Abstract: Information leak, which can undermine the compliance of web-service-composition business processes for some policies, is one of the major concerns in web service composition. We present an automated and effective approach for the detection of implicit information leaks in business process execution language (BPEL) based on information flow analysis. We introduce an adequate meta-model for BPEL representation based on a petri net for transformation and analysis. Building on the concept of petri net place-based noninterference, the core contribution of this paper is the application of a petri net reachability graph to estimate petri net interference and thereby to detect implicit information leaks in web service composition. In addition, a case study illustrates the application of the approach on a concrete workflow in BPEL notation.

使用信息流分析检测Web服务组合隐性信息泄露

[1]Accorsi R, Wonnemann C, 2009. Detective information flow analysis for business processes. Int Conf on Business Process, Services Computing, and Intelligent Service Management, p.223-224.

[2]Accorsi R, Wonnemann C, 2010. Static information flow analysis of workflow models. Int Conf on Business Process and Service Science, p.194-205.

[3]Accorsi R, Lehmann A, Lohmann N, 2015. Information leak detection in business process models: theory, application, and tool support. Inform Syst, 47:244-257.

[4]Ahmad F, Huang H, Wang X, 2010. Petri net modeling and deadlock analysis of parallel manufacturing processes with shared-resources. J Syst Softw, 83(4):675-688.

[5]Armando A, Ranise S, 2011. Automated analysis of infinite state workflows with access control policies. 7^th Int Workshop on Security and Trust Management, p.157-174.

[6]Atluri V, 2001. Security for workflow systems. Inform Secur Technol Rep, 6(2):59-68.

[7]Atluri V, Chun S, Mazzoleni P, 2001. A Chinese wall security model for decentralized workflow systems. 8^th ACM Conf on Computer and Communications Security, p.48-57.

[8]Barkaoui K, Ayed R, Boucheneb H, et al., 2008. Verification of workflow processes under multilevel security considerations. 3^rd Int Conf on Risks and Security of Internet and Systems, p.77-84.

[9]Bell D, 1983. Secure computer systems: a retrospective. IEEE Symp on Security and Privacy, p.161-162.

[10]Bell D, LaPadula L, 1973. Secure Computer Systems: Mathematical Foundations and Model. DTIC Document.

[11]Benatallah B, Dumas M, Maamar Z, 2002. Definition and execution of composite web services: the self-serv project. IEEE Data Eng Bull, 25(4):47-52. http://sites.computer.org/debull/A02DEC-CD.pdf

[12]Busi N, Gorrieri R, 2003. A survey on noninterference with Petri nets. ACPN: Lectures on Concurrency and Petri Nets, p.328-344.

[13]Busi N, Gorrieri R, 2009. Structural noninterference in elementary and trace nets. Math Struct Comput Sci, 19(6):1065-1090.

[14]Carminati B, Ferrari E, Hung P, 2005. Exploring privacy issues in web services discovery agencies. IEEE Secur Priv, 3(5):14-21.

[15]Denning D, 1976. A lattice model of secure information flow. Commun ACM, 19(5):236-243.

[16]Goguen J, Meseguer J, 1982. Security policies and security models. IEEE Symp on Security and Privacy, p.11-20.

[17]Hui K, Tan B, Goh C, 2006. Online information disclosure: motivators and measurements. ACM Trans Intern Technol, 6(4):415-441.

[18]Juszczyszyn K, 2003. Verifying enterprise’s mandatory access control policies with colored Petri nets. 12^th IEEE Int Workshops on Enabling Technologies, p.184-189.

[19]Kagal L, Paolucci M, Srinivasan N, et al., 2004. Authorization and privacy for semantic web services. IEEE Intell Syst, 19(4):50-56.

[20]Lampson B, 1973. A note on the confinement problem. Commun ACM, 16(10):613-615.

[21]Lohmann N, Massuthe P, Stahl C, et al., 2006. Analyzing interacting BPEL processes. 4^th Int Conf on Business Process Management, p.17-32.

[22]Lohmann N, Verbeek E, Dijkman R, 2009. Petri net transformations for business processes–-a survey. Trans Petri Nets Other Models Concurr, 2:46-63.

[23]Lu Y, Zhang L, Sun J, 2009. Using colored Petri nets to model and analyze workflow with separation of duty constraints. Int J Adv Manuf Technol, 40(1-2):179-192..

[24]Massacci F, Mylopoulos J, Zannone N, 2006. Hierarchical hippocratic databases with minimal disclosure for virtual organizations. VLDB J, 15(4):370-387.

[25]Myers A, Liskov B, 1997. A decentralized model for information flow control. 16^th ACM Symp on Operating System Principles, p.129-142.

[26]Papazoglou M, 2012. Cloud blueprint: a model-driven approach to configuring federated clouds. 2^nd Int Conf on Model and Data Engineering, p.1.

[27]Röhrig S, Knorr K, 2004. Security analysis of electronic business processes. Electron Commerce Res, 4(1-2):59-81.

[28]Sabelfeld A, Myers A, 2003. Language-based information-flow security. IEEE J Sel Areas Commun, 21(1):5-19.

[29]Shafiq B, Masood A, Joshi J, et al., 2005. A role-based access control policy verification framework for real-time systems. 10^th IEEE Int Workshop on Object-Oriented Real-Time Dependable Systems, p.13-20.

[30]Singh M, 2001. Being interactive: physics of service composition. IEEE Intern Comput, 5(3):6-7.

[31]Sun H, Wang X, Yang J, et al., 2008. Authorization policy based business collaboration reliability verification. 6^th Int Conf on Service-Oriented Computing, p.579-584.

[32]Tan W, Fan Y, Zhou M, 2009. A Petri net-based method for compatibility analysis and composition of web services in business process execution language. IEEE Trans Autom Sci Eng, 6(1):94-106.

[33]Tbahriti S, Ghedira C, Medjahed B, et al., 2014. Privacy-enhanced web service composition. IEEE Trans Serv Comput, 7(2):210-222.

[34]Tschantz M, Datta A, Datta A, et al., 2015. A methodology for information flow experiments. 28^th IEEE Symp on Computer Security Foundations, p.554-568.

[35]Yee G, 2007. A privacy controller approach for privacy protection in web services. 4^th ACM Workshop on Secure Web Services, p.44-51.

[36]Zhou C, Ju S, 2012. A Petri net based approach to covert information flow analysis. Chin J Comput, 35(8):1688-1699.