EPICS: A Framework for Enforcing Security Policies in Composite Web Services

With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on services computing 2019-05, Vol.12 (3), p.415-428
Main Authors: Ranchal, Rohit, Bhargava, Bharat, Angin, Pelin, Othmane, Lotfi Ben
Format: Article
Language:English
Subjects:
Access control
active bundles
Authentication
Automata
Clients
Cloud computing
composite web services
Credit cards
Data retrieval
Distributed databases
Policies
Privacy
Security
System effectiveness
Web services
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by cdi_FETCH-LOGICAL-c291t-be5b856ea01689e3557257d1425931f04371efbe714deae84affd2a5e47c8db53
cites cdi_FETCH-LOGICAL-c291t-be5b856ea01689e3557257d1425931f04371efbe714deae84affd2a5e47c8db53
container_end_page 428
container_issue 3
container_start_page 415
container_title IEEE transactions on services computing
container_volume 12
creator Ranchal, Rohit
Bhargava, Bharat
Angin, Pelin
Othmane, Lotfi Ben
description With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge in such systems because authentication, authorization and data disclosure may take place across endpoints that are not known to clients. The clients lack options for specifying policies to control the sharing of their data and have to rely on service providers which offer limited selection of security and privacy preferences. This lack of awareness and loss of control over data sharing increases threats to a client's data and diminishes trust in these systems. We propose EPICS, an efficient and effective solution for enforcing security policies in composite Web services that protects data privacy throughout the service interaction lifecycle. The solution ensures that the data are distributed along with the client policies that dictate data access and an execution monitor that controls data disclosure. It empowers data owners with control of data disclosure decisions during interactions with remote services and reduces the risk of unauthorized access. The paper presents the design, implementation, and evaluation of the EPICS framework.
doi_str_mv 10.1109/TSC.2018.2797277
format article
fullrecord <record><control><sourceid>proquest_ieee_</sourceid><recordid>TN_cdi_ieee_primary_8267494</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>8267494</ieee_id><sourcerecordid>2237692738</sourcerecordid><originalsourceid>FETCH-LOGICAL-c291t-be5b856ea01689e3557257d1425931f04371efbe714deae84affd2a5e47c8db53</originalsourceid><addsrcrecordid>eNpNkE1LAzEQhoMoWKt3wUvA89Z8bhJvsrRaKFhoxWPI7s5KarupyVbpv3dLi3iZdw7POwMPQreUjCgl5mG5KEaMUD1iyiim1BkaUMNNRrkS5__2S3SV0oqQnGltBmg2nk-LxSN-wpPoNvAT4iduQsTjtp-Vbz_wAqpd9N0ez8PaVx4S9i0uwmYbku8Av0PZI_HbV5Cu0UXj1gluTjlEb5PxsnjJZq_P0-JpllXM0C4rQZZa5uAIzbUBLqViUtVUMGk4bYjgikJTgqKiBgdauKapmZMgVKXrUvIhuj_e3cbwtYPU2VXYxbZ_aRnjKjdMcd1T5EhVMaQUobHb6Dcu7i0l9uDM9s7swZk9Oesrd8eKB4A_XLNcCSP4L1CBZrQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2237692738</pqid></control><display><type>article</type><title>EPICS: A Framework for Enforcing Security Policies in Composite Web Services</title><source>IEEE Xplore (Online service)</source><creator>Ranchal, Rohit ; Bhargava, Bharat ; Angin, Pelin ; Othmane, Lotfi Ben</creator><creatorcontrib>Ranchal, Rohit ; Bhargava, Bharat ; Angin, Pelin ; Othmane, Lotfi Ben</creatorcontrib><description>With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge in such systems because authentication, authorization and data disclosure may take place across endpoints that are not known to clients. The clients lack options for specifying policies to control the sharing of their data and have to rely on service providers which offer limited selection of security and privacy preferences. This lack of awareness and loss of control over data sharing increases threats to a client's data and diminishes trust in these systems. We propose EPICS, an efficient and effective solution for enforcing security policies in composite Web services that protects data privacy throughout the service interaction lifecycle. The solution ensures that the data are distributed along with the client policies that dictate data access and an execution monitor that controls data disclosure. It empowers data owners with control of data disclosure decisions during interactions with remote services and reduces the risk of unauthorized access. The paper presents the design, implementation, and evaluation of the EPICS framework.</description><identifier>ISSN: 1939-1374</identifier><identifier>EISSN: 1939-1374</identifier><identifier>EISSN: 2372-0204</identifier><identifier>DOI: 10.1109/TSC.2018.2797277</identifier><identifier>CODEN: ITSCAD</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Access control ; active bundles ; Authentication ; Automata ; Clients ; Cloud computing ; composite web services ; Credit cards ; Data retrieval ; Distributed databases ; Policies ; Privacy ; Security ; System effectiveness ; Web services</subject><ispartof>IEEE transactions on services computing, 2019-05, Vol.12 (3), p.415-428</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2019</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c291t-be5b856ea01689e3557257d1425931f04371efbe714deae84affd2a5e47c8db53</citedby><cites>FETCH-LOGICAL-c291t-be5b856ea01689e3557257d1425931f04371efbe714deae84affd2a5e47c8db53</cites><orcidid>0000-0003-4851-3959 ; 0000-0003-3803-8672</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/8267494$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,27924,27925,54796</link.rule.ids></links><search><creatorcontrib>Ranchal, Rohit</creatorcontrib><creatorcontrib>Bhargava, Bharat</creatorcontrib><creatorcontrib>Angin, Pelin</creatorcontrib><creatorcontrib>Othmane, Lotfi Ben</creatorcontrib><title>EPICS: A Framework for Enforcing Security Policies in Composite Web Services</title><title>IEEE transactions on services computing</title><addtitle>TSC</addtitle><description>With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge in such systems because authentication, authorization and data disclosure may take place across endpoints that are not known to clients. The clients lack options for specifying policies to control the sharing of their data and have to rely on service providers which offer limited selection of security and privacy preferences. This lack of awareness and loss of control over data sharing increases threats to a client's data and diminishes trust in these systems. We propose EPICS, an efficient and effective solution for enforcing security policies in composite Web services that protects data privacy throughout the service interaction lifecycle. The solution ensures that the data are distributed along with the client policies that dictate data access and an execution monitor that controls data disclosure. It empowers data owners with control of data disclosure decisions during interactions with remote services and reduces the risk of unauthorized access. The paper presents the design, implementation, and evaluation of the EPICS framework.</description><subject>Access control</subject><subject>active bundles</subject><subject>Authentication</subject><subject>Automata</subject><subject>Clients</subject><subject>Cloud computing</subject><subject>composite web services</subject><subject>Credit cards</subject><subject>Data retrieval</subject><subject>Distributed databases</subject><subject>Policies</subject><subject>Privacy</subject><subject>Security</subject><subject>System effectiveness</subject><subject>Web services</subject><issn>1939-1374</issn><issn>1939-1374</issn><issn>2372-0204</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><recordid>eNpNkE1LAzEQhoMoWKt3wUvA89Z8bhJvsrRaKFhoxWPI7s5KarupyVbpv3dLi3iZdw7POwMPQreUjCgl5mG5KEaMUD1iyiim1BkaUMNNRrkS5__2S3SV0oqQnGltBmg2nk-LxSN-wpPoNvAT4iduQsTjtp-Vbz_wAqpd9N0ez8PaVx4S9i0uwmYbku8Av0PZI_HbV5Cu0UXj1gluTjlEb5PxsnjJZq_P0-JpllXM0C4rQZZa5uAIzbUBLqViUtVUMGk4bYjgikJTgqKiBgdauKapmZMgVKXrUvIhuj_e3cbwtYPU2VXYxbZ_aRnjKjdMcd1T5EhVMaQUobHb6Dcu7i0l9uDM9s7swZk9Oesrd8eKB4A_XLNcCSP4L1CBZrQ</recordid><startdate>20190501</startdate><enddate>20190501</enddate><creator>Ranchal, Rohit</creator><creator>Bhargava, Bharat</creator><creator>Angin, Pelin</creator><creator>Othmane, Lotfi Ben</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0003-4851-3959</orcidid><orcidid>https://orcid.org/0000-0003-3803-8672</orcidid></search><sort><creationdate>20190501</creationdate><title>EPICS: A Framework for Enforcing Security Policies in Composite Web Services</title><author>Ranchal, Rohit ; Bhargava, Bharat ; Angin, Pelin ; Othmane, Lotfi Ben</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c291t-be5b856ea01689e3557257d1425931f04371efbe714deae84affd2a5e47c8db53</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Access control</topic><topic>active bundles</topic><topic>Authentication</topic><topic>Automata</topic><topic>Clients</topic><topic>Cloud computing</topic><topic>composite web services</topic><topic>Credit cards</topic><topic>Data retrieval</topic><topic>Distributed databases</topic><topic>Policies</topic><topic>Privacy</topic><topic>Security</topic><topic>System effectiveness</topic><topic>Web services</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Ranchal, Rohit</creatorcontrib><creatorcontrib>Bhargava, Bharat</creatorcontrib><creatorcontrib>Angin, Pelin</creatorcontrib><creatorcontrib>Othmane, Lotfi Ben</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE/IET Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEEE transactions on services computing</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Ranchal, Rohit</au><au>Bhargava, Bharat</au><au>Angin, Pelin</au><au>Othmane, Lotfi Ben</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>EPICS: A Framework for Enforcing Security Policies in Composite Web Services</atitle><jtitle>IEEE transactions on services computing</jtitle><stitle>TSC</stitle><date>2019-05-01</date><risdate>2019</risdate><volume>12</volume><issue>3</issue><spage>415</spage><epage>428</epage><pages>415-428</pages><issn>1939-1374</issn><eissn>1939-1374</eissn><eissn>2372-0204</eissn><coden>ITSCAD</coden><abstract>With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge in such systems because authentication, authorization and data disclosure may take place across endpoints that are not known to clients. The clients lack options for specifying policies to control the sharing of their data and have to rely on service providers which offer limited selection of security and privacy preferences. This lack of awareness and loss of control over data sharing increases threats to a client's data and diminishes trust in these systems. We propose EPICS, an efficient and effective solution for enforcing security policies in composite Web services that protects data privacy throughout the service interaction lifecycle. The solution ensures that the data are distributed along with the client policies that dictate data access and an execution monitor that controls data disclosure. It empowers data owners with control of data disclosure decisions during interactions with remote services and reduces the risk of unauthorized access. The paper presents the design, implementation, and evaluation of the EPICS framework.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/TSC.2018.2797277</doi><tpages>14</tpages><orcidid>https://orcid.org/0000-0003-4851-3959</orcidid><orcidid>https://orcid.org/0000-0003-3803-8672</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 1939-1374
ispartof IEEE transactions on services computing, 2019-05, Vol.12 (3), p.415-428
issn 1939-1374
1939-1374
2372-0204
language eng
recordid cdi_ieee_primary_8267494
source IEEE Xplore (Online service)
subjects Access control
active bundles
Authentication
Automata
Clients
Cloud computing
composite web services
Credit cards
Data retrieval
Distributed databases
Policies
Privacy
Security
System effectiveness
Web services
title EPICS: A Framework for Enforcing Security Policies in Composite Web Services
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-01T11%3A25%3A25IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_ieee_&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=EPICS:%20A%20Framework%20for%20Enforcing%20Security%20Policies%20in%20Composite%20Web%20Services&rft.jtitle=IEEE%20transactions%20on%20services%20computing&rft.au=Ranchal,%20Rohit&rft.date=2019-05-01&rft.volume=12&rft.issue=3&rft.spage=415&rft.epage=428&rft.pages=415-428&rft.issn=1939-1374&rft.eissn=1939-1374&rft.coden=ITSCAD&rft_id=info:doi/10.1109/TSC.2018.2797277&rft_dat=%3Cproquest_ieee_%3E2237692738%3C/proquest_ieee_%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-c291t-be5b856ea01689e3557257d1425931f04371efbe714deae84affd2a5e47c8db53%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2237692738&rft_id=info:pmid/&rft_ieee_id=8267494&rfr_iscdi=true