EPICS: a framework for enforcing security policies in composite web services

Rohit Ranchal (Corresponding author), Bharat Bhargava, Pelin Angin, Lotfi Ben Othmane

Research output: Contribution to journalArticleAcademicpeer-review

2 Citations (Scopus)

Abstract

With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge in such systems because authentication, authorization and data disclosure may take place across endpoints that are not known to clients. The clients lack options for specifying policies to control the sharing of their data and have to rely on service providers which offer limited selection of security and privacy preferences. This lack of awareness and loss of control over data sharing increases threats to a client's data and diminishes trust in these systems. We propose EPICS, an efficient and effective solution for enforcing security policies in composite Web services that protects data privacy throughout the service interaction lifecycle. The solution ensures that the data are distributed along with the client policies that dictate data access and an execution monitor that controls data disclosure. It empowers data owners with control of data disclosure decisions during interactions with remote services and reduces the risk of unauthorized access. The paper presents the design, implementation, and evaluation of the EPICS framework.

Original languageEnglish
Article number8267494
Pages (from-to)415 - 428
Number of pages14
JournalIEEE Transactions on Services Computing
Volume12
Issue number3
DOIs
Publication statusPublished - 1 May 2019
Externally publishedYes

Fingerprint

Web services
Composite materials
Data privacy
Cloud computing
Access control
Authentication
Security policy
Privacy
Disclosure
Interaction

Keywords

  • Access control
  • access control
  • active bundles
  • Automata
  • Cloud computing
  • composite web services
  • Credit cards
  • Distributed databases
  • privacy
  • security

Cite this

Ranchal, Rohit ; Bhargava, Bharat ; Angin, Pelin ; Ben Othmane, Lotfi. / EPICS : a framework for enforcing security policies in composite web services. In: IEEE Transactions on Services Computing. 2019 ; Vol. 12, No. 3. pp. 415 - 428.
@article{8523f9190cdc4a42bf97c267ded03fb2,
title = "EPICS: a framework for enforcing security policies in composite web services",
abstract = "With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge in such systems because authentication, authorization and data disclosure may take place across endpoints that are not known to clients. The clients lack options for specifying policies to control the sharing of their data and have to rely on service providers which offer limited selection of security and privacy preferences. This lack of awareness and loss of control over data sharing increases threats to a client's data and diminishes trust in these systems. We propose EPICS, an efficient and effective solution for enforcing security policies in composite Web services that protects data privacy throughout the service interaction lifecycle. The solution ensures that the data are distributed along with the client policies that dictate data access and an execution monitor that controls data disclosure. It empowers data owners with control of data disclosure decisions during interactions with remote services and reduces the risk of unauthorized access. The paper presents the design, implementation, and evaluation of the EPICS framework.",
keywords = "Access control, access control, active bundles, Automata, Cloud computing, composite web services, Credit cards, Distributed databases, privacy, security",
author = "Rohit Ranchal and Bharat Bhargava and Pelin Angin and {Ben Othmane}, Lotfi",
year = "2019",
month = "5",
day = "1",
doi = "10.1109/TSC.2018.2797277",
language = "English",
volume = "12",
pages = "415 -- 428",
journal = "IEEE Transactions on Services Computing",
issn = "1939-1374",
publisher = "Institute of Electrical and Electronics Engineers",
number = "3",

}

EPICS : a framework for enforcing security policies in composite web services. / Ranchal, Rohit (Corresponding author); Bhargava, Bharat; Angin, Pelin; Ben Othmane, Lotfi.

In: IEEE Transactions on Services Computing, Vol. 12, No. 3, 8267494, 01.05.2019, p. 415 - 428.

Research output: Contribution to journalArticleAcademicpeer-review

TY - JOUR

T1 - EPICS

T2 - a framework for enforcing security policies in composite web services

AU - Ranchal, Rohit

AU - Bhargava, Bharat

AU - Angin, Pelin

AU - Ben Othmane, Lotfi

PY - 2019/5/1

Y1 - 2019/5/1

N2 - With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge in such systems because authentication, authorization and data disclosure may take place across endpoints that are not known to clients. The clients lack options for specifying policies to control the sharing of their data and have to rely on service providers which offer limited selection of security and privacy preferences. This lack of awareness and loss of control over data sharing increases threats to a client's data and diminishes trust in these systems. We propose EPICS, an efficient and effective solution for enforcing security policies in composite Web services that protects data privacy throughout the service interaction lifecycle. The solution ensures that the data are distributed along with the client policies that dictate data access and an execution monitor that controls data disclosure. It empowers data owners with control of data disclosure decisions during interactions with remote services and reduces the risk of unauthorized access. The paper presents the design, implementation, and evaluation of the EPICS framework.

AB - With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge in such systems because authentication, authorization and data disclosure may take place across endpoints that are not known to clients. The clients lack options for specifying policies to control the sharing of their data and have to rely on service providers which offer limited selection of security and privacy preferences. This lack of awareness and loss of control over data sharing increases threats to a client's data and diminishes trust in these systems. We propose EPICS, an efficient and effective solution for enforcing security policies in composite Web services that protects data privacy throughout the service interaction lifecycle. The solution ensures that the data are distributed along with the client policies that dictate data access and an execution monitor that controls data disclosure. It empowers data owners with control of data disclosure decisions during interactions with remote services and reduces the risk of unauthorized access. The paper presents the design, implementation, and evaluation of the EPICS framework.

KW - Access control

KW - access control

KW - active bundles

KW - Automata

KW - Cloud computing

KW - composite web services

KW - Credit cards

KW - Distributed databases

KW - privacy

KW - security

UR - http://www.scopus.com/inward/record.url?scp=85040991113&partnerID=8YFLogxK

U2 - 10.1109/TSC.2018.2797277

DO - 10.1109/TSC.2018.2797277

M3 - Article

AN - SCOPUS:85040991113

VL - 12

SP - 415

EP - 428

JO - IEEE Transactions on Services Computing

JF - IEEE Transactions on Services Computing

SN - 1939-1374

IS - 3

M1 - 8267494

ER -