digest HTTP authentication mecha-
nisms), or certificate-based schemes. Being mostly bound to HTTP, SOAP ser-
vices inherited all the bugs and security holes of HTTP implementations. As an
example, an attacker intercepting unsecured SOAP messages can hijack a user
session using normal web application attacks [9].

Damiani et al. [11] first proposed the idea of enabling SOAP-specific security
mechanisms by using SOAP headers to carry credentials and other security-
related information. Today, SOAP headers support several different security
mechanisms [9]. First, SOAP headers can specify information on a digital signa-
ture scheme according to the XML Signature standard for signing XML trees.
XML Signature within SOAP ensures that SOAP messages have originated from
the appropriate client and were not modified in transit. Also, SOAP headers can
be used to carry encryption metadata according to the XML Encryption stan-
dard, ensuring confidentiality of a SOAP message or a portion of it. Finally,
SOAP headers can be used by clients and services to exchange security tokens
to be used in service access/release. In particular, headers support SOAP-specific
security mechanisms that aim to achieve: i) end-to-end security along the chain
of intermediaries leading to a SOAP web service, ii) full independence from the
security mechanisms of transport protocols [9].

In general, research on security of services has mainly focused on the pro-
tection of communication confidentiality and integrity [18], and has provided
solutions at different protocol levels spanning transport layer protection (e.g.,
HTTPS), message layer protection (e.g., SAML, WS-Security), and application
layer protection (e.g., XACML, WS-Policy) [3,4]. However, security properties
of interest for individual services are known to have a much wider scope [18,27].
Proceeding bottom-up in the WS protocol stack, i) prevention of malformed
or otherwise critical XML answers is important to ensure successful service au-
thentication [6,40,43]; ii) point-to-point non-repudiation is essential for many
types of business transactions [39]; iii) knowing how (and how long) informa-
tion supplied to a service will be managed is crucial for preventing information
leaks [47].

2.2 Web Service Security Specifications

An important effort in the context of web service research has been devoted to
the definition of web service security specifications, which propose a set of stan-
dards that address the need of security. These specifications are fundamental
to the success of the SOA infrastructure and aim to define a complete security
model for web services. As discussed in [34], this model integrates several se-
curity models and mechanisms allowing heterogeneous systems to communicate
in a secure environment and in a platform- and language-neutral way. Several
different standards are available and focus on different aspects of security, as for
instance authentication, integrity, confidentiality, trust.

Page 205

196 I. Bouassida Rodriguez et al.

14. Agoulmine, N., Balasubramaniam, S., Botvitch, D., Strassner, J., Lehtihet, E.,
Donnelly, W.: Challenges for autonomic network management. In: 1st IEEE In-
ternational Workshop on Modelling Autonomic Communications Environments,
MACE (2006)

15. Johnson, J.H., Iravani, P.: The multilevel hypernetwork dynamics of complex sys-
tems of robot soccer agents. ACM Trans. Auton. Adapt. Syst. 2(2), 5 (2007)

16. Locatelli, M.P., Vizzari, G.: Awareness in collaborative ubiquitous environments:
The multilayered multi-agent situated system approach. ACM Trans. Auton.
Adapt. Syst. 2(4), 13 (2007)

17. Liu, H., Parashar, M., Member, S.: Accord: A programming framework for auto-
nomic applications. IEEE Transactions on Systems, Man and Cybernetics, Special
Issue on Engineering Autonomic Systems 36, 341–352 (2006)

18. Blair, G., Bencomo, N., France, R.: [email protected] run.time. Computer 42(10), 22–27

19. Morin, B., Barais, O., Jezequel, J.M., Fleurey, F., Solberg, A.: [email protected] run.time
to support dynamic adaptation. Computer 42(10), 44–51 (2009)

20. Maoz, S.: Using model-based traces as runtime models. Computer 42(10), 28–36

21. Georgas, J., van der Hoek, A., Taylor, R.: Using architectural models to manage
and visualize runtime adaptation. Computer 42(10), 52–60 (2009)

22. Chomsky, N.: Three models for the description of language. IEEE Transactions on
Information Theory 2(3), 113–124 (1956)

23. Halima, R.B., Drira, K., Jmaiel, M.: A qos-oriented reconfigurable middleware for
self-healing web services. In: ICWS 2008: Proceedings of the 2008 IEEE Interna-
tional Conference on Web Services, Beijing (Chine), pp. 104–111. IEEE Computer
Society (2008)

Page 206

Author Index

Anisetti, Marco 93
Ardagna, Claudio A. 93

Badr, Youakim 16
Ben Halima, Riadh 181
Biennier, Frédérique 16
Bouassida Rodriguez, Ismael 181

Cardellini, Valeria 48
Casalicchio, Emiliano 48
Chassot, Christophe 181

Damiani, Ernesto 93
Drira, Khalil 181
Dubois, Eric 71

Fikouras, Ioannis 138
Freiter, Eugen 138
Friesen, Andreas 1

Grassi, Vincenzo 48

Heller, Markus 1
Hofreiter, Birgit 32
Huemer, Christian 32

Jmaiel, Mohamed 181

Kappel, Gerti 32
Kubicki, Sylvain 71

Lemcke, Jens 1
Levenshteyn, Roman 138
Lo Presti, Francesco 48

Maciaszek, Leszek A. 109
Mayrhofer, Dieter 32
Missikoff, Michele 159
Momm, Christof 1

Niemöller, Jörg 138

Papazoglou, Mike P. 122
Parkin, Michael 122
Peng, Yong 16
Proietti, Maurizio 159

Quinet, Raphaël 138

Ramel, Sophie 71
Rifaut, André 71

Smith, Fabrizio 159

Theilmann, Wolfgang 1

Vandikas, Konstantinos 138
vom Brocke, Jan 32

Similer Documents