摘要
Information leak,which can undermine the compliance of web-service-composition business processes for some policies,is one of the major concerns in web service composition.We present an automated and effective approach for the detection of implicit information leaks in business process execution language(BPEL)based on information flow analysis.We introduce an adequate meta-model for BPEL representation based on a Petri net for transformation and analysis.Building on the concept of Petri net place-based noninterference,the core contribution of this paper is the application of a Petri net reachability graph to estimate Petri net interference and thereby to detect implicit information leaks in web service composition.In addition,a case study illustrates the application of the approach on a concrete workflow in BPEL notation.
Information leak,which can undermine the compliance of web-service-composition business processes for some policies,is one of the major concerns in web service composition.We present an automated and effective approach for the detection of implicit information leaks in business process execution language(BPEL)based on information flow analysis.We introduce an adequate meta-model for BPEL representation based on a Petri net for transformation and analysis.Building on the concept of Petri net place-based noninterference,the core contribution of this paper is the application of a Petri net reachability graph to estimate Petri net interference and thereby to detect implicit information leaks in web service composition.In addition,a case study illustrates the application of the approach on a concrete workflow in BPEL notation.
基金
Project supported by the National High-Tech R&D Program(863)of China(No.2015AA015303)
the National Natural Science Foundation of China(No.61272083)
