Secure and Unfailing Services

Internet is offering a variety of services, that are assembled to accomplish requests made by clients. While serving a request, security of the communications and of the data exchanged among services is crucial. Furthermore, communications occur along specific channels, and it is equally important to guarantee that the interactions between a client and a server never get blocked because either cannot access a selected channel. We address here both these problems, from a formal point of view. A static analysis is presented, guaranteeing that a composition of a client and of possibly nested services respects both security policies for access control, and compliance between clients and servers.

[1]  Massimo Bartoletti,et al.  A Calculus of Contracting Processes , 2010, 2010 25th Annual IEEE Symposium on Logic in Computer Science.

[2]  Graham Steel,et al.  Towards a Type System for Security APIs , 2009, ARSPA-WITS.

[3]  Farhad Arbab,et al.  Coordination Models and Languages , 1998, Adv. Comput..

[4]  Andrew D. Gordon,et al.  Verified Reference Implementations of WS-Security Protocols , 2006, WS-FM.

[5]  Alexander Artikis,et al.  Specifying norm-governed computational societies , 2009, TOCL.

[6]  Luca Viganò,et al.  Foundations and Applications of Security Analysis , 2009, Lecture Notes in Computer Science.

[7]  Mario Bravetti,et al.  CONCUR 2009 - Concurrency Theory, 20th International Conference, CONCUR 2009, Bologna, Italy, September 1-4, 2009. Proceedings , 2009, CONCUR.

[8]  Christel Baier,et al.  Principles of model checking , 2008 .

[9]  Christel Baier,et al.  Principles of Model Checking (Representation and Mind Series) , 2008 .

[10]  Victor E. Malyshkin,et al.  Parallel computing technologies , 2011, The Journal of Supercomputing.

[11]  Maria Grazia Buscemi,et al.  Programming Languages and Systems, 16th European Symposium on Programming, ESOP 2007, Held as Part of the Joint European Conferences on Theory and Practics of Software, ETAPS 2007, Braga, Portugal, March 24 - April 1, 2007, Proceedings , 2007, European Symposium on Programming.

[12]  Luca Padovani,et al.  Contracts for Mobile Processes , 2009, CONCUR.

[13]  Gian Luigi Ferrari,et al.  On Quantitative Security Policies , 2011, PaCT.

[14]  Gian Luigi Ferrari,et al.  Planning and verifying service composition , 2009, J. Comput. Secur..

[15]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.

[16]  Massimo Bartoletti,et al.  Usage Automata , 2009, ARSPA-WITS.

[17]  Cosimo Laneve,et al.  A Formal Account of Contracts for Web Services , 2006, WS-FM.

[18]  Emilio Tuosto,et al.  On the realizability of contracts in dishonest systems , 2012, COORDINATION.

[19]  Gian Luigi Ferrari,et al.  Call-by-Contract for Service Discovery, Orchestration and Recovery , 2011, Results of the SENSORIA Project.

[20]  Massimo Bartoletti,et al.  LocUsT: a tool for checking usage policies , 2008 .

[21]  Cosimo Laneve,et al.  A Basic Contract Language for Web Services , 2006, ESOP.

[22]  Wolfgang Reisig Petri Nets: An Introduction , 1985, EATCS Monographs on Theoretical Computer Science.

[23]  Martin Wirsing,et al.  Rigorous Software Engineering for Service-Oriented Systems - Results of the SENSORIA Project on Software Engineering for Service-Oriented Computing , 2011, Results of the SENSORIA Project.