CSCE 813 Internet Security Fall 2012

Slides:



Advertisements
Similar presentations
IBM Software Group ® Design Thoughts for JDSL 2.0 Version 0.2.
Advertisements

Software Quality Assurance Plan
Web Service Composition Prepared by Robert Ma February 5, 2007.
Operating System Security
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 31 Slide 1 Service-centric Software Engineering 1.
A System to Generate Test Data and Symbolically Execute Programs Lori A. Clarke September 1976.
Service Oriented Architecture SOA. SOA has been the New New Thing for the last few years in enterprise software As with everything that gains visibility.
Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.
Building New SOA and AJAX- Based Business Applications Mark Barnard R&D Manager – Natural Business Services Software AG (Canada) Inc.
A. Bucchiarone / Pisa/ 30 Jan 2007 Dynamic Software Architectures for Global Computing Antonio Bucchiarone PhD Student – IMT Graduate School Piazza S.
RepoMMan Workflow for Fedora Aberystwyth October 2005 Robert Sherratt Richard Green Funded by the JISC Digital Repositories Programme.
Using Digital Credentials On The World-Wide Web M. Winslett.
What is workflow?  A workflow is a structured way of defining and automating structures and procedures within an organization. What is workflow management.
Chapter 1: Overview of Workflow Management Dr. Shiyong Lu Department of Computer Science Wayne State University.
International User Group Information Delivery Manuals: General Overview Courtesy:This presentation is based on material provided by AEC3 and AEC Infosystems.
Securing Legacy Software SoBeNet User group meeting 25/06/2004.
Methodology and Tools for End-to-End SOA Configurations By: Fumiko satoh, Yuichi nakamura, Nirmal K. Mukhi, Michiaki Tatsubori, Kouichi ono.
*Law and Coordination Rodrigo Paes. © LES/PUC-Rio Agenda Integration Coordination BPEL example Birth *Law and Coordination Further Steps.
Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.
Computer Science and Engineering 1 XML, RDF, Workflow Security.
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
CSCE 548 Secure Software Development Security Use Cases.
HUMAN TASK INTEGRATION IN WEB BASED BUSINESS PROCESSES A Groundwork Investigation Xue Bai COMS E6125 WEB-ENHANCED INFORMATION MGMT.
CSCE 548 Code Review. CSCE Farkas2 Reading This lecture: – McGraw: Chapter 4 – Recommended: Best Practices for Peer Code Review,
CONTENTS Arrival Characters Definition Merits Chararterstics Workflows Wfms Workflow engine Workflows levels & categories.
London e-Science Centre Imperial College London Making the Grid Pay Economic Services - Pricing and Payment William Lee.
Computer Science and Engineering 1 Service-Oriented Architecture Security 2.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 ITU-T Security Standardization on Mobile Web Services Lee, Jae Seung Special Fellow,
Secure Systems Research Group - FAU Using patterns to compare web services standards E. Fernandez and N. Delessy.
Chapter 1: Overview of Workflow Management Dr. Shiyong Lu Department of Computer Science Wayne State University.
© DATAMAT S.p.A. – Giuseppe Avellino, Stefano Beco, Barbara Cantalupo, Andrea Cavallini A Semantic Workflow Authoring Tool for Programming Grids.
CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.
(Business) Process Centric Exchanges
1 Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework ¹ Dep. of Information and Communication Technology,
Data Warehousing Data Mining Privacy. Reading Bhavani Thuraisingham, Murat Kantarcioglu, and Srinivasan Iyer Extended RBAC-design and implementation.
17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.
An Ontological Framework for Web Service Processes By Claus Pahl and Ronan Barrett.
Security Issues in a SOA- based Provenance System Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau PASOA/EU.
95-843: Service Oriented Architecture 1 Master of Information System Management Service Oriented Architecture Lecture 7: BPEL Some notes selected from.
Enabling Grids for E-sciencE Astronomical data processing workflows on a service-oriented Grid architecture Valeria Manna INAF - SI The.
BPEL Business Process Engineering Language A technology used to build programs in SOA architecture.
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
Course: COMS-E6125 Professor: Gail E. Kaiser Student: Shanghao Li (sl2967)
Qusay H. Mahmoud CIS* CIS* Service-Oriented Computing Qusay H. Mahmoud, Ph.D.
Reasoning about the Behavior of Semantic Web Services with Concurrent Transaction Logic Presented By Dumitru Roman, Michael Kifer University of Innsbruk,
Secure middleware patterns E.B.Fernandez. Middleware security Architectures have been studied and several patterns exist Security aspects have not been.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
Chapter 1 Overview of Databases and Transaction Processing.
1 Seminar on SOA Seminar on Service Oriented Architecture BPEL Some notes selected from “Business Process Execution Language for Web Services” by Matjaz.
Service Oriented Architecture
CSCE 548 Secure Software Development Risk-Based Security Testing
Federation Systems, ADFS, & Shibboleth 2.0
Modeling User Interactions for (Fun and) Profit Preventing Request Forgery Attacks in Web Applications Karthick Jayaraman, Grzegorz Lewandowski, Paul G.
Service-Oriented Computing: Semantics, Processes, Agents
CSCE 548 Secure Software Development Use Cases Misuse Cases
Point-of-care Identity Management (PCIM)
CSCE 548 Secure Software Development Test 1 Review
SECURITY MECHANISM & E-COMMERCE
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION
Service-centric Software Engineering
Service-centric Software Engineering 1
Retrieve Protocol for Execution (RPE)
CSSSPEC6 SOFTWARE DEVELOPMENT WITH QUALITY ASSURANCE
Enterprise Architect, CNA
Data Warehousing Data Mining Privacy
Service-Oriented Computing: Semantics, Processes, Agents
Grid Systems: What do we need from web service standards?
Access Control What’s New?
Reportnet 3.0 Database Feasibility Study – Approach
SOA initiatives at Istat
Presentation transcript:

CSCE 813 Internet Security Fall 2012

Internet Security - Farkas Next Class XSS attack Today: Project Draft Workflow verification Internet Security - Farkas

Internet Security - Farkas Business Process Increased complexity Workflow specification Workflow correctness Workflow security Automated analysis Internet Security - Farkas

Workflow Verification Detect conflicts and anomalies Lack of formal methods and tools Internet Security - Farkas

Internet Security - Farkas What to represent? Activity-based workflow model Design-time analysis Implementation-time verification Reading: propositional logic Activities Basic workflow constructs Activity “leads” to other activity Internet Security - Farkas

Internet Security - Farkas Workflow a2 a1 + a4 Internet Security - Farkas

Internet Security - Farkas WS-BPEL Language to specify business processes that are composed of Web services as well as exposed as Web services WS-BPEL specifications are portable -- can be carried out by every WS-BPEL compliant execution environment Internet Security - Farkas

Two-Level Programming Model Programming in the large Non-programmers implementing processes Flow logic Programming in the small Programmers implementing low-level services Function logic Internet Security - Farkas

Internet Security - Farkas WS-BPEL Flow Oriented Request Invoke Response SOA and WS-BPEL Internet Security - Farkas

Internet Security - Farkas Security and Workflow Identity Management Authorization: e.g., data access controls Process constraints Provenance Internet Security - Farkas

Internet Security - Farkas Issues Need to distinguish between functionality & security guarantees How to handle trust management? Workflows are process or data centric How to map to user-centric system security policies? Planning and enactment are complex/rich processes How to establish security assurance of a complex mechanism? Internet Security - Farkas

Internet Security - Farkas Next Class XSS and CSRF Internet Security - Farkas

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.