Main Article Content
Abstract
Ensuring the preservation of security is a key requirement and challenge for Service Based Systems due to the use of third party software services not operating under security perimeters. By handling the orchestration, composition and interaction of Web services, the Business Process Execution Language or BPEL has gained tremendous interest. However, such process-based language does not assure a secure environment for Web services composition. The key solution cannot be seen as a simple embed of security properties in the source code of the business logic since the dynamism of the BPEL process will be affected when the security measures get updated. In this context, several approaches have emerged to tackle such issue by offering the ability to specify the security properties independently from the business logic based on policy languages. To mitigate these challenges, we present a framework providing integrity and authentication for secure workflow computation based on BPEL Web Service orchestration. Where as much attention has been dedicated to security issues for Web Services. We propose a novel approach that provides the users with model-based capabilities to specify aspects that enforce the required security policies. On the other hand, it offers a high level of flexibility when enforcing security hardening solutions in the BPEL process. We present a prototype implementation for validating linear workflows and evaluate its performance based on the security aspects in a BPEL process.