A formal aspect-oriented method to model and analyse secure service composition

Abstract

Service-oriented computing SOC is becoming a prominent paradigm for creating value-added enterprise applications by composing web services. However, this flexibility comes along with new security risks. In this paper, Petri nets are used to precisely describe the different components of service composition, such as service, component, the basic relation between components, etc. The dynamic matching strategy of service composition is proposed, aspect orientation is used to weave it into the base net, which includes evaluation concern, authorisation concern and failure processing concern, the weaving mechanism dynamically integrates these schemas into a secure aspect model. Based on this, the operation semantics and related theories of Petri nets help prove the effectiveness and feasibility of proposed method, the enforcement algorithm is also given. An example explains the modelling process of service composition, and a series of experiments are done to explain that the use of aspects for service composition is more efficient than conventional techniques.