EPICS: a framework for enforcing security policies in composite web services

Rohit Ranchal (Corresponding author), Bharat Bhargava, Pelin Angin, Lotfi Ben Othmane

Research output: Contribution to journalArticleAcademicpeer-review

15 Citations (Scopus)


With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge in such systems because authentication, authorization and data disclosure may take place across endpoints that are not known to clients. The clients lack options for specifying policies to control the sharing of their data and have to rely on service providers which offer limited selection of security and privacy preferences. This lack of awareness and loss of control over data sharing increases threats to a client's data and diminishes trust in these systems. We propose EPICS, an efficient and effective solution for enforcing security policies in composite Web services that protects data privacy throughout the service interaction lifecycle. The solution ensures that the data are distributed along with the client policies that dictate data access and an execution monitor that controls data disclosure. It empowers data owners with control of data disclosure decisions during interactions with remote services and reduces the risk of unauthorized access. The paper presents the design, implementation, and evaluation of the EPICS framework.

Original languageEnglish
Article number8267494
Pages (from-to)415 - 428
Number of pages14
JournalIEEE Transactions on Services Computing
Issue number3
Publication statusPublished - 1 May 2019
Externally publishedYes


  • Access control
  • access control
  • active bundles
  • Automata
  • Cloud computing
  • composite web services
  • Credit cards
  • Distributed databases
  • privacy
  • security


Dive into the research topics of 'EPICS: a framework for enforcing security policies in composite web services'. Together they form a unique fingerprint.

Cite this