Security policy enforcement in application environments using distributed script-based control structures

Business processes involving several partners in different organisations impose demanding requirements on procedures for specification, execution and maintenance. A framework referred to as business process management (BPM) has evolved for this purpose over the last ten years. Other approaches, such...

Full description

Bibliographic Details
Main Author: Fischer-Hellmann, Klaus-Peter
Published: University of Plymouth 2007
Subjects:
Online Access:http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.441494
id ndltd-bl.uk-oai-ethos.bl.uk-441494
record_format oai_dc
spelling ndltd-bl.uk-oai-ethos.bl.uk-4414942016-08-04T03:47:04ZSecurity policy enforcement in application environments using distributed script-based control structuresFischer-Hellmann, Klaus-Peter2007Business processes involving several partners in different organisations impose demanding requirements on procedures for specification, execution and maintenance. A framework referred to as business process management (BPM) has evolved for this purpose over the last ten years. Other approaches, such as service-oriented architecture (SOA) or the concept of virtual organisations (VOs), assist in the definition of architectures and procedures for modelling and execution of so-called collaborative business processes (CBPs). Methods for the specification of business processes play a central role in this context, and, several standards have emerged for this purpose. Among these, Web Services Business Process Execution Language (WS-BPEL, usually abbreviated BPEL) has evolved to become the de facto standard for business process definition. As such, this language has been selected as the foundation for the research in this thesis. Having a broadly accepted standard would principally allow the specification of business processes in a platform-independent manner, including the capability to specify them at one location and have them executed at others (possibly spread across different organisations). Though technically feasible, this approach has significant security implications, particularly on the side that is to execute a process. The research project focused upon these security issues arising when business processes are specified and executed in a distributed manner. The central goal has been the development of methods to cope with the security issues arising when BPEL as a standard is deployed in such a way exploiting the significant aspect of a standard to be platform-independent The research devised novel methods for specifying security policies in such a manner that the assessment of compliance with these policies is greatly facilitated such that the assessment becomes suited to be performed automatically. An analysis of the securityrelevant semantics of BPEL as a specification language was conducted that resulted in the identification of so-called security-relevant semantic patterns. Based on these results, methods to specify security policy-implied restrictions in terms of such semantic patterns and to assess the compliance of BPEL scripts with these policies have been developed. These methods are particularly suited for assessment of remotely defined BPEL scripts since they allow for pre-execution enforcement of local security policies thereby mitigating or even removing the security implications involved in distributed definition and execution of business processes. As initially envisaged, these methods are comparatively easy to apply, as they are based on technologies customary for practitioners in this field. The viability of the methods proposed for automatic compliance assessment has been proven via a prototypic implementation of the essential functionality required for proof-of-concept.658.478University of Plymouthhttp://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.441494http://hdl.handle.net/10026.1/1655Electronic Thesis or Dissertation
collection NDLTD
sources NDLTD
topic 658.478
spellingShingle 658.478
Fischer-Hellmann, Klaus-Peter
Security policy enforcement in application environments using distributed script-based control structures
description Business processes involving several partners in different organisations impose demanding requirements on procedures for specification, execution and maintenance. A framework referred to as business process management (BPM) has evolved for this purpose over the last ten years. Other approaches, such as service-oriented architecture (SOA) or the concept of virtual organisations (VOs), assist in the definition of architectures and procedures for modelling and execution of so-called collaborative business processes (CBPs). Methods for the specification of business processes play a central role in this context, and, several standards have emerged for this purpose. Among these, Web Services Business Process Execution Language (WS-BPEL, usually abbreviated BPEL) has evolved to become the de facto standard for business process definition. As such, this language has been selected as the foundation for the research in this thesis. Having a broadly accepted standard would principally allow the specification of business processes in a platform-independent manner, including the capability to specify them at one location and have them executed at others (possibly spread across different organisations). Though technically feasible, this approach has significant security implications, particularly on the side that is to execute a process. The research project focused upon these security issues arising when business processes are specified and executed in a distributed manner. The central goal has been the development of methods to cope with the security issues arising when BPEL as a standard is deployed in such a way exploiting the significant aspect of a standard to be platform-independent The research devised novel methods for specifying security policies in such a manner that the assessment of compliance with these policies is greatly facilitated such that the assessment becomes suited to be performed automatically. An analysis of the securityrelevant semantics of BPEL as a specification language was conducted that resulted in the identification of so-called security-relevant semantic patterns. Based on these results, methods to specify security policy-implied restrictions in terms of such semantic patterns and to assess the compliance of BPEL scripts with these policies have been developed. These methods are particularly suited for assessment of remotely defined BPEL scripts since they allow for pre-execution enforcement of local security policies thereby mitigating or even removing the security implications involved in distributed definition and execution of business processes. As initially envisaged, these methods are comparatively easy to apply, as they are based on technologies customary for practitioners in this field. The viability of the methods proposed for automatic compliance assessment has been proven via a prototypic implementation of the essential functionality required for proof-of-concept.
author Fischer-Hellmann, Klaus-Peter
author_facet Fischer-Hellmann, Klaus-Peter
author_sort Fischer-Hellmann, Klaus-Peter
title Security policy enforcement in application environments using distributed script-based control structures
title_short Security policy enforcement in application environments using distributed script-based control structures
title_full Security policy enforcement in application environments using distributed script-based control structures
title_fullStr Security policy enforcement in application environments using distributed script-based control structures
title_full_unstemmed Security policy enforcement in application environments using distributed script-based control structures
title_sort security policy enforcement in application environments using distributed script-based control structures
publisher University of Plymouth
publishDate 2007
url http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.441494
work_keys_str_mv AT fischerhellmannklauspeter securitypolicyenforcementinapplicationenvironmentsusingdistributedscriptbasedcontrolstructures
_version_ 1718371230283726848