Automated Validation of Security-Sensitive Web Services Specified in BPEL and RBAC

We formalize automated analysis techniques for the validation of web services specified in BPEL and a RBAC variant tailored to BPEL. The idea is to use decidable fragments of first-order logic to describe the state space of a certain class of web services and then use state-of-the-art SMT solvers to...

Full description

Saved in:
Bibliographic Details
Published in2010 12th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing pp. 456 - 464
Main Authors Calvi, Alberto, Ranise, Silvio, Viganò, Luca
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.09.2010
Subjects
Authorization
Petri nets
Process control
Semantics
Web services
Online AccessGet full text
ISBN1424498163
9781424498161
DOI10.1109/SYNASC.2010.75

Cover

More Information
Summary:We formalize automated analysis techniques for the validation of web services specified in BPEL and a RBAC variant tailored to BPEL. The idea is to use decidable fragments of first-order logic to describe the state space of a certain class of web services and then use state-of-the-art SMT solvers to handle their reach ability problems. To assess the practical viability of our approach, we have developed a prototype tool implementing our techniques and applied it to a digital contract signing service inspired by an industrial case study.
ISBN:1424498163
9781424498161
DOI:10.1109/SYNASC.2010.75