Method for model based verification of security policies for web service composition

US 8,650,608 B2
Filed: 01/16/2007
Issued: 02/11/2014
Est. Priority Date: 01/16/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A computer implemented method for model based verification of security policies for web service composition, comprising:

obtaining an abstracted security qualifier, the abstracted security qualifier abstracted by mapping a security policy to a security qualifier, the security qualifier comprising a plurality of ordered security levels including a confidentiality attribute and an integrity attribute, the security levels representing an intensity of protection associated with each security policy requirement, the abstracted security qualifier maintaining the order and strength of the security level;

presenting the abstracted security qualifier to an application model, the abstracted security qualifier being presented to the application model as a first data security requirement, the first data security requirement comprising confidentiality requirements of the data, and extracted from the abstracted security qualifier;

extracting a second data security requirement from a compliance rule in the web service, the compliance rule comprising security requirements and a policy for the transmission of data, the second data security requirement associated to data utilized in the web service from a compliance rule, the second security requirement comprising integrity requirements of the data;

processing flow in the application model, on the computer, such processing based upon the integrity requirements of the second data security requirement; and

verifying, on the computer, a consistency between the first data security requirement and the second data security requirement in response to the processing flow.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for model based verification of security policies for web service composition. The method includes corresponding to a verification generated by an information flow analysis. The method further includes obtaining an abstracted security qualifier. The method proceeds by presenting the abstracted security qualifier to an application model. The abstracted security qualifier being presented to the application model as a security requirement. Subsequently, the method proceeds by farther including removing the data security requirement on data utilized in the service from the compliance rule. The method proceeds by processing flow in the application model, such processing being based upon the data security requirement. The method further includes verifying the consistency in response to the processing flow.

8 Citations

View as Search Results

4 Claims

1. A computer implemented method for model based verification of security policies for web service composition, comprising:
- obtaining an abstracted security qualifier, the abstracted security qualifier abstracted by mapping a security policy to a security qualifier, the security qualifier comprising a plurality of ordered security levels including a confidentiality attribute and an integrity attribute, the security levels representing an intensity of protection associated with each security policy requirement, the abstracted security qualifier maintaining the order and strength of the security level;
  
  presenting the abstracted security qualifier to an application model, the abstracted security qualifier being presented to the application model as a first data security requirement, the first data security requirement comprising confidentiality requirements of the data, and extracted from the abstracted security qualifier;
  
  extracting a second data security requirement from a compliance rule in the web service, the compliance rule comprising security requirements and a policy for the transmission of data, the second data security requirement associated to data utilized in the web service from a compliance rule, the second security requirement comprising integrity requirements of the data;
  
  processing flow in the application model, on the computer, such processing based upon the integrity requirements of the second data security requirement; and
  
  verifying, on the computer, a consistency between the first data security requirement and the second data security requirement in response to the processing flow.
- View Dependent Claims (2, 3, 4)
- - 2. The method as set forth in claim 1, wherein the information flow analysis is part of a system structure.
  - 3. The method as set forth in claim 2, wherein the security qualifier is abstracted from a security policy on a message protection member.
  - 4. The method as set forth in claim 3, wherein the security qualifier is abstracted for at least one of, (i) each argument in a service, and (ii) each service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Ono, Kouichi, Satoh, Fumiko, Tateishi, Takaaki, Nakumura, Yuhichi
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Kabir, Jahangir

Application Number

US11/623,371
Publication Number

US 20080172714A1
Time in Patent Office

2,583 Days
Field of Search

726 1- 5, 726/12, 726/14, 726 26- 30, 726/34
US Class Current

726/1
CPC Class Codes

G06F 21/62 Protecting access to data v...

H04L 63/20 for managing network securi...

Method for model based verification of security policies for web service composition

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

8 Citations

4 Claims

Specification

Solutions

Use Cases

Quick Links

Method for model based verification of security policies for web service composition

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

4 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links