- LAUR Home
- →
- School of Arts and Sciences
- →
- SoAS - Scholarly Publications
- →
- View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.coverage.spatial | Ottawa, Canada | en_US |
| dc.creator | Mourad, Azzam | en_US |
| dc.creator | Ayoubi, Sara | en_US |
| dc.creator | Yahyaoui, Hamdi | en_US |
| dc.creator | Otrok, Hadi | en_US |
| dc.date.accessioned | 2017-03-08T11:22:12Z | |
| dc.date.available | 2017-03-08T11:22:12Z | |
| dc.identifier.isbn | 978-1-4244-7551-3 | en_US |
| dc.identifier.uri | http://hdl.handle.net/10725/5331 | |
| dc.description.abstract | We propose in this paper a new approach for the dynamic enforcement of Web services security, which is based on a synergy between Aspect-Oriented Programming (AOP) and composition of Web services. Security policies are specified as aspects. The elaborated aspects are then weaved (integrated) in the Business Process Execution Language (BPEL) process at runtime. The main contributions of our approach are threefold: (1) separating the business and security concerns of composite Web services, and hence developing them separately (2) allowing the modification of the Web service composition at run time and (3) providing modularity for modeling cross-cutting concerns between Web services. We demonstrate the feasibility of our approach by developing a Flight System (FS) that is composed of several Web services. First, a RBAC (Role Based Access Control) model for the flight system, which we called RBAC-FS, is elaborated. Afterwards, the Web services that implement the security features are developed. Finally, the BPEL aspects that integrate the security functionalities dynamically into the BPEL process are created. The devised aspects realize the elaborated RBAC-FS model and provide authentication and access control features to the flight system. Case studies and experimental results are also presented to defend our propositions. | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | IEEE | en_US |
| dc.title | 2010 Eighth Annual International Conference on Privacy Security and Trust (PST) | en_US |
| dc.title | New approach for the dynamic enforcement of Web services security | en_US |
| dc.type | Conference Paper / Proceeding | en_US |
| dc.creator.school | SAS | en_US |
| dc.creator.identifier | 200904853 | en_US |
| dc.creator.department | Computer Science and Mathematics | en_US |
| dc.description.embargo | N/A | en_US |
| dc.keywords | Web services | en_US |
| dc.keywords | Authentication | en_US |
| dc.keywords | Business | en_US |
| dc.keywords | Lead | en_US |
| dc.keywords | Authorized | en_US |
| dc.identifier.doi | http://dx.doi.org/10.1109/PST.2010.5593232 | en_US |
| dc.identifier.ctation | Mourad, A., Ayoubi, S., Yahyaoui, H., & Otrok, H. (2010, August). New approach for the dynamic enforcement of Web services security. In Privacy Security and Trust (PST), 2010 Eighth Annual International Conference on (pp. 189-196). IEEE. | en_US |
| dc.creator.email | azzam.mourad@lau.edu.lb | en_US |
| dc.date.created | 17 Aug - 19 Aug 2010 | en_US |
| dc.description.pages | 189-196 | en_US |
| dc.description.tou | http://libraries.lau.edu.lb/research/laur/terms-of-use/articles.php | en_US |
| dc.identifier.url | http://ieeexplore.ieee.org/abstract/document/5593232/ | en_US |
| dc.date.datepublished | 2010 | en_US |
| dc.creator.ispartof | Lebanese American University | en_US |
