Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
Dependability Analysis on Web Service Security: Business Logic Driven Approach

Dependability Analysis on Web Service Security: Business Logic Driven Approach

Ratings: (0)|Views: 43 |Likes:
Published by ijcsis
In the modern computing world internet and ebusiness are the composite blend of web service and technology. Organization must secure their state of computing system or risk to malicious attacks. The business logic is the fundamental drive for computer based business tasks, where business process and business function adds their features for better illustration for the abstract view of the business domain. The advent and astronomical raise of internet and ebusiness makes the business logic to specify and drive the web service. Due to the loosely coupling of web service with the application, analyzing dependability of the business logic becomes an essential artifact to produce complex web service composition and orchestrations to complete a business task. This paper extended the Markov chain for the dependability analysis of the business logic driven web service security.
In the modern computing world internet and ebusiness are the composite blend of web service and technology. Organization must secure their state of computing system or risk to malicious attacks. The business logic is the fundamental drive for computer based business tasks, where business process and business function adds their features for better illustration for the abstract view of the business domain. The advent and astronomical raise of internet and ebusiness makes the business logic to specify and drive the web service. Due to the loosely coupling of web service with the application, analyzing dependability of the business logic becomes an essential artifact to produce complex web service composition and orchestrations to complete a business task. This paper extended the Markov chain for the dependability analysis of the business logic driven web service security.

More info:

Published by: ijcsis on Jun 12, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

06/11/2010

pdf

text

original

 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 2, 2010
Dependability Analysis on Web Service Security:Business Logic Driven Approach
Saleem Basha
Department of Computer SciencePondicherry UniversityPuducherry, Indiasmartsaleem1979@gmail.com
P. Dhavachelvan
Department of Computer SciencePondicherry UniversityPuducherry, Indiadhavachelvan@gmail.com 
 Abstract
 
In the modern computing world internet and e-business are the composite blend of web service and technology.Organization must secure their state of computing system or riskto malicious attacks. The business logic is the fundamental drivefor computer based business tasks, where business process andbusiness function adds their features for better illustration for theabstract view of the business domain. The advent andastronomical raise of internet and ebusiness makes the businesslogic to specify and drive the web service. Due to the looselycoupling of web service with the application, analyzingdependability of the business logic becomes an essential artifactto produce complex web service composition and orchestrationsto complete a business task. This paper extended the Markovchain for the dependability analysis of the business logic drivenweb service security.
 Keywords- Web Servcie; Dependability Analysis; Busienss Logic; Web Servcie Security
I.
 
I
NTRODUCTION
 Enterprise systems are distinct and highly complex class of systems. They are characterized by their importance forenterprises themselves, making them mission critical, by theirextreme multi-user capability, by their tolerance of heavy loadsand by with their tight integration with the business process,which makes every enterprise system installation unique. Inshort, they are one of the most fascinating yet most demandingdisciplines in software engineering [1]. The business logic isresponsible for implementing the basic rules of the systemaccording to the operating rules of the business. Its mainfeature is to take request, determine what actions the requestrequires, implement those actions and return response data tothe customer. Organization faces the problem of the securityderived from the non functional requirements and to maximizethe utilization of the cutting edge technology with minimumcost in the agile business environment. Web service is theupcoming wave for tomorrows business needs, in this concernthe non functional attributes is the one of the major challengingsector for the developers to guarantee the confidentiality,authentication, integrity, authorization and non-repudiation of machine to machine interaction so security is not negotiable toanticipate a secure artifacts for web service. There are twounderlying themes for all these pressure: Heterogeneity andagility: Software development is a standard practice insoftware engineering where business logic drives the softwaredevelopment starting from requirement analysis tomaintenance. The information exchange between the databaseand the user interface will be done by the functional algorithmwhich is described by the business logic. This logic iscomposed of business functions and business rules. Series of logically related activities or task performed together toproduce a defined set of result called business function andbusiness rule is a statement that defines or constrains someaspect of the business. It is important to understand thatbusiness modeling commonly refers to business process designat the operational level [4] which comes under the functionalrequirement of the system, where as the non functionalrequirements are left as it is afterthought. Non functionalattributes defines the system properties and constraints and canbe classified as Product requirements, Organizationalrequirements and External requirements. Security of the systemplays a major role across the boundaries of the organizations.Security of the system can be improved by providing thefoundation in the early phase of the system developmentprocess by dependability analysis. The development of systemduring requirements analysis and system design can improvethe quality of the resulting system.The most common dependability parameters which can beused to describe the nonfunctional requirements of virtuallyany kind of service, independently from the nature of theservice are reliability and availability [20]. The dependabilityof the of the system raises along with the growing popularity of the web service based integration of heterogeneous enterprisesystems. The parameters of non functional (mainlydependability related) requirements must be predefined for agiven web service in order to guarantee the web serviceconsumers. The provider also has to consider similarnonfunctional parameters of external Web services involved inthe operation of his main service to be able to calculate andplan the dependability parameters.In this paper, we extend Markov chain process for thedependability analysis of the business logic driven web servicesecurity. A direct generalization of the scheme of independenttrials is a scheme of what are known as Markov Chains,imagine that a sequence of trials in each of which one and onlyone of k mutually exclusive events A
1(s)
, A
2(s)
… A
(s)
can occur.We say that the sequence of trials forms a Markov Chain, ormore precisely a simple Markov chain, if the conditional
33http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 2, 2010
probability that event A
i(s+1)
(i=1,2…k) will occur in the (s+1)
th
 trial (s=1,2,3….) after a known event has occurred in the sthtrial, depends solely on the event that occurred in the sth trialand is not modified by supplementary information about theevent that occurred in earlier trials. A different terminology isfrequently employed in starting the theory of Markov chainsand one speaks of a certain system S, which at each instant of time can be in one of the states A
1
, A
2
….. A
and alters its stateonly at times t
1
, t
2
…. t
n
…. For Markov chains, the probabilityof passing to some state A
i
(i=1,2….k) at time τ(t
s
< τ<t
s
+1)depends only on the state the system was in at time t(t
s-1
<t<t
s
)and does not change if we learn its state were at earlier times.II.
 
W
EB
S
ERVICE
S
ECURITY
A
NALYSIS AND
B
USINESS
L
OGIC
M
ODEL
Modeling business logic focuses on the core functionalityof the business process, which are capsulated as web services.It requires that business process pertains exactly to the businesslogic with various business terminologies such as dependency,policy, standards, constraints, etc. As a prerequisite to thisbusiness logic model, the core functionality of the businessprocess should be analyzed for dependencies then modeledabsolutely, whereas the previous implementations of webservices were direct. Ronald et al. states that existing modelslike business rule model, business motivation model andbusiness process model concentrate on business process at theoperational level with compromising minimum range of QoSattributes [2]. Business rule model deals with the extraction of business rules from the business logic, in order to reduce thecost and time spent in development [2][3]. Business motivationmodel paves way for identifying the facts preserved in novelobjectives, thereby facilitating the business processdevelopment. Business process model provides optimization tothe business process at the designing phase. Theimplementation of a company's business model intoorganizational structures and systems is part of a company'sbusiness operations. It is important to understand that businessmodeling commonly refers to business process design at theoperational level [4], whereas business models and businessmodel design refer to defining the business logic of a companyat the strategic level. Business logic model aims to resolve thecomplexities involved, by decomposing the business processinto sub processes and in turn into tasks, also preserving thefunctional dependencies among the sub-processes, withoutignoring the key factors. Any service domain adopted thismodel for their web service development could be easilymanaged in terms of handling run time exceptions towardsservice reliability and manageability. Business logic model canbe applied in tandem with the above described models, therebyfacilitating service computation and composition much better.This model enables web services to realize their computationalcriteria such as computability, traceability and decidability withthe supporting QoS attributes like manageability,configurability, serviceability and dependency. Thecomputational criteria would be the best suit for the webservice community who look for exception-free web servicesor reconfigurable web services. This model would also satisfythe service consumers who approach the discovery andcomposition engines for fetching exception free or self configurable web services. Hence this model would ensure theconsumers that the services are manageable at runtime, self configurable in case of dependability, computable in total orpartial and traceable to the point of failure. Also it sustainsdependency between the business rules and business functions.
 A.
 
Web Service Security Analysis
The cost versus risk parameters of the business willdetermine the capability to implement security in web service[25]. More a business can articulate the risks to its business,better it will be capable to appraise the advantage of preventivemeasurements to protect itself. The business must be capable of answering such a question.Who has to have the access to which information?How is access to data provided? Direct or brokered?Is there a need for data to be available to external partnersas well as internal consumers?What requirements does the information need in transit, inprocess and at rest?To achieve a secure web service, the application and thesecurity analysis must be analyzed conceptually and modeled.This roughly goes without saying that the big companies areobsessed by the safety and to assure the critical applications,essential information is at stake. Any movement towards webservice presents a principal opportunity to incorporate thesafety in future applications. Organization and system stakeholders are realizing that every opportunity for the businessemerges with the danger of seriously screwing things-up. Inearly web service adopters are delicious prey for the badthinking about the security analysis of the web service. Afterthe several advancement in the technology and techniques inthe context of security analysis, still the system developersfaces the problem of security and security analysis.Wide consideration to inherent the security features in theSDLC of the web service platform will enhances the safety of the web service as well as the service themselves [26]. Thusweb service provides an opportunity to avoid such securityrelated issues and challenges or otherwise managing securitydependencies that pervade software architecture.The vendors typically emphasize the primary features of safety that they offer as key selling points in the real world of enterprise applications. Nevertheless, out of the list of obligatory features of safety, few sellers can give testimony tothe underlying safety of the product itself. So the user couldhave all the characteristics of security in the computing world,but they remain untenably insecure due to lack of analysis of the security.
 B.
 
 Business Logic Model
Business processes and motivation models have been usedto analyze and propose new changes in accordance to changingbusiness scenarios. A process model scope does not extendoptimally to web services, whereas Business Rule modelsextract rules from the business logic and concentrate mainly onthe problem of modeling and accessing data by using efficientqueries [4][2]. However they do not model the entire business
Identify applicable sponsor/s here.
(sponsors)
 
34http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 8, No. 2, 2010
logic including the dependency analysis. Thus there is a needfor a model which represents a business process in detail andalso adapts the dependability analysis, rules, policies andstandards to changing business scenarios. This adaptabilityhelps service consumers and service providers cope up with thedemanding and challenging changes in services.Such a representation should not compromise on matter andprocesses private to a business. Since a business logic modelseems inevitable, by maintaining business privacy and bymodeling a specific business process, the model seems to be apromising methodology to handle the ever-changing businessscenarios. Business Process systems that use web servicesdecrease the cost of automating transactions with tradingpartners.The scope of a business process is limited to design,development and deployment of services. The limited scopehelps to develop better services keeping service customizationin mind. The outcome breakdown structure of the servicebusiness logic is streamed as a set of business rules, functionsand parameters. Further, these rules and functions could betuned to be primitive business functions under certain specificconditions. The primary motivation behind setting up thebusiness functions as primitive business functions would posethe computability and traceability factors, which are the mostessential quality-driven factors as they could manage thecomplete service computing platform successfully by theeffective handling of run-time exceptions during servicecomputation and composition by the security dependencies.This model decomposes the business logic into functionallyconsistent and coherent business rules and functions, keepingin mind the privacy constraints of businesses. Decompositionhelps representing the interdependent business functions withthe security dependability as low as possible. This strategycategorizes the business functions into initial, composite andrecursive functions and evaluates them into computable anddependable business functions. Computability anddependability of business functions are key factors formeasuring the success rate. Existing discovery and compositionengines provide services based on functionality, quality, andsecurity of requested services. Customizing the services is notaddressed by the existing engines. The proposed business logicbased dependability analysis exhibits the functionalities of anyof the generic engines but is also resilient to customization.
C.
 
 Relation Between Web Service Security Analysis and  Business Logic Model
Modeling system with business logic model has benefitslike; it reflects standard layering practices with in thedevelopment communities, business functionality easilyaccessible by other object application, very efficient to buildbusiness objects, it helps to test the basic success premises of business, improves the clear understanding of existing valuedrivers and constraints, it provides a componentized view of the business and technology environment in order to havecommon building blocks that can be reused across product andbusiness silos, it defines and sustainable interim states whichprovides measurable benefits as flexible path to the goal andbusiness logic provides a strong governance to manage anddeliver the changes. Business logic also possesses some of thedrawbacks; significant performance problem for data intensivefunctions, non object application may have significantdifficulty to accessing functionality. Improper handling of thenon functional requirements and its dependability may result incompromising the growth of the organization.Currently much work in the requirements engineering fieldhas been done to shown the necessity of business logic whichtake non-functional requirement’s (NFR) dependability intoconsideration. Such logic will better deal with real-worldsituations. On the other hand the advantages of having businesslogic is the capability of representing nonfunctional aspects,such as dependability, confidentiality, performance, ease of useand timeliness. It is believed that these functional aspectsshould be dealt with as non-functional requirements. Therefore,NFRs have to be handled and expressed very early in theprocess of modeling an information system [5]. Organizationsare spending much in system development and leastconcentration to NFRs. Recent tales of failure in informationsystems can be explained by the lack of attention to NFRs. TheLondon Ambulance System (LAS) is a example for theinformation system failure due to lack of attention of NFRs [6].The LAS was deactivated, soon after its deployment, becauseof several problems, many of which were related to NFRs suchas performance and conformance with standards [7].Negotiation in the NRFs is not a healthy activity in the systemdevelopment, the consequences of negotiating NRFs leads toserious problem as in the case of LAS.Serviced Oriented Architecture (SOA) is the paradigm forthe future business environment, where web service is thebuilding block for SOA and it is the key for agile businessacross the enterprises. It is important in Service OrientedArchitecture to separate functional and non-functionalrequirements for services because different applications useservices in different non-functional contexts. In order tomaximize the reusability of services, a set of constraints amongnon-functional requirements tend to be complicated tomaintain. Currently, those non-functional constraints areinformally specified in natural languages, and developers needto ensure that their applications satisfy the constraints inmanual and ad-hoc manners [8]. System developers believethat business logic composes and speaks only the functionalaspect, but fails to keep in mind that to consider the otheraspects driven by functional aspect i.e. dependabelity. Theseparation of functional and non-functional aspects improvesthe reusability of services and connections. It also improves theease of understanding application design and enables twodifferent aspects to evolve independently. Wada et al. pointedthat the separation of functional and non-functional aspectsresults in higher maintainability of applications [9]. Non-functional aspects should also be captured as abstract models inan early development phase and automatically transformed tocode or configuration files in order to improve developmentproductivity. It incurs time-consuming and error-prone manualefforts to implement and deploy non-functional aspects in laterdevelopment phases (e.g., integration and test phases) [10][11].Web services become more popular and better utilized by manyusers and software agents, they will inevitably becommercialized. But still Services Challenge (WSC) that focuson functional aspects [12][13]. We believe that considering the
35http://sites.google.com/site/ijcsis/ISSN 1947-5500

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->