Method for model based verification of security policies for web service composition
First Claim
1. A computer implemented method for model based verification of security policies for web service composition, comprising:
- obtaining an abstracted security qualifier, the abstracted security qualifier abstracted by mapping a security policy to a security qualifier, the security qualifier comprising a plurality of ordered security levels including a confidentiality attribute and an integrity attribute, the security levels representing an intensity of protection associated with each security policy requirement, the abstracted security qualifier maintaining the order and strength of the security level;
presenting the abstracted security qualifier to an application model, the abstracted security qualifier being presented to the application model as a first data security requirement, the first data security requirement comprising confidentiality requirements of the data, and extracted from the abstracted security qualifier;
extracting a second data security requirement from a compliance rule in the web service, the compliance rule comprising security requirements and a policy for the transmission of data, the second data security requirement associated to data utilized in the web service from a compliance rule, the second security requirement comprising integrity requirements of the data;
processing flow in the application model, on the computer, such processing based upon the integrity requirements of the second data security requirement; and
verifying, on the computer, a consistency between the first data security requirement and the second data security requirement in response to the processing flow.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for model based verification of security policies for web service composition. The method includes corresponding to a verification generated by an information flow analysis. The method further includes obtaining an abstracted security qualifier. The method proceeds by presenting the abstracted security qualifier to an application model. The abstracted security qualifier being presented to the application model as a security requirement. Subsequently, the method proceeds by farther including removing the data security requirement on data utilized in the service from the compliance rule. The method proceeds by processing flow in the application model, such processing being based upon the data security requirement. The method further includes verifying the consistency in response to the processing flow.
8 Citations
4 Claims
-
1. A computer implemented method for model based verification of security policies for web service composition, comprising:
-
obtaining an abstracted security qualifier, the abstracted security qualifier abstracted by mapping a security policy to a security qualifier, the security qualifier comprising a plurality of ordered security levels including a confidentiality attribute and an integrity attribute, the security levels representing an intensity of protection associated with each security policy requirement, the abstracted security qualifier maintaining the order and strength of the security level; presenting the abstracted security qualifier to an application model, the abstracted security qualifier being presented to the application model as a first data security requirement, the first data security requirement comprising confidentiality requirements of the data, and extracted from the abstracted security qualifier; extracting a second data security requirement from a compliance rule in the web service, the compliance rule comprising security requirements and a policy for the transmission of data, the second data security requirement associated to data utilized in the web service from a compliance rule, the second security requirement comprising integrity requirements of the data; processing flow in the application model, on the computer, such processing based upon the integrity requirements of the second data security requirement; and verifying, on the computer, a consistency between the first data security requirement and the second data security requirement in response to the processing flow. - View Dependent Claims (2, 3, 4)
-
Specification