SC-WS: A Context-based, Aspect-oriented Approach for Handling Security Concerns in Web Services

SC-WS: A Context-based, Aspect-oriented Approach for Handling Security Concerns in Web Services

Ghita Kouadri Mostefaoui (University Campus Milton Keynes, Buckinghamshire, UK), Zakaria Maamar (Zayed University, Dubai, United Arab Emirates) and Nanjangud C. Narendra (IBM India Software Lab, Bangalore, India)
DOI: 10.4018/ijoci.2014040102
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

This paper discusses Aspect-Oriented Programming (AOP) as an efficient way to handle security concerns in Web services. Without AOP, the necessary security code would be mixed with the business logic that a Web service implements. This renders the maintenance of both code and business logic tedious and prone to errors. AOP allows confining codes of non-functional concerns like security and self-healing into specific modules so that they do not cross-cut with the Web service's business logic. The proposed aspect-oriented approach in this paper is built upon three levels referred to as user, component, and resource, and adopts three types of context, one context per level. The contexts contain various details on the environment of Web services, which permits activating the necessary aspects in response to these details. A set of experiments validating this approach are also reported in this paper.
Article Preview

The Sc-Ws Approach

General Architecture

Taking into account the context of Web services has been proven mandatory when taking into account the characteristics of the environment in which these Web services operate (Maamar et al., 2006). These characteristics are multiple and can be refer to users (e.g., stationary versus on the move), level of expertise (e.g., expert versus novice), computing resources (e.g., fixed versus mobile), time of the day (e.g., in the afternoon versus in the morning), to mention just a few.

Figure 1 presents the way we handle aspects in the SC-WS approach. Three levels of abstraction exist: user, Web service, and resource. The constituents of each level are tracked using specific contexts, for instance U-context, W-context, and R-context. The connection between user, Web service, and resource levels is implemented with “invokes” and “operates upon” relationships, respectively. Some key features of the SC-WS approach are as follows: multi-level concern separation using aspects and contextual tracking of the security requirements of Web services.

Figure 1.

Overview of the SC-WS architecture

The Web service level refers to the context-aware Web service. A Web service is split into two parts: business logic and aspects. On the one hand the business-logic part refers to the actions that a Web service carries out as part of the functionality it offers (e.g., query data). On the other hand the aspect part refers to non-functional requirements that manifest themselves as cross-cutting concerns affecting the actions and interactions of the Web service such as security and logging.

The resource level is about context-aware resources. Resources represent the computing means upon which Web services operate. The scheduling of execution requests of Web services is prioritized when enough resources are not available to satisfy them all at once.

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing